Abstract: A method for ensuring compliance with organizational policies is described herein. The method can include the step of monitoring one or more parameters of a managed computing device for compliance with one or more policies of an organization in which the organizational policies may include limitations on the managed computing device. The method can also include the step of detecting a non-conformance event at the managed computing device with respect to at least one organizational policy. In response to the detection of the non-conformance event, the operation of the managed computing device may be restricted with respect to features or data associated with the organization.

Abstract: A method of remotely managing a fielded device with a device management system (DMS). Via a processor, a DMS directive can be received on the fielded device. The DMS directive can include at least one system command for a DMS agent instantiated on the fielded device and intelligence information not previously stored on the fielded device that is necessary for the DMS agent to interpret the system command. Via the processor the DMS agent can be executed to process the system command using the intelligence information provided in the DMS directive to implement the system command without requiring an update to computer-readable program code that defines the DMS agent.

Abstract: A method of remotely managing a fielded device with a device management system (DMS). Via a processor, a DMS directive can be received on the fielded device. The DMS directive can include at least one system command for a DMS agent instantiated on the fielded device and intelligence information not previously stored on the fielded device that is necessary for the DMS agent to interpret the system command. Via the processor the DMS agent can be executed to process the system command using the intelligence information provided in the DMS directive to implement the system command without requiring an update to computer-readable program code that defines the DMS agent.

Abstract: A method for ensuring compliance with organizational policies is described herein. The method can include the step of monitoring one or more parameters of a managed computing device for compliance with one or more policies of an organization in which the organizational policies may include limitations on the managed computing device. The method can also include the step of detecting a non-conformance event at the managed computing device with respect to at least one organizational policy. In response to the detection of the non-conformance event, the operation of the managed computing device may be restricted with respect to features or data associated with the organization.

Abstract: A managed services platform and method of operation of same are described herein. The platform can include a device management service (DMS) server in which the DMS server can act as a gateway for communications with one or more computing devices, and the computing devices are associated with a first entity. The platform can also include an application service (AS) server in which the AS server is communicatively coupled with the DMS server. When a first computing device contacts the DMS server, the DMS server is operable to provide a bundle to the first computing device. As an example, the bundle contains content that at least includes one or more configuration messages and an application set that contains one or more predefined applications. The content of the bundle can be determined at least in part by the first entity.

Abstract: A method for generating a secure application is described herein. The method can include the steps of obtaining a target application and decomposing the target application into original files that contain predictable instructions. One or more predictable instructions in the original files may be identified. In addition, the target application may be modified to create the secure application by binding one or more intercepts to the target application. These intercepts can enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application. Modification of the target application may be conducted without access to the source code of the target application.

Abstract: A method for generating a secure application is described herein. The method can include the steps of obtaining a target application and decomposing the target application into original files that contain predictable instructions. One or more predictable instructions in the original files may be identified. In addition, the target application may be modified to create the secure application by binding one or more intercepts to the target application. These intercepts can enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application. Modification of the target application may be conducted without access to the source code of the target application.

Abstract: A method for generating a secure application is described herein. The method can include the steps of obtaining a target application and decomposing the target application into original files that contain predictable instructions. One or more predictable instructions in the original files may be identified. In addition, the target application may be modified to create the secure application by binding one or more intercepts to the target application. These intercepts can enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application. Modification of the target application may be conducted without access to the source code of the target application.

Abstract: A method for ensuring compliance with organizational policies is described herein. The method can include the step of monitoring one or more parameters of a managed computing device for compliance with one or more policies of an organization in which the organizational policies may include limitations on the managed computing device. The method can also include the step of detecting a non-conformance event at the managed computing device with respect to at least one organizational policy. In response to the detection of the non-conformance event, the operation of the managed computing device may be restricted with respect to features or data associated with the organization.

Abstract: Systems, methods, and apparatuses for facilitating communication between remote services and applications installed on a device are described. In accordance with embodiments, each of a plurality of remote services generates an application-specific message intended for processing by a corresponding application installed on a device and transmits the application-specific message to a device management system (DMS) server, where it is queued. A DMS client installed on the device sends heartbeat messages to the DMS server indicating that the device is available to receive messages. In response to receiving the heartbeat messages, the DMS server transmits the application-specific messages to the DMS client. The DMS client then publishes each application-specific message to the particular application that the application-specific message was intended for.

Abstract: A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace.

