Access management system
First Claim
Patent Images
1. A method of managing access rights for data held locally in an internal memory of a mobile communications device and in a portable storage device connected to the mobile communications device, the mobile communications device connected to a network, the data having a first set of access rights, the method comprising:
- detecting disconnection of the mobile communications device from the network; and
the mobile communications device adjusting the access rights from the first set of access rights to a second set of access rights for the data stored in a secure memory area of the internal memory and the portable storage upon detection of the disconnection;
wherein the first set of access rights is different from said second set of access rights;
wherein said adjusting said access rights to said second set of access rights comprises granting access rights which vary in dependence on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located; and
wherein detecting disconnection of the mobile communications device from the network comprises detecting disconnection of said mobile device from predefined server apparatus.
2 Assignments
0 Petitions
Accused Products
Abstract
An access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server.
41 Citations
20 Claims
-
1. A method of managing access rights for data held locally in an internal memory of a mobile communications device and in a portable storage device connected to the mobile communications device, the mobile communications device connected to a network, the data having a first set of access rights, the method comprising:
-
detecting disconnection of the mobile communications device from the network; and the mobile communications device adjusting the access rights from the first set of access rights to a second set of access rights for the data stored in a secure memory area of the internal memory and the portable storage upon detection of the disconnection; wherein the first set of access rights is different from said second set of access rights; wherein said adjusting said access rights to said second set of access rights comprises granting access rights which vary in dependence on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located; andwherein detecting disconnection of the mobile communications device from the network comprises detecting disconnection of said mobile device from predefined server apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of provisioning a mobile communications device for managing access rights for data held locally in an internal memory of the mobile communications device and in a portable storage device connected to the mobile communications device, the method comprising:
-
providing the mobile communications device with configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network; and providing the mobile communications device with configuration parameters defining a second set of access rights for data stored in a secure memory area of the internal memory and in the portable storage device for use when the mobile communications device is not connected to the network; wherein the first set of access rights is different from said second set of access rights; and the mobile communications device adjusting access rights from the first set of access rights to the second set of access rights upon detection of a disconnection; wherein said providing said configuration parameters comprises providing configuration parameters which define access rights which are dependent on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located. - View Dependent Claims (14)
-
-
15. A mobile communications device having
an access rights managing unit that manages access rights for data held locally in an internal memory of a mobile communications device and in a portable storage device connected to the mobile communications device, relative to the mobile communications device, the access rights managing unit comprising: -
a first receiving unit that receives, at the mobile communications device, configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network; a second receiving unit that receives, at the mobile communications device, configuration parameters defining a second set of access rights for data stored in a secure memory area of the internal memory and in the portable storage device for use when the mobile communications device is not connected to the network; and a storing unit that stores said configuration parameters for use in managing said access rights for the data held locally relative to the mobile communications device; wherein the first set of access rights is different from said second set of access rights; wherein said configuration parameters define access rights which are dependent on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located. - View Dependent Claims (16, 17)
-
-
18. A non-transitory computer readable medium storing a program for causing a computer to carry out a method of managing access rights for data held locally in an internal memory of a mobile communications device and in a portable storage device connected to the mobile communications device, the mobile communications device connected to a network, the data having a first set of access rights, the method comprising:
-
detecting disconnection of the mobile communications device from the network; and the mobile communications device adjusting the access rights from the first set of access rights to a second set of access rights for the data stored in a secure memory area of the internal memory and the portable storage upon detection of the disconnection; wherein the first set of access rights is different from said second set of access rights; wherein said adjusting said access rights to said second set of access rights comprises granting access rights which vary in dependence on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located; andwherein detecting disconnection of the mobile communications device from the network comprises detecting disconnection of said mobile device from predefined server apparatus.
-
-
19. A mobile communications device having a module for managing access rights for data held locally in an internal memory of the mobile communications device and in a portable storage device connected to the mobile communication device, the access rights managing module being operable to:
- (i) receive configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network;
(ii) receive configuration parameters defining a second set of access rights for data stored in a secure memory area of the internal memory and in the portable storage device for use when the mobile communications device is not connected to the network; and
(iii) store said configuration parameters for use in managing said access rights for the data held locally relative to the mobile communications device;
wherein the first set of access rights is different from said second set of access rights;wherein said configuration parameters which define access rights which are dependent on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located.
- (i) receive configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network;
-
20. A server apparatus having a provisioning module for provisioning a mobile communications device to manage access rights for data held locally in an internal memory of the mobile communications device and in a portable storage device connected to the mobile communications device, the provisioning module being operable to provide the mobile communications device with:
- (i) configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network, and (ii) configuration parameters defining a second set of access rights for data stored in a secure memory area of the internal memory and in the portable storage device for use when the mobile communications device is not connected to the network;
wherein the first set of access rights is different from said second set of access rights;wherein said configuration parameters which define access rights which are dependent on;
an identity of a file comprising the data;
a file type of the file comprising the data;
a rights access level assigned to the file comprising the data;
membership of the file comprising the data in a predefined group; and
an identity of a directory in which the file comprising the data is located.
- (i) configuration parameters defining a first set of access rights for the data for use when the mobile communications device is connected to a network, and (ii) configuration parameters defining a second set of access rights for data stored in a secure memory area of the internal memory and in the portable storage device for use when the mobile communications device is not connected to the network;
Specification