SELF-DELEGATING SECURITY ARRANGEMENT FOR PORTABLE INFORMATION DEVICES

US 20100138926A1
Filed: 10/19/2009
Published: 06/03/2010
Est. Priority Date: 12/02/2008
Status: Active Grant

First Claim

Patent Images

1. A portable information device having a dynamically configurable security arrangement, the device comprising:

computer circuitry, including a processor operatively coupled to a data store;

wireless communications circuitry; and

a power supply that provides power to the computer circuitry, user interface, and wireless communications circuitry, the power supply including an on-board energy source;

wherein the computer circuitry includes a security arrangement comprising;

a configurable security module that facilitates security services in the portable information device, wherein the configurable security module is capable of selectively executing certain ones of the security services locally on the portable information device, and is capable of selectively utilizing least one computing device that is distinct from the portable information device to remotely execute certain ones of the security services;

a risk profiling module adapted to dynamically re-assess a current set of security risks to which the information device is exposed; and

a security configuration module that is adapted to;

(i) dynamically generate a selection of which of the security services are to be executed locally by the security module on the portable information device, and which of the security services are to be executed remotely on the at least one computing device that is distinct from the portable information device, the selection being made in response to a re-assessment of the current set of security risks to which the portable information device is exposed by the risk profiling module; and

(ii) dynamically reconfigure operational settings of the configurable security module such that security services are facilitated based on the selection that is generated in (i).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable information device includes a dynamically configurable security arrangement in which operational settings are automatically and dynamically configured based on a current set of security risks to which the device is exposed, on a current computing capacity of the portable information device, or both. The operational settings can be adjusted to control which security services or functions are to be executed locally by portable information device, and which of the security services or functions are to be executed remotely on at least one computing device that is distinct from the portable information device.

116 Citations

View as Search Results

22 Claims

1. A portable information device having a dynamically configurable security arrangement, the device comprising:
- computer circuitry, including a processor operatively coupled to a data store;
  
  wireless communications circuitry; and
  
  a power supply that provides power to the computer circuitry, user interface, and wireless communications circuitry, the power supply including an on-board energy source;
  
  wherein the computer circuitry includes a security arrangement comprising;
  
  a configurable security module that facilitates security services in the portable information device, wherein the configurable security module is capable of selectively executing certain ones of the security services locally on the portable information device, and is capable of selectively utilizing least one computing device that is distinct from the portable information device to remotely execute certain ones of the security services;
  
  a risk profiling module adapted to dynamically re-assess a current set of security risks to which the information device is exposed; and
  
  a security configuration module that is adapted to;
  
  (i) dynamically generate a selection of which of the security services are to be executed locally by the security module on the portable information device, and which of the security services are to be executed remotely on the at least one computing device that is distinct from the portable information device, the selection being made in response to a re-assessment of the current set of security risks to which the portable information device is exposed by the risk profiling module; and
  
  (ii) dynamically reconfigure operational settings of the configurable security module such that security services are facilitated based on the selection that is generated in (i).
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The portable information device of claim 1, wherein the at least one computing device that is distinct from the portable information device includes a security server.
  - 3. The portable information device of claim 1, wherein the risk profiling module includes:
    - a location determining module configured to determine and provide an indication of a current location of the portable information device; and
      
      a location profile database containing security risk profile information for a plurality of local networks at a plurality of geographic locations;
      
      wherein the current set of security risks re-assessed by the risk profiling module is based on risk profile information contained in the location profile database corresponding to the current location.
  - 4. The portable information device of claim 1, further comprising:
    - a computing capacity determining module that is adapted to dynamically re-assess a current state of computing capacity availability of the portable information device; and
      
      wherein the security configuration module is further adapted to dynamically reconfigure the security module in response to the current state of computing capacity availability from the computing capacity determining module.
  - 5. The portable information device of claim 4, wherein the security configuration module is adapted to dynamically configure the security module based on at least one of:
    - available network communications bandwidth of the portable information device, and available computing capacity in the portable information device.
  - 6. The portable information device of claim 1, wherein the security configuration module is adapted to dynamically reconfigure the security module to change operation modes from one of configurations (a)-(c) to another one of configurations (a)-(c), wherein configurations (a)-(c) are defined as follows:
    - (a) a thin client configuration in which a majority of security services are executed by the at least one computing device that is distinct from the portable information device;
      
