Patent application number | Description | Published |
20110179465 | APPARATUS, AND AN ASSOCIATED METHOD, FOR FACILITATING SECURE OPERATIONS OF A WIRELESS DEVICE - An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed. | 07-21-2011 |
20120140927 | CROSS-COMPONENT MESSAGE ENCRYPTION - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, encrypt and sign the composite message. Conveniently, security considerations are maintained even in view of bandwidth optimization measures. | 06-07-2012 |
20120214413 | MOBILE WIRELESS COMMUNICATIONS DEVICE ESTABLISHING WIRELESS COMMUNICATION LINKS BASED UPON NEAR FIELD COMMUNICATION AND RELATED METHODS - A wireless communications system may include first and second mobile wireless communications devices each comprising a respective input device, wireless transceiver, near-field communication (NFC) transceiver, and controller coupled to the input device, wireless transceiver and NFC transceiver. At least one of the controllers may be configured to establish an NFC communications link between the NFC transceivers when the first and second mobile wireless communications devices are in proximity, provide a temporary device identifier (ID) via the NFC communications link, request authorization to establish a wireless link between the wireless transceivers, provide a permanent device ID upon receiving the authorization and based upon the temporary device ID, and establish the wireless link between the wireless transceivers based upon the permanent device ID. | 08-23-2012 |
20120317190 | METHODS AND APPARATUS FOR MAINTAINING PERMISSIONS FOR CLIENT/SERVER PROCESSING IN A COMMUNICATION DEVICE - A communication device has memory for storing a client application module, a server application module, and an operating system module which are executable by one or more processors. The client application module submits a request and, in response, the server application module causes the request to be processed with use of the operating system module. One or more client process handles of a client stack of the client application module are provided in a current process base of the operating system module. For the request, one or more permission settings associated with the one or more client process handles as well as one or more permission settings associated with the one or more server process handles are checked. | 12-13-2012 |
20130097316 | Associating Services to Perimeters - In some implementations, a method includes receiving, from a user of a first device, a request to enable access, through a second device, to a server resource account of an enterprise. The first device includes a first enterprise perimeter including an internal resource and a first enterprise identifier and configured to prevent external resources from accessing the internal resource. A request is wirelessly transmit, to the second device, to the second device for a second enterprise identifier assigned to a second enterprise perimeter included in the second device. Whether to grant access to the internal resource is determined based on a first enterprise identifier assigned to the first device and a second enterprise identifier assigned to the second device. | 04-18-2013 |
20130124583 | Presenting Metadata From Multiple Perimeters - In some implementations, a method for managing data in a user device includes pushing first metadata for a first resource in a first perimeter to a service external to the first perimeter. The first perimeter is configured to prevent external resources from accessing resources in the first perimeter. Second metadata for a second resource in a second perimeter is pushed to the external service. The external service is external to the second perimeter, the second perimeter being configured to prevent external resources from accessing resources in the second perimeter. Information is presented to the user based on a combination of the first metadata and the second metadata. | 05-16-2013 |
20130125198 | MANAGING CROSS PERIMETER ACCESS - In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource. | 05-16-2013 |
20130212392 | KEY MANAGEMENT ON DEVICE FOR PERIMETERS - There is provided a method and apparatus for resetting a password for a device or managing the device, the device having an encryption perimeter. A device shares a public/private key pair with a server, the public key being on the device and the private key being on the server. An intermediate value is encrypted on the mobile device using the public key. If the password is lost or the device needs to be managed, the server can request the encrypted intermediate value, decrypt it, and send the decrypted value to the mobile device which may then resume operations. A new password may be provided by the server or the user may set a new password once the encryption key is recreated from the decrypted intermediate value. | 08-15-2013 |
20130219455 | CERTIFICATE MANAGEMENT METHOD BASED ON CONNECTIVITY AND POLICY - Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy. | 08-22-2013 |
20130227637 | METHOD AND APPARATUS FOR MANAGEMENT OF MULTIPLE GROUPED RESOURCES ON DEVICE - A method and computing device for managing grouped resources comprising receiving, at the computing device, a policy for a set of grouped resources; applying the policy; locking at least one of the computing device or the set of grouped resources associated with the policy; waiting for receipt of an authentication parameter at the computing device; verifying the authentication parameter; associating the set of grouped resources with the authentication parameter; and unlocking the least one of the computing device or the set of grouped resources. | 08-29-2013 |
20130346606 | Managing Use of Network Resources - Some aspects of what is described here relate to managing the use of network resources on a mobile device. User input received at the device indicates whether to allow an application associated with a first perimeter on the device to access a network resource associated with a second perimeter on the device. For example, in some instances user input may indicate whether to allow data from applications associated with a personal perimeter on the device to be transmitted over an enterprise communication system. When outbound data associated with the first perimeter are received, the device determines, according to the indication from the user input, whether to route the outbound data to the network resource associated with the second perimeter. | 12-26-2013 |
20140115158 | MANAGING APPLICATION EXECUTION AND DATA ACCESS ON A DEVICE - Some aspects of what is described here relate to managing application execution and data access on a mobile device. A request to access data is received from an application associated with a first perimeter on a device. The data is associated with a second, different perimeter on the device and has a data type. It is determined, based on the data type, that a management policy associated with the first perimeter permits the application to access the data independent of a second, different management policy assigned to the second perimeter. Based on the determining, the application is provided access to the data. | 04-24-2014 |
20140203904 | COMMUNICATIONS SYSTEM PROVIDING PERSONNEL ACCESS BASED UPON NEAR-FIELD COMMUNICATION AND RELATED METHODS - A security system may include an access control device associated with a personnel access position. The access control device may include a first Near-Field Communication (NFC) sensor, and a first controller configured to selectively grant personnel access based upon receiving a valid security code from the first NFC sensor, and to deny personnel access and generate an access denial electronic message(s) based upon receiving an invalid security code from the first NFC sensor. The system may also include a mobile wireless communications device(s) including a second NFC sensor and a second controller, which may be configured to communicate a security code via the second NFC sensor to the first NFC sensor based upon proximity therewith, and to receive a corresponding access denial electronic message from the first controller based upon the security code being invalid. | 07-24-2014 |
20140207821 | PRESENTING METADATA FROM MULTIPLE PERIMETERS - In some implementations, a method for managing data in a user device includes pushing first metadata for a first resource in a first perimeter to a service external to the first perimeter. The first perimeter is configured to prevent external resources from accessing resources in the first perimeter. Second metadata for a second resource in a second perimeter is pushed to the external service. The external service is external to the second perimeter, the second perimeter being configured to prevent external resources from accessing resources in the second perimeter. Information is presented to the user based on a combination of the first metadata and the second metadata. | 07-24-2014 |
20140337937 | METHODS AND DEVICES FOR DETECTING UNAUTHORIZED ACCESS TO CREDENTIALS OF A CREDENTIAL STORE - Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account. | 11-13-2014 |
20140337941 | METHODS AND DEVICES FOR PROVIDING WARNINGS ASSOCIATED WITH CREDENTIALS TO BE STORED IN A CREDENTIAL STORE - Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated. | 11-13-2014 |
20140373155 | SYSTEM AND METHOD FOR CONTROLLING APPLICATIONS TO MITIGATE THE EFFECTS OF MALICIOUS SOFTWARE - Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions. | 12-18-2014 |
20150074754 | CERTIFICATE MANAGEMENT METHOD BASED ON CONNECTIVITY AND POLICY - Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy. | 03-12-2015 |