Real-time mobile security posture
First Claim
1. A non-enterprise computing device for accessing enterprise computing resources, comprising:
- a network interface;
an operating system; and
logic, including at least a processor and a memory, comprising a mobile device management (MDM) agent operable for providing the non-enterprise computing device conditional access to enterprise resources, comprising;
registering with an MDM server of an enterprise the non-enterprise computing device as a non-enterprise computing device lacking enterprise control of software installation, and receiving a certificate configured to provide access to resources of the enterprise;
receiving from the MDM server instructions regarding a security posture to monitor;
registering a security posture event with the operating system;
entering a sleep mode;
waking after receiving from the operating system a notification of a security posture change event;
notifying the MDM server of the security posture change event;
receiving a security modification instruction from the MDM server; and
enforcing the security modification instruction on the computing apparatus.
12 Assignments
0 Petitions
Accused Products
Abstract
In an example, a system and method for real-time mobile security posture updates is provided. A mobile device management (MDM) agent may run on the mobile device, and may register with the operating system one or more mobile security posture change events that may affect the mobile security posture. These may include, for example, installation of an MDM agent, uninstallation of a program, connecting to a secured or unsecured network, or similar. When any such event occurs, the OS lodges the event with the MDM agent, which then communicates with an MDM server engine to potentially receive new security instructions. Lodging the event may include providing a joint user-and-device authentication to the MDM server, such as via SAML.
-
Citations
23 Claims
-
1. A non-enterprise computing device for accessing enterprise computing resources, comprising:
-
a network interface; an operating system; and logic, including at least a processor and a memory, comprising a mobile device management (MDM) agent operable for providing the non-enterprise computing device conditional access to enterprise resources, comprising; registering with an MDM server of an enterprise the non-enterprise computing device as a non-enterprise computing device lacking enterprise control of software installation, and receiving a certificate configured to provide access to resources of the enterprise; receiving from the MDM server instructions regarding a security posture to monitor; registering a security posture event with the operating system; entering a sleep mode; waking after receiving from the operating system a notification of a security posture change event; notifying the MDM server of the security posture change event; receiving a security modification instruction from the MDM server; and enforcing the security modification instruction on the computing apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions for a computing apparatus to provide a mobile device management (MDM) agent operable for providing the non-enterprise computing device conditional access to enterprise resources, comprising:
-
registering with an MDM server of an enterprise the non-enterprise computing device as a non-enterprise computing device lacking enterprise control of software installation, and receiving a certificate configured to provide access to resources of the enterprise, via a network interface; receiving from the MDM manager server instructions regarding a security posture to monitor; registering a security posture event with an operating system; entering a sleep mode; waking after receiving from the operating system a notification of a security posture change event; notifying the MDM server of the security posture change event via the network interface; receiving a security modification instruction from the MDM server; and enforcing the security modification instruction on the computing apparatus. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method of providing mobile device management (MDM), comprising:
-
registering with an MDM server of an enterprise a non-enterprise computing device as a non-enterprise computing device lacking enterprise control of software installation, and receiving a certificate configured to provide access to resources of an enterprise, via a network interface; receiving from the MDM server instructions regarding a security posture to monitor; registering a security posture event with the operating system; entering a sleep mode; waking after receiving from the operating system a notification of a security posture change event; notifying the MDM server of the security posture change event via the network interface; receiving a security modification instruction from the MDM server; and enforcing the security modification instruction. - View Dependent Claims (23)
-
Specification