Automatic security action invocation for mobile communications device
First Claim
1. A mobile communications device, comprising:
- a processor;
a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor;
a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and
a security module operable to detect policy messages received by the mobile communications device from a mobile device server,wherein the security module is further operable to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message from the mobile device server to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; and
wherein the security action comprises erasing or encrypting at least some of the data on the storage element.
2 Assignments
0 Petitions
Accused Products
Abstract
A mobile communications device, server, and method for providing security on a mobile communications device are described. In accordance with one example embodiment, the mobile communications device comprises: a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the mobile communications device, wherein the security module is further operable to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; and wherein the security action comprises erasing or encrypting at least some of the data on the storage element.
34 Citations
65 Claims
-
1. A mobile communications device, comprising:
-
a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the mobile communications device from a mobile device server, wherein the security module is further operable to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message from the mobile device server to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; and wherein the security action comprises erasing or encrypting at least some of the data on the storage element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
11. A mobile communications device, comprising:
-
a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect if a delayed data protection initiate command is received by the mobile communications device from a mobile device server and initiate a delayed data protection timer for a first predetermined duration provided in the delayed data protection initiate command if a delayed data protection initiate command is received; wherein the security module operable to, after the delayed data protection timer has been initiated, detect for;
(i) entry of a password shared by the user and the mobile communications device through the user input device within the first predetermined duration of the delayed data protection timer;
(ii) receipt by the mobile communications device from the mobile device server of a terminate command;
or (iii) receipt by the mobile communications device from the mobile device server of a delay command;wherein the security module operable to terminate the delayed data protection timer if entry of the password or receipt of the terminate command is detected within the first predetermined duration; wherein the security module operable to reset the delayed data protection timer for a second predetermined duration provided in the delay command if receipt of a delay command is detected within the first predetermined duration; and wherein the security module operable to perform a security action comprising erasing or encrypting at least some of the data on the storage element if entry of the password, receipt of the terminate command, or receipt of a delay command is not detected within the first predetermined duration. - View Dependent Claims (12, 13)
-
-
22. A method for providing security on a mobile communications device, the mobile communications device being configured to communicate with a wireless communications network and including a storage element having data stored thereon, the method comprising the acts of:
-
monitoring to detect policy messages received by the mobile communications device from a mobile device server; and if a first policy message to enforce a first data protection policy is received from the mobile device server and a second policy message to enforce a second data protection policy is not received from the mobile device server within a predetermined duration from the time at which the first policy message is received, performing a security action comprising erasing or encrypting at least some of the data on the storage element. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60)
-
-
53. The method of 22, wherein the security action comprises erasing at least some of the data on the storage element and overwriting the portions of the storage element where the erased data was located.
-
61. A method for providing security on a mobile communications device, the mobile communications device being configured to communicate with a wireless communications network and including a storage element having data stored thereon, the method comprising the acts of:
-
monitoring to detect if a delayed data protection initiate command is received by the mobile communications device from a mobile device server, and if the delayed data protection initiate command is received, initiating a delayed data protection timer for a first predetermined duration provided in the delayed data protection initiate command; monitoring, after the delayed data protection timer has been initiated, to detect for;
(i) entry of a password shared by the user and the mobile communications device through the user input device within the first predetermined duration of the delayed data protection timer;
(ii) receipt by the mobile communications device from the mobile device server of a terminate command;
or (iii) receipt by the mobile communications device from the mobile device server of a delay command;if entry of the password or receipt of the terminate command is detected within the first predetermined duration, terminating the delayed data protection timer; if receipt of a delay command is detected within the first predetermined duration, resetting the delayed data protection timer for a second predetermined duration provided in the delay command; and if entry of the password, receipt of the terminate command, or receipt of a delay command is not detected within the first predetermined duration, performing a security action comprising erasing or encrypting at least some of the data on the storage element. - View Dependent Claims (62, 63)
-
-
64. A mobile communications device, comprising:
-
a processor; a communications subsystem connected to the processor operable to exchange signals with a wireless network and with the processor; a storage element connected to the processor and having a plurality of application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the mobile communications device, wherein the security module is operable to perform a security action if a first policy message to enforce a first data protection policy is received from a mobile device server and a subsequent policy message to enforce a second data protection policy is not received from the mobile device server within a first predetermined duration from a time at which the first policy message is received; wherein the security action comprises erasing or encrypting at least some of the data on the storage element; wherein the security module is operable to determine if a battery level falls below a predetermined threshold; wherein the security module is operable to perform the security action if the battery power falls below the predetermined threshold; wherein the security module is operable to detect if a delayed data protection initiate command is received by the mobile communications device; wherein the security module is operable to initiate a delayed data protection timer for a second predetermined duration if the delayed data protection initiate command is received; wherein the security module is operable to, after the delayed data protection timer has been initiated, detect;
(i) entry of a password shared by the user and the mobile communications device through a user input device within the first predetermined duration of the delayed data protection timer;
(ii) receipt by the mobile communications device of a terminate command;
or (iii) receipt by the mobile communications device of a delay command;wherein the security module is operable to terminate the delayed data protection timer if entry of the password or receipt of the terminate command is detected within the second predetermined duration; wherein the security module is operable to reset the delayed data protection timer for a third predetermined duration provided in the delay command if receipt of a delay command is detected within the second predetermined duration; and wherein the security module is operable to perform the security action if entry of the password, receipt of the terminate command, or receipt of a delay command is not detected within the second predetermined duration.
-
-
65. A computer program product comprising a non-transitory machine-readable medium tangibly embodying instructions executable on a mobile communications device for providing security on the mobile communications device, the mobile communications device being configured to communicate with a wireless communications network and including a storage element having data stored thereon, the machine-readable instructions comprising:
-
code for monitoring to detect policy messages received by the mobile communications device from a mobile device server; and code for performing a security action comprising erasing or encrypting at least some of the data on the storage element if a first policy message to enforce a first data protection policy is received from the mobile device server and a subsequent policy message to enforce a second data protection policy is not received from the mobile device server within a predetermined duration from a time at which the first policy message is received.
-
Specification