      (b) a thick client configuration in which a majority of security services are executed by the configurable security module; and
      
      (c) a hybrid configuration in which certain ones of the security services are executed by the configurable security module, and other ones of the security services are executed by at least one computing device that is distinct from the portable information device.

7. A portable information device having a dynamically configurable security arrangement, the device comprising:
- computer circuitry, including a processor operatively coupled to a data store;
  
  wireless communications circuitry; and
  
  a power supply that provides power to the computer circuitry, user interface, and wireless communications circuitry, the power supply including an on-board energy source;
  
  wherein the computer circuitry includes a security arrangement comprising;
  
  a configurable security module that facilitates security services in the portable information device, wherein the configurable security module is capable of selectively executing certain ones of the security services locally on the portable information device, and is capable of selectively utilizing least one computing device that is distinct from the portable information device to remotely execute certain ones of the security services;
  
  a computing capacity determining module adapted to re-assess computing capacity availability relating to usage and performance expectations for operation of the information device; and
  
  a security configuration module that is adapted to;
  
  (i) dynamically generate a selection of which of the security services are to be executed locally by the security module on the portable information device, and which of the security services are to be executed remotely on the at least one computing device that is distinct from the portable information device, the selection being made in response to a change in the computing capacity availability based on a re-assessment of the computing capacity availability by the computing capacity determining module; and
  
  (ii) dynamically reconfigure operational settings of the configurable security module such that security services are facilitated based on the selection that is generated in (i).
- View Dependent Claims (8, 9, 10, 11)
- - 8. The portable information device of claim 7, wherein the at least one computing device that is distinct from the portable information device includes a security server.
  - 9. The portable information device of claim 7, wherein the security configuration module is adapted to progressively re-configure the operational settings of the security module in response to indicia of progressively-reducing computing capacity by progressively disabling security services in order of less essential functionality to more essential functionality to preserve computing capacity for non-security functions of the portable information device.
  - 10. The portable information device of claim 7, wherein the computing capacity determining module is adapted to re-assess computing capacity availability based on a condition of the on-board energy source.
  - 11. The portable information device of claim 7, wherein the computing capacity determining module is adapted to re-assess computing capacity availability based on at least one parameter selected from the group consisting of:
    - application programs in use, network traffic, processor idling, an amount of memory allocated, and an amount of memory available in the data store.

12. A method for automatically configuring a portable information device to facilitate usability while providing security protection for the information device, the method comprising:
- dynamically determining, by the portable information device, a set of current security risks to which the information device is exposed based on a current usage of the portable information device;
  
  dynamically determining, by the portable information device, a set of security functionality with which a security module is to be configured in the portable information device to protect the portable information device in response to a result of the dynamically determining of the set of current security risks;
  
  dynamically re-assessing, by the portable information device, from among the set of security functionality, a subset of more essential security functionality and a subset of less essential security functionality relevant to the set of current security risks;
  
  dynamically re-assessing, by the portable information device, current computing capacity availability relating to usage and performance expectations for operation of the portable information device; and
  
  dynamically configuring, by the portable information device, the security arrangement to run on the portable information device based on a result of the dynamically determining of the current set of security risks and on a result of the dynamically re-assessing of the current computing capacity availability, including;
  
  in response to the result of the re-assessing of the current computing capacity availability being indicative of a reduction of computing capacity availability from a previous computing capacity availability, disabling the subset of less essential security functionality to an extent that computational loading on the information device attributable to operation of the configurable security module is reduced to facilitate operation of the information device corresponding to the usage and performance expectations while the information device executes the subset of more essential security functionality.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising:
    - in response to the result of the re-assessing of the current computing capacity availability being indicative of a reduction of computing capacity availability from a previous computing capacity availability, dynamically reconfiguring operational settings of the configurable security module such that certain security functionality is executed locally by the portable information device, and other security functionality is executed remotely on at least one computing device that is distinct from the portable information device.
  - 14. The method of claim 12, wherein determining the computing capacity includes assessing available computing resources based on a condition of a battery of the portable information device.

