Mobile device management apparatus and method based on security policies and management server for mobile device management

US 9,141,828 B2
Filed: 09/14/2012
Issued: 09/22/2015
Est. Priority Date: 09/23/2011
Status: Active Grant

First Claim

Patent Images

1. A mobile device management apparatus comprising:

at least one processor operable to read and operate according to instructions within a computer program; and

at least one memory operable to store at least portions of said computer program for access by said processor;

wherein said program includes algorithms to cause said processor to implement;

a policy storage unit which receives security policies and profiles;

wherein the security policies each control an operation state with respect to a function of a mobile device; and

wherein the profiles comprise sets of one or more respective security policies and have respective activation priorities; and

a policy implementation unit which selectively activates the profiles in response to one or more of;

a detection of an event occurring on the mobile device, anda command received from outside the mobile device;

wherein the policy implementation unit is executed on the mobile device and executes the one or more respective security policies included in an activated profile so as to control the function of the mobile device;

wherein each profile is assigned an activation index, and the policy implementation unit activates a profile of which the activation index is greater than a preset value,wherein, when two or more events are defined with a corresponding profile in the policy storage unit, an activation index of the corresponding profile increases according to a number of events, among the two or more events, occurring on the mobile device, andwherein, when the function of the mobile device is controlled by more than one of the security policies, the policy implementation unit executes only the one of the security policies belonging to a profile having a higher respective activation priority.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device management apparatus has a policy storage unit that receives a plurality of security policies, which are classified into a plurality of profiles assigned priorities of activation and in which operating states of functions of a mobile device are defined. A management server supplies the profiles and the security policies to the mobile device. A policy implementation unit selectively activates the profiles so that control of the mobile device functions can be carried out with minimal communication, and also in response to changing events.

13 Citations

View as Search Results

17 Claims

1. A mobile device management apparatus comprising:
- at least one processor operable to read and operate according to instructions within a computer program; and
  
  at least one memory operable to store at least portions of said computer program for access by said processor;
  
  wherein said program includes algorithms to cause said processor to implement;
  
  a policy storage unit which receives security policies and profiles;
  
  wherein the security policies each control an operation state with respect to a function of a mobile device; and
  
  wherein the profiles comprise sets of one or more respective security policies and have respective activation priorities; and
  
  a policy implementation unit which selectively activates the profiles in response to one or more of;
  
  a detection of an event occurring on the mobile device, anda command received from outside the mobile device;
  
  wherein the policy implementation unit is executed on the mobile device and executes the one or more respective security policies included in an activated profile so as to control the function of the mobile device;
  
  wherein each profile is assigned an activation index, and the policy implementation unit activates a profile of which the activation index is greater than a preset value,wherein, when two or more events are defined with a corresponding profile in the policy storage unit, an activation index of the corresponding profile increases according to a number of events, among the two or more events, occurring on the mobile device, andwherein, when the function of the mobile device is controlled by more than one of the security policies, the policy implementation unit executes only the one of the security policies belonging to a profile having a higher respective activation priority.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The mobile device management apparatus of claim 1, wherein:
    - the profiles are classified into and stored in layers having respective activation priorities, andwhen the same function of the mobile device is controlled by more than one of the security policies, the policy implementation unit executes only the one of the security policies belonging to the layer having a higher respective activation priority.
  - 3. The mobile device management apparatus of claim 2, wherein the layers comprise a first layer including a profile of security policies that are always maintained in an activated state, and a second layer including event-driven profiles that have a higher priority of implementation than that of the first layer;
    - wherein the event-driven profiles are capable of being activated also by the command received from outside the mobile device.
  - 4. The mobile device management apparatus of claim 3, wherein the layers further comprise a third layer including profiles that are activated in response to a preset emergency event.
  - 5. The mobile device management apparatus of claim 4, wherein:
    - the profile in the first layer further includes event policies in which the event occurring on the mobile device or the emergency event and identification codes of profiles activated in response to each event are defined, andthe policy implementation unit activates profiles of the second and third layers in response to occurrence of the event defined in the event policies.
  - 6. The mobile device management apparatus of claim 1, wherein:
    - the policy implementation unit comprises;
      
      an event monitoring unit for calculating activation indices assigned to the respective profiles depending on initiation and termination of the event occurring on the mobile device;
      
      a command execution unit for calculating activation indices assigned to the respective profiles in response to an activation or deactivation command received from outside the mobile device; and
      
      an activation unit for activating profiles, activation indices of which are equal to or greater than a preset reference value, based on the activation indices of the respective profiles calculated by the event monitoring unit and the command execution unit.
  - 7. The mobile device management apparatus of claim 6, wherein, when updated activation indices are input from the event monitoring unit or the command execution unit, the activation unit reselects profiles to be activated based on the updated activation indices.

