Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device

US 9,374,363 B1
Filed: 03/15/2013
Issued: 06/21/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of protecting information on a hospital network comprising:

loading, by an application on a portable electronic device having an original persona, a hospital persona that is different from the original persona, wherein the hospital persona comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to a hospital network;

subsequently activating the hospital persona and deactivating the original persona, by the application, in response to an activation trigger, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the hospital persona comprises restricting access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona;

accessing, by the portable electronic device while the hospital persona is activated, at least a portion of the hospital plurality of data, wherein accessing the at least the portion of the hospital plurality of data comprises creating or modifying the least the portion of the hospital plurality of data; and

deactivating, by the application, in response to a deactivation trigger comprising at least one of a manual deactivation trigger or a dynamic deactivation trigger, the hospital persona, wherein the deactivating comprises;

determining if the deactivation trigger is the manual deactivation trigger or the dynamic deactivation trigger;

storing, in response to the determination, the at least the portion of the hospital plurality of data, wherein the at least the portion of the hospital plurality of data is stored in the hospital network when the deactivation trigger is the manual deactivation trigger, and wherein when the deactivation trigger is the dynamic deactivation trigger, the at least the portion of the hospital plurality of data is temporarily stored in a trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and

reactivating, in response to the deactivation trigger, the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider'"'"'s network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business'"'"'s network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.

Citations

18 Claims

1. A method of protecting information on a hospital network comprising:
- loading, by an application on a portable electronic device having an original persona, a hospital persona that is different from the original persona, wherein the hospital persona comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to a hospital network;
  
  subsequently activating the hospital persona and deactivating the original persona, by the application, in response to an activation trigger, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the hospital persona comprises restricting access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona;
  
  accessing, by the portable electronic device while the hospital persona is activated, at least a portion of the hospital plurality of data, wherein accessing the at least the portion of the hospital plurality of data comprises creating or modifying the least the portion of the hospital plurality of data; and
  
  deactivating, by the application, in response to a deactivation trigger comprising at least one of a manual deactivation trigger or a dynamic deactivation trigger, the hospital persona, wherein the deactivating comprises;
  
  determining if the deactivation trigger is the manual deactivation trigger or the dynamic deactivation trigger;
  
  storing, in response to the determination, the at least the portion of the hospital plurality of data, wherein the at least the portion of the hospital plurality of data is stored in the hospital network when the deactivation trigger is the manual deactivation trigger, and wherein when the deactivation trigger is the dynamic deactivation trigger, the at least the portion of the hospital plurality of data is temporarily stored in a trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and
  
  reactivating, in response to the deactivation trigger, the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the original persona comprises an original plurality of data, an original plurality of applications, and an original plurality of access rights to a telecommunications service provider network and the original plurality of software, hardware, and firmware on the portable electronic device associated with the original persona.
  - 3. The method of claim 1, wherein reactivating the original persona comprises reactivating access to the original plurality of hardware, software, and firmware on the portable electronic device associated with the original persona.
  - 4. The method of claim 3, wherein reactivating the original persona comprises reactivating access to audio ports, video ports, camera functions, recording functions, and ports.
  - 5. The method of claim 1, wherein the manual activation trigger comprises the application receiving at least one userID and at least one password, and wherein the dynamic activation trigger comprises activating the hospital persona in response to the portable electronic device being in at least one of a predetermined location or within a radius of the predetermined location.
  - 6. The method of claim 1, wherein the hospital plurality of data associated with the hospital persona is not stored locally on the portable electronic device and is one of stored on the remote server, the trusted security zone, or is removed from the portable electronic device and deleted in response to deactivating the hospital persona.

