Mobile device security system

US 9,723,487 B2
Filed: 08/19/2013
Issued: 08/01/2017
Est. Priority Date: 08/19/2013
Status: Active Grant

First Claim

Patent Images

1. A location based mobile device security enforcement system, comprising:

a mobile device; and

a management system comprising;

one or more non-transitory storage-devices storing computer executable instructions; and

a processor configured to execute the computer executable instructions to;

monitor the mobile device located in a secure area by receiving a report from the mobile device security application on the mobile device, wherein the secure area comprises at least one authorized accessible area for the mobile device;

interact with the mobile device located in the secure area to register a mobile device user of the mobile device;

in response to registering the mobile device user, create a mobile device user profile and a security policy for the mobile device based on the registration, and store the mobile device user profile and the security policy in a mobile device management (MDM) server, wherein the security policy comprises a user designation level of the mobile device selected from a plurality of user designation levels, information of the at least one authorized accessible area for the mobile device, and information of authorized period of time for the mobile device; and

transmit the security policy to the mobile device;

a security control module separate from the mobile device and configured to maintain a constant contact with the mobile device;

one or more first computers at the secure area, separate from the mobile device, and each configured to,allow a user to install the mobile device security application on the mobile device through a connection established between the first computer and the mobile device;

register, with the management system, the mobile device user and create the mobile device user profile based on the registration;

assign the user designation level to the mobile device;

assign the at least one authorized accessible area for the mobile device; and

assign the authorized period of time for the mobile device;

wherein the mobile device security application installed on the mobile device, when executed by a processor of the mobile device, is configured to;

monitor a current location of the mobile device and a current time; and

when the mobile device is located within the secure area,communicate wirelessly with the management system;

interact with the management system to register the mobile device user;

receive and store the security policy from the management system;

determine whether the mobile device requires a security change to one or more functions on the mobile device by comparing the current location of the mobile device and the current time with the user designation level of the mobile device, the information of the at least one authorized accessible area for the mobile device and the information of the authorized period of time for the mobile device of the security policy; and

in response to determining that the mobile device requires the security change to the one or more functions on the mobile device, perform the security change to each of the one or more functions on the mobile device, and disable or enable a respective driver of at least one of a camera device, a microphone device, and a telephone device of the mobile device;

wherein the secure area comprises a plurality of sub-areas, and each of the sub-areas is designated to have one of a plurality of area designation security levels;

wherein the at least one authorized accessible area for the mobile device comprises a plurality of the sub-areas; and

wherein for at least one of the sub-areas, each of the plurality of user designation levels corresponds to different security changes in the area designation security level of the sub-area, and at least one user designation level corresponds to different security changes in different sub-areas having different area designation security levels;

wherein the mobile device security application installed on the mobile device, when executed by the processor of the mobile device, is further configured tomaintain the constant contact with the security control module;

make security changes to the camera device, the microphone device, and the telephone device when the constant contact is lost;

retrieve an evacuation destination from emergency messages broadcast by the security control module;

generate an evacuation route according to the current location of the mobile device and the evacuation destination; and

display the evacuation route on the mobile device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A location based mobile device security enforcement system includes: (a) a mobile device management (MDM) server, (b) a security control module, (c) an entry point security system, and (d) a mobile device security application, when installed and executed on a mobile device, configured to register the mobile device and its user to create a mobile device user profile for the mobile device user, when the mobile device and its user enter a secure area, authenticate the mobile device user, maintain constant contact with security control module, and make security adjustments to the mobile device if contact between mobile device and security control module is lost, mobile device security application becomes non-operational, current time is beyond the mobile device user authorized access time period, and current mobile device location is outside of mobile device user authorized access area or crosses borders between one area security level to another area security level.

28 Citations

View as Search Results

16 Claims

1. A location based mobile device security enforcement system, comprising:
- a mobile device; and
  
  a management system comprising;
  
  one or more non-transitory storage-devices storing computer executable instructions; and
  
  a processor configured to execute the computer executable instructions to;
  
  monitor the mobile device located in a secure area by receiving a report from the mobile device security application on the mobile device, wherein the secure area comprises at least one authorized accessible area for the mobile device;
  
  interact with the mobile device located in the secure area to register a mobile device user of the mobile device;
  
  in response to registering the mobile device user, create a mobile device user profile and a security policy for the mobile device based on the registration, and store the mobile device user profile and the security policy in a mobile device management (MDM) server, wherein the security policy comprises a user designation level of the mobile device selected from a plurality of user designation levels, information of the at least one authorized accessible area for the mobile device, and information of authorized period of time for the mobile device; and
  
  transmit the security policy to the mobile device;
  
  a security control module separate from the mobile device and configured to maintain a constant contact with the mobile device;
  
