WO2004057834A3 - Methods and apparatus for administration of policy based protection of data accessible by a mobile device - Google Patents

Methods and apparatus for administration of policy based protection of data accessible by a mobile device Download PDF

Info

Publication number
WO2004057834A3
WO2004057834A3 PCT/US2003/040546 US0340546W WO2004057834A3 WO 2004057834 A3 WO2004057834 A3 WO 2004057834A3 US 0340546 W US0340546 W US 0340546W WO 2004057834 A3 WO2004057834 A3 WO 2004057834A3
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
security
administration
methods
policies
Prior art date
Application number
PCT/US2003/040546
Other languages
French (fr)
Other versions
WO2004057834A2 (en
Inventor
Michael Wright
Peter Boucher
Gabe Nault
Merrill Smith
Sterling K Jacobson
Jonathan Wood
Robert Mims
Original Assignee
Senforce Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/377,265 external-priority patent/US7308703B2/en
Priority claimed from US10/413,443 external-priority patent/US7353533B2/en
Application filed by Senforce Technologies Inc filed Critical Senforce Technologies Inc
Priority to AU2003299729A priority Critical patent/AU2003299729A1/en
Publication of WO2004057834A2 publication Critical patent/WO2004057834A2/en
Publication of WO2004057834A3 publication Critical patent/WO2004057834A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The administration of protection of data (242) on a client mobile computing device by a server computer system (200) such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced (238), (234) based on a location associated with a network environment (204) in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies (244) based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.
PCT/US2003/040546 2002-12-18 2003-12-18 Methods and apparatus for administration of policy based protection of data accessible by a mobile device WO2004057834A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003299729A AU2003299729A1 (en) 2002-12-18 2003-12-18 Methods and apparatus for administration of policy based protection of data accessible by a mobile device

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
US43448502P 2002-12-18 2002-12-18
US60/434,485 2002-12-18
US43855603P 2003-01-06 2003-01-06
US60/438,556 2003-01-06
US10/377,265 2003-02-28
US10/377,265 US7308703B2 (en) 2002-12-18 2003-02-28 Protection of data accessible by a mobile device
US10/413,443 2003-04-11
US10/413,443 US7353533B2 (en) 2002-12-18 2003-04-11 Administration of protection of data accessible by a mobile device
US48912803P 2003-07-21 2003-07-21
US60/489,128 2003-07-21

Publications (2)

Publication Number Publication Date
WO2004057834A2 WO2004057834A2 (en) 2004-07-08
WO2004057834A3 true WO2004057834A3 (en) 2004-10-14

Family

ID=32686351

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/040546 WO2004057834A2 (en) 2002-12-18 2003-12-18 Methods and apparatus for administration of policy based protection of data accessible by a mobile device

Country Status (2)

Country Link
AU (1) AU2003299729A1 (en)
WO (1) WO2004057834A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850530B2 (en) 2002-08-27 2014-09-30 Mcafee, Inc. Enterprise-wide security system for computer devices
US9552478B2 (en) 2010-05-18 2017-01-24 AO Kaspersky Lab Team security for portable information devices

