`US008442489B2
`
`c12) United States Patent
`Adams et al.
`
`(IO) Patent No.:
`(45) Date of Patent:
`
`US 8,442,489 B2
`*May 14, 2013
`
`(52) U.S. Cl.
`USPC ............ 455/410; 726/1; 726/2; 726/3; 726/4;
`726/11; 726/22; 726/27; 726/28; 713/165;
`713/167; 713/188; 713/189; 713/193; 713/168;
`455/411; 380/277; 380/270; 380/37; 380/42
`(58) Field of Classification Search ....................... 726/1
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,935,248 A
`8/1999 Kuroda
`6,202,157 Bl
`3/2001 Brownlie et al.
`6,490,680 Bl* 12/2002 Scheidt et al.
`................ 713/166
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`0069120 Al
`11/2000
`
`OTHER PUBLICATIONS
`
`Sems, Marty, "Verifying Identity in a Digital World", Aug. 2000.
`
`(Continued)
`
`Primary Examiner - Bryan Wright
`(74) Attorney, Agent, or Firm -
`Jones Day
`
`(57)
`
`ABSTRACT
`
`Systems and methods for establishing a security-related
`mode of operation for computing devices. A policy data store
`contains security mode configuration data related to the com(cid:173)
`puting devices. Security mode configuration data is used in
`establishing a security-related mode of operation for the com(cid:173)
`puting devices.
`
`24 Claims, 10 Drawing Sheets
`
`(54) SYSTEM AND METHOD FOR CONFIGURING
`DEVICES FOR SECURE OPERATIONS
`
`(75)
`
`Inventors: Neil P. Adams, Waterloo (CA); Michael
`K. Brown, Waterloo (CA); Michael S.
`Brown, Waterloo (CA); Michael G.
`Kirkup, Waterloo (CA); Herbert A.
`Little, Waterloo (CA); David Victor
`MacFarlane, Waterloo (CA); Ian M.
`Robertson, Waterloo (CA)
`
`(73) Assignee: Research In Motion Limited, Waterloo
`(CA)
`
`( *) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O days.
`
`This patent is subject to a terminal dis(cid:173)
`claimer.
`
`WO
`
`(21) Appl. No.: 13/182,827
`
`(22) Filed:
`
`Jul. 14, 2011
`
`(65)
`
`Prior Publication Data
`
`US 2011/0271322 Al
`
`Nov. 3, 2011
`
`(63)
`
`(60)
`
`(51)
`
`Related U.S. Application Data
`
`Continuation of application No. 11/065,901, filed on
`Feb. 25, 2005, now Pat. No. 8,010,989.
`
`Provisional application No. 60/567,137, filed on Apr.
`30, 2004.
`
`Int. Cl.
`H04M 1166
`H04M 1168
`H04M3/16
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`100
`
`Mobile
`Communication
`Device
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 001
`
`
`
`US 8,442,489 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`5/2004 Bearden et al.
`6,732,168 Bl
`6,775,536 Bl
`8/2004 Geiger et al.
`10/2006 Lord et al.
`7,131,003 B2
`1/2008 Godfrey et al.
`7,317,699 B2
`2002/0165912 Al
`11/2002 Wenocur et al.
`12/2002 Dutta et al.
`2002/0186845 Al
`10/2003 Schoen et al.
`2003/0204722 Al
`1/2004 Freund
`2004/0019807 Al
`2005/0183138 Al
`8/2005 Phillips et al.
`2005/0190764 Al
`9/2005 Shell et al.
`2005/0197099 Al*
`9/2005 Nehushtan .................... 455/410
`
`OTHER PUBLICATIONS
`
`S. Gavrila, et al., "Assigning and Enforcing Security Policies on
`Handheld Devices", Canadian Information Technology Security
`Symposium, May 17, 2002, pp. 0-7, XP002440113.l
`International Search Report of Application No.
`CA20051000294, date of mailing Jun. 20, 2005, 11 pages.
`Supplementary European Search Report, Issued Jul. 11, 2007 by
`European Patent Office, for European Patent Application No.
