System and method for distribution of security policies for mobile devices

US 7,665,125 B2
Filed: 09/23/2002
Issued: 02/16/2010
Est. Priority Date: 09/23/2002
Status: Active Grant

First Claim

Patent Images

1. A method of distributing security policy information from a server to a mobile computing device, the method comprising:

authenticating a connection between the server and a gatekeeper;

transmitting from the server to an LDAP directory a request for data about a user of the mobile computing device;

receiving data at the server from the LDAP directory, the data comprising security policy data related to the user;

generating a policy package at the server to govern the user'"'"'s operation of the mobile computing device, wherein the policy package is based on the security policy data related to the user;

sending the policy package from the server to the gatekeeper;

initiating data synchronization between the mobile computing device and the gatekeeper;

verifying the mobile computing device as being associated with an organization and as being authorized to synchronize with the gatekeeper device; and

sending the policy package from the gatekeeper to the mobile computing device;

whereby the policy package can be decrypted at the mobile computing device using a policy encryption private key associated with the user; and

whereby a user on the mobile computing device can be authenticated as an authorized member.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a particular embodiment, a wireless security system is disclosed. The wireless security system includes a client module deployed on a wireless device, a network module, and a server module. The client module is adapted to authenticate a wireless device while the wireless device is operating independently from the network module and the server module.

In another embodiment, a method of distributing security policy information from a server to a mobile computing device is disclosed. The method includes authentication of a connection between the server and a gatekeeper, sending a policy package to the gatekeeper, initiating data synchronization between the mobile computing device and the gatekeeper, authenticating the mobile computing device, and sending the policy package from the gatekeeper to the mobile computing device.

Citations

6 Claims

1. A method of distributing security policy information from a server to a mobile computing device, the method comprising:
- authenticating a connection between the server and a gatekeeper;
  
  transmitting from the server to an LDAP directory a request for data about a user of the mobile computing device;
  
  receiving data at the server from the LDAP directory, the data comprising security policy data related to the user;
  
  generating a policy package at the server to govern the user'"'"'s operation of the mobile computing device, wherein the policy package is based on the security policy data related to the user;
  
  sending the policy package from the server to the gatekeeper;
  
  initiating data synchronization between the mobile computing device and the gatekeeper;
  
  verifying the mobile computing device as being associated with an organization and as being authorized to synchronize with the gatekeeper device; and
  
  sending the policy package from the gatekeeper to the mobile computing device;
  
  whereby the policy package can be decrypted at the mobile computing device using a policy encryption private key associated with the user; and
  
  whereby a user on the mobile computing device can be authenticated as an authorized member.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising activating policies at the mobile computing device, the activated policies derived from the decrypted policy package.
  - 3. The method of claim 1, wherein the policy package includes a new security policy entered by an administrator.
  - 4. The method of claim 1, wherein the policy package includes a modified policy, the modified policy entered by a user via an administrative interface to the server.

5. A method of distributing an enterprise security policy to a mobile computing device comprising:
- providing an organization with a server having an administrative interface;
  
  coupling the server to an LDAP directory containing information about a plurality of members of the organization;
  
  transmitting from the server to the LDAP directory a request for data about a member of the organization that is authorized to use a mobile computing device associated with the organization;
  
  receiving data at the server from the LDAP directory, the data comprising enterprise security policy data for the member;
  
  generating via the administrative interface a mobile security policy to govern the authorized member'"'"'s operation of the mobile computing device associated with the organization, wherein the mobile security policy is based on the enterprise security policy data for the authorized member received from the LDAP directory;
  
  encrypting the mobile security policy with a policy encryption public key associated with the member to create an encrypted mobile security policy;
  
  receiving at a gatekeeper device the encrypted mobile security policy from the server;
  
  receiving at the gatekeeper device a request to synchronize from the mobile computing device associated with the organization;
  
  verifying the mobile computing device as being associated with the organization and as being authorized to synchronize with the gatekeeper device;
  
  after the verifying step, transmitting the encrypted mobile security policy from the gatekeeper device to the mobile computing device;
  
  decrypting the encrypted mobile security policy on the mobile computing device using a policy encryption private key associated with the member, thereby recovering the mobile security policy;
  
  on the mobile computing device, authenticating that a user of the mobile computing device is the authorized member;
  
  enforcing the mobile security policy on the mobile computing device, the enforcing step comprising;
  
  permitting the user to access data on the mobile computing device if the mobile security policy permits the user to access that data;
  
  permitting the user to access a feature on the mobile computing device if the mobile security policy permits the user to access that feature; and
  
  denying the user access to data and features on the mobile computing device that the mobile security policy does not permit the user to access;
  
  creating a record in a security log in response to a request on the mobile computing device to perform an action that the user is not permitted to perform under the mobile security policy.

6. A method of distributing an update to an enterprise security policy to a mobile computing device, the method comprising:
- providing an organization with a group of users;
  
  providing a first security profile for the group stored on a server;
  
  providing a user that is a member of the group with a first individual security profile derived from the first security profile for the group;
  
  providing a mobile computing device associated with the organization and also associated with the user, the mobile computing device comprising the first individual security profile;
  
  modifying the first security profile for the group using an administrative interface on the server, thereby creating a second security profile for the group;
  
  generating a second individual security profile derived from the second security profile for the group, wherein the second individual security profile is customized for the user and wherein the generating step occurs automatically on the server after the modifying step;
  
  encrypting the second individual security profile with a policy encryption public key associated with the user;
  
  transmitting the encrypted second individual security profile to the mobile computing device at the next request from the mobile computing device to synchronize;
  
  decrypting the encrypted second individual security profile on the mobile computing device with a policy encryption private key associated with the user and replacing the first individual security profile on the mobile computing device with the second individual security profile;
  
  enforcing the second individual security profile on the mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Marketing LP (Dell Technologies Inc.)
Original Assignee
Credant Technologies Incorported (Dell Technologies Inc.)
Inventors
Gordon, Ian R., Mann, Dwayne R., Burchett, Christopher D., Heard, Robert W.
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US10/252,211
Publication Number

US 20060242685A1
Time in Patent Office

2,703 Days
Field of Search

726/1, 713/182
US Class Current

726/3
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 2209/80   Wireless

H04L 63/0838   using one-time-passwords

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

H04L 9/12   Transmitting and receiving ...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 12/37   Managing security policies ...

System and method for distribution of security policies for mobile devices

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for distribution of security policies for mobile devices

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links