Administration of protection of data accessible by a mobile device

US 7,353,533 B2
Filed: 04/11/2003
Issued: 04/01/2008
Est. Priority Date: 12/18/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for administering protection of data accessible by a mobile computing device, comprising:

pre-defining one or more security policies by a server computer system for the mobile computing device based upon a plurality of pre-configured locations associated with a network environment in which the mobile computing device may be operating;

upon the mobile computing device detecting a location in which it is operating during use, the server computer system configured for receiving a query from the mobile computing device to verify whether the detected location corresponds to one of the plurality of pre-configured locations;

comparing the detected location to the plurality of pre-configured locations; and

if the detected location corresponds to one of the plurality of pre-configured locations, sending over a network the one or more security policies to the mobile computing device as a function of the detected location, wherein the server computer system sends the one or more security policies and responds to the received query using a cryptographic authentication protocol.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The administration of protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.

691 Citations

15 Claims

1. A computer-implemented method for administering protection of data accessible by a mobile computing device, comprising:
- pre-defining one or more security policies by a server computer system for the mobile computing device based upon a plurality of pre-configured locations associated with a network environment in which the mobile computing device may be operating;
  
  upon the mobile computing device detecting a location in which it is operating during use, the server computer system configured for receiving a query from the mobile computing device to verify whether the detected location corresponds to one of the plurality of pre-configured locations;
  
  comparing the detected location to the plurality of pre-configured locations; and
  
  if the detected location corresponds to one of the plurality of pre-configured locations, sending over a network the one or more security policies to the mobile computing device as a function of the detected location, wherein the server computer system sends the one or more security policies and responds to the received query using a cryptographic authentication protocol.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - determining a current security policy by the mobile device from the one or more security policies received over the network from the server computer system based upon criteria, with; and
      
      enforcing the current security policy.
  - 3. The method of claim 2 further comprising decrypting the one or more received security policies and authenticating that each received security policy is from an authorized server computer system.
  - 4. The method of claim 1 further comprising:
    - monitoring diagnostic data received over the network from one or more mobile computer devices;
      
      analyzing the diagnostic data; and
      
      transmitting support information to the one or more mobile computing devices.

5. A computer-implemented method for providing protection of data accessible by a mobile computing device comprising:
- pre-defining one or more security policies by a server computer system for the mobile computing device based upon a plurality of pre-configured security features associated with a network environment in which the mobile device may be operating;
  
  monitoring whether security features of the mobile computing device have been activated or deactivated as the mobile computing device operates in one or more locations to-be-detected during use by the mobile computing device relative to a plurality of pre-configured locations corresponding to the plurality of pre-configured security features, the server computer system configured for receiving and verifying a query from the mobile computing device regarding Pie one or more locations to-be-detected and a corresponding activated or deactivated security feature; and
  
  if the corresponding activated or deactivated security feature does not comply with Pie plurality of pre-configured security features associated with a network environment in which the mobile device may be operating, sending over a network the one or more security policies to the mobile device to force compliance.
- View Dependent Claims (6)
- - 6. The method of claim 5 further comprising:
    - enforcing a current security policy on the mobile computing device by sending commands according to a cryptographic protocol over the network to the client device.

7. A computer-implemented system for providing protection of data accessible by a client mobile computing device comprising:
- a policy management module for managing one or more security policies for execution on the client mobile device, the security policies being pre-defined based upon criteria, the criteria including a plurality of pre-configured locations associated with a network environment in which the mobile device may be operating;
  
  an authorization module for communicating with a location detection module of the client mobile device such that upon the location detection module detecting a location in which the client mobile device is operating during use, the authorization module configured for receiving and responding to a query from the mobile computing device verifying whether the detected location corresponds to one of the plurality of pre-configured locations; and
  
  if the detected location corresponds to one of the plurality of pre-configured locations, a policy distribution module for sending over the network the one or more security policies to the client mobile device, the policy distribution module having a communication interface with the policy management module for receiving information regarding policies.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system of claim 7, wherein the authorization module is further configured to authorize a communication exchange with the client mobile device based upon information received from the mobile device over the network in accordance with a cryptographic authentication protocol.
  - 9. The system of claim 7 wherein the one or more security policies are defined as XML documents.
  - 10. The system of claim 7 wherein the one or more security policies are encrypted.
  - 11. The system of claim 7 wherein, responsive to an update request from a client, the distribution module transmits over a network to the mobile client device, security information.
  - 12. The system of claim 7 further comprising a remote diagnostics module comprising:
    - a monitoring module for monitoring diagnostic data received over a network from one or more remotely located mobile client devices;
      
      a diagnosis module for analyzing die diagnostic data; and
      
      a diagnosis distribution module for transmitting support information to the one or more mobile client devices.
  - 13. The system of claim 7 further comprising:
    - a policy setting module for determining a current security policy for the client mobile device from die one or more security policies received from the policy management module based upon criteria including the detected location.
  - 14. The system of claim 13 further comprising a policy enforcement control module being communicatively coupled with the policy setting module for communication of the current security policy to be enforced, the enforcement control module comprising one or more enforcement mechanism modules for enforcing the current security policy on die client mobile device by sending commands over the network to the client device.
  - 15. The system of claim 7 wherein the criteria further comprises an activity status of a security feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Wright, Michael, Mims, Robert, Nault, Gabe, Smith, Merrill, Boucher, Peter, Wood, Jonathan, Jacobson, Sterling K
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Simitoski; Michael J

Application Number

US10/413,443
Publication Number

US 20040123153A1
Time in Patent Office

1,817 Days
Field of Search

713/513, 726/1, 726/11, 379/15.03, 379/29.01, 379/32.01, 379/201.12, 455/25
US Class Current

726/1
CPC Class Codes

G06F 11/30   Monitoring

G06F 11/3006   where the computing system ...

G06F 11/3055   Monitoring arrangements for...

G06F 21/32   using biometric data, e.g. ...

G06F 21/604   Tools and structures for ma...

G06F 2201/865   Monitoring of software

G06F 2201/875   Monitoring of systems inclu...

H04L 63/0492   by using a location-limited...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/37   Managing security policies ...

H04W 12/63   Location-dependent; Proximi...

Administration of protection of data accessible by a mobile device

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

691 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Administration of protection of data accessible by a mobile device

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

691 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links