  one or more first computers at the secure area, separate from the mobile device, and each configured to,allow a user to install the mobile device security application on the mobile device through a connection established between the first computer and the mobile device;
  
  register, with the management system, the mobile device user and create the mobile device user profile based on the registration;
  
  assign the user designation level to the mobile device;
  
  assign the at least one authorized accessible area for the mobile device; and
  
  assign the authorized period of time for the mobile device;
  
  wherein the mobile device security application installed on the mobile device, when executed by a processor of the mobile device, is configured to;
  
  monitor a current location of the mobile device and a current time; and
  
  when the mobile device is located within the secure area,communicate wirelessly with the management system;
  
  interact with the management system to register the mobile device user;
  
  receive and store the security policy from the management system;
  
  determine whether the mobile device requires a security change to one or more functions on the mobile device by comparing the current location of the mobile device and the current time with the user designation level of the mobile device, the information of the at least one authorized accessible area for the mobile device and the information of the authorized period of time for the mobile device of the security policy; and
  
  in response to determining that the mobile device requires the security change to the one or more functions on the mobile device, perform the security change to each of the one or more functions on the mobile device, and disable or enable a respective driver of at least one of a camera device, a microphone device, and a telephone device of the mobile device;
  
  wherein the secure area comprises a plurality of sub-areas, and each of the sub-areas is designated to have one of a plurality of area designation security levels;
  
  wherein the at least one authorized accessible area for the mobile device comprises a plurality of the sub-areas; and
  
  wherein for at least one of the sub-areas, each of the plurality of user designation levels corresponds to different security changes in the area designation security level of the sub-area, and at least one user designation level corresponds to different security changes in different sub-areas having different area designation security levels;
  
  wherein the mobile device security application installed on the mobile device, when executed by the processor of the mobile device, is further configured tomaintain the constant contact with the security control module;
  
  make security changes to the camera device, the microphone device, and the telephone device when the constant contact is lost;
  
  retrieve an evacuation destination from emergency messages broadcast by the security control module;
  
  generate an evacuation route according to the current location of the mobile device and the evacuation destination; and
  
  display the evacuation route on the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The location based mobile device security enforcement system of claim 1, wherein the mobile device user profile comprises information corresponding to at least one of:
    - a name of the mobile device user,a title of the mobile device user,a company name of the mobile device user;
      
      a type of the mobile device,a media access control (MAC) address of the mobile device, ora mobile phone number of the mobile device.
  - 3. The location based mobile device security enforcement system of claim 1, wherein the computer executable instructions of the management system comprise:
    - first module configured to;
      
      monitor the mobile device located in the secure area; and
      
      interact with the mobile device located in the secure area to register the mobile device user of the mobile device; and
      
      a security control module configured to;
      
      in response to receiving the registration data, create the mobile device user profile and the security policy for the mobile device based on the registration data, and store the mobile device user profile and the security policy in the MDM server; and
      
      transmit the security policy to the mobile device.
  - 4. The location based mobile device security enforcement system of claim 3, wherein the first module is further configured to:
    - deregister the mobile device when the mobile device leaves the secure area.
  - 5. The location based mobile device security enforcement system of claim 3, wherein the security control module is further configured to:
    - in response to a manual operation to edit the mobile device user profile and the security policy for the mobile device,update the mobile device user profile and the security policy in the MDM server; and
      
      transmit the updated security policy to the mobile device.
  - 6. The location based mobile device security enforcement system of claim 3, wherein the security control module is further configured to:
    - broadcast emergency messages when an emergency occurs.
  - 7. The location based mobile device security enforcement system of claim 6, wherein the mobile device security application is further configured to:
    - receive the emergency messages from the security control module of the system; and
      
      display the emergency messages on the mobile device.
  - 8. The location based mobile device security enforcement system of claim 3, wherein the mobile device security application comprises:
    - a user interface module configured to interact with the management system to register the mobile device user;
      
      a device monitoring module configured to;
      
      monitor the current location of the mobile device and the current time;
      
      communicate wirelessly with the management system; and
      
      when the mobile device is located within the secure area, determine whether the mobile device requires the security change to the one or more functions on the mobile device by comparing the current location of the mobile device and the current time with the user designation level of the mobile device, the information of the at least one authorized accessible area for the mobile device and the information of the authorized period of time for the mobile device of the security policy; and
      
      a mobile device security software configured to, when the mobile device is located within the secure area,receive and store the security policy from the management system; and
      
