Secure virtualized mobile cellular device

US 10,009,322 B2
Filed: 03/31/2016
Issued: 06/26/2018
Est. Priority Date: 10/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method for secure virtualizing of a mobile cellular device, the method comprising:

instantiating a virtualized instance of an enterprise environment comprising at least one enterprise application on a virtualized-instance host server disposed in a cellular communication network comprising;

a plurality of base transceiver stations, each base transceiver station comprising an edge node server within the cellular communication network;

a plurality of base station controllers, each based station controller in communication with and controlling at least one of the plurality of base transceiver stations such that each one of the plurality of base transceiver stations are in communication with and controlled by a base station controller; and

a mobile switching center in communication with each one of the plurality of base station controllers, the virtualized-instance host server disposed in the mobile switching center and in communication with each edge node server;

providing an auxiliary data display and data entry device in combination with a cellular communication device, the auxiliary data display and data entry device separate from the cellular communication device and the cellular communication network, the cellular communication device in communication through the edge node servers to the cellular communication network and the auxiliary data display and data entry device in communication only through the cellular communication device to the cellular communication network;

encrypting the virtualized instance of the enterprise environment at the virtualized-instance host server;

delivering the encrypted virtualized instance of the enterprise environment to the auxiliary data display and data entry device by passing the encrypted virtualized instance of the enterprise environment from the cellular communication network through the cellular communication device to the auxiliary data display and data entry device;

decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device; and

displaying the virtualized instance of the enterprise environment only on the auxiliary data display and data entry device and using only the auxiliary data display and data entry device to enter data into the virtualized instance of the enterprise environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure virtualizing of a mobile cellular device uses a cellular communication network having base transceiver station edge node servers. A virtualized-instance host server contains a virtualized instance of an enterprise environment. Base station controllers are in communication with and control the base transceiver stations. A mobile switching center in communication with the base station controllers contains the virtualized-instance host server. A cellular communication device is in communication with an edge node server, and an auxiliary data display entry device is in communication with the cellular communication device such that the virtualized instance of the enterprise environment is on the edge node server. Communications between the auxiliary display and data entry device are encrypted. In addition, movement of the cellular communication device within the cellular communication network are anticipated so that additional remote virtualized instances of the enterprise environment are provided on candidate future edge servers.

73 Citations

20 Claims

1. A method for secure virtualizing of a mobile cellular device, the method comprising:
- instantiating a virtualized instance of an enterprise environment comprising at least one enterprise application on a virtualized-instance host server disposed in a cellular communication network comprising;
  
  a plurality of base transceiver stations, each base transceiver station comprising an edge node server within the cellular communication network;
  
  a plurality of base station controllers, each based station controller in communication with and controlling at least one of the plurality of base transceiver stations such that each one of the plurality of base transceiver stations are in communication with and controlled by a base station controller; and
  
  a mobile switching center in communication with each one of the plurality of base station controllers, the virtualized-instance host server disposed in the mobile switching center and in communication with each edge node server;
  
  providing an auxiliary data display and data entry device in combination with a cellular communication device, the auxiliary data display and data entry device separate from the cellular communication device and the cellular communication network, the cellular communication device in communication through the edge node servers to the cellular communication network and the auxiliary data display and data entry device in communication only through the cellular communication device to the cellular communication network;
  
  encrypting the virtualized instance of the enterprise environment at the virtualized-instance host server;
  
  delivering the encrypted virtualized instance of the enterprise environment to the auxiliary data display and data entry device by passing the encrypted virtualized instance of the enterprise environment from the cellular communication network through the cellular communication device to the auxiliary data display and data entry device;
  
  decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device; and
  
  displaying the virtualized instance of the enterprise environment only on the auxiliary data display and data entry device and using only the auxiliary data display and data entry device to enter data into the virtualized instance of the enterprise environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the method further comprises:
    - entering data using the auxiliary data display and data entry device;
      
      encrypting the data at the auxiliary data display and data entry device;
      
