Method and system for policy based authentication

US 9,032,192 B2
Filed: 09/22/2005
Issued: 05/12/2015
Est. Priority Date: 10/28/2004
Status: Active Grant

First Claim

Patent Images

1. A mobile device configured to perform a plurality of functions comprising:

a memory for storing a plurality of different security policies, wherein each of the plurality of different security policies has a corresponding security requirement, wherein each of the plurality of functions has an associated security policy, wherein each security requirement requires either authentication or encryption of data associated with the function of the corresponding security policy;

an input device for invoking a function from the plurality of functions by a user;

a processor for implementing a first security policy from the stored plurality of different security policies associated with the invoked function; and

a security module for requiring the user to satisfy a security requirement corresponding to the first security policy, before the invoked function is performed by the mobile device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device capable of performing a plurality of functions. The mobile device includes a memory for storing a plurality of different security policies; an input device for invoking a function from the plurality of functions by a user; a processor for assigning a first security policy from the stored plurality of security policies to the invoked function; and a security module for requiring the user to satisfy the assigned first security policy, before the invoked function is performed by the mobile device.

22 Citations

View as Search Results

36 Claims

1. A mobile device configured to perform a plurality of functions comprising:
- a memory for storing a plurality of different security policies, wherein each of the plurality of different security policies has a corresponding security requirement, wherein each of the plurality of functions has an associated security policy, wherein each security requirement requires either authentication or encryption of data associated with the function of the corresponding security policy;
  
  an input device for invoking a function from the plurality of functions by a user;
  
  a processor for implementing a first security policy from the stored plurality of different security policies associated with the invoked function; and
  
  a security module for requiring the user to satisfy a security requirement corresponding to the first security policy, before the invoked function is performed by the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 35, 36)
- - 2. The mobile device of claim 1 further comprising means for determining a location of the mobile device and wherein the processor implements a second security policy from the stored plurality of different security policies associated with the invoked function, based on the location of the mobile device.
  - 3. The mobile device of claim 2 wherein the processor changes some of the plurality of functions available to be performed by the mobile device, based on the location of the mobile device.
  - 4. The mobile device of claim 1 wherein the invoked function is accessing data.
  - 5. The mobile device of claim 4 wherein the data is locally stored in the mobile device.
  - 6. The mobile device of claim 4 wherein the data is stored in a remote location from the mobile device.
  - 7. The mobile device of claim 1 wherein the invoked function is making a phone call.
  - 8. The mobile device of claim 1 wherein the security module requires the user to enter a user name to satisfy the security requirement corresponding to the first security policy.
  - 9. The mobile device of claim 1 wherein the security module requires the user to enter a PIN to satisfy the security requirement corresponding to the first security policy.
  - 10. The mobile device of claim 9 wherein the PIN is a biometric PIN.
  - 11. The mobile device of claim 1 wherein the security module requires the user to be authenticated using a digital signature to satisfy the security requirement corresponding to the first security policy.
  - 35. The mobile device of claim 1, wherein the plurality of functions comprises:
    - accessing data stored locally in the mobile device;
      
      accessing data stored remotely from the mobile device; and
      
      making a phone call.
  - 36. The mobile device of claim 35, wherein the plurality of different security policies associate at least one of the plurality of functions to each of the following security requirements:
    - requiring the user to enter a user name for authentication;
      
      requiring the user to enter a biometric PIN for authentication;
      
      requiring the user to be authenticated using a digital signature; and
      
      encrypting data associated with the function.

12. A method for data security of a mobile device configured to perform a plurality of functions, the method comprising:
- storing a plurality of different security policies, wherein each of the plurality of different security policies has a corresponding security requirement, wherein each of the plurality of functions has an associated security policy, wherein each security requirement requires either authentication or encryption of data associated with the function of the corresponding security policy;
  
  invoking a function from the plurality of functions by a user;
  
  implementing a first security policy from the stored plurality of different security policies associated with the invoked function; and
  
  requiring the user to satisfy a security requirement corresponding to the first security policy, before the invoked function is performed by the mobile device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12 further comprising determining a location of the mobile device and implementing a second security policy from the stored plurality of different security policies associated with the invoked function, based on the location of the mobile device.
  - 14. The method of claim 13 further comprising changing some of the plurality of functions available to be performed by the mobile device, based on the location of the mobile device.
  - 15. The method of claim 12 wherein the invoked function is accessing data.
  - 16. The method of claim 12 wherein the invoked function is making a phone call.
  - 17. The method of claim 12 wherein the requiring the user to satisfy the security requirement corresponding to the first security policy comprises requiring the user to enter a user name.
  - 18. The method of claim 12 wherein the requiring the user to satisfy the security requirement corresponding to the first security policy comprises requiring the user to enter a PIN.
  - 19. The method of claim 18 wherein the PIN is a biometric PIN.
  - 20. The method of claim 12 wherein the requiring the user to satisfy the security requirement corresponding to the first security policy comprises requiring the user to be authenticated using a digital signature.

