System and method for creating and applying categorization-based policy to secure a mobile communications device from access to certain data objects
First Claim
Patent Images
1. A method comprising:
- a) at a server running a security component, creating a plurality of security policies, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects;
b) storing the plurality of security policies in data storage accessible to the server running the security component;
c) at the server running the security component, establishing communication with a mobile communications device to obtain information about the mobile communications device, the information including information relating to data objects on the mobile communications device;
d) at the server running the security component, based on the information relating to data objects on the mobile communications device, determining at least a first category of data objects on the mobile communications device;
e) at the server running the security component, based upon the determined at least a first category of data objects, identifying from the plurality of security policies, security policy that is apt for the mobile communications device; and
,f) at the server running the security component, providing the identified security policy to the mobile communications device.
7 Assignments
0 Petitions
Accused Products
Abstract
A server creates categorization-based application policies and selects a specific policy to send to a mobile communications device. In one embodiment, the mobile communication device applies the categorization-based application policy received from the server to information about a data object (e.g., application) that the device wants to access (or has accessed). Based on the application of the categorization-based policy, the device may be permitted to access the data object or the device may not be permitted to access the data object.
313 Citations
33 Claims
-
1. A method comprising:
-
a) at a server running a security component, creating a plurality of security policies, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects; b) storing the plurality of security policies in data storage accessible to the server running the security component; c) at the server running the security component, establishing communication with a mobile communications device to obtain information about the mobile communications device, the information including information relating to data objects on the mobile communications device; d) at the server running the security component, based on the information relating to data objects on the mobile communications device, determining at least a first category of data objects on the mobile communications device; e) at the server running the security component, based upon the determined at least a first category of data objects, identifying from the plurality of security policies, security policy that is apt for the mobile communications device; and
,f) at the server running the security component, providing the identified security policy to the mobile communications device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
a) at a mobile communications device running a security component, receiving user input about categories of data objects that the mobile communications device is permitted to access and about categories of data objects the mobile communications device is not permitted to access; b) at the mobile communications device, processing the user input by the security component to create a security policy, wherein the security policy is associated with at least one of a plurality of categories of data objects; c) at the mobile communications device security component, receiving a request to access a data object and information about the data object; d) at the mobile communications device security component, based on the information about the data object, determining a category for the data object; e) at the mobile communications device security component, determining that the security policy is applicable to the data object based on the determined category for the data object; f) at the mobile communications device security component, applying the security policy to the information about the data object to determine whether the security policy permits access to the data object, and; g) in response to the mobile communications device security component determining that access to the data object is permitted, permitting the mobile communications device to access the data object, or h) in response to the mobile communications device security component determining that access to the data object is not permitted, not permitting the mobile communications device to access the data object. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
a) at a server running a application security component, receiving administrator input about categories of data objects that mobile communications devices are permitted to access and about categories of data objects that mobile communications devices are not permitted to access; b) at the server running the security component, processing the administrator input to create a plurality of security policies, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects; c) storing the plurality of security policies in data storage accessible to the server running the security component; d) at the server running the security component, establishing communication with a mobile communications device to obtain information about the mobile communications device, the information including information relating to at least one data object on the mobile communications device; e) at the server running the security component, based on the information relating to the at least one data object on the mobile communications device, determining at least a first category of data objects on the mobile communications device; f) at the server running the security component, based upon the determined at least a first category of data objects, identifying from the plurality of security policies, a security policy that is apt for the mobile communications device; and g) at the server running the security component, providing the identified security policy to the mobile communications device. - View Dependent Claims (12, 13, 14)
-
-
15. A method comprising:
-
a) at a mobile communications device running a security component, receiving a request to access a data object and information about the data object; b) at the mobile communications device, in response to the request, sending the information about the data object and information about the mobile communications device to a server; and
;c) at the mobile communications device, receiving notification from the server that the mobile communications device is permitted to access the data object in response to the server determining that the mobile communications device is permitted to access the data object, the determination based on; a. an identified security policy, wherein the identified policy is identified from a plurality of security policies, wherein the plurality of security policies is created from processing administrator input about categories of data objects that mobile communications devices are permitted to access and about categories of data objects that mobile communications devices are not permitted to access, and wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects, and b. the information about the data object, wherein, based on the information about the data object, the server determines a category of the data object, and wherein the identified security policy is identified from the plurality based on the determined category of the data object;