15. A method for automatically configuring a security arrangement of a portable information device, the method comprising:
- dynamically re-assessing, by the portable information device, current computing capacity availability relating to usage and performance expectations for operation of the portable information device; and
  
  dynamically reconfiguring, by the portable information device, the security arrangement to run on the portable information device based a result of the dynamically re-assessing of the current computing capacity availability, including;
  
  in response to the result of the re-assessing of the current computing capacity availability being indicative of a reduction of computing capacity availability from a previous level of computing capacity availability, dynamically reconfiguring operational settings of the security arrangement such that certain security functionality that was previously executed locally by the portable information device, is executed remotely on at least one computing device that is distinct from the portable information device.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein determining the computing capacity includes re-assessing available computing resources based on a condition of a battery of the portable information device.
  - 17. The method of claim 15, wherein determining the computing capacity includes re-assessing the computing capacity includes assessing a present demand on computing resources based on at least one monitored parameter selected from the group consisting of:
    - application programs in use on the information device, network traffic to or from the information device, processor idling of the information device, an amount of memory allocated on the information device, or any combination thereof.
  - 18. The method of claim 15, further comprising:
    - dynamically determining, by the portable information device, a set of current security risks to which the information device is exposed based on a current usage of the portable information device; and
      
      dynamically determining, by the portable information device, a set of security functionality with which a security module is to be configured in the portable information device to protect the portable information device in response to a result of the dynamically determining of the set of current security risks;
      
      wherein the dynamically reconfiguring of the security arrangement is further based on a result of the dynamically determining of the set of security functionality with which a security module is to be configured.

19. A method for automatically configuring a security arrangement of a portable information device, the method comprising:
- dynamically determining, by the portable information device, a set of current security risks to which the information device is exposed based on a current usage of the portable information device; and
  
  dynamically reconfiguring, by the portable information device, the security arrangement to run on the portable information device based a result of the dynamically determining of the set of current security risks, including;
  
  in response to the result of the dynamically determining of the set of current security risks being indicative of an increase in security risk to which the portable information device is currently exposed from a previous level of security risk, dynamically reconfiguring operational settings of the security arrangement such that certain security functionality that was previously executable locally by the portable information device is executed remotely on at least one computing device that is distinct from the portable information device.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, wherein dynamically reconfiguring operational settings of the security arrangement includes configuring the security arrangement to operate in a thin client mode in which a majority of the security functionality is executed on the at least one computing device that is distinct from the portable information device.
  - 21. The method of claim 19, wherein dynamically reconfiguring operational settings of the security arrangement includes selecting certain security functions from among all available functionality to be executed on the at least one computing device that is distinct from the portable information device based on the result of the dynamically determining of the set of current security risks.
  - 22. The method of claim 19, wherein the dynamically determining, by the portable information device, of a set of current security risks to which the information device is exposed based on a current usage of the portable information device includes analyzing at least one of:
    - user-initiated events, operational history of the portable information device, and a software configuration of the portable information device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Kaspersky Lab ZAO
Inventors
Polyakov, Dmitry A., Kashchenko, Nadezhda V., Tikhomirov, Anton V.

Granted Patent

US 8,370,946 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/74   operating in dual or compar...

G06F 21/81   by operating on the power s...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

SELF-DELEGATING SECURITY ARRANGEMENT FOR PORTABLE INFORMATION DEVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SELF-DELEGATING SECURITY ARRANGEMENT FOR PORTABLE INFORMATION DEVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others