A system and method includes mobile device, a SIM associated with mobile device, an MNO computer, a computer associated with an owner of the mobile device, a first set of keys stored in the SIM for securely communicating with the MNO computer, and a second set of keys for securely communicating with the computer associated with the owner of the mobile device, to exchange application information. The SIM can be configured to determine when updated information related to the second set of keys is required, securely send a request to the MNO computer for updated information related to the second set of keys using the first set of keys, and responsively receive the updated information related to the second set of keys from the MNO computer, the updated information being provisioned by the computer associated with the owner of the mobile device. The mobile device is configured to utilize the updated information related to the second set of keys to establish data communication between an application running on the mobile device and the computer associated with the owner of the mobile device.

A system and method includes mobile device, a SIM associated with mobile device, an MNO computer, a computer associated with an owner of the mobile device, a first set of keys stored in the SIM for securely communicating with the MNO computer, and a second set of keys for securely communicating with the computer associated with the owner of the mobile device, to exchange application information. The SIM can be configured to determine when updated information related to the second set of keys is required, securely send a request to the MNO computer for updated information related to the second set of keys using the first set of keys, and responsively receive the updated information related to the second set of keys from the MNO computer, the updated information being provisioned by the computer associated with the owner of the mobile device. The mobile device is configured to utilize the updated information related to the second set of keys to establish data communication between an application running on the mobile device and the computer associated with the owner of the mobile device.

Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Techniques for auto-starting a VPN in a MAM environment are disclosed. A MAM-controlled application is launched on a computer system. Policy is queried and a determination is made as to whether to auto-start a VPN application based on the policy. Based on the policy, the VPN application is auto-started, and the VPN application initiates a VPN tunnel that is usable by at least the MAM-controlled application. Network communications transmitted to or from the MAM-controlled application then pass through the VPN tunnel.

According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes receiving, at a mobile device management server from a threat feed server, at least one security statement. The method includes parsing the at least one security statement into parsed information. The method includes creating a custom threat feed of common vulnerabilities and exposures with at least the parsed information. The method includes selectively creating an alert associated with one common vulnerability and exposure of the common vulnerabilities and exposures, wherein the alert comprises a remediation action associated with the one common vulnerability and exposure. The method includes determining at least one managed device, managed by the mobile device management server, and associated with the remediation action of the alert. Systems and machine-readable media are also provided.

An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Solutions for validating a customized user equipment (UE), prior to permitting the UE to register on a cellular network, include: receiving a set of requirement queries into a validation tool, the set of requirement queries including at least one software application identification, at least one user interface (UI) configuration, and at least one network connectivity configuration; receiving a set of requirements into the validation tool, the set of requirements corresponding with the set of requirement queries; receiving, from a customization tool on the UE, UE configuration information corresponding with the set of requirement queries; determining whether the UE configuration information meets the set of requirements; based on at least the UE configuration information meeting the set of requirements, generating a validation report for the UE; and transmitting the validation report over a network. This may require installing and configuring the customization tool on the UE to collect the configuration information.

Solutions for validating a customized user equipment (UE), prior to permitting the UE to register on a cellular network, include: receiving a set of requirement queries into a validation tool, the set of requirement queries including at least one software application identification, at least one user interface (UI) configuration, and at least one network connectivity configuration; receiving a set of requirements into the validation tool, the set of requirements corresponding with the set of requirement queries; receiving, from a customization tool on the UE, UE configuration information corresponding with the set of requirement queries; determining whether the UE configuration information meets the set of requirements; based on at least the UE configuration information meeting the set of requirements, generating a validation report for the UE; and transmitting the validation report over a network. This may require installing and configuring the customization tool on the UE to collect the configuration information.