Data loss prevention for mobile computing devices
First Claim
Patent Images
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- intercept a system call to a kernel of a mobile computing device, wherein the system call involves photograph data;
query a data loss prevention (DLP) agent on the mobile computing device to identify a particular DLP policy applicable to use of the photograph data, wherein the particular DLP policy conditionally restricts use of the photograph data based at least in part on location of the mobile computing device;
identify a current detected location of the mobile computing device; and
perform, based on the particular DLP policy and the current detected location, an action on the intercepted system call.
11 Assignments
0 Petitions
Accused Products
Abstract
System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy.
-
Citations
23 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
intercept a system call to a kernel of a mobile computing device, wherein the system call involves photograph data; query a data loss prevention (DLP) agent on the mobile computing device to identify a particular DLP policy applicable to use of the photograph data, wherein the particular DLP policy conditionally restricts use of the photograph data based at least in part on location of the mobile computing device; identify a current detected location of the mobile computing device; and perform, based on the particular DLP policy and the current detected location, an action on the intercepted system call. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for providing computer security, the method comprising:
-
intercepting a system call to a kernel of a mobile computing device, wherein the system call involves photograph data; querying a data loss prevention (DLP) agent on the mobile computing device to identify a particular DLP policy applicable to use of the photograph data, wherein the particular DLP policy conditionally restricts use of the photograph data based at least in part on location of the mobile computing device; identifying a current detected location of the mobile computing device; and performing, based on the particular DLP policy and the current detected location, an action on the intercepted system call. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for providing computer security, the system comprising:
-
a processor device; a memory element; and a security manager interfacing with a kernel and adapted, when executed by the processor device to; intercept a system call involving photograph data to a kernel of a mobile computing device, wherein the system call involves photograph data; query a data loss prevention (DLP) agent on the mobile computing device to identify a particular DLP policy applicable to use of the photograph data, wherein the particular DLP policy conditionally restricts use of the photograph data based at least in part on location of the mobile computing device; identify a current detected location of the mobile computing device; and perform, based on the particular DLP policy and the current detected location, an action on the intercepted system call. - View Dependent Claims (20, 21, 22, 23)
-
Specification