Self-aware profile switching on a mobile computing device
US-8958828-B2 · Feb 17, 2015 · US
Mode sensitive encryption
US9256758B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9256758-B2 |
| Application number | US-201113306889-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 29, 2011 |
| Priority date | Nov 29, 2011 |
| Publication date | Feb 9, 2016 |
| Grant date | Feb 9, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, by a mobile device, a request to launch an application on the mobile device; identifying a first mode on the mobile device; launching a first application process for the application, by the mobile device, wherein the first application process is assigned to the first mode; identifying a first mode network associated with the first mode on the mobile device, wherein the mobile device changes system network parameters specific to the first mode; classifying a file write access operation by the application as belonging to the first mode at the operating system level; determining a file write access location and an encryption write state based on classifying the file write access operation with the first mode; identifying a second mode on the mobile device; switching from the first mode to the second mode, comprising: terminating, by the mobile device, the first application process and any additional processes assigned to the first mode; and launching a second application process for the application, by the mobile device, wherein the second application process is assigned to the second mode; classifying a read access operation by the application as belonging to the second mode at the operating system level; determining a file read access location and an encryption read state based on classifying the read access operation with the second mode; sending, by the application, an Internet Protocol based network packet; routing the packet through the first mode network if the first mode network is determined to be available and the mobile device is determined to be in the first mode; and routing the packet through an alternative connection if the first mode network is determined to be available and the mobile device is determined to be in the second mode such that transition from the first mode network to the alternative connection is seamless. 2. The method of claim 1 , wherein the first mode is a work mode. 3. The method of claim 1 , wherein the second mode is a personal mode. 4. The method of claim 3 , wherein work mode files are not visible in personal mode. 5. The method of claim 1 , wherein the file write access location associated with the first mode is an encrypted directory. 6. The method of claim 1 , wherein the file write access location associated with the first mode is a standard location. 7. The method of claim 1 , wherein the file read access location associated with the second mode is an encrypted directory. 8. The method of claim 7 , wherein files and metadata are maintained in encrypted form in the encrypted directory. 9. The method of claim 8 , wherein the file write access location associated with the first mode is a standard location. 10. A system, comprising: a mobile device, comprising: a hardware processor; and memory storing computer readable code which, when executed by the processor, cause the processor to: receive a request to launch an application on the mobile device: launch a first application process for the application, by the mobile device, wherein the first application process is assigned to the first mode identify a first mode on the mobile device; identify a first mode network associated with the first mode on the mobile device, wherein the mobile device changes system network parameters specific to the first mode; classify a file write access operation by the application as belonging to the first mode at the operating system level; determine a file write access location and an encryption write state based on classifying the file write access operation with the first mode; identify a second mode on the mobile device; switch from the first mode to the second mode, comprising: terminate the first application process and any additional processes assigned to the first mode; and launch a second application process for the application wherein the second application process is assigned to the second mode; classify a read access operation by the application as belonging to the second mode at the operating system level; determine a file read access location and an encryption read state based on classifying the read access operation with the second mode; send, by the application, an Internet Protocol based network packet; route the packet through the first mode network if the first mode network is available and the mobile device is in the first mode; and route the packet through an alternative connection if the first mode network is determined to be available and the mobile device is determined to be in the second mode such that transition from the first mode network to the alternative connection is seamless. 11. The system of claim 10 , wherein the first mode is a work mode. 12. The system of claim 10 , wherein the second mode is a personal mode. 13. The system of claim 12 , wherein work mode files are not visible in personal mode. 14. The system of claim 10 , wherein the file write access location associated with the first mode is an encrypted directory. 15. The system of claim 10 , wherein the file write access location associated with the first mode is a standard location. 16. The system of claim 10 , wherein the file read access location associated with the second mode is an encrypted directory. 17. The system of claim 16 , wherein files and metadata are maintained in encrypted form in the encrypted directory. 18. The system of claim 17 , wherein the file write access location associated with the first mode is a standard location. 19. A non-transitory computer readable medium comprising: computer code for receiving, by a mobile device, a request to launch an application on the mobile device; computer code for identifying a first mode on the mobile device; computer code for launching a first application process for the application, by the mobile device, wherein the first application process is assigned to the first mode; computer code for identifying a first mode network associated with the first mode on the mobile device, wherein the mobile device changes system network parameters specific to the first mode; computer code for classifying a file write access operation by the application as belonging to the first mode at the operating system level; computer code for determining a file write access location and an encryption write state based on classifying the file write access operation with the first mode; computer code for identifying a second mode on the mobile device; computer code for switching from the first mode to the second mode, comprising: computer code for terminating, by the mobile device, the first application process and any additional processes assigned to the first mode; and computer code for launching a second application process for the application, by the mobile device, wherein the second application process is assigned to the second mode; computer code for classifying a read access operation by the application as belonging to the second mode at the operating system level; computer code for determining a file read access location and an encryption read state based on classifying the read access operation with the second mode; computer code for sending, by the application, an Internet Protocol based network packet; computer code for routing the packet through the first mode network if the first mode network is determined to be available and the mobile device is determined to be in the first mode; and computer code for routing the packet through an alternative connection if
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Multi-level security, e.g. mandatory access control · CPC title
Entity profiles · CPC title
Communication route or path selection, e.g. power-based or shortest path routing · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9256758B2 cover?
- Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, …
- Who is the assignee on this patent?
- Draluk Vadim, Goldfain Francois, Maarse Jan-Willem, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 09 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).