Method for establishing a plurality of modes of operation on a mobile device

US 9,531,731 B2
Filed: 09/28/2015
Issued: 12/27/2016
Est. Priority Date: 09/24/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first device configured to receive restricted data; and

a second device;

wherein the first device includes;

a first processor; and

first memory;

wherein the first processor and first memory cooperate to;

restrict data on the first device to be accessible by only a subset of applications based on a designated mode for an application; and

enable server software for controlling access to the restricted data; and

wherein the second device includes;

a second processor; and

second memory;

wherein the second processor and second memory cooperate to;

associate a subset of applications on the second device as associated with a trusted mode, the subset of applications associated with the trusted mode configured to use both restricted and unrestricted data; and

enable a client on the second device capable of both communicating with the server software on the first device and providing policy management on the second device to restrict access to the restricted data on the first device to the subset of applications on the second device associated with the trusted mode,wherein access to restricted data by applications on the second device is provided only while a connection between the first device and second device is maintained.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, device and system for establishing plural modes of operation on a mobile device, including: associating each application on the mobile device with one of a plurality of modes; and restricting access to data on the mobile device to only a subset of applications based on the mode associated for the each application. A system includes connection of an untrusted device to a trusted device and restricting data access for restricted data to a subset of trusted applications on the untrusted device.

Citations

20 Claims

1. A system comprising:
- a first device configured to receive restricted data; and
  
  a second device;
  
  wherein the first device includes;
  
  a first processor; and
  
  first memory;
  
  wherein the first processor and first memory cooperate to;
  
  restrict data on the first device to be accessible by only a subset of applications based on a designated mode for an application; and
  
  enable server software for controlling access to the restricted data; and
  
  wherein the second device includes;
  
  a second processor; and
  
  second memory;
  
  wherein the second processor and second memory cooperate to;
  
  associate a subset of applications on the second device as associated with a trusted mode, the subset of applications associated with the trusted mode configured to use both restricted and unrestricted data; and
  
  enable a client on the second device capable of both communicating with the server software on the first device and providing policy management on the second device to restrict access to the restricted data on the first device to the subset of applications on the second device associated with the trusted mode,wherein access to restricted data by applications on the second device is provided only while a connection between the first device and second device is maintained.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the second device comprises a tablet.
  - 3. The system of claim 1, wherein the first device comprises a mobile device.
  - 4. The system of claim 1, wherein designated modes comprise a personal mode and a corporate mode.
  - 5. The system of claim 1, wherein the restricting access comprises adding a group permission to the data and providing each application with access based on the group permission.
  - 6. The system of claim 1, wherein restricted data is stored on the second device in an encrypted format.
  - 7. The system of claim 6, wherein a decryption key for decrypting the encrypted data stored on the second device is stored on the first device, the decryption key being available to the second device only while the connection between the first device and second device is maintained.
  - 8. The system of claim 1, wherein access restrictions on the second device include a password requirement to start the applications associated with the trusted mode.
  - 9. The system of claim 1, wherein the restricted data is stored only on the first device and is provided to the second device only when the connection between the first device and second device is maintained.
  - 10. The system of claim 9, wherein the client is configured to clear restricted data from a cache on the second device upon an exit of an application associated with the trusted mode.
  - 11. The system of claim 1, wherein the applications associated with the trusted mode are prohibited from writing restricted data to applications not associated with the trusted mode.
  - 12. The system of claim 1, wherein the connection between the first device and second device is at least one of a Bluetooth connection, a universal serial bus connection, a WiFi connection, a near field communications connection, a radio frequency identification connection, an infrared data association connection, or a cellular connection.
  - 13. The system of claim 1, wherein communication over the connection between the first device and second device is encrypted.
  - 14. The system of claim 1, wherein the first device further includes a subset of applications associated with the trusted mode and configured to read both restricted data and unrestricted data.
  - 15. The system of claim 14, wherein the subset of applications associated with the trusted mode on the first device differs from the subset of applications associated with the trusted mode on the second device.

16. A method comprising:
- at a first device configured to receive restricted data;
  
  restricting data on the first device to be accessible by only a subset of applications based on a designated mode for an application; and
  
  enabling server software for controlling access to the restricted data; and
  
  at a second device;
  
  associating a subset of applications on the second device as associated with a trusted mode, the subset of applications associated with the trusted mode configured to use both restricted and unrestricted data; and
  
  enabling a client on the second device capable of both communicating with the server software on the first device and providing policy management on the second device to restrict access to the restricted data on the first device to the subset of applications on the second device associated with the trusted mode,wherein access to restricted data by applications on the second device is provided only while a connection between the first device and second device is maintained.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, further comprising storing, on the second device, restricted data in an encrypted format, wherein a decryption key for decrypting the encrypted data stored on the second device is stored on the first device, the decryption key being available to the second device only while the connection between the first device and second device is maintained.
  - 18. The method of claim 16, further comprising storing the restricted data only on the first device and providing the restricted data to the second device only when the connection between the first device and second device is maintained.
  - 19. The method of claim 18, further comprising clearing restricted data from a cache on the second device upon an exit of an application associated with the trusted mode.

20. A non-transitory computer readable medium for storing program instruction which, when executed by a first processor on a first computing device are configured to:
- restrict data on the first device to be accessible by only a subset of applications based on a designated mode for an application; and
  
  enable server software for controlling access to the restricted data, the non-transitory computer readable medium further storing program instruction which, when executed by a second processor on a second computing device are configured to;
  
  associate a subset of applications on the second device as associated with a trusted mode, the subset of applications associated with the trusted mode configured to use both restricted and unrestricted data; and
  
  enable a client on the second device capable of both communicating with the server software on the first device and providing policy management on the second device to restrict access to the restricted data on the first device to the subset of applications on the second device associated with the trusted mode,wherein the program instructions provide access to restricted data by applications on the second device only while a connection between the first device and second device is maintained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher Lyle, Little, Herbert Anthony, Brown, Michael Kenneth, Brown, Michael Stephen
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US14/867,517
Publication Number

US 20160021119A1
Time in Patent Office

456 Days
Field of Search

726/30
US Class Current

1/1
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/53   by executing in a restricte...

G06F 21/60   Protecting data

G06F 21/629   to features or functions of...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 88/02   Terminal devices

Method for establishing a plurality of modes of operation on a mobile device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for establishing a plurality of modes of operation on a mobile device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links