Securing a device based on atypical user behavior

US 8,789,136 B2
Filed: 09/02/2008
Issued: 07/22/2014
Est. Priority Date: 09/02/2008
Status: Active Grant

First Claim

Patent Images

1. A system for securing a device comprising:

a. a behavior module for authorizing events, updating rule data, and securing the device; and

b. an authentication module responsive to a first event being a secure event, for determining if the first event is authenticated;

c. responsive to the first event being authenticated, for directing the behavior module to authorize the first event and to update the rule data;

d. responsive to the first event not being authenticated, for determining if an authentication is valid;

e. responsive to the authentication being valid, for directing the behavior module to authorize the first event and update the rule data;

f. responsive to the authentication not being valid, for directing the behavior module to secure the device;

g. a processor;

h. a memory storing the behavior module and the authentication module for execution by the processor;

i. wherein the authentication module is responsive to the first event not being a secure event, for directing the behavior module to authorize the first event and update the rule data, wherein secure events require authentication and non-secure events do not require authentication, andj. wherein the authentication module is responsive to the first event authentication being valid, for directing the behavior module to determine if the first event is a static event, and wherein the behavior module is responsive to the first event not being a static event, for authorizing the first event and updating the rule data, the rule data comprising at least one item from the group of;

which events have been authenticated, a number of times an event occurred, if a user is connected to a docking station, and timer information.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securing the mobile device applies the rules to determine if an event associated with an application is a secure event. If the event is a secure event, the system applies the rules to determine if the event is authenticated. If the event is authenticated, the event is authorized and the system updates rule data associated with the event and/or other associated events. Updating the rule data allows other associated events to be authenticated. If the event is not authenticated, the system requests authentication from a user. If the authentication is valid, the event is authorized and the system updates the rule data associated with the event and/or other associated events. If the authentication is not valid, the system secures the mobile device. Authorizing the event enables a user to access the application and/or data associated with the application.

27 Citations

View as Search Results

29 Claims

1. A system for securing a device comprising:
- a. a behavior module for authorizing events, updating rule data, and securing the device; and
  
  b. an authentication module responsive to a first event being a secure event, for determining if the first event is authenticated;
  
  c. responsive to the first event being authenticated, for directing the behavior module to authorize the first event and to update the rule data;
  
  d. responsive to the first event not being authenticated, for determining if an authentication is valid;
  
  e. responsive to the authentication being valid, for directing the behavior module to authorize the first event and update the rule data;
  
  f. responsive to the authentication not being valid, for directing the behavior module to secure the device;
  
  g. a processor;
  
  h. a memory storing the behavior module and the authentication module for execution by the processor;
  
  i. wherein the authentication module is responsive to the first event not being a secure event, for directing the behavior module to authorize the first event and update the rule data, wherein secure events require authentication and non-secure events do not require authentication, andj. wherein the authentication module is responsive to the first event authentication being valid, for directing the behavior module to determine if the first event is a static event, and wherein the behavior module is responsive to the first event not being a static event, for authorizing the first event and updating the rule data, the rule data comprising at least one item from the group of;
  
  which events have been authenticated, a number of times an event occurred, if a user is connected to a docking station, and timer information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the first event is a non-secure event, and wherein the behavior module is further adapted to update the rule data by converting the first event into a secure event.
  - 3. The system of claim 2, wherein the behavior module is adapted to convert the first event into the secure event responsive to the behavior module authorizing a plurality of non-secure events.
  - 4. The system of claim 1, wherein the first event is a secure event, and wherein the behavior module is further adapted for converting the first event into a non-secure event.
  - 5. The system of claim 1, wherein the authentication module is adapted to determine if the authentication is valid based on a prior authentication of the first event.
  - 6. The system of claim 1, wherein the authentication module is adapted to determine if the authentication is valid based on a prior authentication of an associated event.
  - 7. The system of claim 6, wherein the first event and/or the associated event are based on activities of a person.
  - 8. The system of claim 1, wherein the behavior module is adapted to update the rule data for the first event by updating rule data of an associated event.
  - 9. The system of claim 8, wherein the first event and/or the associated event are based on activities of a person.
  - 10. The system of claim 1, wherein the authentication module is adapted to determine if the authentication is valid based on a period of time since the last authentication of the first event.
  - 11. The system of claim 1, wherein the first event is an item from the group comprising:
    - accessing a network, accessing an application, accessing a file, accessing a directory, accessing a memory device, accessing a docking station, removing a memory device, inserting a memory device, receiving an email, sending an email, receiving a file, sending a file, copying a file, accessing a device, entering a secure location, leaving a secure location, connecting to a network, disconnecting from a network, accessing a calendar, receiving a phone call, and placing a phone call.
  - 12. The system of claim 1, wherein the behavior module is adapted to secure the device by at least one item selected from the group comprising:
    - locking the device, encrypting application data, and deleting application data.
  - 13. The system of claim 1, wherein the device is a mobile device.