`05714536.
`
`PCT/
`
`* cited by examiner
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 002
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 1 of 10
`
`US 8,442,489 B2
`
`E-Mail Sender
`
`40
`
`10
`
`Message
`Server
`
`Message Server System
`
`85
`
`90
`
`100
`
`Mobile
`Communication
`Device
`
`FIG. I
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 003
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 2 of 10
`
`US 8,442,489 B2
`
`Host Location (example: Corporate Office)
`
`E-Mail Sender
`
`Physical •
`Cradle •
`Davie,
`
`Other
`Chained
`Certificates
`
`Mobile
`Device
`
`100
`
`75
`
`Firewall
`
`100
`
`Mobile Data
`Communication
`Device
`
`100
`
`Mobile Data
`Communication
`Device
`
`FIG. 2
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 004
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 3 of 10
`
`US 8,442,489 B2
`
`200
`
`ADMINISTRATOR
`
`202
`
`POLICY DATA STORE
`
`220
`
`240
`
`ENABLE
`SECURITY
`MODE
`
`/230
`
`I
`. ' bisABLE ......
`/
`SECURITY
`·,. MODE _ _,,·
`-.T.-
`
`NETWORK
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`252
`
`254
`
`2 50 /
`
`FIG. 3
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 005
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 4 of 10
`
`US 8,442,489 B2
`
`200
`
`210
`
`ADMINISTRATOR
`
`POLICY DATA STORE
`
`220
`
`240
`
`ENABLE
`SECURITY
`MODEA
`
`NETWORK
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`252
`
`25 0 /
`
`FIG. 4
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 006
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 5 of 10
`
`US 8,442,489 B2
`
`200
`
`210
`
`ADMINISTRATOR
`
`POLICY DATA STORE
`
`220
`
`240
`
`ENABLE
`SECURITY
`MODEA
`
`NETWORK
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`350 _ /
`
`USER
`
`250
`
`352
`
`FIG. S
`
`USER
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 007
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 6 of 10
`
`US 8,442,489 B2
`
`IT ADMINISTRATOR V
`
`CONFIGURES IT SECURITY
`POLICY
`
`400
`
`1'
`
`POLICY DEPLOYED TO V 402
`
`DEVICES
`
`111
`
`DEVICES OPERATE IN V
`
`DEFINED IT SECURITY
`MODE
`
`404
`
`FIG. 6
`
`,,
`USER OF DEVICE CAN SEE V
`
`INDICATION OF DEVICE
`SECURITY MODE OF
`OPERATION
`
`406
`
`' .
`IT ADMINISTRATOR I/
`
`RECEIVES AN INDICATION
`THAT DEVICES HAVE
`RECEIVED AND HAVE
`ENTERED INTO THE
`DEFINED SECURITY MODE
`OF OPERATION
`
`408
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 008
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 7 of 10
`
`US 8,442,489 B2
`
`520
`
`200
`
`CORPORA TE/GOVERNMENT
`SECURITY POLICY
`
`ADMINISTRATOR
`
`SETIN
`ACCORDANCE WITH
`
`AES, TRIPLE
`DES
`
`510
`
`210
`
`500
`
`240
`
`POLICY DATA STORE
`
`NETWORK
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`252
`
`FIG. 7
`
`250 /
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 009
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 8 of 10
`
`US 8,442,489 B2
`
`200
`
`ADMINISTRATOR
`
`600
`
`210
`
`POLICY DATA STORE
`
`630
`
`NETWORK
`
`LIST OF
`DEVICES
`
`240
`
`610
`
`620
`
`ACCEPTABLE
`SECURITY
`SCHEME(S)
`
`WHICH
`DEVICES
`
`ACCEPTABLE
`SECURITY
`SCHEME(S)
`
`WHICH
`DEVICES
`
`SECURITY
`MODEB
`SETTINGS
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`252
`
`250_/
`
`FIG.8
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 010
`
`
`
`U.S. Patent
`
`May 14, 2013
`
`Sheet 9 of 10
`
`US 8,442,489 B2
`
`200
`
