Techniques for providing security using a mobile wireless communications device having data loss prevention circuitry

US 8,726,405 B1
Filed: 12/23/2010
Issued: 05/13/2014
Est. Priority Date: 12/23/2010
Status: Active Grant

First Claim

Patent Images

1. A method of providing wireless communications security,the method comprising:

providing a mobile wireless communications apparatus having data loss prevention (DLP) circuitry;

configuring the DLP circuitry to perform DLP scanning operations; and

after the DLP circuitry is configured to perform the DLP scanning operations, conducting wireless communications sessions between the mobile wireless communications apparatus and a set of external devices while the DLP circuitry performs the DLP scanning operations;

wherein the mobile wireless communications apparatus is a smart phone device;

wherein the set of external devices includes a set of mobile telephony base stations;

wherein conducting the wireless communications sessions includes maintaining the smart phone device in an operative state to exchange cellular telephony signals with the set of mobile telephony base stations, the DLP circuitry (i) scanning outgoing data which is prepared for transmission to the set of mobile telephony base stations and (ii) controlling whether the outgoing data is transmitted within mobile telephony signals to the set of mobile telephony base stations;

wherein configuring the DLP circuitry to perform the DLP scanning operations includes;

guiding the DLP circuitry through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and

wherein conducting the wireless communications sessions further includes;

allowing data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, andblocking data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique provides wireless communications security. The technique involves providing a mobile wireless communications apparatus (e.g., a smart phone) having DLP circuitry, and configuring the DLP circuitry to perform DLP scanning operations. The technique further involves conducting, after the DLP circuitry is configured to perform the DLP scanning operations, wireless communications sessions (e.g., a mobile phone calls) between the mobile wireless communications apparatus and external devices (e.g., wireless access points) while the DLP circuitry performs the DLP scanning operations. In some arrangements, the DLP circuitry is configured by a user to (i) allow only authorized apps to send sensitive information and/or (ii) block retransmission of the sensitive information (e.g., in the event an application containing spyware attempts to send the sensitive information to an attacker after the user has completed a legitimate transaction). Thus, the DLP circuitry protects the mobile wireless communications apparatus against illicit dissemination of sensitive information.

168 Citations

20 Claims

1. A method of providing wireless communications security,the method comprising:
- providing a mobile wireless communications apparatus having data loss prevention (DLP) circuitry;
  
  configuring the DLP circuitry to perform DLP scanning operations; and
  
  after the DLP circuitry is configured to perform the DLP scanning operations, conducting wireless communications sessions between the mobile wireless communications apparatus and a set of external devices while the DLP circuitry performs the DLP scanning operations;
  
  wherein the mobile wireless communications apparatus is a smart phone device;
  
  wherein the set of external devices includes a set of mobile telephony base stations;
  
  wherein conducting the wireless communications sessions includes maintaining the smart phone device in an operative state to exchange cellular telephony signals with the set of mobile telephony base stations, the DLP circuitry (i) scanning outgoing data which is prepared for transmission to the set of mobile telephony base stations and (ii) controlling whether the outgoing data is transmitted within mobile telephony signals to the set of mobile telephony base stations;
  
  wherein configuring the DLP circuitry to perform the DLP scanning operations includes;
  
  guiding the DLP circuitry through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and
  
  wherein conducting the wireless communications sessions further includes;
  
