Enablement of a trusted security zone authentication for remote mobile device management systems and methods

US 8,984,592 B1
Filed: 03/15/2013
Issued: 03/17/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of accessing secure data on a mobile device, comprising:

receiving, by the mobile device, a request to access a data package stored on the mobile device;

authorizing, by the mobile device, the request to access the data package, wherein authorizing comprises querying the request to obtain one or more request identifications;

granting, by the mobile device, at least one key in response to authorizing the request, wherein the at least one key provides access to a secure environment on the mobile device storing one or more flags associated with the data package, wherein the secure environment prevents unauthorized access to the one or more flags, and wherein the secure environment comprises a trusted security zone that includes one or more chipsets with a hardware root of trust, a secure execution environment for applications, and secure access to peripherals, or a secure element that includes a secure operating environment comprising a microprocessor, memory, and operating system;

granting, by the mobile device, access to the secure environment, wherein access is granted to the secure environment in response to presenting the at least one key to the secure environment; and

granting, by the mobile device, access to the data package, wherein granting access to the data package comprises changing a setting of the one or more flags associated with the data package.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of accessing secure data on a mobile device is disclosed. The method comprises receiving a request to access a data package stored on the mobile device. The method comprises authorizing the request to access the data package, wherein authorizing comprises querying the request to obtain one or more request identifications. The method comprises granting a key in response to authorizing the request, wherein the key provides access to a secure environment storing one or more flags associated with the data package. The method comprises granting access to the secure environment, wherein access is granted to the secure environment in response to presenting the key to the secure environment. The method comprises granting access to the data package, wherein granting access to the data packages comprises setting the one or more flags associated with the data package.

Citations

20 Claims

1. A method of accessing secure data on a mobile device, comprising:
- receiving, by the mobile device, a request to access a data package stored on the mobile device;
  
  authorizing, by the mobile device, the request to access the data package, wherein authorizing comprises querying the request to obtain one or more request identifications;
  
  granting, by the mobile device, at least one key in response to authorizing the request, wherein the at least one key provides access to a secure environment on the mobile device storing one or more flags associated with the data package, wherein the secure environment prevents unauthorized access to the one or more flags, and wherein the secure environment comprises a trusted security zone that includes one or more chipsets with a hardware root of trust, a secure execution environment for applications, and secure access to peripherals, or a secure element that includes a secure operating environment comprising a microprocessor, memory, and operating system;
  
  granting, by the mobile device, access to the secure environment, wherein access is granted to the secure environment in response to presenting the at least one key to the secure environment; and
  
  granting, by the mobile device, access to the data package, wherein granting access to the data package comprises changing a setting of the one or more flags associated with the data package.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data package is stored in the secure environment.
  - 3. The method of claim 1, wherein the request identifications comprise the source of the request, an action the request purports to take, one or more data packages the request purports to access, the IP address of the mobile device sought by the request, and one or more security codes.
  - 4. The method of claim 1, wherein authorizing further comprises verifying based on one or more request identifications that the request to access the secure environment is an approved request.
  - 5. The method of claim 1, wherein the data package comprises at least a mobile device management application, at least an application managed by a mobile device management application, or at least one or more persona.
  - 6. The method of claim 1, wherein access to the one or more data packages comprises at least one of viewing content associated with the data package, manipulating content associated with the data package, modifying a data package, deleting a data package, and executing a data package.
  - 7. The method of claim 1, wherein the data package is affiliated with a persona.

8. A method of securing data on a mobile device, comprising:
- enabling, by the mobile device, a user to secure one or more data packages from wireless access, wherein securing one or more data packages from wireless access comprises changing a setting of one or more data package flags associated with the one or more data packages using a mobile device interface, wherein at least the one or more data package flags are stored in a secure environment on the mobile device and the secure environment prevents unauthorized access to the one or more data package flags, and wherein the secure environment comprises a trusted security zone that includes one or more chipsets with a hardware root of trust, a secure execution environment for applications, and secure access to peripherals, or a secure element that includes a secure operating environment comprising a microprocessor, memory, and operating system;
  
  receiving, by the mobile device, a wireless request to access the one or more data packages;
  
  querying, by the mobile device, the wireless request to access the one or more data packages, wherein querying comprises requesting one or more wireless request identifications;
  
  denying, by the mobile device, access to the one or more data packages based on querying the wireless request to access the one or more data packages, wherein denying access to the one or more data packages comprises denying access to the secure environment storing at least the one or more data package flags.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising displaying on the mobile device interface a list of the one or more data packages which may be secured by a mobile device user through the mobile device interface.
  - 10. The method of claim 8, wherein denying access to the one or more data packages further comprises denying access to a key, wherein the key grants access to the secure environment.
  - 11. The method of claim 8, wherein the wireless request identifications comprise the source of the request, an action the request purports to take, one or more data packages the request purports to access, the IP address of the mobile device sought by the request, and one or more security codes.
  - 12. The method of claim 8, wherein querying further comprises verifying based on one or more request identifications that the request to access the secure environment is not an approved request.
  - 13. The method of claim 8, wherein the one or more data packages comprise at least one or more mobile device management applications, at least one or more applications managed by the one or more mobile device management application, or at least one or more persona.
  - 14. The method of claim 8, wherein denying access to the one or more data packages comprises at least one of preventing the viewing of content associated with the one or more data packages, preventing the manipulating of content associated with the one or more data packages, preventing the modifying of one or more data packages, preventing the deleting of one or more data packages, and preventing the executing of one or more data packages.

15. A method of installing secure data on a mobile device, comprising:
- receiving, by the mobile device, a request to install one or more data package flags in a secure environment on the mobile device, wherein the one or more data package flags are associated with one or more data packages, wherein the secure environment prevents unauthorized access to the one or more flags, and wherein the secure environment comprises a trusted security zone that includes one or more chipsets with a hardware root of trust, a secure execution environment for applications, and secure access to peripherals, or a secure element that includes a secure operating environment comprising a microprocessor, memory, and operating system;
  
  authorizing, by the mobile device, the request to install the one or more data package flags in the secure environment, wherein authorizing comprises querying the request to obtain one or more request identifications;
  
  granting, by the mobile device, a key based on the authorization of the request to install the one or more data package flags in the secure environment, wherein the key provides access to install one or more data package flags in the secure environment; and
  
  installing, by the mobile device, the one or more data package flags in the secure environment through the use of the key, wherein installing the one or more data package flags secures one or more associated data packages on the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising receiving a request to install one or more data packages in the memory of the mobile device.
  - 17. The method of claim 15, further comprising receiving a request to install one or more data packages in the secure environment and storing one or more installed data packages in the secure environment.
  - 18. The method of claim 15, wherein the request identifications comprise the source of the request, an action the request purports to take, one or more data packages the request purports to access, the IP address of the mobile device sought by the request, and one or more security codes.
  - 19. The method of claim 15, wherein authorizing comprises verifying based on one or more request identifications that the request to access the secure environment is an approved request.
  - 20. The method of claim 15, wherein the key expires after a predetermined period of time or a predetermined number of access attempts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Schlesener, Matthew C.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
King, John B

Application Number

US13/844,357
Time in Patent Office

732 Days
Field of Search

726/3, 726/4, 726/26
US Class Current

726/4
CPC Class Codes

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/64   using geofenced areas

Enablement of a trusted security zone authentication for remote mobile device management systems and methods

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enablement of a trusted security zone authentication for remote mobile device management systems and methods

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links