`ADMINISTRATOR
`
`600
`
`POLICY DATA STORE
`
`630
`
`LIST OF
`DEVICES
`
`240
`
`210
`
`SECURITY
`MODEA
`SETTINGS
`
`610
`
`620
`
`ACCEPTABLE
`SECURITY
`SCHEME(S)
`
`WHICH
`DEVICES
`
`ACCEPTABLE
`SECURITY
`SCHEME(S)
`
`WHICH
`DEVICES
`
`NETWORK
`
`710
`
`MOBILE DEVICE
`
`MOBILE DEVICE
`
`DESKTOP
`COMPUTER
`
`DESKTOP
`COMPUTER
`
`252
`
`250_ /
`
`FIG. 9
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 011
`
`
`
`824A
`
`Voice Communication
`Module
`
`8248
`
`Data Communication
`Module
`
`100
`(
`
`7-~~
`
`\
`\
`\
`\
`\
`
`Display
`
`Non-volatile
`Memory
`
`~II
`
`826
`
`Other Software
`Modules
`--------------1
`820 I
`I
`DSPlf--i-------.11
`I
`I
`I
`I
`I
`I
`
`Si nals
`
`Rx
`
`816
`
`.........,,.........
`
`813
`
`s:
`
`ff a "O a 0 m
`
`,.,,
`,.,,
`0 -,
`
`Auxiliary 1/0
`828
`
`830
`
`832
`
`Microphone
`
`838
`
`836
`
`('D
`('D
`
`rJJ =(cid:173)
`.....
`....
`0
`0 ....
`....
`
`0
`
`....-------__, Sig na Is
`
`I
`I
`Tx ~------' I
`Control
`I
`I
`814
`I 818
`- - - - - - C - a11 - - - - - ..,
`
`Other Device
`Subsystems
`
`Short-Range
`Communications
`842
`
`840
`
`FIG.10
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 012
`
`
`
`US 8,442,489 B2
`
`1
`SYSTEM AND METHOD FOR CONFIGURING
`DEVICES FOR SECURE OPERATIONS
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`2
`As will be appreciated, the systems and methods disclosed
`herein are capable of different embodiments, and its details
`are capable of modifications in various respects. Accordingly,
`the drawings and description set forth below are to be
`regarded as illustrative in nature and not restrictive.
`
`5
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`This application is a continuation of U.S. patent applica(cid:173)
`tion Ser. No. 11/065,901, filed Feb. 25, 2005, entitled "Sys(cid:173)
`tem and Method for Configuring Devices for Secure Opera(cid:173)
`tions," which claims priority to and the benefit of U.S. 10
`Provisional Patent Application 60/567,137, filed Apr. 30,
`2004, entitled "System and Method for Configuring Devices
`for Secure Operations," the entirety ofboth of which is hereby
`incorporated by reference.
`
`BACKGROUND
`
`FIG. 1 is an overview of an example communication sys(cid:173)
`tem in which a wireless communication device may be used.
`FIG. 2 is a block diagram of a further example communi(cid:173)
`cation system including multiple networks and multiple
`mobile communication devices.
`FIG. 3 is a block diagram depicting a system wherein an IT
`15 (information technology) administrator can collect and store
`IT security policies.
`FIG. 4 is a block diagram depicting different security mode
`instructions being provided to devices.
`FIG. 5 is a block diagram depicting the generation of visual
`indicators for display to users that indicate the devices' secure
`mode of operation type.
`FIG. 6 is a flowchart depicting an operational scenario
`wherein a security policy is deployed to multiple devices.
`FIG. 7 is a block diagram depicting the deployment of a
`25 PIPS mode of operation.
`FIGS. 8 and 9 are block diagrams depicting multiple secu(cid:173)
`rity mode settings being deployed to the devices.
`FIG. 10 is a block diagram of an example mobile device.
`
`1. Technical Field
`The present invention relates generally to the field of com- 20
`munications, and in particular to configuring devices for
`secure operations.
