Device function restricting method and system in specific perimeters

US 8,627,460 B2
Filed: 08/31/2006
Issued: 01/07/2014
Est. Priority Date: 10/27/2005
Status: Active Grant

First Claim

Patent Images

1. A device function restriction monitoring system comprising:

a communication system which provides a location-limited communication channel to detect whether a device entering a perimeter is in an area for device inspection;

a server which provides a credential and a security policy to the device and receives a report on whether the device violates the security policy through the location-limited communication channel; and

an alarm system which triggers a security alarm if the device violates the security policy;

wherein the device comprises a system memory having the credential, the security policy, a reference state which indicates a state of the resources of the device when the security policy is applied, and a current state which indicates a state of the resources of the device after use of the device;

wherein the device sends the reference state and the current state to the server, the server storing the reference state and current state; and

wherein the server compares the reference state and the current state to determine if the device has violated the security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for restricting the functions of a device are provided. A restriction monitoring system includes a communication system that provides a location-limited communication channel that detects whether a device entering a perimeter is in an area for device inspection, a server that provides a credential and a security policy to the device and receives a report on whether the device violates the security policy through the location-limited communication channel, and an alarm system which triggers a security alarm when the device violates the security policy.

31 Citations

21 Claims

1. A device function restriction monitoring system comprising:
- a communication system which provides a location-limited communication channel to detect whether a device entering a perimeter is in an area for device inspection;
  
  a server which provides a credential and a security policy to the device and receives a report on whether the device violates the security policy through the location-limited communication channel; and
  
  an alarm system which triggers a security alarm if the device violates the security policy;
  
  wherein the device comprises a system memory having the credential, the security policy, a reference state which indicates a state of the resources of the device when the security policy is applied, and a current state which indicates a state of the resources of the device after use of the device;
  
  wherein the device sends the reference state and the current state to the server, the server storing the reference state and current state; and
  
  wherein the server compares the reference state and the current state to determine if the device has violated the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system as claimed in claim 1, wherein the server comprises:
    - a system memory which stores the security policy for using device resources, the credential provided to the device, and the reference state of the device;
      
      a server processor which executes software loaded on the system memory; and
      
      an input-output system which inputs and outputs data.
  - 3. The system as claimed in claim 1, wherein the communication system comprises:
    - a location-limited communication subsystem which reports a monitoring state of the area for device inspection to the server; and
      
      communication subsystems which supports other communication channels besides the location-limited communication channel.
  - 4. The system as claimed in claim 3, wherein the other communication channels comprise at least one of a wireless link, a wired link, and an optical link.
  - 5. The system as claimed in claim 1, wherein the device comprises a mobile communication terminal communicating through a mobile communication network.
  - 6. The system as claimed in claim 1, wherein the device comprises a personal data assistant communicating through a mobile communication network.
  - 7. The system as claimed in claim 1, wherein the credential comprises a key or a random challenge.

8. A device comprising:
- a system memory which stores a credential and a security policy received from a monitoring system located in a perimeter and stores control software carrying out the security policy, and further stores a reference state which indicates a state of the resources of the device when the security policy is applied, and a current state which indicates a state of the resources of the device after use of the device;
  
  a device processor which controls execution of the control software; and
  
  an input/output (I/O) system which performs communications with a monitoring system;
  
  wherein the device processor reports a change in current state to the monitoring system through the I/O system; and
  
  wherein the monitoring system compares the reference state and the current state to determine if the device has violated the security policy.
- View Dependent Claims (9, 10, 11)
- - 9. The device as claimed in claim 8, wherein the reference state of the device is the state in which the device enters into the perimeter and a current state of the device is the state in which the device exits the perimeter.
  - 10. The device as claimed in claim 8, wherein device resources comprise source resources for calculating information inside the device and sink resources consuming the information acquired by the source resources.
  - 11. The device as claimed in claim 10, wherein the source resources and the sink resources comprise hardware resources and software resources.

12. A device function restriction method comprising:
- (a) receiving a credential and a security policy from a monitoring system, and transmitting a reference state with the security policy applied to source resources in a state that a device enters a perimeter to the monitoring system; and
  
  (b) controlling, by a processor of the device, use of the source resources according to the security policy, and reporting content transformation of a device state to the monitoring system, in a state that the device is located in the perimeter;
  
  wherein the content transformation of the device state is compared to the reference state to determine if the device has violated the security policy.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method as claimed in claim 12, wherein, in (a), the device calculates an acknowledgement, using the credential, and transmits the calculated acknowledgement to the monitoring system.
  - 14. The method as claimed in claim 13, wherein the acknowledgement is calculated by processing of the credential, information addition, and encryption hash function including SHA-1 or MD5.
  - 15. The method as claimed in claim 14, wherein, if a local acknowledgement of the monitoring system is matched to the acknowledgement after the device transmits the acknowledgement, the generated security policy is received from the monitoring system.
  - 16. The method as claimed in claim 12, wherein, in (a), the device reports to the monitoring system the reference state using the source resources to which all the security policies are applied, and the monitoring system stores the reference state in a database.
  - 17. The method as claimed in claim 12, wherein, in (b), information transformation from the source resources is specified by control software according to the security policy, and the transformed information is provided to sink resources including encryption, substitution, and information deletion.

18. A device function restricting method comprising:
- (a) providing, by a monitoring system, a credential and a security policy to a device entering a perimeter;
  
  (b) receiving, from the device, a reference state with the security policy applied to source resources;
  
  (c) receiving, from the device, a report on content transformation of the reference state; and
  
  (d) restricting, by the device, specific functions or prohibiting use of the source resources according to the reported state of the device;
  
  wherein (c) comprises transforming the reference state into a previous state by control software when the device violates the security policy, and receiving a report on the previous state from the device; and
  
  wherein the report on content transformation is compared to the reference state to determine if the device has violated the security policy.
- View Dependent Claims (19, 20, 21)
- - 19. The method as claimed in claim 18, wherein (a) comprises detecting existence of the device in an area for device inspection of the perimeter, and transmitting the credential and the security policy to the device through a location-limited communication channel.
  - 20. The method as claimed in claim 18, wherein (a) comprises receiving an acknowledgement calculated by the device using the credential, and, if the acknowledgement is received, calculating a local acknowledgement using the credential, and transmitting the security policy to the device if the acknowledgement is matched to the local acknowledgement.
  - 21. The method as claimed in claim 18, wherein operation (c) comprises receiving the credential from the device, and triggering a security alarm through an alarm system when the credential is not matched to a previously stored credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Lee, Kyung-hee, Korkishko, Tymur
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US11/513,047
Publication Number

US 20070101426A1
Time in Patent Office

2,686 Days
Field of Search

726/1, 726/11, 726/12, 726/22, 726/23, 726/24, 726/25, 713/153
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/6209   to a single file or object,...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2149   Restricted operating enviro...

H04L 63/102   Entity profiles

Device function restricting method and system in specific perimeters

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Device function restricting method and system in specific perimeters

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links