Abstract: A method for generating a secure application is described herein. The method can include the steps of obtaining a target application and decomposing the target application into original files that contain predictable instructions. One or more predictable instructions in the original files may be identified. In addition, the target application may be modified to create the secure application by binding one or more intercepts to the target application. These intercepts can enable the modification of the predictable instructions in accordance with one or more policies such that the behavior of the secure application is different from the original behavior of the target application. Modification of the target application may be conducted without access to the source code of the target application.

Abstract: A method for ensuring compliance with organizational policies is described herein. The method can include the step of monitoring one or more parameters of a managed computing device for compliance with one or more policies of an organization in which the organizational policies may include limitations on the managed computing device. The method can also include the step of detecting a non-conformance event at the managed computing device with respect to at least one organizational policy. In response to the detection of the non-conformance event, the operation of the managed computing device may be restricted with respect to features or data associated with the organization.

Abstract: A managed services platform and method of operation of same are described herein. The platform can include a device management service (DMS) server in which the DMS server can act as a gateway for communications with one or more computing devices, and the computing devices are associated with a first entity. The platform can also include an application service (AS) server in which the AS server is communicatively coupled with the DMS server. When a first computing device contacts the DMS server, the DMS server is operable to provide a bundle to the first computing device. As an example, the bundle contains content that at least includes one or more configuration messages and an application set that contains one or more predefined applications. The content of the bundle can be determined at least in part by the first entity.

Abstract: A managed services platform and method of operation of same are described herein. The platform can include a device management service (DMS) server in which the DMS server can act as a gateway for communications with one or more computing devices, and the computing devices are associated with a first entity. The platform can also include an application service (AS) server in which the AS server is communicatively coupled with the DMS server. When a first computing device contacts the DMS server, the DMS server is operable to provide a bundle to the first computing device. As an example, the bundle contains content that at least includes one or more configuration messages and an application set that contains one or more predefined applications. The content of the bundle can be determined at least in part by the first entity.

Abstract: A method and system of restricting the operation of applications to authorized domains is described herein. The method can include the steps of receiving reference domain restriction data associated with an application and receiving generated domain restriction data associated with the application. A domain restriction check can be performed by comparing the generated domain restriction data with the reference domain restriction data, In addition, a domain restriction approval signal can be generated if the domain restriction check is satisfied. The domain restriction check can ensure that the application will not operate in unauthorized domains.

Abstract: A managed services platform and method of operation of same are described herein. The platform can include a device management service (DMS) server in which the DMS server can act as a gateway for communications with one or more computing devices, and the computing devices are associated with a first entity. The platform can also include an application service (AS) server in which the AS server is communicatively coupled with the DMS server. When a first computing device contacts the DMS server, the DMS server is operable to provide a bundle to the first computing device. As an example, the bundle contains content that at least includes one or more configuration messages and an application set that contains one or more predefined applications. The content of the bundle can be determined at least in part by the first entity.

Abstract: Systems, methods, and apparatuses for facilitating communication between remote services and applications installed on a device are described. In accordance with embodiments, each of a plurality of remote services generates an application-specific message intended for processing by a corresponding application installed on a device and transmits the application-specific message to a device management system (DMS) server, where it is queued. A DMS client installed on the device sends heartbeat messages to the DMS server indicating that the device is available to receive messages. In response to receiving the heartbeat messages, the DMS server transmits the application-specific messages to the DMS client. The DMS client then publishes each application-specific message to the particular application that the application-specific message was intended for.

Abstract: A managed services platform and method of operation of same are described herein. The platform can include a device management service (DMS) server in which the DMS server can act as a gateway for communications with one or more computing devices, and the computing devices are associated with a first entity. The platform can also include an application service (AS) server in which the AS server is communicatively coupled with the DMS server. When a first computing device contacts the DMS server, the DMS server is operable to provide a bundle to the first computing device. As an example, the bundle contains content that at least includes one or more configuration messages and an application set that contains one or more predefined applications. The content of the bundle can be determined at least in part by the first entity.

Abstract: A method and system for automatic agnostic provisioning of a computing device is described herein. The method can include the steps of generating a profile that establishes a level of management and operation for a particular user and identifying a plurality of computing devices that are associated with the user. The method can also include the step of tailoring content to be delivered to the computing devices based on the characteristics of the computing devices and the generated profile such that a substantially consistent level of management and operation is maintained for the user across the plurality of computing devices dependent on the characteristics of the computing devices.