`2. Description of the Related Art
`Mobile wireless communications devices are increasingly
`being used within corporate and governmental organizations.
`With the increased usage of mobile devices, companies are
`faced with the issue of defining and enforcing a secure mode
`of operation for their deployed devices that they consider
`secure and in accordance with their corporate or government
`security policy.
`For example, when government agencies purchase and
`deploy a product that has been validated to PIPS 140-2 ("Se(cid:173)
`curity Requirements for Cryptographic Modules") the prod(cid:173)
`uct is only authorized for use by employees when it operates
`in a secure mode of operation referred to as the PIPS mode of 35
`operation. With the many different security settings that are
`potentially configurable, the task of defining and configuring
`a secure mode of operation on an individual IT policy basis
`for multiple devices is difficult. Also, once a device is con(cid:173)
`figured into a secure mode, the device operator does not have 40
`an efficient way to know that the device has been so config(cid:173)
`ured.
`
`30
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is an overview of an example communication sys-
`tem in which a wireless communication device may be used.
`One skilled in the art will appreciate that there may be hun(cid:173)
`dreds of different topologies, but the system shown in FIG. 1
`helps demonstrate the operation of the encoded message pro-
`cessing systems and methods described in the present appli(cid:173)
`cation. There may also be many message senders and recipi(cid:173)
`ents. The simple system shown in FIG. 1 is for illustrative
`purposes only, and shows perhaps the most prevalent Internet
`e-mail environment where security is not generally used.
`FIG. 1 shows an e-mail sender 10, the Internet 20, a mes(cid:173)
`sage server system 40, a wireless gateway 85, wireless infra(cid:173)
`structure 90, a wireless network 105 and a mobile communi-
`45 cation device 100.
`An e-mail sender system 10 may, for example, be con(cid:173)
`nected to an ISP (Internet Service Provider) on which a user
`of the system 10 has an account, located within a company,
`possibly connected to a local area network (LAN), and con-
`50 nected to the Internet 20, or connected to the Internet 20
`through a large ASP (application service provider) such as
`America Online (AOL). Those skilled in the art will appreci(cid:173)
`ate that the systems shown in FIG. 1 may instead be connected
`to a wide area network (WAN) other than the Internet,
`55 although e-mail transfers are commonly accomplished
`through Internet-connected arrangements as shown in FIG. 1.
`The message server 40 may be implemented, for example,
`on a network computer within the firewall of a corporation, a
`computer within an ISP or ASP system or the like, and acts as
`60 the main interface for e-mail exchange over the Internet 20.
`Although other messaging systems might not require a mes(cid:173)
`sage server system 40, a mobile device 100 configured for
`receiving and possibly sending e-mail will normally be asso(cid:173)
`ciated with an account on a message server. Perhaps the two
`65 most common message servers are Microsoft Exchange™
`and Lotus Domino™. These products are often used in con(cid:173)
`junction with Internet mail routers that route and deliver mail.
`
`BRIEF SUMMARY
`
`In accordance with the teachings disclosed herein, systems
`and methods are provided for establishing security-related
`modes of operation for computing devices. As an example of
`a system and method, a policy data store contains security
`mode configuration data related to the computing devices.
`Security mode configuration data is used in establishing a
`security-related mode of operation for the computing devices.
`As another example, a computing device can be configured
`to utilize a centralized policy data store to implement a secu(cid:173)
`rity-related mode of operation. The computing device
`includes a communication interface and a system processor.
`The communication interface facilitates communication
`between a centralized policy data store and the computing
`device. Processing instructions that operate on the computing
`device include security instructions that place the computing
`device in a secure mode of operation responsive to configu(cid:173)
`ration data received from the centralized policy data store via
`the communication interface. The system processor instruc(cid:173)
`tions can also include user interface instructions for sending a
`notification to a display associated with the computing
`device. The output can include a visual indication of the
`security mode of operation.