7. A system for protecting access to information on a hospital network comprising:
- a plurality of hospital personas accessible through a hospital network, wherein each hospital persona of the plurality of hospital personas on the hospital network comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to the hospital network; and
  
  the portable electronic device on a telecommunications service provider network comprising a trusted security zone, an application, and an original persona, wherein the original persona is different than the plurality of hospital personas;
  
  wherein the application;
  
  loads a hospital persona of the plurality of hospital personas;
  
  subsequently activates, in response to an activation trigger, the hospital persona, wherein the activation trigger is one of a manual activation trigger or a dynamic activation trigger, and wherein activating the hospital persona deactivates access to the original persona and restricts access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona;
  
  deactivates, in response to a deactivation trigger, the hospital persona and activates a different hospital persona, wherein the deactivation trigger is one of a manual deactivation trigger or a dynamic deactivation trigger;
  
  in response to the deactivation trigger being the dynamic deactivation trigger, temporarily stores at least a portion of the hospital plurality of data in the trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and
  
  deactivates the different hospital persona and reactivates the hospital persona or reactivates the original persona, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the dynamic activation trigger comprises the portable electronic device detecting that it is within a predetermined location or within a predetermined radius of the predetermined location, and wherein the manual activation trigger comprises authenticating a userID and a password.
  - 9. The system of claim 7, wherein deactivating in response to the manual deactivation trigger deactivates the hospital persona and stores a plurality of data accessed while the hospital persona was active on a server in the hospital network.
  - 10. The system of claim 7, wherein deactivating in response to the dynamic deactivation trigger deactivates the hospital persona and stores a plurality of data accessed while the hospital persona was active to a trusted security zone on the portable electronic device.
  - 11. The system of claim 7, wherein the hospital persona is associated with at least one of a first department or a first role in a hospital.
  - 12. The system of claim 11, wherein the different hospital persona is associated with at least one of a second department or a second role in the hospital.
  - 13. The system of claim 7, wherein the dynamic activation trigger comprises the hospital network detecting a token on the portable electronic device, wherein the token comprises a plurality of access rights that are at least one of time or location-limited.

14. A method of protecting information in a remote network comprising:
- loading, by an application on a portable electronic device, a persona that is different from an original persona, wherein the persona comprises a plurality of data, a plurality of applications, and a plurality of access rights to at least one of a network or a plurality of software, hardware, and firmware on the portable electronic device associated with the persona, and wherein the original persona comprises an original plurality of data, an original plurality of applications, and an original plurality of access rights to an original plurality of software, hardware, or firmware on the portable electronic device associated with the original persona or a telecommunications service provider network;
  
  subsequently activating, by the application, in response to an activation trigger, the persona, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the persona deactivates access to the original persona stored on the portable electronic device and restricts access to at least one of the original plurality of software, hardware, or firmware on the portable electronic device associated with the original persona;
  
  deactivating, by the application, the persona in response to a deactivation trigger, wherein the deactivation trigger is one of a manual deactivation trigger or a dynamic deactivation trigger;
  
  in response to the deactivation trigger being the dynamic deactivation trigger, temporarily storing, by the application, at least a portion of the plurality of data of the persona in a trusted security zone on the portable electronic device until a subsequent activation of the persona when the at least the portion of the plurality of data is uploaded from the trusted security zone to the remote network, wherein the remote network is not the network that supports the original persona; and
  
  reactivating the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the manual activation trigger comprises the application receiving at least one userID and at least one password.
  - 16. The method of claim 14, wherein the dynamic activation trigger comprises activating the original persona in response to receiving a signal that the portable electronic device is in a predetermined location or within a radius of a predetermined location.
  - 17. The method of claim 14, wherein one or more of the plurality of applications associated with the persona is stored at least one of locally on the portable electronic device or on the remote network.
  - 18. The method of claim 14, wherein deactivating access to the original persona comprises deactivating access to at least one of the original plurality of data, the original plurality of applications, and the original plurality of access rights to the telecommunications service provider network or the original plurality of software, hardware, and firmware on the portable electronic device associated with the original persona.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Parsel, William M., Persson, Carl J., Schlesener, Matthew C.
Primary Examiner(s)
Desrosiers, Evans
Assistant Examiner(s)
Gracia, Gary

Application Number

US13/844,282
Time in Patent Office

1,194 Days
Field of Search

726/4, 726/3
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/32   using biometric data, e.g. ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6245   Protecting personal data, e...

H04L 63/0492   by using a location-limited...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links