There are existing mobile device security solutions referred to Mobile Device Management (MDM) systems that catalog, assign, track and maintain users, devices, applications and data at a binary acceptable or not acceptable security level. As the complexity of business and data security increases there are mandates to create a user security awareness that can react to security policy with multiple varied states of operation beyond the current binary restriction of allowed or disallowed.
Applications and systems such as disclosed in U.S. Patent US20080009264, U.S. Pat. No. 7,373,137 and U.S. Pat. No. 8,789,136 define secure events and configurations where a device (via communication to a server or in isolation via an internal count down algorithm) determine if the device security is compromised and thus data and application access should be limited or wiped.
Existing systems do not leverage the increased computational power of the modem devices or use methods of onboard sensor data capture and analysis to produce a contextual awareness of the user, device and assigned security policies. The need for a near real time contextual system with predictive support or deterioration of the security states as represented by multiple sensor readings, other data sources, and algorithms compared to assigned security policies are required by both Government and Industry.
Electronic systems and devices which are subject to varying conditions of use, either by virtual of physical mobility or varying access within a given location, are subject to security concerns whereby sensitive data, application functions, or other information, may be inadvertently or purposefully exposed to unauthorized users or entities.
The concept known as Tailored Trustworthy Spaces (TTS) which encompasses the application of varying levels of security including application feature and data access controls to an electronic system or device based on the current operating posture of that device.
Security policies are often generated to provide information assurance and access control, but are often difficult to enforce when they apply to the operation of one or more devices within a system, especially when these devices are of a type not subject to physical access control, or of a type which may be moved from the normal location of operation, or of a type which are considered mobile and constantly being moved from one location to another during normal operations.
Mobile devices, such as modem cell phones, tablets, watches, and others, often contain environmental sensors which may be used to measure, determine, or infer the nature and extent of user interaction with the device, or the operational condition or environment of the device. Non mobile devices (desktop computers, servers, and other equipment), while not normally fitted with such sensors, may also contain such sensors which may be added as peripherals, or which may be included in future designs of such systems.
Digital certificates are a type of digital credential which is used for user/device identification, the encrypting of data and communications, and the signing of data.
Existing systems do not have a suitable method for loading digital credentials from a secure sender to an insecure receiver without including a vulnerability whereby the insecure receiver would potentially be able to exploit vulnerabilities in the secure sender and, among other things, inject unwanted or unauthorized code or data into the sender system.