Processing device and method of operation thereof
First Claim
1. A method of operating a mobile user device which includes a security policy evaluation module, a dynamic context determination module and a security policy enforcement module and which is operable to run an application which is capable of opening a user data file stored in a user data file repository of the mobile user device to permit a user of the mobile user device to view the user data of the user data file, the method comprising:
- receiving, at the mobile user device, user data and an associated security policy, the user data and its associated security policy being received either in a single user data file incorporating the associated security policy or separately in a user data file and an associated policy data file; and
storing the received user data file in a case in which the user data and its associated security policy are received in the single user data file incorporating the associated security policy or storing the user data file and its associated policy data file in a case in which the user data and its associated security policy are received separately;
in response to receiving a request by a user of the mobile user device for the application to open the stored user data file,the security policy evaluation module accessing the associated security policy;
the dynamic context determination module determining contextual information associated with the current context of operation of the mobile user device and providing the thus determined context information to the security policy evaluation module;
the security policy evaluation module evaluating the accessed associated security policy in dependence upon the received contextual information; and
the security policy enforcement module causing the application to open the user data file or to not open the user data file in dependence upon the evaluation;
the method further comprising, in the event that the application was caused to open the stored user data file and while that user data file or application is active on the mobile user device, the dynamic context determination module determining a change in the determined contextual information and sending a notification of a change in the determined contextual information to the security policy evaluation module and the security policy evaluation module evaluating the received associated security policy in dependence upon the changed determined contextual information.
1 Assignment
0 Petitions
Accused Products
Abstract
A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.
5 Citations
8 Claims
-
1. A method of operating a mobile user device which includes a security policy evaluation module, a dynamic context determination module and a security policy enforcement module and which is operable to run an application which is capable of opening a user data file stored in a user data file repository of the mobile user device to permit a user of the mobile user device to view the user data of the user data file, the method comprising:
-
receiving, at the mobile user device, user data and an associated security policy, the user data and its associated security policy being received either in a single user data file incorporating the associated security policy or separately in a user data file and an associated policy data file; and storing the received user data file in a case in which the user data and its associated security policy are received in the single user data file incorporating the associated security policy or storing the user data file and its associated policy data file in a case in which the user data and its associated security policy are received separately; in response to receiving a request by a user of the mobile user device for the application to open the stored user data file, the security policy evaluation module accessing the associated security policy; the dynamic context determination module determining contextual information associated with the current context of operation of the mobile user device and providing the thus determined context information to the security policy evaluation module; the security policy evaluation module evaluating the accessed associated security policy in dependence upon the received contextual information; and the security policy enforcement module causing the application to open the user data file or to not open the user data file in dependence upon the evaluation; the method further comprising, in the event that the application was caused to open the stored user data file and while that user data file or application is active on the mobile user device, the dynamic context determination module determining a change in the determined contextual information and sending a notification of a change in the determined contextual information to the security policy evaluation module and the security policy evaluation module evaluating the received associated security policy in dependence upon the changed determined contextual information. - View Dependent Claims (2, 3)
-
-
4. A mobile user device comprising:
-
memory configured to store; a policy evaluation module for evaluating security policies associated with a user data file or an application, a dynamic context determination module for determining contextual information associated with the current context of operation of the mobile user device and for providing the thus determined contextual information to the policy evaluation module, a policy enforcement module for enforcing the evaluation specified by the policy evaluation module, user data files in a user data file repository, and application files in association with respective security policies in an application file repository; and processing circuitry configured to receive, at the mobile user device, user data and applications, each with a respective associated security policy, each of the user data and applications and its respective associated security policy being received either;
(a) in a single user data file incorporating a respective associated security policy or in a single application file incorporating a respective associated security policy, or (b) separately in a user data file and its respective associated security policy or separately in an application file and its associated security policy,store, in the appropriate repository, the received user data file and its associated security policy or the received application file and its associated security policy in case (a) in which in the single user data file incorporates a respective associated security policy or the single application file incorporates a respective associated security policy;
or store the received user data file and its associated security policy or the received application file and its associated security policy in case (b) in which the user data file and its respective associated security policy are received separately or the application file and its associated security policy are received separately; andcause the policy evaluation module to evaluate the security policy associated with the stored user data file or application whenever the associated stored user data file or application is invoked by a user of the mobile user device and, additionally, while the associated user data file or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module. - View Dependent Claims (5, 6, 7, 8)
-
Specification