Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: A network environment can include a proxy management server. The proxy management server can have access to multiple disparately located MDM servers. A mobile device receives configuration information including a network address of the proxy management server. The mobile device stores the network address of the proxy management server. In response to receiving a management notification such as notification that one or more of the multiple MDM servers has management information (e.g., commands, data, etc., to be executed by the mobile device) available for the mobile device, the mobile device utilizes the stored network address to communicate with the proxy management server. The proxy management server checks availability of the management information from multiple disparately located MDM management servers. The proxy management server retrieves the management information from the management servers and forwards it to the mobile device.

Abstract: A trusted execution environment on a computing device within an enterprise, whether owned by the enterprise or the employee/user, allows invocation of trusted enterprise applications without hindering external or non-enterprise apps from running on the same computing device. Each of the trusted apps can interact with other trusted apps on the same enterprise computing device in a trusted manner such that other apps or untrusted network connections are prevented for access to the trusted apps. The computing device, however, also executes non enterprise applications which operate independently of the enterprise apps in the same address space using the same unmodified operating system as the enterprise apps on the computing device. The trusted execution environment therefore restricts interprocess communication to be only within the set of enterprise apps and also permits unimpeded operation of other apps under the same OTS (off the shelf) operating system.

Abstract: A multi-component control technique includes a first component and a second component. The first component is supplemental code or evaluation engine as specified by a modification to a set of received originally compiled executable code. The modification to the original executable code ensures that, upon execution, the supplemental code (such as an evaluation engine) as specified by the modification is executed upon initial instantiation or use of the application. The second component is a retrievable and executable policy such as a set of rules fetched and used by the supplemental code to control the functionality supported by the originally compiled executable code of the corresponding application. An application administrator can produce the retrievable policy to control functionality of the originally compiled executable code.

Abstract: A network environment can include a proxy management server. The proxy management server can have access to multiple disparately located MDM servers. A mobile device receives configuration information including a network address of the proxy management server. The mobile device stores the network address of the proxy management server. In response to receiving a management notification such as notification that one or more of the multiple MDM servers has management information (e.g., commands, data, etc., to be executed by the mobile device) available for the mobile device, the mobile device utilizes the stored network address to communicate with the proxy management server. The proxy management server checks availability of the management information from multiple disparately located MDM management servers. The proxy management server retrieves the management information from the management servers and forwards it to the mobile device.

Abstract: An image loader resource invokes execution of a backup restoration function in a target computer device to be configured or reconfigured. The backup restoration function in the target computer device is present on the target computer device to receive a device image of data settings derived from a previously configured computer device. In furtherance of configuring the target computer device, the image loader resource retrieves a device image. According to one configuration, rather than being an actual device image obtained from a previously configured or already used computer device, the device image information is synthesized from a set of computer configuration instructions received from an administrator resource. The computer configuration instructions specify settings to be applied to the target computer device. The image loader resource communicates the synthesized device image information to the backup restoration function on the target computer device to configure the target computer device.

Abstract: A multi-component control technique includes a first component and a second component. The first component is supplemental code or evaluation engine as specified by a modification to a set of received originally compiled executable code. The modification to the original executable code ensures that, upon execution, the supplemental code (such as an evaluation engine) as specified by the modification is executed upon initial instantiation or use of the application. The second component is a retrievable and executable policy such as a set of rules fetched and used by the supplemental code to control the functionality supported by the originally compiled executable code of the corresponding application. An application administrator can produce the retrievable policy to control functionality of the originally compiled executable code.

Abstract: An application installed on a host computer device includes a portion of originally compiled executable code derived from respective source code and a modification to the originally compiled executable code. The portion of originally compiled executable code supports functionality in accordance with the source code from which the originally compiled executable code is derived. The modification to the originally compiled executable code includes agent code. In response to receiving a request to execute the modified compiled application on a host computer device on which the modified compiled application is installed, the host computer device executes the application as well as executes a respective agent on the host computer device as specified by the modification. Via the agent, which is integrated into the application, the host computer device provides functionality such as control of the executed application on the host computer device from a remote source.

Abstract: According to example configurations, a primary application includes code that performs a check whether an agent application is installed and/or executing on a corresponding mobile device. If the primary application determines that the agent application is currently not installed and/or currently executing on the mobile device, the primary application initiates installation and/or execution of the agent application on the mobile device potentially unbeknownst to the user of the mobile device. A network administrator communicates with the agent application on the mobile device over a persistent communication link to manage a group of applications and/or related information on the mobile device.

Abstract: An agent executing on a remotely controlled mobile computer device receives control input from a remote resource over a network. The remote resource transmits the control input to the agent application to control the mobile computer device. The agent application includes an emulator function to translate the control input. The emulator is configured to produce the translated control input in a format such that it appears to an operating system of the mobile computer device that an input sensing resource local to the mobile computer device generated the control input, even though the control input is generated via hardware and/or software disposed at the remote resource over a network. The agent application in the mobile computer device utilizes the translated control input produced by the emulator to control operation of the mobile computer device.

Abstract: According to example configurations, a first server in network registers a first client as a participant in a communication session. In response to receiving a message posted by the first client to the communication session, the first server initiates broadcast of a notification of receiving the message to other servers in the network. A second server in the network receives the broadcast notification at a second server in the network. In response to receiving the broadcast notification at the second server and identifying that a second client is registered as a participant in the communication session, the second server notifies the second client of the message posted by the first client. Thus, a broadcast or multicast network can be configured to support targeted communications between multiple participants in a communication session.