      in response to determining, by the device monitoring module, that the mobile device requires the security change to the one or more functions on the mobile device, perform the security change to each of the one or more functions on the mobile device.
  - 9. The location based mobile device security enforcement system of claim 1, wherein the mobile device security application is configured to determine that, based on the comparison of the current location of the mobile device with the user designation level of the mobile device and the information of the at least one authorized accessible area for the mobile device of the security policy, the mobile device requires the security change to the one or more functions on the mobile device when the current location of the mobile device is outside of the at least one authorized accessible area, or when the current location of the mobile device crosses a border between two of the sub-areas having different area designation security levels.
  - 10. The location based mobile device security enforcement system of claim 1, wherein the information of the at least one authorized accessible area for the mobile device comprises the area designation security level of each of the sub-areas of the at least one authorized accessible area.
  - 11. The location based mobile device security enforcement system of claim 1, wherein the mobile device security application is configured to determine that the mobile device requires the security change to the one or more functions on the mobile device when the current time is beyond the authorized period of time for the mobile device based on the comparison of the current time with the user designation level of the mobile device and the information of the authorized period of time for the mobile device of the security policy.

12. A method for performing location based mobile device security enforcement, comprising:
- monitoring, by a mobile device security application installed on a mobile device, a current location of the mobile device and a current time;
  
  communicating wirelessly, by the mobile device security application installed on the mobile device, with a location based mobile device security enforcement system when the mobile device is located within a secure area;
  
  monitoring, by the location based mobile device security enforcement system, the mobile device located in the secure area by receiving a report from the mobile device security application installed on the mobile device, wherein the secure area comprises at least one authorized accessible area for the mobile device;
  
  interacting, by the mobile device security application installed on the mobile device, with the location based mobile device security enforcement system to register the mobile device user when the mobile device is located within the secure area;
  
  interacting, by the location based mobile device security enforcement system, with the mobile device located in the secure area to register a mobile device user of the mobile device;
  
  in response to registering the mobile device user, creating, at the location based mobile device security enforcement system, a mobile device user profile and a security policy for the mobile device based on the registration, and storing the mobile device user profile and the security policy in a mobile device management (MDM) server, wherein the security policy comprises a user designation level of the mobile device selected from a plurality of user designation levels, information of the at least one authorized accessible area for the mobile device, and information of authorized period of time for the mobile device;
  
  transmitting, by the location based mobile device security enforcement system, the security policy to the mobile device;
  
  maintaining, at a security control module separate from the mobile device, a constant contact with the mobile device;
  
  at a first computer separate from the mobile device and—
  
  at the secure area,allowing a user to install the mobile device security application on the mobile device through a connection established between the first computer and the mobile device;
  
  registering, with the location based mobile device security enforcement system, the mobile device user and creating the mobile device user profile based on the registration;
  
  assigning the user designation level to the mobile device;
  
  assigning the at least one authorized accessible area for the mobile device; and
  
  assigning the authorized period of time for the mobile device;
  
  receiving and storing, by the mobile device security application installed on the mobile device, the security policy from the location based mobile device security enforcement system when the mobile device is located within the secure area;
  
  determining, by the mobile device security application installed on the mobile device, whether the mobile device requires a security change to one or more functions on the mobile device by comparing the current location of the mobile device and the current time with the user designation level of the mobile device, the information of the at least one authorized accessible area for the mobile device and the information of the authorized period of time for the mobile device of the security policy;
  
  in response to determining that the mobile device requires the security change to the one or more functions on the mobile device, performing, by the mobile device security application installed on the mobile device, the security change to each of the one or more functions on the mobile device, and disabling or enabling a respective driver of at least one of a camera device, a microphone device, and a telephone device of the mobile device, when the mobile device is located within the secure area;
  
  maintaining, at the mobile device security application installed on the mobile device, the constant contact with the security control module;
  
  making, at the mobile device security application installed on the mobile device, security changes to the camera device, the microphone device, and the telephone device when the constant contact is lost;
  
  retrieving, at the mobile device security application installed on the mobile device, an evacuation destination from emergency messages broadcast by the security control module;
  
  generating, at the mobile device security application installed on the mobile device, an evacuation route according to the current location of the mobile device and the evacuation destination;
  
  displaying, by the mobile device security application installed on the mobile device, the evacuation route on the mobile device;
  
  wherein the secure area comprises a plurality of sub-areas, and each of the sub-areas is designated to have one of a plurality of area designation security levels;
  
  wherein the at least one authorized accessible area for the mobile device comprises a plurality of the sub-areas; and
  
  wherein for at least one of the sub-areas, each of the plurality of user designation levels corresponds to different security changes in the area designation security level of the sub-area, and at least one user designation level corresponds to different security changes in different sub-areas having different area designation security levels.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the mobile device security application is configured to determine that, based on the comparison of the current location of the mobile device with the user designation level of the mobile device and the information of the at least one authorized accessible area for the mobile device of the security policy, the mobile device requires the security change to the one or more functions on the mobile device when the current location of the mobile device is outside of the at least one authorized accessible area, or when the current location of the mobile device crosses a border between two of the sub-areas having different area designation security levels.
  - 14. The method of claim 12, wherein the information of the at least one authorized accessible area for the mobile device comprises the area designation security level of each of the sub-areas of the at least one authorized accessible area.

