Methods and systems for secure network connections
First Claim
Patent Images
1. A method comprising:
- storing on a mobile communications device a security policy to manage network connections, the security policy received by the mobile communications device from a network administrator or from a server associated with an ultimate destination, the security policy including a plurality of rules defining events, situations, or conditions that trigger the automatic establishment of a secure network connection by a secure connection manager on the mobile communications device;
collecting, at the secure connection manager on the mobile communications device, a first context information associated with the mobile communications device including system state data of the mobile communications device, user activity on the mobile communications device, and information related to authentication of the mobile communications device;
collecting, at the secure connection manager on the mobile communications device, a second context information associated with a first network connection including a level of security of the first network connection and a provider of the first network connection;
collecting, at the secure connection manager on the mobile communications device, a third context information associated with an ultimate destination with which the mobile communications device is attempting to connect, the ultimate destination consisting of a server or a server system comprising one or more of a website, web server, and an application server;
evaluating, by the secure connection manager, the first network connection, the evaluation using the collected first context information, the collected second context information, the collected third context information, and the security policy, the evaluating occurring before the first network connection is established, after the first network connection is established, or while the first network connection is being established; and
based on the evaluation by the secure connection manager, determining, by the secure connection manager, that a secure network connection for use in the communication between the mobile communications device and the ultimate destination should be established instead of the first network connection between the mobile communications device and the ultimate destination, the secure network connection providing a level of security different from the level of security provided by the first network connection, the establishment of the secure network connection being automatically triggered by at least one rule in the received security policy.
7 Assignments
0 Petitions
Accused Products
Abstract
Context information associated with a mobile communications device and a network connection for the mobile communications device is collected. A security policy is applied to determine whether the security offered by the network connection is appropriate for the context. If the security offered by the network connection is not appropriate for the context, the network connection may be made more secure, less secure, or a different network connection having an appropriate level of security may be used for the data associated with the context.
105 Citations
46 Claims
-
1. A method comprising:
-
storing on a mobile communications device a security policy to manage network connections, the security policy received by the mobile communications device from a network administrator or from a server associated with an ultimate destination, the security policy including a plurality of rules defining events, situations, or conditions that trigger the automatic establishment of a secure network connection by a secure connection manager on the mobile communications device; collecting, at the secure connection manager on the mobile communications device, a first context information associated with the mobile communications device including system state data of the mobile communications device, user activity on the mobile communications device, and information related to authentication of the mobile communications device; collecting, at the secure connection manager on the mobile communications device, a second context information associated with a first network connection including a level of security of the first network connection and a provider of the first network connection; collecting, at the secure connection manager on the mobile communications device, a third context information associated with an ultimate destination with which the mobile communications device is attempting to connect, the ultimate destination consisting of a server or a server system comprising one or more of a website, web server, and an application server; evaluating, by the secure connection manager, the first network connection, the evaluation using the collected first context information, the collected second context information, the collected third context information, and the security policy, the evaluating occurring before the first network connection is established, after the first network connection is established, or while the first network connection is being established; and based on the evaluation by the secure connection manager, determining, by the secure connection manager, that a secure network connection for use in the communication between the mobile communications device and the ultimate destination should be established instead of the first network connection between the mobile communications device and the ultimate destination, the secure network connection providing a level of security different from the level of security provided by the first network connection, the establishment of the secure network connection being automatically triggered by at least one rule in the received security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method comprising:
-
at a secure connection manager on a mobile communications device connected to an ultimate destination via a first network connection, receiving, from a server associated with the ultimate destination, a security policy specifying a particular type of network connection to be used during a particular situational context, and the particular situational context triggering the automatic establishment of a secure network connection by the secure connection manager on the mobile communications device; at the secure connection manager on the mobile communications device, collecting a first context information associated with the mobile communications device including system state data of the mobile communications device, user activity on the mobile communications device, and information related to authentication of the mobile communications device; at the secure connection manager on the mobile communications device, collecting a second context information associated with the first network connection including a level of security of the first network connection and a provider of the first network connection; at the secure connection manager on the mobile communications device, collecting a third context information associated with the ultimate destination with which the mobile communications device is attempting to connect, the ultimate destination consisting of a server or a server system comprising one or more of a website, web server, and an application server; evaluating, by the secure connection manager on the mobile communications device, the first network connection, the evaluation using the collected first context information, the collected second context information, the collected third context information, and the received security policy, the evaluating occurring after the first network connection is established; and upon making a determination that the collected first and second and third context information correspond to the particular situational context specified in the received security policy, determining, based on the evaluation by the secure connection manager, that a type of network connection established for use in a communication between the mobile communications device and the ultimate destination does not match the particular type of network connection specified in the received security policy, the establishment of the secure network connection being automatically triggered by the determining that the type of network connection established does not match the particular type of network connection specified in the received security policy. - View Dependent Claims (31, 32)
-
-
33. A method comprising:
-
storing on a mobile communications device a security policy to manage different types of network connections, the security policy received by the mobile communications device from a network administrator or from a server associated with an ultimate destination, the security policy including a plurality of rules defining events, situations, or conditions that trigger the automatic establishment of a second type of network connection by a secure connection manager on the mobile communications device; collecting, at the secure connection manager on the mobile communications device, a first context information associated with the mobile communications device including system state data of the mobile communications device, user activity on the mobile communications device, and information related to authentication of the mobile communications device; collecting, at the secure connection manager on the mobile communications device, a second context information associated with a first network connection including a level of security of the first network connection and a provider of the first network connection; collecting, at the secure connection manager on the mobile communications device, a third context information associated with the ultimate destination with which the mobile communications device is attempting to connect, the ultimate destination consisting of a server or a server system comprising one or more of a website, web server, and an application server; evaluating, by the secure connection manager, a first type of network connection, the evaluation using the collected first context information, the collected second context information, the collected third context information, and the security policy, the evaluating occurring before the first network connection is established, after the first network connection is established, or while the first network connection is being established; and based on the evaluation by the secure connection manager, determining, by the secure connection manager, that the second type of network connection for use in the communication between the mobile communications device and the ultimate destination should be established instead of the first type of network connection between the mobile communications device and the ultimate destination, the establishment of the second type of network connection being automatically triggered by at least one rule in the received security policy. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification