Mobile posture-based policy, remediation and access control for enterprise resources
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;
determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and
responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at the remote management device,consulting, by an intermediate node, the table to determine the security state of the mobile device;
denying, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and
permitting mobile device traffic that identifies a port that corresponds to an authorized application;
accepting or rejecting, by an enterprise application of the mobile device, requests of the mobile device based on the security state of the mobile device in the table, in response to the enterprise application of the mobile device accessing the security state of the mobile device in the table;
causing, by the intermediate node, the new application to be blocked from launching on the mobile device; and
updating a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied.
3 Assignments
0 Petitions
Accused Products
Abstract
A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.
-
Citations
14 Claims
-
1. A computer-implemented method, comprising:
-
receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at the remote management device, consulting, by an intermediate node, the table to determine the security state of the mobile device; denying, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permitting mobile device traffic that identifies a port that corresponds to an authorized application; accepting or rejecting, by an enterprise application of the mobile device, requests of the mobile device based on the security state of the mobile device in the table, in response to the enterprise application of the mobile device accessing the security state of the mobile device in the table; causing, by the intermediate node, the new application to be blocked from launching on the mobile device; and updating a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A mobile device management system, comprising:
- a communication interface; and
a hardware processor coupled to the communication interface and configured to; receive via the communication interface, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determine, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at a remote management device, consult, by an intermediate node, the table to determine the security state of the mobile device; deny, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permit mobile device traffic that identifies a port that corresponds to an authorized application; cause, by the intermediate node, the new application to be blocked from launching on the mobile device; and update a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied wherein in response to an enterprise application of the mobile device accessing the security state of the mobile device in the table, the enterprise application of the mobile device is configured to accept or reject requests of the mobile device based on the security state of the mobile device in the table. - View Dependent Claims (9, 10, 11, 12, 13)
- a communication interface; and
-
14. A computer program product to manage mobile devices,
the computer program product being embodied in a tangible, non-transitory computer readable storage medium, and comprising computer instructions for: -
receiving, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at a remote management device, consulting, by an intermediate node, the table to determine the security state of the mobile device; denying, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permitting mobile device traffic that identifies a port that corresponds to an authorized application; accepting or rejecting, by an enterprise application of the mobile device, requests of the mobile device based on the security state of the mobile device in the table, in response to the enterprise application of the mobile device accessing the security state of the mobile device in the table; causing, by the intermediate node, the new application to be blocked from launching on the mobile device; and updating a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied.
-
Specification