System and method for secure control of resources of wireless mobile communication devices
First Claim
1. A method for control of resources of a mobile device, the method comprising:
- segregating the mobile device into a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the mobile device;
receiving a request to perform an operation, wherein the operation affects an asset of the mobile device;
responsive to receiving the request;
denying, by a domain controller, the request if the request originated from a different domain than the asset; and
permitting, by the domain controller, the request if the request originated from the same domain as the asset.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.
-
Citations
84 Claims
-
1. A method for control of resources of a mobile device, the method comprising:
-
segregating the mobile device into a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the mobile device; receiving a request to perform an operation, wherein the operation affects an asset of the mobile device; responsive to receiving the request; denying, by a domain controller, the request if the request originated from a different domain than the asset; and permitting, by the domain controller, the request if the request originated from the same domain as the asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22)
-
-
15. A mobile device comprising:
-
a memory comprising a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the mobile device; and a domain controller configured to; receive a request to perform an operation, wherein the operation affects an asset; deny the request if the request originated from a different domain than the asset; and permit the request if the request originated from the same domain as the asset. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for control of resources of a mobile device, the method comprising:
-
segregating the mobile device into a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an employee of the employer; receiving a request to perform an operation, wherein the operation affects an asset of the mobile device; responsive to receiving the request; denying, by a domain controller, the request if the request originated from a different domain than the asset; and permitting, by the domain controller, the request if the request originated from the same domain as the asset. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
-
-
63. A mobile device comprising:
-
a memory comprising a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an employee of the employer; and a domain controller configured to; receive a request to perform an operation, wherein the operation affects an asset; deny the request if the request originated from a different domain than the asset; and permit the request if the request originated from the same domain as the asset. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
83. One or more non-transitory computer readable media storing instructions that when executed by one or more processors cause the one or more processors to:
-
segregate a mobile device into a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the mobile device; responsive to receiving a request to perform an operation, wherein the operation affects an asset of the mobile device; deny, by a domain controller, the request if the request originated from a different domain than the asset; and permit, by the domain controller, the request if the request originated from the same domain as the asset.
-
-
84. One or more non-transitory computer readable media storing instructions that when executed by one or more processors cause the one or more processors to:
-
segregate a mobile device into a plurality of domains including a first domain controlled by a first domain owner, and a second domain controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an employee of the employer; responsive to receiving a request to perform an operation, wherein the operation affects an asset of the mobile device; deny, by a domain controller, the request if the request originated from a different domain than the asset; and permit, by the domain controller, the request if the request originated from the same domain as the asset.
-
Specification