Real-time mobile security posture
First Claim
Patent Images
1. A server apparatus, comprising:
- a hardware platform comprising a processor and a network connection; and
a mobile device manager (MDM), policy decision point (PDP), and policy enforcement point (PEP) to operate on the hardware platform, wherein;
the MDM is to query an end-user device, determine that the device is a non-enterprise end-user device not owned by an enterprise, and grant the non-enterprise end-user device conditional access to an enterprise resource, a condition of the conditional access comprising compliance with a security posture;
the MDM is to instruct an MDM agent of the non-enterprise end-user device to register a mobile security posture event with an operating system of the non-enterprise user device, enter a sleep mode, and wake on detecting an instance of the mobile security posture event;
the MDM is to receive from the MDM agent an instance of the mobile security posture event, wherein the mobile security posture event is selected from the group consisting of a change in biometric authentication status, a change in location, a change in installation status of the MDM agent, installation of a blacklisted program, installation of an unknown program, or a change in physical location;
the PDP is to evaluate an impact of the mobile security posture event on the end-user device'"'"'s compliance with the mobile security posture and construct a policy decision in real-time or near-real-time; and
the PEP is to enforce the policy decision.
12 Assignments
0 Petitions
Accused Products
Abstract
In an example, there is described a server apparatus, comprising: a network connection; and one or more logic elements, including at least a processor and a memory, comprising a mobile device management (MDM) engine to: instruct an MDM agent to register a mobile security posture event; receive from the MDM agent an instance of the mobile security posture event; construct a policy decision responsive at least in part to the mobile security posture event; and enforce the policy decision.
-
Citations
25 Claims
-
1. A server apparatus, comprising:
-
a hardware platform comprising a processor and a network connection; and a mobile device manager (MDM), policy decision point (PDP), and policy enforcement point (PEP) to operate on the hardware platform, wherein; the MDM is to query an end-user device, determine that the device is a non-enterprise end-user device not owned by an enterprise, and grant the non-enterprise end-user device conditional access to an enterprise resource, a condition of the conditional access comprising compliance with a security posture; the MDM is to instruct an MDM agent of the non-enterprise end-user device to register a mobile security posture event with an operating system of the non-enterprise user device, enter a sleep mode, and wake on detecting an instance of the mobile security posture event; the MDM is to receive from the MDM agent an instance of the mobile security posture event, wherein the mobile security posture event is selected from the group consisting of a change in biometric authentication status, a change in location, a change in installation status of the MDM agent, installation of a blacklisted program, installation of an unknown program, or a change in physical location; the PDP is to evaluate an impact of the mobile security posture event on the end-user device'"'"'s compliance with the mobile security posture and construct a policy decision in real-time or near-real-time; and the PEP is to enforce the policy decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to instruct a processor to:
-
communicatively couple to a network connection; and provide a mobile device manager (MDM), policy decision point (PDP), and policy enforcement point (PEP) to operate on a hardware platform, wherein; the MDM is to query an end-user device, determine that the device is a non-enterprise end-user device not owned by an enterprise, and grant the non-enterprise end-user device conditional access to an enterprise resource, a condition of the conditional access comprising compliance with a security posture; the MDM is to instruct an MDM agent of the non-enterprise end-user device to register a mobile security posture event with an operating system of the non-enterprise user device, enter a sleep mode, and wake on detecting an instance of the mobile security posture event; the MDM is to receive from the MDM agent an instance of the mobile security posture event, wherein the mobile security posture event is selected from the group consisting of a change in biometric authentication status, a change in location, a change in installation status of the MDM agent, installation of a blacklisted program, installation of an unknown program, or a change in physical location; the PDP is to evaluate an impact of the mobile security posture event on the end-user device'"'"'s compliance with the mobile security posture and construct a policy decision in real-time or near-real-time; and the PEP is to enforce the policy decision. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-implemented method, comprising:
-
communicatively coupling to a network connection; and providing a mobile device manager (MDM), policy decision point (PDP), and policy enforcement point (PEP) to operate on a hardware platform, wherein; the MDM is to query an end-user device, determine that the device is a non-enterprise end-user device not owned by an enterprise, and grant a non-enterprise end-user device conditional access to an enterprise resource, a condition of the conditional access comprising compliance with a security posture; the MDM is to instruct an MDM agent of the non-enterprise end-user device to register a mobile security posture event with an operating system of the non-enterprise user device, enter a sleep mode, and wake on detecting an instance of the mobile security posture event; the MDM is to receive from the MDM agent an instance of the mobile security posture event, wherein the mobile security posture event is selected from the group consisting of a change in biometric authentication status, a change in location, a change in installation status of the MDM agent, installation of a blacklisted program, installation of an unknown program, or a change in physical location; the PDP is to evaluate an impact of the mobile security posture event on the end-user device'"'"'s compliance with the mobile security posture and construct a policy decision in real-time or near-real-time; and the PEP is to enforce the policy decision. - View Dependent Claims (24, 25)
-
Specification