Method and apparatus for context aware mobile security

US 9,027,076 B2
Filed: 03/23/2012
Issued: 05/05/2015
Est. Priority Date: 03/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method for modifying a security policy executed on a mobile device, comprising:

first determining, by a processor, first context parameters associated with the mobile device, the mobile device being operated according to one of a plurality of separate and distinct context aware security policies stored in a memory in the mobile device for execution;

automatically operating the mobile device according to a first security policy among the plurality of security policies based on the first determined first context parameters associated with the mobile device;

second determining, by the processor, a change in at least one of the first context parameters to a second context parameter that affects the automatically operating the mobile device according to the first security policy;

automatically selecting, by the processor, a second security policy among the plurality of security policies based on the second determining;

automatically operating the mobile device according to the second security policy of the mobile device based on the second determined change in the at least one of the first context parameters to the second context parameter, a particular network being accessible by the mobile device, the second security policy enabling connectivity of the mobile device to the particular network according to a separate security policy of the particular network;

adapting, by the processor, a third security policy among the plurality of security policies of the mobile device and one or more application services accessible via the mobile device to the separate security policy of the particular network by implementing the separate security policy of the particular network as the third security policy on the mobile device;

third determining, by the processor, a change in at least one other of the first context parameters and a change in the separate security policy of the particular network; and

automatically selecting, by the processor, a fourth security policy among the plurality of security policies based on the third determining, the fourth security policy processing the change in the at least one other of the first context parameters and the change in the separate security policy of the particular network to disable the connectivity of the mobile device to the particular network,wherein the processor employs a context aware mobile security policy application stored in the memory in the mobile device, andthe first context parameters comprise at least one of a date, a time, a temperature, a user command, a communication of the mobile device with a network access node and user credentials associated with the mobile device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for causing a change in a security policy of a device based on contextual information. The approach involves determining context information associated with a device. The approach also involves determining a security policy of the device. The approach further involves determining a change of the context information. The approach additionally involves processing the determined change of the context information to cause, at least in part, a revision of the security policy of the device.

63 Citations

View as Search Results

12 Claims

1. A method for modifying a security policy executed on a mobile device, comprising:
- first determining, by a processor, first context parameters associated with the mobile device, the mobile device being operated according to one of a plurality of separate and distinct context aware security policies stored in a memory in the mobile device for execution;
  
  automatically operating the mobile device according to a first security policy among the plurality of security policies based on the first determined first context parameters associated with the mobile device;
  
  second determining, by the processor, a change in at least one of the first context parameters to a second context parameter that affects the automatically operating the mobile device according to the first security policy;
  
  automatically selecting, by the processor, a second security policy among the plurality of security policies based on the second determining;
  
  automatically operating the mobile device according to the second security policy of the mobile device based on the second determined change in the at least one of the first context parameters to the second context parameter, a particular network being accessible by the mobile device, the second security policy enabling connectivity of the mobile device to the particular network according to a separate security policy of the particular network;
  
  adapting, by the processor, a third security policy among the plurality of security policies of the mobile device and one or more application services accessible via the mobile device to the separate security policy of the particular network by implementing the separate security policy of the particular network as the third security policy on the mobile device;
  
  third determining, by the processor, a change in at least one other of the first context parameters and a change in the separate security policy of the particular network; and
  
  automatically selecting, by the processor, a fourth security policy among the plurality of security policies based on the third determining, the fourth security policy processing the change in the at least one other of the first context parameters and the change in the separate security policy of the particular network to disable the connectivity of the mobile device to the particular network,wherein the processor employs a context aware mobile security policy application stored in the memory in the mobile device, andthe first context parameters comprise at least one of a date, a time, a temperature, a user command, a communication of the mobile device with a network access node and user credentials associated with the mobile device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, the adapting by the processor of the one or more application services comprising one or more of (1) a limiting of access rights to the one or more application services, (2) a limiting of access rights of the one or more application services to access the particular network, (3) a limiting of a functionality of the one or more application services, and (4) a clearing of a memory that is accessible by the one or more application services.
  - 3. The method of claim 1, at least the second security policy implementing a change over the first security policy of at least one of (1) a limiting of access rights to one or more application services accessible via the mobile device, (2) a limiting of access rights of the one or more application services to data processed by the mobile device, (3) a limiting of a functionality of the one or more application services, (4) a clearing of a separate memory that is accessible by the one or more application services, and (5) an accessing of one or more secure applications that are not accessible by the mobile device executing the first security policy.
  - 4. The method of claim 1, the plurality of separate and distinct context aware security policies each implementing a different one or more of operational limits, security limits, threat limits, network connectivity allowances, sensor availability allowances, cryptographic protection protocols, memory accessibility allowances, application service accessibility allowances, and user accessibility allowances.