15. Non-transitory computer storage media storing computer-executable instructions, wherein the computer-executable instructions, when executed by a first processor of a mobile device or a second processor of a location based mobile device security enforcement system, are configured to instruct the first processor or the second processor to:
- monitor the mobile device located in a secure area by receiving a report from a mobile device security application installed on the mobile device, wherein the secure area comprises at least one authorized accessible area for the mobile device;
  
  interact with the mobile device located in the secure area to register a mobile device user of the mobile device;
  
  in response to registering the mobile device user, create, at the location based mobile device security enforcement system, a mobile device user profile and a security policy for the mobile device based on the registration, and storing the mobile device user profile and the security policy in a mobile device management (MDM) server, wherein the security policy comprises a user designation level of the mobile device selected from a plurality of user designation levels, information of the at least one authorized accessible area for the mobile device, and information of authorized period of time for the mobile device; and
  
  transmit, by the location based mobile device security enforcement system, the security policy to the mobile device;
  
  maintain, at a security control module separate from the mobile device, a constant contact with the mobile device;
  
  wherein the computer-executable instructions, when executed at a first computer separate from the mobile device and at the secure area, are configured to,allow a user to install the mobile device security application on the mobile device through a connection established between the first computer and the mobile device;
  
  register, with the location based mobile device security enforcement system, the mobile device user and create the mobile device user profile based on the registration;
  
  assign the user designation level to the mobile device;
  
  assign the at least one authorized accessible area for the mobile device; and
  
  assign the authorized period of time for the mobile device;
  
  wherein the mobile device security application installed on the mobile device, when executed at a processor of the mobile device, is configured to;
  
  monitor a current location of the mobile device and a current time;
  
  when the mobile device is located within the secure area,communicate wirelessly with the location based mobile device security enforcement system;
  
  interact with the location based mobile device security enforcement system to register the mobile device user;
  
  receive and store the security policy from the location based mobile device security enforcement system;
  
  determine whether the mobile device requires a security change to one or more functions on the mobile device by comparing the current location of the mobile device and the current time with the user designation level of the mobile device, the information of the at least one authorized accessible area for the mobile device and the information of the authorized period of time for the mobile device of the security policy; and
  
  in response to determining that the mobile device requires the security change to the one or more functions on the mobile device, perform the security change to each of the one or more functions on the mobile device, and disable or enable a respective driver of at least one of a camera device, a microphone device, and a telephone device of the mobile device;
  
  maintain, at the mobile device security application installed on the mobile device, the constant contact with the security control module;
  
  make, at the mobile device security application installed on the mobile device, security changes to the camera device, the microphone device, and the telephone device when the constant contact is lost;
  
  retrieve an evacuation destination from emergency messages broadcast by the security control module;
  
  generate an evacuation route according to the current location of the mobile device and the evacuation destination; and
  
  display the evacuation route on the mobile device;
  
  wherein the secure area comprises a plurality of sub-areas, and each of the sub-areas is designated to have one of a plurality of area designation security levels;
  
  wherein the at least one authorized accessible area for the mobile device comprises a plurality of the sub-areas; and
  
  wherein for at least one of the sub-areas, each of the plurality of user designation levels corresponds to different security changes in the area designation security level of the sub-area, and at least one user designation level corresponds to different security changes in different sub-areas having different area designation security levels.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein:
    - the information of the at least one authorized accessible area for the mobile device comprises the area designation security level of each of the sub-areas of the at least one authorized accessible area; and
      
      the mobile device security application is configured to determine that, based on the comparison of the current location of the mobile device with the user designation level of the mobile device and the information of the at least one authorized accessible area for the mobile device of the security policy, the mobile device requires the security change to the one or more functions on the mobile device when the current location of the mobile device is outside of the at least one authorized accessible area, or when the current location of the mobile device crosses a border between two of the sub-areas having different area designation security levels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Megatrends International, LLC
Original Assignee
American Megatrends Incorporated
Inventors
Ramalingam, Muthukkumaran, Inbaraj, Joseprabu, Mathews, Santhosh Samuel
Primary Examiner(s)
Elhag, Magdi
Assistant Examiner(s)
ORANGE, DAVID BENJAMIN

Application Number

US13/970,112
Publication Number

US 20150050922A1
Time in Patent Office

1,443 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04M 1/72457   according to geographic loc...

H04M 1/72463   to restrict the functionali...

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 12/37   Managing security policies ...

H04W 12/63   Location-dependent; Proximi...

H04W 4/021   Services related to particu...

H04W 4/50   Service provisioning or rec...

Mobile device security system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile device security system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links