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 013
`
`
`
`US 8,442,489 B2
`
`3
`These intermediate components are not shown in FIG. 1, as
`they do not directly play a role in the secure message process(cid:173)
`ing described below. Message servers such as server 40 typi(cid:173)
`cally extend beyond just e-mail sending and receiving; they
`also include dynamic database storage engines that have pre(cid:173)
`defined database formats for data like calendars, to-do lists,
`task lists, e-mail and documentation.
`The wireless gateway 85 and infrastructure 90 provide a
`link between the Internet 20 and wireless network 105. The
`wireless infrastructure 90 determines the most likely network
`for locating a given user and tracks the user as they roam
`between countries or networks. A message is then delivered to
`the mobile device 100 via wireless transmission, typically at
`a radio frequency (RF), from a base station in the wireless
`network 105 to the mo bile device 100. The particular network
`105 may be virtually any wireless network over which mes(cid:173)
`sages may be exchanged with a mobile communication
`device.
`As shown in FIG. 1, a composed e-mail message 15 is sent
`by the e-mail sender 10, located somewhere on the Internet
`20. This message 15 is normally fully in the clear and uses
`traditional Simple Mail Transfer Protocol (SMTP), RFC822
`headers and Multipurpose Internet Mail Extension (MIME)
`body parts to define the format of the mail message. These
`techniques are all well known to those skilled in the art. The
`message 15 arrives at the message server 40 and is normally
`stored in a message store. Most known messaging systems
`support a so-called "pull" message access scheme, wherein
`the mobile device 100 must request that stored messages be
`forwarded by the message server to the mobile device 100.
`Some systems provide for automatic routing of such mes(cid:173)
`sages which are addressed using a specific e-mail address
`associated with the mobile device 100. In a preferred embodi(cid:173)
`ment described in further detail below, messages addressed to
`a message server account associated with a host system such
`as a home computer or office computer which belongs to the
`user of a mobile device 100 are redirected from the message
`server 40 to the mobile device 100 as they are received.
`Regardless of the specific mechanism controlling the for(cid:173)
`warding of messages to the mobile device 100, the message
`15, or possibly a translated or reformatted version thereof, is
`sent to the wireless gateway 85. The wireless infrastructure 90
`includes a series of connections to wireless network 105.
`These connections could be Integrated Services Digital Net(cid:173)
`work (ISDN), Frame Relay or Tl connections using the TCP/
`IP protocol used throughout the Internet. As used herein, the
`term "wireless network" is intended to include three different
`types of networks, those being (1) data-centric wireless net(cid:173)
`works, (2) voice-centric wireless networks and (3) dual-mode
`networks that can support both voice and data communica(cid:173)
`tions over the same physical base stations. Combined dual(cid:173)
`mode networks include, but are not limited to, (1) Code
`Division Multiple Access (CDMA) networks, (2) the Groupe
`Special Mobile or the Global System for Mobile Communi(cid:173)
`cations (GSM) and the General Packet Radio Service (GPRS)
`networks, and (3) future third-generation (3G) networks like
`Enhanced Data-rates for Global Evolution (EDGE) and Uni(cid:173)
`versal Mobile Telecommunications Systems (UMTS). Some
`older examples of data-centric network include the Mobi(cid:173)
`tex™ Radio Network and the DataTAC™ Radio Network.
`Examples of older voice-centric data networks include Per(cid:173)
`sonal Communication Systems (PCS) networks like GSM,
`and TDMA systems.
`FIG. 2 is a block diagram of a further example communi(cid:173)
`cation system including multiple networks and multiple
`mobile communication devices. The system of FIG. 2 is sub(cid:173)
`stantially similar to the FIG. 1 system, but includes a host
`
`4
`system 30, a redirection program 45, a mobile device cradle
`65, a wireless virtual private network (VPN) router 75, an
`additional wireless network 110 and multiple mobile com(cid:173)
`munication devices 100. As described above in conjunction
`5 with FIG. 1, FIG. 2 represents an overview of a sample
`network topology. Although the encoded message processing
`systems and methods described herein may be applied to
`networks having many different topologies, the network of
`FIG. 2 is useful in understanding an automatic e-mail redi-
`10 rection system mentioned briefly above.
