Automatic security action invocation for mobile communications device
First Claim
1. A server for providing security on at least one mobile communications device, the server being configured to communicate with a plurality of mobile communications devices over a wireless network, the server comprising:
- a processor;
a communications subsystem connected to the processor for exchanging signals with the wireless network and with the processor; and
a security module to configure the processor of the server to send policy messages to one or more devices of the plurality of mobile communications devices at intervals,each of the policy messages including instructions, for execution by each of the one or more devices, to enforce or terminate a data protection policy,the policy messages to enforce a data protection policy comprising instructions for execution by each of the one or more devices toinitiate a data protection timer for a duration,monitor, after the data protection timer has been initiated, for receipt by the device of a subsequent policy message to enforce a data protection policy, andif the subsequent policy message is not received by the device within the duration, perform a security action comprising erasing or encrypting at least some data on a storage element.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, there is provided a mobile communications device comprising: a processor; a communications subsystem operable to exchange signals with a wireless network; a storage element having application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the device, and to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; wherein the security action comprises erasing or encrypting at least some of the data on the storage element.
36 Citations
23 Claims
-
1. A server for providing security on at least one mobile communications device, the server being configured to communicate with a plurality of mobile communications devices over a wireless network, the server comprising:
-
a processor; a communications subsystem connected to the processor for exchanging signals with the wireless network and with the processor; and a security module to configure the processor of the server to send policy messages to one or more devices of the plurality of mobile communications devices at intervals, each of the policy messages including instructions, for execution by each of the one or more devices, to enforce or terminate a data protection policy, the policy messages to enforce a data protection policy comprising instructions for execution by each of the one or more devices to initiate a data protection timer for a duration, monitor, after the data protection timer has been initiated, for receipt by the device of a subsequent policy message to enforce a data protection policy, and if the subsequent policy message is not received by the device within the duration, perform a security action comprising erasing or encrypting at least some data on a storage element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for providing security on at least one mobile communications device, the method comprising:
-
generating policy messages including instructions for execution by the at least one mobile communications device to enforce or terminate a data protection policy, the policy messages to enforce the data protection policy comprising instructions, for execution by each of the at least one mobile communications device, to initiate a data protection timer for a duration; monitor, after the data protection timer has been initiated, for receipt by the device of a subsequent policy message to enforce a data protection policy, and if the subsequent policy message is not received by the device within the duration, perform a security action comprising erasing or encrypting at least some data on a storage element; and sending the policy messages from a server over a wireless network to the at least one mobile communications device at intervals. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable medium having computer-readable instructions stored thereon that when executed configure a processor to:
-
generate policy messages including instructions for execution by one or more mobile communications devices to enforce or terminate a data protection policy, the policy messages to enforce the data protection policy comprising instructions, for execution by each of the one or more mobile communications devices, to initiate a data protection timer for a duration, monitor, after the data protection timer has been initiated, for receipt by the device of a subsequent policy message to enforce a data protection policy, and if the subsequent policy message is not received by the device within the duration, perform a security action comprising erasing or encrypting at least some data on a storage element; and send the policy messages from a server over a wireless network to the one or more mobile communications devices in the plurality of mobile communications devices at intervals.
-
Specification