System and method for secure control of resources of wireless mobile communication devices

US 8,893,266 B2
Filed: 02/24/2014
Issued: 11/18/2014
Est. Priority Date: 08/19/2002
Status: Active Grant

First Claim

Patent Images

1. A wireless communication device, comprising:

at least one memory storing a first domain comprising a first set of assets controlled by a first domain owner, and the at least one memory storing a second domain comprising a second set of assets controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the wireless communication device; and

a domain controller configured to control the first domain and the second domain, and further configured to control access to the first set of assets and the second set of assets;

wherein the domain controller is further configured to receive from a first entity a request to perform an operation affecting a particular asset in the first set of assets and responsive to receiving the request;

deny the request if the request originated from a different domain than the asset; and

permit the request if the request originated from a same domain as the asset.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.

81 Citations

View as Search Results

24 Claims

1. A wireless communication device, comprising:
- at least one memory storing a first domain comprising a first set of assets controlled by a first domain owner, and the at least one memory storing a second domain comprising a second set of assets controlled by a second domain owner, wherein the first domain owner is an employer, and the second domain owner is an owner of the wireless communication device; and
  
  a domain controller configured to control the first domain and the second domain, and further configured to control access to the first set of assets and the second set of assets;
  
  wherein the domain controller is further configured to receive from a first entity a request to perform an operation affecting a particular asset in the first set of assets and responsive to receiving the request;
  
  deny the request if the request originated from a different domain than the asset; and
  
  permit the request if the request originated from a same domain as the asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, wherein the domain controller is further configured to determine which of the first or second domains the request originated from using a cryptographic key from a key store;
    - anddetermine which of the first or second domains the asset belongs to using the cryptographic key from the key store.
  - 3. The device of claim 1, wherein the domain controller is further configured to:
    - receive information; and
      
      assign the information to the first or second domain based upon a domain policy.
  - 4. The device of claim 3, wherein the domain policy specifies that information should be associated with a domain based upon any one or more of the following including any combination thereof:
    - a source of the information, a digital signature of the information, an access list describing allowed domain information, and an input from a user of the wireless communication device.
  - 5. The device of claim 1, wherein the domain controller is further configured to:
    - determine whether the operation is permitted based upon one or more properties stored in a property store; and
      
      deny the request when the operation is not permitted based upon the one or more properties in the property store.
  - 6. The device of claim 5, wherein the one or more properties comprise any one or more of the following including any combination thereof:
    - one or more global properties, one or more domain properties, and one or more application properties.
  - 7. The device of claim 1, wherein the asset comprises at least one of:
    - a communication pipe, persistent data, a property, a software application, a wireless transceiver, a user interface, an interface/connector, a processor, a memory, or a data store.
  - 8. The device of claim 1, wherein the request originates from at least one of:
    - a communication pipe, persistent data, a property, or a software application.

9. A method implemented on a wireless communication device, the method comprising:
- storing a first set of assets in a first domain and storing a second set of assets in a second domain, wherein the first set of assets is controlled by a first domain owner that is an employer, and the second set of assets is controlled by a second domain owner that is an owner of the wireless communication device;
  
  receiving, from a first entity, a request to perform an operation affecting a particular asset in the first set of assets, wherein the request is received by a domain controller configured to control the first domain and the second domain, and further configured to control access to the first set of assets and the second set of assets;
  
  responsive to receiving the request, the domain controller;
  
  denying the request if the request originated from a different domain than the asset; and
  
  permitting the request if the request originated from a same domain as the asset.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - determining which of the first or second domains the request originated from using a cryptographic key from a key store; and
      
      determining which of the first or second domains the asset belongs to using the cryptographic key from the key store.
  - 11. The method of claim 9, further comprising:
    - receiving information at the domain controller; and
      
      assigning, by the domain controller, the information to the first or second domain based upon a domain policy.
  - 12. The method of claim 11, wherein the domain policy specifies that information should be associated with a domain based upon any one or more of the following including any combination thereof:
    - a source of the information, a digital signature of the information, an access list describing allowed domain information, and an input from a user of the wireless communication device.
  - 13. The method of claim 9, further comprising:
    - determining whether the operation is permitted based upon one or more properties stored in a property store; and
      
      denying the request when the operation is not permitted based upon the one or more properties in the property store.
  - 14. The method of claim 13, wherein the one or more properties comprise any one or more of the following including any combination thereof:
    - one or more global properties, one or more domain properties, and one or more application properties.
  - 15. The method of claim 9, wherein the asset comprises at least one of:
    - a communication pipe, persistent data, a property, a software application, a wireless transceiver, a user interface, an interface/connector, a processor, a memory, or a data store.
  - 16. The method of claim 9, wherein the request originates from at least one of:
    - a communication pipe, persistent data, a property, or a software application.

17. A non-transitory computer readable medium storing program code executable by a processor to implement a method on a wireless communication device, the method comprising:
- storing a first set of assets in a first domain and storing a second set of assets in a second domain, wherein the first set of assets is controlled by a first domain owner that is an employer, and the second set of assets is controlled by a second domain owner that is an owner of the wireless communication device;
  
  receiving from a first entity a request to perform an operation affecting a particular asset in the first set of assets, wherein the request is received by a domain controller configured to control the first domain and the second domain, and further configured to control access to the first set of assets and the second set of assets;
  
  responsive to receiving the request, the domain controller;
  
  denying the request if the request originated from a different domain than the asset; and
  
  permitting the request if the request originated from a same domain as the asset.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory computer readable medium of claim 17, wherein the domain controller is further configured to determine which of the first or second domains the request originated from using a cryptographic key from a key store;
    - anddetermine which of the first or second domains the asset belongs to using the cryptographic key from the key store.
  - 19. The non-transitory computer readable medium of claim 17, wherein the method further comprises:
    - receiving information at the domain controller; and
      
      assigning, by the domain controller, the information to the first or second domain based upon a domain policy.
  - 20. The non-transitory computer readable medium of claim 19, wherein the domain policy specifies that information should be associated with a domain based upon any one or more of the following including any combination thereof:
    - a source of the information, a digital signature of the information, an access list describing allowed domain information, and an input from a user of the wireless communication device.
  - 21. The non-transitory computer readable medium of claim 17, wherein the method further comprises:
    - determining whether the operation is permitted based upon one or more properties stored in a property store; and
      
      denying the request when the operation is not permitted based upon the one or more properties in the property store.
  - 22. The non-transitory computer readable medium of claim 20, wherein the one or more properties comprise any one or more of the following including any combination thereof:
    - one or more global properties, one or more domain properties, and one or more application properties.
  - 23. The non-transitory computer readable medium of claim 17, wherein the asset comprises at least one of:
    - a communication pipe, persistent data, a property, a software application, a wireless transceiver, a user interface, an interface/connector, a processor, a memory, or a data store.
  - 24. The non-transitory computer readable medium of claim 17, wherein the request originates from at least one of:
    - a communication pipe, persistent data, a property, or a software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Owen, Russell N., Little, Herbert A., Yach, David P., Shenfield, Michael
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/188,345
Publication Number

US 20140171023A1
Time in Patent Office

267 Days
Field of Search

726/2, 726 16- 18, 726 26- 30, 713/150, 713164-167, 713/170, 713/189, 713/193
US Class Current

726/19
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/086   using security domains

System and method for secure control of resources of wireless mobile communication devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

System and method for secure control of resources of wireless mobile communication devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others