`The central host system 30 will typically be a corporate
`office or other LAN, but may instead be a home office com(cid:173)
`puter or some other private system where mail messages are
`being exchanged. Within the host system 30 is the message
`15 server 40, running on some computer within the firewall of
`the host system, that acts as the main interface for the host
`system to exchange e-mail with the Internet 20. In the system
`of FIG. 2, the redirection program 45 enables redirection of
`data items from the server 40 to a mobile communication
`20 device 100. Although the redirection program 45 is shown to
`reside on the same machine as the message server 40 for ease
`of presentation, there is no requirement that it must reside on
`the message server. The redirection program 45 and the mes(cid:173)
`sage server 40 are designed to co-operate and interact to allow
`25 the pushing of information to mobile devices 100. In this
`installation, the redirection program 45 takes confidential and
`non-confidential corporate information for a specific user and
`redirects it out through the corporate firewall to mobile
`devices 100. A more detailed description of the redirection
`30 software 45 may be found in the commonly assigned U.S. Pat.
`No. 6,219,694 ("the '694 patent"), entitled "System and
`Method for Pushing Information From A Host System To A
`Mobile Data Communication Device Having A Shared Elec(cid:173)
`tronic Address", and issued to the assignee of the instant
`35 application on Apr. 17, 2001, which is hereby incorporated
`into the present application by reference. This push technique
`may use a wireless friendly encoding, compression and
`encryption technique to deliver all information to a mobile
`device, thus effectively extending the security firewall to
`40 include each mobile device 100 associated with the host
`system 30.
`As shown in FIG. 2, there may be many alternative paths
`for getting information to the mobile device 100. One method
`for loading information onto the mobile device 100 is through
`45 a port designated 50, using a device cradle 65. This method
`tends to be useful for bulk information updates often per(cid:173)
`formed at initialization of a mobile device 100 with the host
`system 30 or a computer 35 within the system 30. The other
`main method for data exchange is over-the-air using wireless
`50 networks to deliver the information. As shown in FIG. 2, this
`may be accomplished through a wireless VPN router 75 or
`through a traditional Internet connection 95 to a wireless
`gateway 85 and a wireless infrastructure 90, as described
`above. The concept of a wireless VPN router 75 is new in the
`55 wireless industry and implies that a VPN connection could be
`established directly through a specific wireless network 110
`to a mobile device 100. The possibility of using a wireless
`VPN router 75 has only recently been available and could be
`used when the new Internet Protocol (IP) Version 6 (IPV6)
`60 arrives into IP-based wireless networks. This new protocol
`will provide enough IP addresses to dedicate an IP address to
`every mobile device 100 and thus make it possible to push
`information to a mobile device 100 at any time. A principal
`advantage of using this wireless VPN router75 is that it could
`65 be an off-the-shelfVPN component, thus it would not require
`a separate wireless gateway 85 and wireless infrastructure 90
`to be used. A VPN connection would preferably be a Trans-
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 014
`
`
`
`US 8,442,489 B2
`
`5
`
`5
`mission Control Protocol (TCP)/IP or User Datagram Proto(cid:173)
`col (UDP)/IP connection to deliver the messages directly to
`the mobile device 100. If a wireless VPN 75 is not available
`then a link 95 to the Internet 20 is the most common connec(cid:173)
`tion mechanism available and has been described above.
`In the automatic redirection system of FIG. 2, a composed
`e-mail message 15 leaving the e-mail sender 10 arrives at the
`message server 40 and is redirected by the redirection pro(cid:173)
`gram 45 to the mobile device 100. As this redirection takes
`place the message 15 is re-enveloped, as indicated at 80, and 10
`a possibly proprietary compression and encryption algorithm
`can then be applied to the original message 15. In this way,
`messages being read on the mobile device 100 are no less
`secure than if they were read on a desktop workstation such as 15
`35 within the firewall. All messages exchanged between the
`redirection program 45 and the mobile device 100 preferably
`use this message repackaging technique. Another goal of this
`outer envelope is to maintain the addressing information of
`the original message except the sender's and the receiver's 20
`address. This allows reply messages to reach the appropriate
`destination, and also allows the "from" field to reflect the
`mobile user's desktop address. Using the user's e-mail
`address from the mobile device 100 allows the received mes(cid:173)
`sage to appear as though the message originated from the
`user's desktop system 35 rather than the mobile device 100.
