SYSTEMS AND METHODS TO CONTROL DEVICE ENDPOINT BEHAVIOR USING PERSONAE AND POLICIES

US 20120054853A1
Filed: 08/24/2010
Published: 03/01/2012
Est. Priority Date: 08/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

defining a plurality of personae for a device, each persona according variable access responsive to different access criteria;

applying a policy for each persona, each policy defining conditions for the different access criteria;

implementing a sandbox for each persona based on the policy of each persona;

according access to device resources responsive to access criteria.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The creation of multiple personae in mobile devices. Access to personae is controlled based on the persona that is currently active. The creation or existence of different personae helps prevent data leakage or loss, in that any or all of the following characteristics, by way of example, may be manifested: business data and applications are firewalled from applications or other items associated with personal use; connectivity of the device is controlled; resources (such cameras, GPS, other sensors, etc.) on the device are controlled; data are protected even if removable storage or the device itself are lost.

Citations

20 Claims

1. A method comprising:
- defining a plurality of personae for a device, each persona according variable access responsive to different access criteria;
  
  applying a policy for each persona, each policy defining conditions for the different access criteria;
  
  implementing a sandbox for each persona based on the policy of each persona;
  
  according access to device resources responsive to access criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein said defining comprises defining personae based on usage contexts.
  - 3. The method according to claim 2, wherein said defining personae based on usage contexts comprises defining an enterprise persona.
  - 4. The method according to claim 3, wherein said defining personae based on usage contexts comprises defining a personal persona.
  - 5. The method according to claim 1, wherein said defining comprises defining personae based on geographical location.
  - 6. The method according to claim 1, wherein said according of access is triggered automatically.
  - 7. The method according to claim 6, wherein said according of access is triggered responsive to secure authentication by a user.
  - 8. The method according to claim 7, further comprising providing a key to the device responsive to secure authentication by a user and thereafter according the user access to predetermined data.
  - 9. The method according to claim 1, wherein the device comprises a mobile device.

10. An apparatus comprising:
- one or more processors; and
  
  a computer readable storage medium having computer readable program code embodied therewith and executable by the one or more processors, the computer readable program code comprising;
  
  computer readable program code configured to define a plurality of personae for a device, each persona according variable access responsive to different access criteria;
  
  computer readable program code configured to apply a policy for each persona, each policy defining conditions for the different access criteria;
  
  computer readable program code configured to implement a sandbox for each persona based on the policy of each persona;
  
  computer readable program code configured to accord access to device resources responsive to access criteria.
- View Dependent Claims (11)
- - 11. The apparatus according to claim 10, wherein the device comprises a mobile device.

12. A computer program product comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to define a plurality of personae for a device, each persona according variable access responsive to different access criteria;
  
  computer readable program code configured to apply a policy for each persona, each policy defining conditions for the different access criteria;
  
  computer readable program code configured to implement a sandbox for each persona based on the policy of each persona;
  
  computer readable program code configured to accord access to device resources responsive to access criteria.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer program product according to claim 12, wherein said computer readable program code is configured to define personae based on usage contexts.
  - 14. The computer program product according to claim 13, wherein said computer readable program code is configured to define an enterprise persona.
  - 15. The computer program product according to claim 14, wherein said computer readable program code is configured to define a personal persona.
  - 16. The computer program product according to claim 12, wherein said computer readable program code is configured to define personae based on geographical location.
  - 17. The computer program product according to claim 12, wherein said computer readable program code is configured to accord access via an automatic trigger.
  - 18. The computer program product according to claim 17, wherein said computer readable program code is configured to accord access automatically responsive to secure authentication by a user.
  - 19. The computer program product according to claim 18, wherein said computer readable program code is further configured to provide a key to the device responsive to secure authentication by a user and thereafter accord the user access to predetermined data.
  - 20. The computer program product according to claim 12, wherein the device comprises a mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Gupta, Akhilesh, Joshi, Anupam, Pingali, Gopal S.

Granted Patent

US 8,539,561 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 2221/2141   Access rights, e.g. capabil...

H04W 12/086   using security domains

H04W 12/37   Managing security policies ...

SYSTEMS AND METHODS TO CONTROL DEVICE ENDPOINT BEHAVIOR USING PERSONAE AND POLICIES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS TO CONTROL DEVICE ENDPOINT BEHAVIOR USING PERSONAE AND POLICIES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links