Providing security in mobile devices via a virtualization software layer

US 8,233,882 B2
Filed: 06/26/2009
Issued: 07/31/2012
Est. Priority Date: 06/26/2009
Status: Active Grant

First Claim

Patent Images

1. A method of providing security in a mobile device comprised of a virtualization software layer that supports one or more virtual machines, the method comprising:

receiving a security policy at the mobile device via the virtualization software layer to have the security policy installed on a virtual machine, wherein the security policy includes location-based information to determine whether to curtail or enable a functionality on the mobile device;

collecting location-based information through the virtualization software layer based on a location of the mobile device;

comparing, by the virtual machine, the collected location-based information and the location-based information in the security policy;

identifying, by the virtual machine, a security action to perform when the comparing of the collected location-based information and the location-based information in the security policy indicates the security action should be taken; and

curtailing or enabling, via the virtualization software layer upon a command from the virtual machine, the functionality identified in the security policy on the mobile device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment is a method of providing security in a virtualized mobile device including virtualization software that supports one or more virtual machines, the method including: (a) receiving a security policy at the virtualized mobile device, which security policy includes one or more location or location-time scenarios for the virtualized mobile device, which scenarios identify applications to be curtailed, and how they are to be curtailed and applications that are to be enabled, and how they are to be enabled; (b) collecting one or more of mobile device location information or information related to time spent at the location; identifying a scenario that pertaining to the one or more of the location and time information; and (c) curtailing or enabling applications in accordance with the identified scenario.

Citations

20 Claims

1. A method of providing security in a mobile device comprised of a virtualization software layer that supports one or more virtual machines, the method comprising:
- receiving a security policy at the mobile device via the virtualization software layer to have the security policy installed on a virtual machine, wherein the security policy includes location-based information to determine whether to curtail or enable a functionality on the mobile device;
  
  collecting location-based information through the virtualization software layer based on a location of the mobile device;
  
  comparing, by the virtual machine, the collected location-based information and the location-based information in the security policy;
  
  identifying, by the virtual machine, a security action to perform when the comparing of the collected location-based information and the location-based information in the security policy indicates the security action should be taken; and
  
  curtailing or enabling, via the virtualization software layer upon a command from the virtual machine, the functionality identified in the security policy on the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein:
    - the location-based information in the security policy comprises a geographical location, andthe virtualization software layer forwards a collected geographical location of the mobile device to the virtual machine for comparing with the geographical location in the security policy.
  - 3. The method of claim 1, wherein:
    - the location-based information in the security policy comprises time-based information for a geographical location of the mobile device, andthe virtualization software layer forwards a collected time in which the mobile device is in a geographical location to the virtual machine for comparing with the time-based information in the security policy.
  - 4. The method of claim 3, wherein the security action is taken when the collected time indicates the mobile device has been in the geographical location over a specified amount of time defined in the security policy.
  - 5. The method of claim 1, wherein curtailing or enabling comprises disabling or enabling, via the virtualization software layer, a password lock to access the mobile device based on the collected location-based information.
  - 6. The method of claim 1, further comprising:
    - communicating the collected location-based information to a management server via the virtualization software layer, wherein the management server analyzes the collected information and returns an analysis to the virtualization software layer; and
      
      using, in the virtual machine, the analysis of the management server in identifying the security action.
  - 7. The method of claim 6, wherein the management server verifies the collected location-based information to confirm the mobile device is in a geographical location specified by the location-based information.
  - 8. The method of claim 1, wherein the security policy is received from a management server that communicates with the virtualization software layer to have the security policy installed on the virtual machine.
  - 9. The method of claim 1, wherein the functionality is curtailed or enabled by enabling or suspending another virtual machine providing the functionality.
  - 10. The method of claim 1, wherein the functionality is curtailed or enabled by controlling, via the virtualization software layer, a physical device in the mobile device that is providing the functionality.

11. A non-transitory computer-readable storage medium containing instructions for providing security in a mobile device comprised of a virtualization software layer that supports one or more virtual machines, the instructions for controlling a computer system to be operable to:
- receive a security policy at the mobile device via the virtualization software layer to have the security policy installed on a virtual machine, wherein the security policy includes location-based information to determine whether to curtail or enable a functionality on the mobile device;
  
  collect location-based information through the virtualization software layer based on a location of the mobile device;
  
  compare, by the virtual machine, the collected location-based information and the location-based information in the security policy;
  
  identify, by the virtual machine, a security action to perform when the comparing of the collected location-based information and the location-based information in the security policy indicates the security action should be taken; and
  
  curtail or enable, via the virtualization software layer upon a command from the virtual machine, the functionality identified in the security policy on the mobile device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein:
    - the location-based information in the security policy comprises a geographical location, andthe virtualization software layer forwards a collected geographical location of the mobile device to the virtual machine for comparing with the geographical location in the security policy.
  - 13. The non-transitory computer-readable storage medium of claim 11, wherein:
    - the location-based information in the security policy comprises time-based information for a geographical location of the mobile device, andthe virtualization software layer forwards a collected time in which the mobile device is in a geographical location to the virtual machine for comparing with the time-based information in the security policy.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the security action is taken when the time indicates the mobile device has been in the geographical location over a specified amount of time defined in the security policy.
  - 15. The non-transitory computer-readable storage medium of claim 11, wherein curtailing or enabling comprises disabling or enabling, via the virtualization software layer, a password lock to access the mobile device based on the collected location-based information.
  - 16. The non-transitory computer-readable storage medium of claim 11, further operable to:
    - communicate the collected location-based information to a management server via the virtualization software layer, wherein the management server analyzes the collected information and returns an analysis to the virtualization software layer; and
      
      use, in the virtual machine, the analysis of the management server in identifying the security action.
  - 17. The non-transitory computer-readable storage medium of claim 11, wherein the security policy is received from a management server that communicates with the virtualization software layer to have the security policy installed on the virtual machine.
  - 18. The non-transitory computer-readable storage medium of claim 11, wherein the functionality is curtailed or enabled by enabling or suspending another virtual machine providing the functionality.
  - 19. The non-transitory computer-readable storage medium of claim 11, wherein the functionality is curtailed or enabled by controlling, via the virtualization software layer, a physical device in the mobile device that is providing the functionality.

20. An apparatus configured to provide security in a mobile device comprised of a virtualization software layer that supports one or more virtual machines, the apparatus comprising:
- one or more computer processors; and
  
  a computer-readable storage medium comprising instructions for controlling the one or more computer processors to be operable to;
  
  receive a security policy at the mobile device via the virtualization software layer to have the security policy installed on a virtual machine, wherein the security policy includes location-based information to determine whether to curtail or enable a functionality on the mobile device;
  
  collect location-based information through the virtualization software layer based on a location of the mobile device;
  
  compare, by the virtual machine, the collected location-based information and the location-based information in the security policy;
  
  identify, by the virtual machine, a security action to perform when the comparing of the collected location-based information and the location-based information in the security policy indicates the security action should be taken; and
  
  curtail or enable, via the virtualization software layer upon a command from the virtual machine, the functionality identified in the security policy on the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Rogel, Lawrence S.
Primary Examiner(s)
Afshar, Kamran
Assistant Examiner(s)
ROD, YOUSEF R

Application Number

US12/492,611
Publication Number

US 20100330961A1
Time in Patent Office

1,131 Days
Field of Search

455/411, 455/410
US Class Current

455/411
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2111 Location-sensitive, e.g. ge...

Providing security in mobile devices via a virtualization software layer

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing security in mobile devices via a virtualization software layer

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links