`With reference back to the port 50 and cradle 65 connec(cid:173)
`tivity to the mobile device 100, this connection path offers
`many advantages for enabling one-time data exchange of
`large items. For those skilled in the art of personal digital
`assistants (PDAs) and synchronization, the most common
`data exchanged over this link is Personal Information Man(cid:173)
`agement (PIM) data 55. When exchanged for the first time
`this data tends to be large in quantity, bulky in nature and 35
`requires a large bandwidth to get loaded onto the mobile
`device 100 where it can be used on the road. This serial link
`may also be used for other purposes, including setting up a
`private security key 111 such as an S/MIME or PGP specific
`private key, the Certificate (Cert) of the user and their Certifi(cid:173)
`cate Revocation Lists (CRLs) 60. The private key is prefer(cid:173)
`ably exchanged so that the desktop 35 and mobile device 100
`share one personality and one method for accessing all mail.
`The Cert and CRLs are normally exchanged over such a link
`because they represent a large amount of the data that is
`required by the device for S/MIME, PGP and other public key
`security methods.
`FIG. 3 depicts a system wherein an IT (information tech(cid:173)
`nology) administrator 200 can collect all applicable IT secu(cid:173)
`rity policies 202 into one convenient location ( e.g., policy
`data store 210). The placement of IT policies 202 in one
`location 210 allows an administrator 200 to configure the
`policies 202 appropriately, and to enable (220) or disable
`(230) a secure mode defined therein for the devices 250.
`Mode instructions (e.g., commands 220 and 230) may be 55
`sent to the devices 250 over many different types of data
`communication links, such as a network 240. Different
`devices may be connected to the network 240, including
`mobile devices ( e.g., mobile wireless communications device
`252) and desktop/laptop computers ( e.g., desktop computer 60
`254).
`As shown in FIG. 4, the devices 250 can be instructed to be
`in a first secure mode of operation, and then later they can be
`switched to a different secure mode of operation. For
`example, an administrator 200 may send a security mode A 65
`enable command 220. Later because of a change in IT secu(cid:173)
`rity policy, the administrator 200 wishes to raise the security
`
`6
`level of the mode in which the devices 250 are operating and
`therefore sends a security mode B enable command 300 to the
`devices 250.
`FIG. 5 illustrates that the devices 250 can provide some
`type of an indication to the users of the devices. The indica(cid:173)
`tion can be a visual indication 350 which is provided to a user
`352. The visual indication 350 indicates to the user 352 that
`the device 252 is operating in a specific secure mode. For
`example, it can display in a security options screen that the
`device 252 is operating in a PIPS mode of operation due to the
`security configuration sent by the administrator 200.
`FIG. 6 depicts an operational scenario wherein a security
`policy is deployed to multiple devices. At step 400, an IT
`administrator (or its agent) configures a security policy and
`deploys it to the devices at step 402. In this operational sce(cid:173)
`nario, an IT administrator can designate and deploy a security
`mode to multiple devices with minimal effort on the part of
`the IT administrator. As an illustration, an IT administrator
`can click an administrator's interface checkbox to designate
`that all ( or most) of the devices should be uniformly operating
`at security level three.
`At step 404, the devices receive the deployed security
`mode and process the mode command. Processing of the
`command causes the devices to operate in the defined security
`25 mode. At step 406, a user of the device can see an indication
`of which specific security mode the device has been config(cid:173)
`ured by the IT administrator. At step 408, the IT administrator
`receives an indication from the devices that the devices have
`received and entered into the designated secure mode of
`30 operation.