  allowing data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, andblocking data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method as in claim 1, further comprising:
    - after guiding the DLP circuitry through the learning phase and while the smart phone device is maintained in the operative state, directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations for user application data having a PII data format of the set of PII data formats, the outgoing data being en route from a set of smart phone user applications running in the smart phone device to transceiver circuitry of the smart phone device.
  - 3. A method as in claim 2 wherein configuring the DLP circuitry to perform the DLP scanning operations further includes:
    - generating a permissions list which identifies particular smart phone applications of the set that are allowed to send PII to the set of external devices, andstoring the permissions list in the smart phone device in a non-volatile manner.
  - 4. A method as in claim 3 wherein generating the permissions list includes:
    - creating a set of smart phone application entries, each entry having (i) a smart phone application identifier which identifies a particular smart phone user application, and (ii) a classification which identifies particular PII data formats that are permitted for transmission by that smart phone user application.
  - 5. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to perform character recognition operations on outgoing video data to detect PII having a PII data format of the set of PII data formats.
  - 6. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to perform speech recognition operations on outgoing audio data to detect PII having a PII data format of the set of PII data formats.
  - 7. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to filter the outgoing data for global satellite positioning (GPS) information provided by GPS circuitry of the smart phone device.
  - 8. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to filter the outgoing data for user contact list information stored within the smart phone device.
  - 9. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to filter the outgoing data for user call history information stored within the smart phone device.
  - 10. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to filter the outgoing data for device identifiers corresponding to the smart phone device.
  - 11. A method as in claim 2 wherein directing the DLP circuitry to scan the outgoing data which is prepared for transmission to the set of mobile telephony base stations includes:
    - directing the DLP circuitry to perform character recognition operations on outgoing video data to detect PII having a PII data format of the set of PII data formats,directing the DLP circuitry to perform speech recognition operations on outgoing audio data to detect PII having a PII data format of the set of PII data formats,directing the DLP circuitry to filter the outgoing data for global satellite positioning (GPS) information provided by GPS circuitry of the smart phone device,directing the DLP circuitry to filter the outgoing data for user contact list information stored within the smart phone device, anddirecting the DLP circuitry to filter the outgoing data for user call history information stored within the smart phone device.
  - 12. A method as in claim 2 wherein configuring the DLP circuitry to perform DLP scanning operations further includes:
    - directing the DLP circuitry to filter incoming data for a set of commands to prevent unauthorized activation of a particular smart phone application.
  - 13. A method as in claim 12 wherein directing the DLP circuitry to filter incoming data includes:
    - instructing the DLP circuitry to performing text message scanning operations to block an unauthorized text message command from reaching the particular smart phone application.
  - 14. A method as in claim 2 wherein configuring the DLP circuitry to perform DLP scanning operations further includes:
    - directing the DLP circuitry to obtain from incoming data a set of commands to configure the DLP circuitry.
  - 15. A method as in claim 2 wherein providing the mobile wireless communications apparatus having the DLP circuitry includes:
    - installing DLP code within the smart phone device, a processor of the smart phone device forming the DLP circuitry when executing the deployed DLP code.
  - 16. A method as in claim 1 wherein the first security classification is assigned to the first application during the learning phase.
  - 17. A method as in claim 16 wherein the second security classification is assigned to the second application during the learning phase.

18. A mobile wireless communications apparatus, comprising:
- a mobile wireless communications interface;
  
  a user interface; and
  
  a controller coupled to the mobile wireless communications interface and the user interface, the controller being constructed and arranged to;
  
  receive user input from a user and provide user output to the user through the user interface, andin response to the user input from the user, (i) perform data loss prevention (DLP) scanning operations, and (ii) conduct wireless communications sessions with a set of external devices while the DLP scanning operations are performed;
  
  wherein the set of external devices includes a set of cellular telephony base stations;
  
  wherein the mobile wireless communications interface is a cellular telephony transceiver;
  
  wherein the user interface is a smart phone interface;
  
  wherein the mobile wireless communications apparatus is a smart phone device which further comprises a smart phone housing that houses (i) the cellular telephony transceiver, (ii) the smart phone interface, and (iii) the controller, the smart phone housing being constructed and arranged to be concurrently hand held and operated by the user to carry out cellular telephone calls;
  
  wherein the controller is constructed and arranged to maintain the smart phone device in an operative state to exchange cellular telephony signals with the set of cellular telephony base stations through the cellular telephony transceiver, the controller (i) scanning outgoing data which is prepared for transmission to the set of cellular telephony base stations and (ii) controlling whether the outgoing data is transmitted within cellular telephony signals to the set of cellular telephony base stations; and
  
  wherein the controller is constructed and arranged to be guided by the user through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and
  
  wherein the controller, when performing the DLP scanning operations and conducting the wireless communications sessions, is constructed and arranged to;
  
  allow data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, andblock data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.
- View Dependent Claims (19)
- - 19. A mobile wireless communications apparatus as in claim 18 wherein the controller is constructed and arranged to scan the outgoing data which is prepared for transmission to the set of cellular telephony base stations for user application data having a PII data format of the set of PII data formats, the outgoing data being en route from a set of smart phone user applications running in the smart phone device to the cellular telephony transceiver of the smart phone device.

20. A computer program product having a non-transitory computer readable storage medium which includes instructions to provide wireless communications security to a smart phone device, the instructions directing the smart phone device to:
- receive user input from a user and provide user output to the user through a smart phone user interface,configure the smart phone device to perform data loss prevention (DLP) scanning operations by guiding the smart phone device through a learning phase to discover personally identifiable information (PII) stored in the smart phone device and to identify a set of PII data formats of the PII, andin response to the user input from the user and after configuring the smart phone device, (i) perform DLP scanning operations, and (ii) conduct wireless communications sessions with a set of cellular telephony base stations while the DLP scanning operations are performed;
  
  wherein the smart phone device, when performing the DLP scanning operations and conducting the wireless communications sessions;
  
  allows data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, andblocks data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Bailey, Daniel V., Griffin, Robert W.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Jamshidi, Ghodrat

Application Number

US12/978,017
Time in Patent Office

1,237 Days
Field of Search

None
US Class Current

726/29
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Techniques for providing security using a mobile wireless communications device having data loss prevention circuitry

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for providing security using a mobile wireless communications device having data loss prevention circuitry

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links