Security management on a mobile device

US 10,070,315 B2
Filed: 11/26/2013
Issued: 09/04/2018
Est. Priority Date: 11/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method for managing security levels on a mobile device, the method comprising:

assigning, at the mobile device, a first data tag to a capsule including first data and information associated with the first data, the first data tag identifying a security level for the first data, the security level corresponding to at least one of a personal security level and a workplace security level;

storing the capsule on the mobile device;

detecting a system call performed by an email process to an address book process, the email process executing on the mobile device;

in response to the system call, assigning, by executing an instruction with a processor of the mobile device, an application tag to the email process based on a recipient email address obtained from the address book process for an email being composed with the email process, the application tag corresponding to at least one of the personal security level and the workplace security level;

allowing, by executing an instruction with the processor, the email process to include the first data with the email when the application tag matches the first data tag; and

preventing the first data from being included with the email when the application tag does not match the first data tag.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing security levels on a mobile device includes receiving a capsule including first data; assigning a first data tag to the capsule, the first data tag identifying a security level for the first data; storing the capsule on the mobile device; executing a process on the mobile device, the process associated with an application tag; allowing the process to access the first data when the application tag matches the first data tag, the process for generating second data in response to the first data.

Citations

18 Claims

1. A method for managing security levels on a mobile device, the method comprising:
- assigning, at the mobile device, a first data tag to a capsule including first data and information associated with the first data, the first data tag identifying a security level for the first data, the security level corresponding to at least one of a personal security level and a workplace security level;
  
  storing the capsule on the mobile device;
  
  detecting a system call performed by an email process to an address book process, the email process executing on the mobile device;
  
  in response to the system call, assigning, by executing an instruction with a processor of the mobile device, an application tag to the email process based on a recipient email address obtained from the address book process for an email being composed with the email process, the application tag corresponding to at least one of the personal security level and the workplace security level;
  
  allowing, by executing an instruction with the processor, the email process to include the first data with the email when the application tag matches the first data tag; and
  
  preventing the first data from being included with the email when the application tag does not match the first data tag.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the application tag is a first application tag, the system call is a first system call, and further including:
    - detecting a second system call made by the email process to access a second called process, the second called process having a second application tag; and
      
      allowing, by an operating system kernel, access to the second called process when the second application tag matches the first application tag.
  - 3. The method of claim 2, further including changing the first application tag to correspond to the second application tag.
  - 4. The method of claim 1, further including:
    - generating, by a user interface application, a request to identify a second data tag associated with second data, the request submitted to an application program interface;
      
      generating, by an operating system kernel, a reply to the request to identify the second data tag; and
      
      displaying, by the user interface application, an indicia of the second data in response to the reply to the request to identify the second data tag received from the application program interface.
  - 5. The method of claim 4, further including assigning the second data tag based on a location of the mobile device and a time at which the second data is obtained.
  - 6. The method of claim 5, wherein the assigning of the second data tag includes:
    - assigning the second data tag the workplace security level when the location of the mobile device corresponds to a first location and the time corresponds to a first time; and
      
      assigning the second data tag the personal security level when the location of the mobile device corresponds to a second location different from the first location and the time corresponds to a second time different from the first time.

7. An apparatus comprising:
- a processor; and
  
  memory including computer-executable instructions that, when executed by the processor, cause the processor to perform operations, the operations including;
  
  assigning a first data tag to a capsule including first data and information associated with the first data, the first data tag identifying a security level for the first data, the security level corresponding to at least one of a personal security level and a workplace security level;
  
  storing the capsule;
  
  detecting a system call performed by an email process to an address book process;
  
  in response to the system call, assigning an application tag to the email process based on a recipient email address obtained from the address book process for an email being composed with the email process, the application tag corresponding to at least one of the personal security level and the workplace security level;
  
  allowing the email process to include the first data with the email when the application tag matches the first data tag; and
  
  preventing the first data from being included with the email when the application tag does not match the first data tag.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein the application tag is a first application tag, the system call is a first system call, and the operations further include:
    - detecting a second system call made by the email process to access a second called process, the second called process having a second application tag; and
      
      allowing, by an operating system kernel, access to the second called process when the second application tag matches the first application tag.
  - 9. The apparatus of claim 8, wherein the operations further include:
    - changing the first application tag to correspond to the second application tag.
  - 10. The apparatus of claim 7, wherein the operations further include:
    - generating, by a user interface application, a request to identify a second data tag associated with second data, the request submitted to an application program interface;
      
      generating, by an operating system kernel, a reply to the request to identify the second data tag; and
      
      displaying, by the user interface application, an indicia of the third data in response to the reply to the request to identify the third data tag received from the application program interface.
  - 11. The apparatus of claim 10, wherein the operations include further assigning the second data tag based on a location of the apparatus and a time at which the second data is obtained.
  - 12. The apparatus of claim 11, wherein the assigning of the second data tag includes:
    - assigning the second data tag the workplace security level when the location of the apparatus corresponds to a first location and the time corresponds to a first time; and
      
      assigning the second data tag the personal security level when the location of the apparatus corresponds to a second location different from the first location and the time corresponds to a second time different from the first time.

13. A computer readable memory including instructions that, when executed by a processor of a mobile device, cause the processor to perform operations comprising:
- assigning a first data tag to a capsule including first data and information associated with the first data, the first data tag identifying a security level for the first data, the security level corresponding to at least one of a personal security level and a workplace security level;
  
  storing the capsule on the mobile device;
  
  detecting a system call performed by an email process to an address book process;
  
  in response to the system call, assigning an application tag assigned to the email process based on a recipient email address obtained from the address book process for an email being composed with the email process, the application tag corresponding to at least one of the personal security level and the workplace security level;
  
  allowing the email process to include the first data with the email when the application tag matches the first data tag; and
  
  preventing the first data from being included with the email when the application tag does not match the first data tag.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer readable memory of claim 13, wherein the application tag is a first application tag, and the operations further include:
    - detecting a system call made by the email process to access a second called process, the second called process having a second application tag; and
      
      allowing, by an operating system kernel, access to the second called process when the second application tag matches the application tag.
  - 15. The computer readable memory of claim 14, wherein the operations further include:
    - changing the first application tag to correspond to the second application tag.
  - 16. The computer readable memory of claim 13, wherein the operations further include:
    - instructing a user interface application to generate a request to identify a second data tag associated with second data, the request submitted to an application program interface;
      
      generating, by an operating system kernel, a reply to the request to identify the second data tag; and
      
      instructing by the user interface application to display an indicia of the second data in response to the reply to the request to identify the second data tag received from the application program interface.
  - 17. The computer readable memory of claim 16, wherein the operations further include assigning the second data tag based on a location of the mobile device and a time at which the second data is obtained.
  - 18. The computer readable memory of claim 17, wherein the assigning of the second data tag includes:
    - assigning the second data tag the workplace security level when the location of the mobile device corresponds to a first location and the time corresponds to a first time; and
      
      assigning the second data tag the personal security level when the location of the mobile device corresponds to a second location different from the first location and the time corresponds to a second time different from the first time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SimpliSafe Incorporated (Hellman & Friedman LLC)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Joshi, Kaustubh
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Tran, Baotram

Application Number

US14/089,942
Publication Number

US 20150150085A1
Time in Patent Office

1,743 Days
Field of Search

None
US Class Current
CPC Class Codes

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

H04W 88/02   Terminal devices

Security management on a mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security management on a mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links