21. A mobile device configured to perform a plurality of functions comprising:
- a memory for storing a three-dimensional matrix of security policies, wherein the three-dimensional matrix includes a plurality of security requirements as a first dimension, a plurality of functions as a second dimension, and a plurality of locations for the mobile device as a third dimension, wherein each security requirement requires either authentication or encryption of data associated with the associated function to execute the associated function;
  
  an input device for invoking a function from the plurality of functions by a user;
  
  a processor for implementing a security requirement from the stored three-dimensional matrix based on the invoked function and the location of the mobile device; and
  
  a security module for requiring the user to satisfy the implemented security requirement, before the invoked function is performed by the mobile device.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The mobile device of claim 21 further comprising means for determining a location of the mobile device.
  - 23. The mobile device of claim 22 wherein the means for determining a location of the mobile device is selected from the group consisting of a GPS, a RF-based location finder, and a transponder.
  - 24. The mobile device of claim 21 wherein the security module requires the user to enter a user name to satisfy the implemented security requirement.
  - 25. The mobile device of claim 21 wherein the security module requires the user to enter a PIN to satisfy the implemented security requirement.
  - 26. The mobile device of claim 25 wherein the PIN is a biometric PIN.
  - 27. The mobile device of claim 21 wherein the security module requires the user to be authenticated using a digital signature to satisfy the implemented security requirement.

28. A method for data security of a mobile device configured to perform a plurality of functions, the method comprising:
- storing, on the mobile device, a three-dimensional matrix of security policies, wherein the three-dimensional matrix includes a plurality of security requirements as a first dimension, a plurality of functions as a second dimension, and a plurality of locations for the mobile device as a third dimension, wherein each security requirement requires either authentication or encryption of data associated with the associated function to execute the associated function;
  
  invoking, on the mobile device, a function from the plurality of functions by a user;
  
  implementing, on the mobile device, a security requirement from the stored three-dimensional matrix based on the invoked function and the location of the mobile device; and
  
  requiring, on the mobile device, the user to satisfy the implemented security requirement, before the invoked function is performed by the mobile device.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28 wherein the requiring the user to satisfy the implemented security requirement comprises requiring the user to enter a PIN.
  - 30. The method of claim 29 wherein the PIN is a biometric PIN.
  - 31. The method of claim 28 wherein the requiring the user to satisfy the implemented security requirement comprises requiring the user to be authenticated using a digital signature.

32. A mobile device configured to perform a plurality of functions comprising:
- means for storing a plurality of different security policies, wherein each of the plurality of different security policies has a corresponding security requirement, wherein each of the plurality of functions has an associated security policy, wherein each security requirement requires either authentication or encryption of data associated with the function of the corresponding security policy;
  
  means for invoking a function from the plurality of functions by a user;
  
  means for implementing a first security policy from the stored plurality of security policies associated with the invoked function; and
  
  means for requiring the user to satisfy a security requirement corresponding to the implemented first security policy, before the invoked function is performed by the mobile device.

33. A mobile device configured to perform a plurality of functions comprising:
- means for storing a three-dimensional matrix of security policies, wherein the three-dimensional matrix includes a plurality of security requirements as a first dimension, a plurality of functions as a second dimension, and a plurality of locations for the mobile device as a third dimension, wherein each security requirement requires either authentication or encryption of data associated with the associated function to execute the associated function;
  
  means for invoking a function from the plurality of functions by a user;
  
  means for implementing a security requirement from the stored three-dimensional matrix based on the invoked function and the location of the mobile device; and
  
  means for requiring the user to satisfy the implemented security requirement, before the invoked function is performed by the mobile device.

34. A mobile device configured to perform a plurality of functions comprising:
- a memory for storing a plurality of different security policies, wherein the plurality of different security policies associate each of the plurality of functions to a security requirement, each security requirement requiring either authentication or encryption;
  
  an input device for invoking a function from the plurality of functions by a user; and
  
  a security module for authorizing the user to invoke the function only after satisfying a security requirement associated with the function by either authenticating the user or encrypting data associated with the function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Frank, Edward H.
Primary Examiner(s)
Vaughan, Michael R

Application Number

US11/234,031
Publication Number

US 20060095953A1
Time in Patent Office

3,519 Days
Field of Search

None
US Class Current

713/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 9/088   Usage controlling of secret...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Method and system for policy based authentication

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for policy based authentication

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links