Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
First Claim
1. A method of protecting information on a hospital network comprising:
- loading, by an application on a portable electronic device having an original persona, a hospital persona that is different from the original persona, wherein the hospital persona comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to a hospital network;
subsequently activating the hospital persona and deactivating the original persona, by the application, in response to an activation trigger, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the hospital persona comprises restricting access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona;
accessing, by the portable electronic device while the hospital persona is activated, at least a portion of the hospital plurality of data, wherein accessing the at least the portion of the hospital plurality of data comprises creating or modifying the least the portion of the hospital plurality of data; and
deactivating, by the application, in response to a deactivation trigger comprising at least one of a manual deactivation trigger or a dynamic deactivation trigger, the hospital persona, wherein the deactivating comprises;
determining if the deactivation trigger is the manual deactivation trigger or the dynamic deactivation trigger;
storing, in response to the determination, the at least the portion of the hospital plurality of data, wherein the at least the portion of the hospital plurality of data is stored in the hospital network when the deactivation trigger is the manual deactivation trigger, and wherein when the deactivation trigger is the dynamic deactivation trigger, the at least the portion of the hospital plurality of data is temporarily stored in a trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and
reactivating, in response to the deactivation trigger, the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider'"'"'s network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business'"'"'s network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.
-
Citations
18 Claims
-
1. A method of protecting information on a hospital network comprising:
-
loading, by an application on a portable electronic device having an original persona, a hospital persona that is different from the original persona, wherein the hospital persona comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to a hospital network; subsequently activating the hospital persona and deactivating the original persona, by the application, in response to an activation trigger, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the hospital persona comprises restricting access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona; accessing, by the portable electronic device while the hospital persona is activated, at least a portion of the hospital plurality of data, wherein accessing the at least the portion of the hospital plurality of data comprises creating or modifying the least the portion of the hospital plurality of data; and deactivating, by the application, in response to a deactivation trigger comprising at least one of a manual deactivation trigger or a dynamic deactivation trigger, the hospital persona, wherein the deactivating comprises; determining if the deactivation trigger is the manual deactivation trigger or the dynamic deactivation trigger; storing, in response to the determination, the at least the portion of the hospital plurality of data, wherein the at least the portion of the hospital plurality of data is stored in the hospital network when the deactivation trigger is the manual deactivation trigger, and wherein when the deactivation trigger is the dynamic deactivation trigger, the at least the portion of the hospital plurality of data is temporarily stored in a trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and reactivating, in response to the deactivation trigger, the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for protecting access to information on a hospital network comprising:
-
a plurality of hospital personas accessible through a hospital network, wherein each hospital persona of the plurality of hospital personas on the hospital network comprises a hospital plurality of data, a hospital plurality of applications, and a hospital access right to the hospital network; and the portable electronic device on a telecommunications service provider network comprising a trusted security zone, an application, and an original persona, wherein the original persona is different than the plurality of hospital personas; wherein the application; loads a hospital persona of the plurality of hospital personas; subsequently activates, in response to an activation trigger, the hospital persona, wherein the activation trigger is one of a manual activation trigger or a dynamic activation trigger, and wherein activating the hospital persona deactivates access to the original persona and restricts access to at least one of an original software, hardware, or firmware on the portable electronic device associated with the original persona; deactivates, in response to a deactivation trigger, the hospital persona and activates a different hospital persona, wherein the deactivation trigger is one of a manual deactivation trigger or a dynamic deactivation trigger; in response to the deactivation trigger being the dynamic deactivation trigger, temporarily stores at least a portion of the hospital plurality of data in the trusted security zone on the portable electronic device until a subsequent activation of the hospital persona when the at least the portion of the hospital plurality of data is uploaded from the trusted security zone to the hospital network; and deactivates the different hospital persona and reactivates the hospital persona or reactivates the original persona, wherein the original persona runs on a first virtual processor and the hospital personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of protecting information in a remote network comprising:
-
loading, by an application on a portable electronic device, a persona that is different from an original persona, wherein the persona comprises a plurality of data, a plurality of applications, and a plurality of access rights to at least one of a network or a plurality of software, hardware, and firmware on the portable electronic device associated with the persona, and wherein the original persona comprises an original plurality of data, an original plurality of applications, and an original plurality of access rights to an original plurality of software, hardware, or firmware on the portable electronic device associated with the original persona or a telecommunications service provider network; subsequently activating, by the application, in response to an activation trigger, the persona, the activation trigger comprising at least one of a manual activation trigger or a dynamic activation trigger, wherein activating the persona deactivates access to the original persona stored on the portable electronic device and restricts access to at least one of the original plurality of software, hardware, or firmware on the portable electronic device associated with the original persona; deactivating, by the application, the persona in response to a deactivation trigger, wherein the deactivation trigger is one of a manual deactivation trigger or a dynamic deactivation trigger; in response to the deactivation trigger being the dynamic deactivation trigger, temporarily storing, by the application, at least a portion of the plurality of data of the persona in a trusted security zone on the portable electronic device until a subsequent activation of the persona when the at least the portion of the plurality of data is uploaded from the trusted security zone to the remote network, wherein the remote network is not the network that supports the original persona; and reactivating the original persona on the portable electronic device, wherein the original persona runs on a first virtual processor and the personal runs on a second virtual processor, and wherein the first virtual processor and the second virtual processor run on a single physical processor executing in a time-sliced fashion by switching contexts between the first and second virtual processors to share processor resources. - View Dependent Claims (15, 16, 17, 18)
-
Specification