5. A mobile communicating device, comprising:
- at least a first memory storing a plurality of separate and distinct context aware security policies by which the mobile communicating device is operated;
  
  a sensor that determines at least one of a plurality of context parameters associated with the mobile communicating device; and
  
  a processor that is programmed to;
  
  execute a first security policy among the plurality of security policies based on first context parameters associated with the mobile communicating device;
  
  execute a first determining of a change in at least one of the first context parameters to a second context parameter that affects operation of the mobile communicating device according to the first security policy;
  
  automatically select a second security policy among the plurality of security policies based on the first determining;
  
  automatically control operation of the mobile communicating device according to the second security policy of the mobile communicating device based on the first determining of the change in the at least one of the first context parameters, a particular network being accessible by the mobile communicating device and the second security policy enabling connectivity of the mobile communicating device to the particular network according to a separate security policy of the particular network;
  
  adapt a third security policy among the plurality of security policies of the mobile communicating device and one or more application services accessible via the mobile communicating device to the separate security policy of the particular network by implementing the separate security policy of the particular network as the third security policy on the mobile communicating device;
  
  execute a second determining of a change in at least one other of the first context parameters and a change in the separate security policy of the particular network; and
  
  automatically selecting a fourth security policy among the plurality of security policies based on the second determining, the fourth security policy processing the change in the at least one other of the first context parameters and the change in the separate security policy of the particular network to disable the connectivity of the mobile device to the particular network,wherein the processor applies a context aware mobile security policy application stored in at least a second memory in the mobile communicating device to process the second determined change in the at least one of the first context parameters, andthe first context parameters comprise at least one of a date, a time, a temperature, a user command, a communication of the mobile device with a network access node and user credentials associated with the mobile communicating device.
- View Dependent Claims (6, 7, 8)
- - 6. The mobile communicating device of claim 5, the adapting of the one or more application services comprising one or more of (1) a limiting of access rights to the one or more application services, (2) a limiting of access rights of the one or more application services to access the network, (3) a limiting of a functionality of the one or more application services, and (4) a clearing of a memory that is accessible by the one or more application services.
  - 7. The mobile communicating device of claim 5, at least the second security policy implementing a change over the first security policy of at least one of (1) a limiting of access rights to one or more application services accessible via the mobile communicating device, (2) a limiting of access rights of the one or more application services to data processed by the mobile communicating device, (3) a limiting of a functionality of the one or more application services, (4) a clearing of a memory that is accessible by the one or more application services, and (5) an accessing of one or more secure applications that are not accessible by the mobile communicating device executing the first security policy.
  - 8. The mobile communicating device of claim 5, the plurality of separate and distinct context aware security policies each implementing a different one or more of operational limits, security limits, threat limits, network connectivity allowances, sensor availability allowances, cryptographic protection protocols, memory accessibility allowances, application service accessibility allowances, and user accessibility allowances.

9. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors in a mobile device, cause the one or more processors to execute steps of a method for modifying a security policy executed on the mobile device, comprising:
- first determining first context parameters associated with the mobile device, the mobile device being operable according to a plurality of separate and distinct context aware security policies stored in a memory in the mobile device;
  
  automatically operating the mobile device according to a first security policy among the plurality of security policies based on the first determined first context parameters associated with the mobile device;
  
  second determining a change in at least one of the first context parameters to a second context parameter that affects the operation of the mobile device according to the first security policy;
  
  automatically selecting a second security policy among the plurality of security policies based on the second determining;
  
  automatically operating the mobile device according to the second security policy based on the second determined change in the at least one of the first context parameters to the second context parameter, a particular network being accessible by the mobile device, the second security policy enabling connectivity of the mobile device to the particular network according to a separate security policy of the particular network;
  
  adapting a third security policy among the plurality of security policies of the mobile device and one or more application services accessible via the mobile device to the separate security policy of the particular network by implementing the separate security policy of the particular network as the third security policy on the mobile device;
  
  third determining a change in at least one other of the first context parameters and a change in the separate security policy of the particular network; and
  
  automatically selecting a fourth security policy among the plurality of security policies based on the third determining, the fourth security policy processing the change in the at least one other of the first context parameters and the change in the separate security policy of the particular network to disable the connectivity of the mobile device to the particular network,wherein the one or more processors communicate with a context aware mobile security policy application stored in the memory of the mobile device, the context aware mobile security policy application being configured to modify the security policy of the mobile device by facilitating selection between the plurality of separate and distinct context aware security policies, andthe first context parameters comprise at least one of a date, a time, a temperature, a user command, a communication of the mobile device with a network access node and user credentials associated with the mobile device.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer-readable storage medium of claim 9, the adapting of the one or more application services one or more of (1) a limiting of access rights to the one or more application services, (2) a limiting of access rights of the one or more application services to access the particular network, (3) a limiting of a functionality of the one or more application services, and (4) a clearing of a memory that is accessible by the one or more application services.
  - 11. The non-transitory computer-readable storage medium of claim 9, at least the second security policy implementing a change over the first security policy of at least one of (1) a limiting of access rights to one or more application services accessible via the mobile device, (2) a limiting of access rights of the one or more application services to data processed by the mobile device, (3) a limiting of a functionality of the one or more application services, (4) a clearing of a memory that is accessible by the one or more application services, and (5) an accessing to one or more secure applications that are not accessible by the mobile device executing the first security policy.
  - 12. The non-transitory computer-readable storage medium of claim 9, the plurality of separate and distinct context aware security policies each implementing a different one or more of operational limits, security limits, threat limits, network connectivity allowances, sensor availability allowances, cryptographic protection protocols, memory accessibility allowances, application service accessibility allowances, and user accessibility allowances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos Innovations Technology, Inc.
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Roach, Kyle J., Hrybyk, Alex, Morrison, John S., Kauffman, Kathleen M., Jones, Eric B., Lohrum, Mark, Good, Kenneth R.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/428,859
Publication Number

US 20130254831A1
Time in Patent Office

1,138 Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04W 12/082   using revocation of authori...

Method and apparatus for context aware mobile security

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for context aware mobile security

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links