Server, computer memory, and method to support security policy maintenance and distribution

US 20060147043A1
Filed: 09/23/2002
Published: 07/06/2006
Est. Priority Date: 09/23/2002
Status: Active Grant

First Claim

Patent Images

1. A server module deployed on a server that is connected to a wireless network access node, comprising:

a database containing user information for multiple wireless devices, each element in the database attributable to at least one authorized wireless device and containing at least one type of data file from the group consisting of;

(i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a particular embodiment, a server module deployed on a server is disclosed. The server module is connected to a wireless network access node. The server module includes a database containing user information for multiple wireless devices. Each element in the database is attributable to at least one authorized wireless device and contains at least one type of data file from the following group: (i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information. In another embodiment, a computer memory is disclosed. The computer memory includes a plurality of operating keys for use in connection with security features of a mobile computing device and a root key. The root key is to encrypt the plurality of operating keys. In another embodiment, a method of enforcing security policies at a mobile computing device is provided. The method includes receiving a policy at the mobile computing device and enforcing the policy at the mobile computing device by disallowing a user of the mobile computing device from engaging in the use precluded by the use limitation. The policy includes at least one device use limitation.

241 Citations

18 Claims

1. A server module deployed on a server that is connected to a wireless network access node, comprising:
- a database containing user information for multiple wireless devices, each element in the database attributable to at least one authorized wireless device and containing at least one type of data file from the group consisting of;
  
  (i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information.
- View Dependent Claims (2)
- - 2. The server module of claim 1, further comprising a centralized log, the centralized log being an aggregation of activity logs from respective client modules of authorized wireless devices.

3. A computer memory comprising:
- a plurality of operating keys for use in connection with security features of a mobile computing device; and
  
  a root key, the root key to encrypt the plurality of operating keys.
- View Dependent Claims (4, 5)
- - 4. The computer memory of claim 3, wherein the plurality of operating keys includes a data key associated with data stored within the mobile computing device and a policy key associated with security policies for use at the mobile computing device.
  - 5. The computer memory of claim 4, wherein the plurality of operating keys further comprises a log file key, the log file key associated with a log file of the mobile computing device, the log file storing information regarding historical activities at the mobile computing device.

6. A method of enforcing security policies at a mobile computing device, the method comprising:
- receiving a policy at the mobile computing device, the policy including at least one device use limitation;
  
  enforcing the policy at the mobile computing device by disallowing a user of the mobile computing device from engaging in the use precluded by the use limitation.
- View Dependent Claims (7)
- - 7. The method of claim 6, wherein the user is authenticated and is allowed to use the mobile computing device after the user has received permission.

8. A security method comprising:
- receiving a password from a user of a mobile computing device;
  
  deriving a security code from the password by applying a non-linear function; and
  
  encrypting the security code using the password as an encryption key.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The security method of claim 8, further comprising storing the encrypted security code.
  - 10. The security method of claim 9, further comprising receiving a password entry and authenticating the user by decrypting the previously stored encrypted security code using the password entry as the encryption key.
  - 11. The security method of claim 10, wherein the authentication of the user was successful and further comprising providing access to data and access to use of the mobile computing device.
  - 12. The security method of claim 10, wherein the authentication of the user was unsuccessful and further comprising denying access to data and denying access to use the mobile computing device.

13. A method of selectively providing a mobile computing device with access to a software application on a server, the method comprising:
- receiving a request to access the software application from the mobile computing device;
  
  determining whether to grant access to the software application by checking whether the mobile computing device has an installed security program.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the step of determining further includes checking at the server whether the mobile computing device is within a set of devices allowed access to the software application.
  - 15. The method of claim 14, further comprising determining that the mobile computer device has an installed security program and is within the set of devices allowed access to the software application and providing the mobile computing device with access to the software application.
  - 16. The method of claim 13, further comprising determining that the mobile computer device does not have an installed security program and further comprising initiating installation of the security program onto the mobile computer device.
  - 17. The method of claim 16, wherein the security program is a shield software module.

18. A method of updating policies and key materials, the method comprising:
- providing a shared encryption key that is shared by a server and a client module;
  
  encrypting data on the client using the shared encryption key;
  
  authenticating a user of a mobile computing device by receiving a password, the client resident at the mobile computing device;
  
  decrypting the shared key using the password;
  
  using the shared key to decrypt updated policies and key materials; and
  
  replacing policies and key materials at the mobile computing device with the updated and decrypted policies and key materials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Marketing LP (Dell Technologies Inc.)
Original Assignee
Credant Technologies Incorported (Dell Technologies Inc.)
Inventors
Gordon, Ian R., Mann, Dwayne R., Burchett, Christopher D., Heard, Robert W.

Granted Patent

US 7,665,118 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04L 9/3066   involving algebraic varieti...

H04L 9/3226   using a predetermined code,...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 12/086   using security domains

H04W 8/18 : Processing of user or subsc...

View All

Server, computer memory, and method to support security policy maintenance and distribution

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

241 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Server, computer memory, and method to support security policy maintenance and distribution

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

241 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links