8. A mobile device management method comprising:
- (a) receiving a plurality of security policies classified into a plurality of profiles assigned activation priorities and in which operating states of functions of a mobile device are defined, and storing the security policies at the mobile device; and
  
  (b) activating, by the mobile device, profiles selected from the plurality of profiles in response to at least one of an event occurring on the mobile device and a command received from outside the mobile device, executing security policies included in the activated profiles, and then controlling the functions of the mobile device,wherein each profile is assigned an activation index, and the policy implementation unit activates a profile of which the activation index is greater than a preset value,wherein, when the security policies are stored with a definition of two or more events with respect to a corresponding profile at the mobile device, an activation index of the corresponding profile increases according to a number of events, among the two or more events, occurring on the mobile device, andwherein (b) is carried out so that, when a plurality of security policies, in which operating states of an identical function of the mobile device are defined, is individually included in the plurality of activated profiles, a security policy included in a profile having a highest priority of activation among the activated profiles is implemented.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The mobile device management method of claim 8, wherein:
    - the plurality of profiles is classified into and stored in a plurality of layers respectively assigned priorities of implementation, and(b) is carried out so that, when the plurality of security policies, in which the operating states of the identical function of the mobile device are defined, is individually included in the plurality of layers, implement a security policy of a profile included in a layer having a highest priority of implementation among the activated profiles.
  - 10. The mobile device management method of claim 9, wherein the plurality of layers comprises a first layer including a profile that is always maintained in an activated state, and a second layer including profiles that have a higher priority of implementation than that of the first layer and that are activated in response to the event occurring on the mobile device or the command received from outside the mobile device.
  - 11. The mobile device management method of claim 10, wherein the plurality of layers further comprises a third layer that includes profiles activated in response to a preset emergency event.
  - 12. The mobile device management method of claim 11, wherein:
    - the profiles included in the first layer further include event policies in which the event occurring on the mobile device or the emergency event and identification codes of profiles activated in response to each event are defined, and(b) is carried out so as to activate profiles of the second and third layers in response to occurrence of the event defined in the event policies.
  - 13. The mobile device management method of claim 8, wherein:
    - (b) comprises;
      
      (b1) calculating activation indices assigned to the respective profiles depending on initiation and termination of the event occurring on the mobile device;
      
      (b2) calculating activation indices assigned to the respective profiles in response to an activation or deactivation command received from outside the mobile device; and
      
      (b3) activating profiles, activation indices of which are equal to or greater than a preset reference value, among the plurality of profiles, based on the activation indices of the respective profiles calculated at (b1) and (b2).
  - 14. The mobile device management method of claim 13, wherein, when activation indices are updated at (b1) or (b2), (b3) is carried out so as to reselect profiles to be activated from among the plurality of profiles based on the updated activation indices.

15. A mobile device, comprising:
- a transmitter, a receiver, a storage, a management apparatus, and one or more mobile device functions;
  
  wherein;
  
  the receiver receives a plurality of profiles;
  
  the profiles are stored in the storage;
  
  the profiles each include one or more security policies and each have a respective activation priority;
  
  each of the security policies pertains to an operation state of one of the mobile device functions;
  
  the storage also includes a plurality of event policies that define events and corresponding profiles;
  
  the management apparatus selectively activates ones of the profiles in response to at least one of;
  
  a detection of one of the defined events, anda command, received by the receiver, indicating one of the profiles to activate; and
  
  when the management apparatus activates one of the profiles, the management apparatus also executes the one or more security policies of the activated profile, and the executed security policies control the operation state of the mobile device functions,wherein each profile is assigned an activation index, and the management apparatus activates a profile of which the activation index is greater than a preset value,wherein, when two or more events are defined with a corresponding profile in the storage, an activation index of the corresponding profile increases according to a number of events, among the two or more events, occurring on the mobile device, andwherein, when the activated profile includes one of the security policies pertaining to the same one of the mobile device functions, the management apparatus executes only the one of the security policies belonging to the activated profile having the higher respective activation priority.
- View Dependent Claims (16, 17)
- - 16. The mobile device as set forth in claim 15, wherein the profiles each belong to a respective one of a plurality of layers, each of the layers having a respective activation priority.
  - 17. The mobile device as set forth in claim 16, wherein the layers include a base layer having an always active profile and an event-driven layer having profiles corresponding to the plurality of event policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Original Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Inventors
Kim, Jong-Sam, Kim, Jin-Yong, Jung, Hyun-Woo, Son, Ho-Young, Gil, Ji-Joong
Primary Examiner(s)
HO, DAO Q

Application Number

US13/616,004
Publication Number

US 20130081104A1
Time in Patent Office

1,103 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/629   to features or functions of...

G06F 2221/2149   Restricted operating enviro...

G06F 9/5011   the resources being hardwar...

H04L 2209/80   Wireless network architectu...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

H04W 4/02   Services making use of loca...

Mobile device management apparatus and method based on security policies and management server for mobile device management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile device management apparatus and method based on security policies and management server for mobile device management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links