      delivering the encrypted data to the virtualized-instance host server through the cellular communication device; and
      
      decrypting the encrypted data at the virtualized-instance host server.
  - 3. The method of claim 2, wherein the method further comprises using the enterprise application to process the data.
  - 4. The method of claim 1, wherein the cellular communication device comprises a smartphone.
  - 5. The method of claim 1, wherein:
    - the virtualized-instance host server is in communication with each edge node server and the cellular communication device is in communication with a current edge node server; and
      
      the method further comprises;
      
      instantiating a remote virtualized instance of the enterprise environment on the current edge node server; and
      
      delivering the encrypted virtualized instance further comprises delivering the remote virtualized instance from the current edge node server to the auxiliary data display and data entry device through the cellular communication device.
  - 6. The method of claim 5, wherein the method further comprises:
    - notifying the virtualized-instance host server of pending movement of the cellular communication device out of a communication range associated with the current edge node server;
      
      identifying from the plurality of base stations a plurality of candidate future edge node servers having associated communication ranges into which the cellular communication device could travel; and
      
      instantiating the remote virtualized instance of the enterprise environment on each one of the plurality of candidate future edge servers.
  - 7. The method of claim 6, wherein the method further comprises predicting the pending movement of the cellular communication device based on at least one of a history of movement patterns of the cellular communication device, a current location of the cellular communication device and signaling information received from adjacent edge nodes to the current edge nodes.
  - 8. The method of claim 6, further comprising ranking the plurality of candidate future edge node servers based on a likelihood of movement of the cellular communication device into the communication ranges associated with each one of the candidate future edge node servers.
  - 9. The method of claim 1, wherein the auxiliary data display and data entry device comprises a touch screen display.
  - 10. The method of claim 1, wherein:
    - providing the auxiliary data display and data entry device further comprises attaching the auxiliary data display and data entry device to the cellular communication device using a tether cable; and
      
      decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device further comprising decrypting the encrypted virtualized instance of the enterprise environment at the tether cable.
  - 11. The method of claim 1, wherein providing the auxiliary data display and data entry device further comprises installing a secure plug-in in the cellular communication device to utilize an existing display and existing data entry capabilities of the cellular communication device as the auxiliary data display and data entry device.

12. A system for secure virtualizing of a mobile cellular device, the system comprising:
- a cellular communication network comprising;
  
  a plurality of base transceiver stations, each base transceiver station comprising an edge node server within the cellular communication network;
  
  a virtualized-instance host server comprising a virtualized instance of an enterprise environment comprising at least one enterprise application;
  
  a plurality of base station controllers, each based station controller in communication with and controlling at least one of the plurality of base transceiver stations such that each one of the plurality of base transceiver stations are in communication with and controlled by a base station controller; and
  
  a mobile switching center in communication with each one of the plurality of base station controllers, the virtualized-instance host server disposed in the mobile switching center and in communication with each edge node server;
  
  a cellular communication device in communication with a current edge node server;
  
  an auxiliary data display and data entry device separate from the cellular communication device and in communication with the current edge node server only through the cellular communication device, the cellular communication device functioning solely as a pass through device to provide communication between the auxiliary data display and data entry device and the current edge node server;
  
  a remote virtualized instance of the enterprise environment on the current edge node server;
  
  a display of the virtualized instance of the enterprise environment only on the auxiliary data display and data entry device;
  
  a plurality of candidate future edge node servers having associated communication ranges into which the cellular communication device could travel;
  
  a plurality of additional remote virtualized instances of the enterprise environment, each one of the additional remote virtualized instances disposed on one of the plurality of candidate future edge servers; and
  
  an encryption and decryption system disposed only on the virtualized-instance host server and the auxiliary data display and data entry device to encrypt the virtualized instance of the enterprise environment at the virtualized-instance host server and to decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device.