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1709556A4 (en) * 2003-12-23 2011-08-10 Trust Digital Llc System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US7814543B2 (en) 2004-02-13 2010-10-12 Microsoft Corporation System and method for securing a computer system connected to a network from attacks
US7716726B2 (en) 2004-02-13 2010-05-11 Microsoft Corporation System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
ATE541423T1 (en) * 2004-04-30 2012-01-15 Research In Motion Ltd SYSTEM AND METHOD FOR PERFORMING RECOVERY OPERATIONS ON MOBILE DEVICES
US7360237B2 (en) * 2004-07-30 2008-04-15 Lehman Brothers Inc. System and method for secure network connectivity
US7353390B2 (en) 2004-08-20 2008-04-01 Microsoft Corporation Enabling network devices within a virtual network to communicate while the networks's communications are restricted due to security threats
US20060083192A1 (en) 2004-10-01 2006-04-20 Gabriela Dinescu Communication traffic control methods and systems
US7716727B2 (en) 2004-10-29 2010-05-11 Microsoft Corporation Network security device and method for protecting a computing device in a networked environment
JP4182946B2 (en) * 2004-12-09 2008-11-19 ブラザー工業株式会社 MANAGEMENT SYSTEM, RADIO COMMUNICATION DEVICE, PROGRAM, AND RADIO COMMUNICATION DEVICE MANAGEMENT METHOD
CN100433899C (en) * 2004-12-28 2008-11-12 华为技术有限公司 Method and system for ensuring safe data service in mobile communication system
WO2006093917A2 (en) 2005-02-28 2006-09-08 Trust Digital Mobile data security system and methods
CN101052217B (en) * 2006-04-06 2010-12-22 华为技术有限公司 Automatic mounting method for safety relative agency and relative response system
US7933584B2 (en) 2005-10-15 2011-04-26 Huawei Technologies Co., Ltd. Method for implementing security update of mobile station and a correlative reacting system
CN101017522A (en) * 2006-04-14 2007-08-15 北京瑞星国际软件有限公司 Method and device for preventing mobile terminal from being infracting by virus
US8259568B2 (en) 2006-10-23 2012-09-04 Mcafee, Inc. System and method for controlling mobile device access to a network
US20080222707A1 (en) 2007-03-07 2008-09-11 Qualcomm Incorporated Systems and methods for controlling service access on a wireless communication device
US20080229382A1 (en) * 2007-03-14 2008-09-18 Motorola, Inc. Mobile access terminal security function
US20100218012A1 (en) * 2007-06-18 2010-08-26 Johnson Joseph Methods and systems for providing a wireless security service and/or a wireless technical support service for personal computers
US7607174B1 (en) 2008-12-31 2009-10-20 Kaspersky Lab Zao Adaptive security for portable information devices
US7584508B1 (en) 2008-12-31 2009-09-01 Kaspersky Lab Zao Adaptive security for information devices
CN102460378B (en) * 2009-06-25 2015-01-21 诺基亚公司 Method and Apparatus for Reducing the Need of User Prompts
US8327106B2 (en) 2009-11-16 2012-12-04 International Business Machines Corporation Selective device access control
US8935384B2 (en) 2010-05-06 2015-01-13 Mcafee Inc. Distributed data revocation using data commands
US8407524B2 (en) 2010-06-30 2013-03-26 International Business Machines Corporation Server throttled client debugging
US9659165B2 (en) 2011-09-06 2017-05-23 Crimson Corporation Method and apparatus for accessing corporate data from a mobile device
CN104685505B (en) 2012-10-19 2018-01-09 迈克菲公司 Place perceives safety device, method, system and medium
GB201315931D0 (en) * 2013-09-06 2013-10-23 Bae Systems Plc Secured mobile communications device
US20150381658A1 (en) * 2014-06-30 2015-12-31 Mcafee, Inc. Premises-aware security and policy orchestration
US9536176B2 (en) 2015-03-23 2017-01-03 International Business Machines Corporation Environmental-based location monitoring
CN117037349B (en) * 2023-08-28 2024-02-20 珠海市辰宇智能技术有限公司 Face recognition technology and data interaction service management and control method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002019116A2 (en) * 2000-08-31 2002-03-07 F-Secure Oyj Wireless device management
WO2002067173A1 (en) * 2001-02-23 2002-08-29 I-Sprint Innovations Pte Ltd A hierarchy model
US20020161905A1 (en) * 2001-04-26 2002-10-31 Nokia Corporation IP security and mobile networking
US6484261B1 (en) * 1998-02-17 2002-11-19 Cisco Technology, Inc. Graphical network security policy management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6484261B1 (en) * 1998-02-17 2002-11-19 Cisco Technology, Inc. Graphical network security policy management
WO2002019116A2 (en) * 2000-08-31 2002-03-07 F-Secure Oyj Wireless device management
WO2002067173A1 (en) * 2001-02-23 2002-08-29 I-Sprint Innovations Pte Ltd A hierarchy model
US20020161905A1 (en) * 2001-04-26 2002-10-31 Nokia Corporation IP security and mobile networking

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MOORE B,ELLESSON,STRASSNER J,WESTERINEN A: "RFC 3060 - Policy Core Information Model -- Version 1 Specification", IETF REQUEST FOR COMMENTS, February 2001 (2001-02-01), pages 1 - 101, XP015008843, Retrieved from the Internet <URL:www.ietf.org> [retrieved on 20040628] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850530B2 (en) 2002-08-27 2014-09-30 Mcafee, Inc. Enterprise-wide security system for computer devices
US9552478B2 (en) 2010-05-18 2017-01-24 AO Kaspersky Lab Team security for portable information devices

Also Published As

Publication number Publication date
WO2004057834A2 (en) 2004-07-08
AU2003299729A8 (en) 2004-07-14
AU2003299729A1 (en) 2004-07-14

Similar Documents

Publication Publication Date Title
WO2004057834A3 (en) Methods and apparatus for administration of policy based protection of data accessible by a mobile device
US9888032B2 (en) Method and system for mitigating the effects of ransomware
EP3665573B1 (en) Real-time prevention of malicious content via dynamic analysis
WO2005054973A3 (en) Method and system for improving computer network security
US7788235B1 (en) Extrusion detection using taint analysis
US7814021B2 (en) Managed distribution of digital assets
US9483644B1 (en) Methods for detecting file altering malware in VM based analysis
US20190158512A1 (en) Lightweight anti-ransomware system
JP4667359B2 (en) Digital asset usage accountability by journalizing events
US20050066165A1 (en) Method and system for protecting confidential information
US20070174909A1 (en) System and method for intelligence based security
CN110521179A (en) System and method for enforcing dynamic network security strategy
US20040221172A1 (en) Adaptive transparent encryption
GB2411988A (en) Preventing programs from accessing communication channels withut user permission
EP3198505B1 (en) Cross-view malware detection
US8949984B2 (en) Personal information protection system for providing specialized function for host terminal based on Unix and Linux
US20110126293A1 (en) System and method for contextual and behavioral based data access control
US20090328210A1 (en) Chain of events tracking with data tainting for automated security feedback
Lee et al. Rcryptect: Real-time detection of cryptographic function in the user-space filesystem
Annansingh Bring your own device to work: how serious is the risk?
Yu et al. Enterprise digital rights management: Solutions against information theft by insiders
CN103430153B (en) Inoculator and antibody for computer security
US10116438B1 (en) Managing use of security keys
US9043943B1 (en) Self-destructing content
Ayele et al. Threat Actors and Methods of Attack to Social Robots in Public Spaces

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP