Administration of protection of data accessible by a mobile device
First Claim
Patent Images
1. A computer-implemented system for providing protection of data accessible by a mobile computing device comprising:
- a mobile computing device comprising;
a location detection module for determining an actual network location in a network environment in which the mobile device is operating; and
a security features module for determining whether one or more security features have an activity status of inactive or active in a communication session between the mobile device and another computer;
a server system comprising;
a policy management module, on a computing device separate from the mobile computing device, having a communication interface with the security features and location detection modules for receiving over a network the activity status of the one or more security features and the actual network location; and
a policy setting module determining a current security policy for the mobile device from one or more security policies and a plurality of pre-configured network locations associated with the network environment in which the mobile device may be operating as received from the policy management module based upon criteria including the activity status of the one or more security features and whether the actual network location corresponds to one of the pre-configured network locations;
the mobile computing device further comprising;
an authorization module communicating with the location detection module to verify whether the actual network location indeed corresponds to said one of the pre-configured network locations; and
a policy enforcement control module being communicatively coupled with the policy setting module for receipt and enforcement of the current security policy on network ports of the mobile device being used to communicate with said another computer.
7 Assignments
0 Petitions
Accused Products
Abstract
The administration of protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.
43 Citations
14 Claims
-
1. A computer-implemented system for providing protection of data accessible by a mobile computing device comprising:
-
a mobile computing device comprising; a location detection module for determining an actual network location in a network environment in which the mobile device is operating; and a security features module for determining whether one or more security features have an activity status of inactive or active in a communication session between the mobile device and another computer; a server system comprising; a policy management module, on a computing device separate from the mobile computing device, having a communication interface with the security features and location detection modules for receiving over a network the activity status of the one or more security features and the actual network location; and a policy setting module determining a current security policy for the mobile device from one or more security policies and a plurality of pre-configured network locations associated with the network environment in which the mobile device may be operating as received from the policy management module based upon criteria including the activity status of the one or more security features and whether the actual network location corresponds to one of the pre-configured network locations; the mobile computing device further comprising; an authorization module communicating with the location detection module to verify whether the actual network location indeed corresponds to said one of the pre-configured network locations; and a policy enforcement control module being communicatively coupled with the policy setting module for receipt and enforcement of the current security policy on network ports of the mobile device being used to communicate with said another computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented system for providing protection of data accessible by a mobile computing device comprising:
-
a mobile computing device comprising; a location detection module for determining an actual network location in a network environment in which the mobile device is operating; and a security features module for determining whether one or more security features have an activity status of inactive or active in a communication session between the mobile device and another computer; a server system comprising; a policy management module, on a computing device separate from the mobile computing device, having a communication interface with the security features and location detection modules for receiving over a network the activity status of the one or more security features and the actual network location; and a policy setting module determining a current security policy from one or more security policies and a plurality of pre-configured network locations associated with the network environment in which the mobile device may be operating as received from the policy management module based upon criteria including the activity status of the one or more security features and whether the actual network location corresponds to one of the pre-configured network locations; the mobile computing device further comprising; a policy enforcement control module being communicatively coupled with the policy setting module for communication of the current security policy to be enforced, the enforcement control module comprising one or more enforcement mechanism modules for enforcing the current security policy, wherein the one or more enforcement mechanism modules comprises a file filter module for controlling access to a file.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeApple Inc.
-
Original AssigneeNovell Incorporated (Open Text Corporation)
-
InventorsJacobson, Sterling K, Wright, Michael, Mims, Robert, Nault, Gabe, Smith, Merrill, Boucher, Peter, Wood, Jonathan
-
Primary Examiner(s)Simitoski; Michael J
-
Application NumberUS11/926,314Publication NumberTime in Patent Office785 DaysField of Search726/11, 726/17, 726/1, 713/153, 455/25, 379/15.03, 379/29.01, 379/32.01, 379/201.12, 380/258US Class Current726/1CPC Class CodesG06F 11/30 MonitoringG06F 11/3006 where the computing system ...G06F 11/3055 Monitoring arrangements for...G06F 21/32 using biometric data, e.g. ...G06F 21/604 Tools and structures for ma...G06F 2201/865 Monitoring of softwareG06F 2201/875 Monitoring of systems inclu...H04L 63/0492 by using a location-limited...H04L 63/102 Entity profilesH04L 63/107 wherein the security polici...H04L 63/20 for managing network securi...H04L 67/34 involving the movement of s...H04W 12/08 Access securityH04W 12/30 Security of mobile devices;...H04W 12/37 Managing security policies ...H04W 12/63 Location-dependent; Proximi...