13. A non-transitory computer-readable storage medium containing a computer-readable code that when read by a computer causes the computer to perform a method for secure virtualizing of a mobile cellular device, the method comprising:
- instantiating a virtualized instance of an enterprise environment comprising at least one enterprise application on a virtualized-instance host server disposed in a cellular communication network comprising;
  
  a plurality of base transceiver stations, each base transceiver station comprising an edge node server within the cellular communication network;
  
  a plurality of base station controllers, each based station controller in communication with and controlling at least one of the plurality of base transceiver stations such that each one of the plurality of base transceiver stations are in communication with and controlled by a base station controller; and
  
  a mobile switching center in communication with each one of the plurality of base station controllers, the virtualized-instance host server disposed in the mobile switching center and in communication with each edge node server;
  
  providing an auxiliary data display and data entry device in combination with a cellular communication device, the auxiliary data display and data entry device separate from the cellular communication device and the cellular communication network, the cellular communication device in communication through the edge node servers to the cellular communication network and the auxiliary data display and data entry device in communication only through the cellular communication device to the cellular communication network;
  
  encrypting the virtualized instance of the enterprise environment at the virtualized-instance host server;
  
  delivering the encrypted virtualized instance of the enterprise environment to the auxiliary data display and data entry device by passing the encrypted virtualized instance of the enterprise environment from the cellular communication network through the cellular communication device to the auxiliary data display and data entry device;
  
  decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device; and
  
  displaying the virtualized instance of the enterprise environment only on the auxiliary data display and data entry device and using only the auxiliary data display and data entry device to enter data into the virtualized instance of the enterprise environment.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the method further comprises:
    - entering data using the auxiliary data display and data entry device;
      
      encrypting the data at the auxiliary data display and data entry device;
      
      delivering the encrypted data to the virtualized-instance host server through the cellular communication device; and
      
      decrypting the encrypted data at the virtualized-instance host server.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein:
    - the virtualized-instance host server is in communication with each edge node server; and
      
      the cellular communication device is in communication with a current edge node server; and
      
      the method further comprises;
      
      instantiating a remote virtualized instance of the enterprise environment on the current edge node server; and
      
      delivering the encrypted virtualized instance further comprises delivering the remote virtualized instance from the current edge node server to the auxiliary data display and data entry device through the cellular communication device.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the method further comprises:
    - notifying the virtualized-instance host server of pending movement of the cellular communication device out of a communication range associated with the current edge node server;
      
      identifying from the plurality of base stations a plurality of candidate future edge node servers having associated communication ranges into which the cellular communication device could travel; and
      
      instantiating the remote virtualized instance of the enterprise environment on each one of the plurality of candidate future edge servers.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the method further comprises predicting the pending movement of the cellular communication device based on at least one of a history of movement patterns of the cellular communication device, a current location of the cellular communication device and signaling information received from adjacent edge nodes to the current edge nodes.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the method further comprises ranking the plurality of candidate future edge node servers based on a likelihood of movement of the cellular communication device into the communication ranges associated with each one of the candidate future edge node servers.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein:
    - providing the auxiliary data display and data entry device further comprises attaching the auxiliary data display and data entry device to the cellular communication device using a tether cable; and
      
      decrypting the encrypted virtualized instance of the enterprise environment at the auxiliary data display and data entry device further comprising decrypting the encrypted virtualized instance of the enterprise environment at the tether cable.
  - 20. The non-transitory computer-readable storage medium of claim 13, wherein providing the auxiliary data display and data entry device further comprises installing a secure plug-in in the cellular communication device to utilize an existing display and existing data entry capabilities of the cellular communication device as the auxiliary data display and data entry device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Agrawal, Dakshi, Anthony, Jr., Bruce O., Bisdikian, Chatschik, Srivatsa, Mudhakar, Verma, Dinesh
Primary Examiner(s)
Shayanfar, Ali
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US15/086,683
Publication Number

US 20160212106A1
Time in Patent Office

817 Days
Field of Search

380247
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/84   output devices, e.g. displa...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04W 12/037   of the control plane, e.g. ...

H04W 88/12   Access point controller dev...

Secure virtualized mobile cellular device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure virtualized mobile cellular device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links