Techniques for dynamic enpoint secure location awareness

US 9,825,968 B2
Filed: 09/28/2011
Issued: 11/21/2017
Est. Priority Date: 09/28/2011
Status: Active Grant

First Claim

Patent Images

1. An article of manufacture comprising a non-transitory storage medium containing instructions that when executed enable a system to:

determine that a mobile device has changed locations, the mobile device to comprise a platform security engine and a security component;

authenticate, by the platform security engine, with a remote server to establish secure communication with the remote server based on the determination that the mobile device has changed locations;

dynamically send a location query from the platform security engine to the remote server based on the determination that the mobile device has changed locations and in response to the establishment of secure communication with the remote server, the location query comprising a query of whether the mobile device is communicatively coupled to a private network or a public network;

receive a location response from the remote server in response to the location query;

determine, by the platform security engine, whether the mobile device is located in a secure location based on the location response; and

send, by the platform security engine, an indication of whether the mobile device is located in a secure location to the security component; and

set, by the security component, a security policy of the mobile device based on the indication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for dynamic endpoint secure location awareness may include dynamically sending a location query in response to a change in location for a mobile device. A location response may be received. The platform security engine may determine whether the mobile device is located in a secure location based on the location response. Other embodiments are described and claimed.

Citations

28 Claims

1. An article of manufacture comprising a non-transitory storage medium containing instructions that when executed enable a system to:
- determine that a mobile device has changed locations, the mobile device to comprise a platform security engine and a security component;
  
  authenticate, by the platform security engine, with a remote server to establish secure communication with the remote server based on the determination that the mobile device has changed locations;
  
  dynamically send a location query from the platform security engine to the remote server based on the determination that the mobile device has changed locations and in response to the establishment of secure communication with the remote server, the location query comprising a query of whether the mobile device is communicatively coupled to a private network or a public network;
  
  receive a location response from the remote server in response to the location query;
  
  determine, by the platform security engine, whether the mobile device is located in a secure location based on the location response; and
  
  send, by the platform security engine, an indication of whether the mobile device is located in a secure location to the security component; and
  
  set, by the security component, a security policy of the mobile device based on the indication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to:
    - determine that the mobile device has changed locations based on a receipt of an event trigger.
  - 3. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to:
    - send, by the security component, a policy query to the platform security engine via an application programming interface.
  - 4. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to:
    - receive, by the security component, a policy response from the platform security engine stating whether the mobile device is located in a secure location.
  - 5. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to:
    - adjust, by the security component, one or more of a hardware setting of the mobile device and a communication setting of the mobile device to set the security policy.
  - 6. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to authenticate with the remote server using a fully qualified domain name.
  - 7. The article of claim 1, the remote server to comprise an independent service vendor server.
  - 8. The article of claim 1, the remote server to comprise a cloud computing server.
  - 9. The article of claim 1, the non-transitory storage medium comprising instructions that when executed enable the system to:
    - authenticate with the remote server using asymmetric RSA keys.
  - 10. The article of claim 1, the non-transitory storage medium comprising instructions that if executed enable the system to:
    - determine that the mobile device is located in a secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a private network.
  - 11. The article of claim 1, the non-transitory storage medium comprising instructions that if executed enable the system to:
    - determine that the mobile device is located in a non-secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a public network.

12. A method, comprising:
- determining that a mobile device has changed locations, the mobile device to comprise a platform security engine and a security component;
  
  authenticating, by the platform security engine implemented by a microprocessor, with a remote server to establish secure communication with the remote server based on the determination that the mobile device has changed locations;
  
  dynamically sending a location query from the platform security engine to the remote server based on the determination that the mobile device has changed locations and in response to establishment of secure communication with the remote server, the location query comprising a query of whether the mobile device is communicatively coupled to a private network or a public network;
  
  receiving a location response from the remote server in response to the location query;
  
  determining, by the platform security engine, whether the mobile device is located in a secure location based on the location response; and
  
  sending an indication of whether the mobile device is located in a secure location from the platform security engine to the security component; and
  
  setting, by the security component implemented by the microprocessor, a security policy of the mobile device based on the indication.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, setting the security policy comprising adjusting one or more of a hardware setting of the mobile device and a communication setting of the mobile device.
  - 14. The method of claim 12, comprising:
    - receiving, by the security component, a policy response via an application programming interface; and
      
      setting, by the security component, the security policy based on the policy response.
  - 15. The method of claim 12, the remote server to comprise an enterprise server.
  - 16. The method of claim 12, the remote server to comprise a cloud computing server.
  - 17. The method of claim 12, comprising:
    - authenticating with the remote server using a fully qualified domain name.
  - 18. The method of claim 12, comprising:
    - authenticating with the remote server using asymmetric RSA keys.
  - 19. The method of claim 12, comprising:
    - determining that the mobile device is located in a secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a private network.
  - 20. The method of claim 12, comprising:
    - determining that the mobile device is located in a non-secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a public network.

21. A mobile device, comprising:
- a communications component to exchange one or more wireless communications;
  
  a platform security engine implemented by a microprocessor operative to;
  
  determine, in response to a receipt of an event trigger, that the mobile device has changed locations;
  
  authenticate with a remote server to establish secure communication with the remote server based on the determination that the mobile device has changed locations;
  
  dynamically send a location query to the remote server based on the determination that the mobile device has changed locations and in response to the establishment of secure communication with the remote server, the location query comprising a query of whether the mobile device is communicatively coupled to a private network or a public network;
  
  receive a location response from the remote server in response to the location query; and
  
  determine whether the mobile device is located in a secure location based on the location response; and
  
  a security component implemented by the microprocessor operative to;
  
  receive, from the platform security engine, an indication of whether the mobile device is located in a secure location; and
  
  set a security policy of the mobile device based on the indication.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The mobile device of claim 21, the platform security engine to determine that the mobile device is located in a secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a private network.
  - 23. The mobile device of claim 21, the platform security engine to determine that the mobile device is located in a non-secure location in response to a determination that the location response indicates that the mobile device is communicatively coupled to a public network.
  - 24. The mobile device of claim 21, comprising:
    - a touch screen device.
  - 25. The mobile device of claim 21, comprising:
    - a security component operative to;
      
      send a policy query to the platform security engine via an application programming interface;
      
      receive a policy response stating whether a current location is a secure location; and
      
      set a security policy for the mobile device based on the policy response.
  - 26. The mobile device of claim 21, the communications component comprising:
    - at least one radio frequency (RF) transceiver; and
      
      at least one RF antenna.
  - 27. The mobile device of claim 26, the communications component to communicate electromagnetic signals representing information.
  - 28. The mobile device of claim 26, the communications component comprising:
    - a network interface card to notify the platform security engine when the mobile device changed locations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Kahana, Uri
Primary Examiner(s)
To, Baotran N
Assistant Examiner(s)
Shirazi, Sayed Beheshti

Application Number

US13/976,434
Publication Number

US 20130283345A1
Time in Patent Office

2,246 Days
Field of Search

726 1, 726 3
US Class Current
CPC Class Codes

G01S 5/0205   Details

G06F 15/16   Combinations of two or more...

G06F 21/00   Security arrangements for p...

G06F 21/50   Monitoring users, programs ...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 9/44   Arrangements for executing ...

H04L 63/107   wherein the security polici...

H04W 64/00   Locating users or terminals...

Techniques for dynamic enpoint secure location awareness

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for dynamic enpoint secure location awareness

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links