Processing device and method of operation thereof

US 9,967,284 B2
Filed: 12/31/2013
Issued: 05/08/2018
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method of operating a mobile user device which includes a security policy evaluation module, a dynamic context determination module and a security policy enforcement module and which is operable to run an application which is capable of opening a user data file stored in a user data file repository of the mobile user device to permit a user of the mobile user device to view the user data of the user data file, the method comprising:

receiving, at the mobile user device, user data and an associated security policy, the user data and its associated security policy being received either in a single user data file incorporating the associated security policy or separately in a user data file and an associated policy data file; and

storing the received user data file in a case in which the user data and its associated security policy are received in the single user data file incorporating the associated security policy or storing the user data file and its associated policy data file in a case in which the user data and its associated security policy are received separately;

in response to receiving a request by a user of the mobile user device for the application to open the stored user data file,the security policy evaluation module accessing the associated security policy;

the dynamic context determination module determining contextual information associated with the current context of operation of the mobile user device and providing the thus determined context information to the security policy evaluation module;

the security policy evaluation module evaluating the accessed associated security policy in dependence upon the received contextual information; and

the security policy enforcement module causing the application to open the user data file or to not open the user data file in dependence upon the evaluation;

the method further comprising, in the event that the application was caused to open the stored user data file and while that user data file or application is active on the mobile user device, the dynamic context determination module determining a change in the determined contextual information and sending a notification of a change in the determined contextual information to the security policy evaluation module and the security policy evaluation module evaluating the received associated security policy in dependence upon the changed determined contextual information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.

5 Citations

View as Search Results

8 Claims

1. A method of operating a mobile user device which includes a security policy evaluation module, a dynamic context determination module and a security policy enforcement module and which is operable to run an application which is capable of opening a user data file stored in a user data file repository of the mobile user device to permit a user of the mobile user device to view the user data of the user data file, the method comprising:
- receiving, at the mobile user device, user data and an associated security policy, the user data and its associated security policy being received either in a single user data file incorporating the associated security policy or separately in a user data file and an associated policy data file; and
  
  storing the received user data file in a case in which the user data and its associated security policy are received in the single user data file incorporating the associated security policy or storing the user data file and its associated policy data file in a case in which the user data and its associated security policy are received separately;
  
  in response to receiving a request by a user of the mobile user device for the application to open the stored user data file,the security policy evaluation module accessing the associated security policy;
  
  the dynamic context determination module determining contextual information associated with the current context of operation of the mobile user device and providing the thus determined context information to the security policy evaluation module;
  
  the security policy evaluation module evaluating the accessed associated security policy in dependence upon the received contextual information; and
  
  the security policy enforcement module causing the application to open the user data file or to not open the user data file in dependence upon the evaluation;
  
  the method further comprising, in the event that the application was caused to open the stored user data file and while that user data file or application is active on the mobile user device, the dynamic context determination module determining a change in the determined contextual information and sending a notification of a change in the determined contextual information to the security policy evaluation module and the security policy evaluation module evaluating the received associated security policy in dependence upon the changed determined contextual information.
- View Dependent Claims (2, 3)
- - 2. A method according to claim 1, further comprising receiving at the mobile user device an executable application file together with an associated application security policy, installing the application onto the mobile user device from the received executable application file and, in response to a user request for the installed application to open the stored user data file, evaluating the received associated application security policy in dependence upon the determined current context of the device and causing the installed application to open the data file or not in dependence upon the evaluation.
  - 3. A non-transitory storage medium carrying processor implementable instructions for carrying out the method according to claim 1.

4. A mobile user device comprising:
- memory configured to store;
  
  a policy evaluation module for evaluating security policies associated with a user data file or an application,a dynamic context determination module for determining contextual information associated with the current context of operation of the mobile user device and for providing the thus determined contextual information to the policy evaluation module,a policy enforcement module for enforcing the evaluation specified by the policy evaluation module,user data files in a user data file repository, andapplication files in association with respective security policies in an application file repository; and
  
  processing circuitry configured toreceive, at the mobile user device, user data and applications, each with a respective associated security policy, each of the user data and applications and its respective associated security policy being received either;
  
  (a) in a single user data file incorporating a respective associated security policy or in a single application file incorporating a respective associated security policy, or (b) separately in a user data file and its respective associated security policy or separately in an application file and its associated security policy,store, in the appropriate repository, the received user data file and its associated security policy or the received application file and its associated security policy in case (a) in which in the single user data file incorporates a respective associated security policy or the single application file incorporates a respective associated security policy;
  
  or store the received user data file and its associated security policy or the received application file and its associated security policy in case (b) in which the user data file and its respective associated security policy are received separately or the application file and its associated security policy are received separately; and
  
  cause the policy evaluation module to evaluate the security policy associated with the stored user data file or application whenever the associated stored user data file or application is invoked by a user of the mobile user device and, additionally, while the associated user data file or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.
- View Dependent Claims (5, 6, 7, 8)
- - 5. A mobile user device according to claim 4, wherein the mobile user device is operable to store one or more context evaluation policies which are not associated with a particular item of data or application but rather are associated with a particular user of the device or to the device itself.
  - 6. A mobile user device according to claim 4, wherein the device is operable to allow an application to run, or to prevent an application from running on the device or to allow an application to open a data file, or to prevent an application from opening a data file in dependence upon the evaluation of the policy evaluation module.
  - 7. A mobile user device according to claim 4, including an encryption and decryption unit, wherein the encryption and decryption unit is operable to decrypt a data file stored, when the device is in use, on the device in an encrypted manner, and having an associated security policy, only if the policy evaluation device evaluates that an application is allowed to open the stored encrypted data file, the evaluation being performed in dependence upon the security policy associated with the stored encrypted data file.
  - 8. A mobile user device according to claim 4, wherein the device is operable to cause a particular installed application to open a particular stored data file only after performing an evaluation of both a security policy associated with the installed application and a security policy associated with the stored data file, and only in the event that the evaluation of both security policies is that such an action, for the installed application to open the stored data file, is permissible in view of the conditions specified in both evaluated policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Diaz-Tellez, Yair, El-Moussa, Fadi, Dimitrakos, Theo, Arabo, Abdullahi
Primary Examiner(s)
Tran, Ellen

Application Number

US14/758,663
Publication Number

US 20150358356A1
Time in Patent Office

1,589 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

H04W 88/02   Terminal devices

Processing device and method of operation thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Processing device and method of operation thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links