`It should be understood that similar to the other processing
`flows described herein, the steps and the order of the steps in
`the flowchart described herein may be altered, modified and/
`or augmented and still achieve the desired outcome.
`FIG. 7 depicts a system wherein an IT administrator 200
`can define a meta IT policy for a PIPS mode of operation 510.
`The parameters for the PIPS mode of operation 510 are set in
`accordance with corporate or government security policies
`520 (e.g., PIPS 140-2). The defined PIPS mode of operation
`40 510 limits the use of cryptographic algorithms by the devices
`250 to those that are PIPS-approved ( e.g., AES and Triple
`DES), and when enabled, forces the devices to use only these
`algorithms.
`FIG. 8 illustrates that multiple security mode settings 630
`45 can be deployed to the devices 250. The policy data store 210
`in this example contains a list 600 of devices as well as which
`security modes should be used for the devices. The policy
`data store 210 can contain one or more data structures for
`indicating which devices should utilize which security
`50 schemes. For example, a data structure 610 can be used to
`store which devices should use security mode A settings, and
`data structure 620 can be used to store which devices should
`use security mode B settings. FIG. 9 shows that based upon
`the information contained in the data structures 610 and 620,
`different settings ( e.g., security settings A 700 and security
`settings B 710) can be deployed to different devices at the
`same time or at different times.
`The systems and methods disclosed herein are presented
`only by way of example and are not meant to limit the scope
`of the invention. Other variations of the systems and methods
`described above will be apparent to those skilled in the art and
`as such are considered to be within the scope of the invention.
`For example, the systems and methods disclosed herein may
`be used with many different computers and devices, such as a
`wireless mobile communications device shown in FIG. 10.
`With reference to FIG. 10, the mobile device 100 is a dual-
`mode mobile device and includes a transceiver 811, a micro-
`
`MOBILEIRON, INC. - EXHIBIT 1001
`Page 015
`
`
`
`US 8,442,489 B2
`
`7
`processor 838, a display 822, non-volatile memory 824, ran(cid:173)
`dom access memory (RAM) 826, one or more auxiliary input/
`output (I/O) devices 828, a serial port 830, a keyboard 832, a
`speaker 834, a microphone 836, a short-range wireless com(cid:173)
`munications sub-system 840, and other device sub-systems 5
`842.
`The transceiver 811 includes a receiver 812, a transmitter
`814, antennas 816 and 818, one or more local oscillators 813,
`and a digital signal processor (DSP) 820. The antennas 816
`and 818 may be antenna elements of a multiple-element
`antenna, and are preferably embedded antennas. However,
`the systems and methods described herein are in no way
`restricted to a particular type of antenna, or even to wireless
`communication devices.
`The mobile device 100 is preferably a two-way communi(cid:173)
`cation device having voice and data communication capabili(cid:173)
`ties. Thus, for example, the mobile device 100 may commu(cid:173)
`nicate over a voice network, such as any of the analog or
`digital cellular networks, and may also communicate over a
`data network. The voice and data networks are depicted in
`FIG. 10 by the communication tower 819. These voice and
`data networks may be separate communication networks
`using separate infrastructure, such as base stations, network
`controllers, etc., or they may be integrated into a single wire(cid:173)
`less network.
`The transceiver 811 is used to communicate with the net(cid:173)
`work 819, and includes the receiver 812, the transmitter 814,
`the one or more local oscillators 813 and the DSP 820. The
`DSP 820 is used to send and receive signals to and from the
`transceivers 816 and 818, and also provides control informa- 30
`tion to the receiver 812 and the transmitter 814. If the voice
`and data communications occur at a single frequency, or
`closely-spaced sets of frequencies, then a single local oscil(cid:173)
`lator 813 may be used in conjunction with the receiver 812
`and the transmitter 814. Alternatively, if different frequencies
`are utilized for voice communications versus data communi(cid:173)
`cations for example, then a plurality of local oscillators 813
`can be used to generate a plurality of frequencies correspond(cid:17