14. A method for securing a device comprising:
- a. determining if a first event is a secure event;
  
  b. in response to determining that the first event is a secure event, determining if the first event is authenticated;
  
  c. in response to determining that the first event is authenticated, proceeding to step (f);
  
  d. in response to determining that the first event is not authenticated, determining if an authentication is valid;
  
  e. in response to determining that the authentication is valid proceeding to step (f);
  
  f. authorizing the first event and updating rule data for the first event; and
  
  g. in response to determining that the authentication is not valid, securing the device, wherein securing the device comprises at least one item selected from the group comprising;
  
  locking the device, encrypting application data, and deleting application data;
  
  h. in response to determining that the first event is not a secure event, proceeding to step (f), wherein secure events require authentication and non-secure events do not require authentication, and wherein the rule data comprises at least one item from the group of;
  
  which events have been authenticated, a number of times an event occurred, if a user is connected to a docking station, and timer information;
  
  i. determining if the first event is a static event, and responsive to the first event not being a static event, authorizing the first event and updating the rule data.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 15. The method of claim 14, wherein the first event is a non-secure event and wherein updating the rule data for the first event further comprises converting the first event to a secure event.
  - 16. The method of claim 15, wherein converting the first event to the secure event is based on accessing a plurality of non-secure events.
  - 17. The method of claim 14, wherein the first event is a secure event and wherein updating the rule data further comprises converting the first event into a non-secure event, the rule data comprising at least one item from the group of:
    - which events have been authenticated, a number of times an event occurred, if a user is connected to a docking station, and timer information.
  - 18. The method of claim 14, wherein the step of determining if the authentication is valid, further comprises determining if the first event is a static event, and in response to the first event not being a static event, proceeding to step (f).
  - 19. The method of claim 14, wherein determining if the authentication is valid is based on a prior authentication of the first event.
  - 20. The method of claim 14, wherein determining if the authentication is valid is based on a prior authentication of an associated event.
  - 21. The method of claim 20, wherein the first event and/or the associated event are based on activities of a person.
  - 22. The method of claim 14, wherein updating the rules for the first event further comprises updating rules of an associated event.
  - 23. The method of claim 22, wherein the first event and/or the associated event are based on activities of a person.
  - 24. The method of claim 14, wherein determining if the authentication is valid is based on a period of time since the last authentication of the first event.
  - 25. The method of claim 14, wherein the first event is an item from the group comprising:
    - accessing a network, accessing an application, accessing a file, accessing a directory, accessing a memory device, accessing a docking station, removing a memory device, inserting a memory device, receiving an email, sending an email, receiving a file, sending a file, copying a file, accessing a device, entering a secure location, leaving a secure location, connecting to a network, disconnecting from a network, accessing a calendar, receiving a phone call, and placing a phone call.
  - 26. The method of claim 14, wherein securing the device comprises at least one item selected from the group comprising:
    - locking the device, encrypting application data, and deleting application data.
  - 27. The method of claim 14, wherein the device is a mobile device.
  - 28. An apparatus for performing the method of one of claims 14 or 15-27.

29. A system for securing a device comprising:
- a. an authentication module responsive to a first event being a secure event, for determining if the first event is authenticated;
  
  b. responsive to the first event not being a secure event, for directing a behavior module to authorize the first event and to update rule data, wherein secure events require authentication and non-secure events do not require authentication, and wherein the rule data comprises at least one item from the group of;
  
  which events have been authenticated, a number of times an event occurred, if a user is connected to a docking station, and timer information;
  
  c. responsive to the first event being authenticated, for directing the behavior module to authorize the first event and to update the rule data;
  
  d. responsive to the first event not being authenticated, for determining if an authentication is valid;
  
  e. responsive to the authentication not being valid, for directing the behavior module to secure the device;
  
  f. responsive to the authentication being valid, for directing the behavior module to determine if the first event is a static event;
  
  g. responsive to the authentication not being valid, for directing the behavior module to secure the device;
  
  h. the behavior module, adapted to authorize an event, update rule data, and secure the device, the behavior module further for determining if an event is a static event, and responsive to the event not being a static event, for authorizing the event and updating the rule data;
  
  i. a processor; and
  
  j. a memory storing the behavior module and the authentication module for execution by the processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Incorporated
Inventors
Erhart, George, Matula, Valentine, Skiba, David
Primary Examiner(s)
Rahman, Mohammad L
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US12/202,650
Publication Number

US 20100056105A1
Time in Patent Office

2,149 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

G06F 21/629   to features or functions of...

H04W 12/068   using credential vaults, e....

H04W 12/12   Detection or prevention of ...

Securing a device based on atypical user behavior

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Securing a device based on atypical user behavior

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links