or,d) at the mobile communications device, receiving notification from the server that the mobile communications device is not permitted to access the data object in response to the server determining that the mobile communications device is not permitted to access the data object, the determination based on; a. an identified security policy, wherein the identified policy is identified from a plurality of security policies, wherein the plurality of security policies is created from processing administrator input about categories of data objects that mobile communications devices are permitted to access and about categories of data objects that mobile communications devices are not permitted to access, and wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects, and b. the information about the data object, wherein, based on the information about the data object, the server determines a category of the data object, and wherein the identified security policy is identified from the plurality based on the determined category of the data object. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method comprising:
-
a) at a server running a security component, processing;
categorization data about data objects available for access by mobile communications devices;
mobile communications device data about types of mobile communications devices; and
data about mobile communications device operating systems, to create a plurality of security policies, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects;b) storing the plurality of security policies in data storage accessible to the server running the security component; c) establishing communication between the server running the security component and a mobile communications device; d) at the server running the security component, obtaining information about the mobile communications device including the mobile communications device type and operating system; e) at the server running the security component, obtaining information from the mobile communications device about a data object; f) at the server running the security component, based on the information about the data object, determining a category of the data object; g) at the server running the security component, based upon the determined category of the data object and upon the obtained mobile communications device type and operating system, identifying from the plurality, a security policy that is apt for the mobile communications device; h) at the server running the security component, applying the identified security policy to the obtained information about the data object; and
;i) in response to the server running the security component determining that, based on the identified security policy, the mobile communications device is permitted to access the data object, the server running the security component notifies the mobile communications device that it is permitted to access the data object, or, j) in response to the server running the security component determining that, based on the identified security policy, the mobile communications device is not permitted to access the data object, the server running the security component notifies the mobile communications device that it is not permitted to access the data object. - View Dependent Claims (21, 22, 23)
-
-
24. A system, comprising at least one processor and memory and instructions that when executed cause the at least one processor to:
-
a) create a plurality of security policies, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects; b) store the plurality of security policies in data storage; c) establish communication with a mobile communications device to obtain information about the mobile communications device, the information including information relating to at least one data object on the mobile communications device; d) based on the information relating to at least one data object on the mobile communications device, determine at least a first category of data objects on the mobile communications device; e) based upon the determined at least a first category of data objects, identify from the plurality of security policies, a security policy that is apt for the mobile communications device; and
,f) provide the identified security policy to the mobile communications device. - View Dependent Claims (25)
-
-
26. A method comprising:
-
a) at a server running a security component, receiving administrator input about security policies for mobile communications devices; b) at the server running a security component, storing a plurality of security policies in data storage accessible to the server running a security component, the plurality of security policies stored based on the administrator input, wherein each of the plurality of security policies is associated with at least one of a plurality of categories of data objects; c) at the server running a security component, receiving from a mobile communications device a request for access to a data object, the request comprising information about the data object and about the mobile communications device; d) at the server running a security component, based on the information about the data object and about the mobile communications device, determining at least a first category for the of data object; e) at the server running a security component, based on the determined at least a first category for the data object, identifying from the plurality a security policy that is apt for the mobile communications device; g) at the server running a security component, applying the identified security policy to the data object based on the information received about the data object; and
;h) in response to the server running the security component determining that the mobile communications device is permitted to access the data object, the server running the security component notifies the mobile communications device that it is permitted to access the data object, or i) in response to the server running the security component determining that the mobile communications device is not permitted to access the data object, the server running the security component notifies the mobile communications device that it is not permitted to access the data object. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method comprising:
-
a) at a mobile communications device running a security component, receiving a request to access a data object and information about the data object; b) at the mobile communications device, in response to the request, sending the information about the data object and information about the mobile communications device to a server; and
;c) at the mobile communications device, receiving notification from the server that the mobile communications device is permitted to access the data object in response to the server determining that the mobile communications device is permitted to access the data object, the determination based on; a. administrator input about security policies for mobile communications devices, the input used by the server to create at least one security policy, wherein each at least one security policy is associated with at least one corresponding category of data objects, b. the information about the data object, the data object information used by the server to determine a category of the data object, c. the information about the mobile communications device, d. a security policy identified from the at least one security policy based on the determined category of the data object, and e. applying the identified security policy to the information about the data object;
ord) at the mobile communications device, receiving notification from the server that the mobile communications device is not permitted to access the data object in response to the server determining that the mobile communications device is not permitted to access the data object, the determination based on; a. administrator input about security policies for mobile communications devices, the input used by the server to create at least one security policy, wherein each at least one security policy is associated with at least one corresponding category of data objects, b. the information about the data object, the data object information used by the server to determine a category of the data object, c. the information about the mobile communications device, d. a security policy identified from the at least one security policy based on the determined category of the data object, and e. applying the identified security policy to the information about the data object. - View Dependent Claims (32, 33)
-
Specification