Techniques for providing security using a mobile wireless communications device having data loss prevention circuitry
First Claim
1. A method of providing wireless communications security,the method comprising:
- providing a mobile wireless communications apparatus having data loss prevention (DLP) circuitry;
configuring the DLP circuitry to perform DLP scanning operations; and
after the DLP circuitry is configured to perform the DLP scanning operations, conducting wireless communications sessions between the mobile wireless communications apparatus and a set of external devices while the DLP circuitry performs the DLP scanning operations;
wherein the mobile wireless communications apparatus is a smart phone device;
wherein the set of external devices includes a set of mobile telephony base stations;
wherein conducting the wireless communications sessions includes maintaining the smart phone device in an operative state to exchange cellular telephony signals with the set of mobile telephony base stations, the DLP circuitry (i) scanning outgoing data which is prepared for transmission to the set of mobile telephony base stations and (ii) controlling whether the outgoing data is transmitted within mobile telephony signals to the set of mobile telephony base stations;
wherein configuring the DLP circuitry to perform the DLP scanning operations includes;
guiding the DLP circuitry through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and
wherein conducting the wireless communications sessions further includes;
allowing data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, andblocking data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.
9 Assignments
0 Petitions
Accused Products
Abstract
A technique provides wireless communications security. The technique involves providing a mobile wireless communications apparatus (e.g., a smart phone) having DLP circuitry, and configuring the DLP circuitry to perform DLP scanning operations. The technique further involves conducting, after the DLP circuitry is configured to perform the DLP scanning operations, wireless communications sessions (e.g., a mobile phone calls) between the mobile wireless communications apparatus and external devices (e.g., wireless access points) while the DLP circuitry performs the DLP scanning operations. In some arrangements, the DLP circuitry is configured by a user to (i) allow only authorized apps to send sensitive information and/or (ii) block retransmission of the sensitive information (e.g., in the event an application containing spyware attempts to send the sensitive information to an attacker after the user has completed a legitimate transaction). Thus, the DLP circuitry protects the mobile wireless communications apparatus against illicit dissemination of sensitive information.
168 Citations
20 Claims
-
1. A method of providing wireless communications security,
the method comprising: -
providing a mobile wireless communications apparatus having data loss prevention (DLP) circuitry; configuring the DLP circuitry to perform DLP scanning operations; and after the DLP circuitry is configured to perform the DLP scanning operations, conducting wireless communications sessions between the mobile wireless communications apparatus and a set of external devices while the DLP circuitry performs the DLP scanning operations; wherein the mobile wireless communications apparatus is a smart phone device; wherein the set of external devices includes a set of mobile telephony base stations; wherein conducting the wireless communications sessions includes maintaining the smart phone device in an operative state to exchange cellular telephony signals with the set of mobile telephony base stations, the DLP circuitry (i) scanning outgoing data which is prepared for transmission to the set of mobile telephony base stations and (ii) controlling whether the outgoing data is transmitted within mobile telephony signals to the set of mobile telephony base stations; wherein configuring the DLP circuitry to perform the DLP scanning operations includes; guiding the DLP circuitry through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and wherein conducting the wireless communications sessions further includes; allowing data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, and blocking data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A mobile wireless communications apparatus, comprising:
-
a mobile wireless communications interface; a user interface; and a controller coupled to the mobile wireless communications interface and the user interface, the controller being constructed and arranged to; receive user input from a user and provide user output to the user through the user interface, and in response to the user input from the user, (i) perform data loss prevention (DLP) scanning operations, and (ii) conduct wireless communications sessions with a set of external devices while the DLP scanning operations are performed; wherein the set of external devices includes a set of cellular telephony base stations; wherein the mobile wireless communications interface is a cellular telephony transceiver; wherein the user interface is a smart phone interface; wherein the mobile wireless communications apparatus is a smart phone device which further comprises a smart phone housing that houses (i) the cellular telephony transceiver, (ii) the smart phone interface, and (iii) the controller, the smart phone housing being constructed and arranged to be concurrently hand held and operated by the user to carry out cellular telephone calls; wherein the controller is constructed and arranged to maintain the smart phone device in an operative state to exchange cellular telephony signals with the set of cellular telephony base stations through the cellular telephony transceiver, the controller (i) scanning outgoing data which is prepared for transmission to the set of cellular telephony base stations and (ii) controlling whether the outgoing data is transmitted within cellular telephony signals to the set of cellular telephony base stations; and wherein the controller is constructed and arranged to be guided by the user through a learning phase to discover personally identifiable information (PII) stored in the smart phone device, and to identify a set of PII data formats of the PII; and wherein the controller, when performing the DLP scanning operations and conducting the wireless communications sessions, is constructed and arranged to; allow data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, and block data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information. - View Dependent Claims (19)
-
-
20. A computer program product having a non-transitory computer readable storage medium which includes instructions to provide wireless communications security to a smart phone device, the instructions directing the smart phone device to:
-
receive user input from a user and provide user output to the user through a smart phone user interface, configure the smart phone device to perform data loss prevention (DLP) scanning operations by guiding the smart phone device through a learning phase to discover personally identifiable information (PII) stored in the smart phone device and to identify a set of PII data formats of the PII, and in response to the user input from the user and after configuring the smart phone device, (i) perform DLP scanning operations, and (ii) conduct wireless communications sessions with a set of cellular telephony base stations while the DLP scanning operations are performed; wherein the smart phone device, when performing the DLP scanning operations and conducting the wireless communications sessions; allows data provided by a first application running on the smart phone device to be transmitted from the smart phone device based on a first security classification assigned to the first application, the data provided by the first application including particular sensitive information, and blocks data provided by a second application running on the smart phone device from being transmitted from the smart phone device based on a second security classification assigned to the second application, the data provided by the second application including the particular sensitive information.
-
Specification