Context-based dynamic policy system for mobile devices and supporting network infrastructure
First Claim
1. A method of selecting a first network policy for a mobile device that operates as an endpoint in a communications network, the method comprising:
- storing network policy values for a mobile device in a storage system, the network policy values relating context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network in which the mobile device operates as an endpoint, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device;
receiving first context-based values for the mobile device from at least one context-based data source;
using the first context-based values to select the first network policy for the mobile device from the stored network policy values, the first network policy specifying first operational features configured to manage the communications between the mobile device and the network infrastructure;
sending endpoint configuration values for the first network policy to an endpoint policy management unit to control operations of the mobile device; and
sending network-infrastructure configuration values for the first network policy to a network infrastructure policy management unit to control operations of the network infrastructure, wherein the sent network-infrastructure configuration values control operations of the network infrastructure by at least four of the following;
enablement of a quality of service setting,enablement of a priority setting,enablement of a network access control setting,enablement of a proxy setting,enablement of an authentication requirement,enablement of an intrusion detection setting,enablement of an intrusion prevention setting,enablement of access to a network,enablement of access to a servers,enablement of access to a directory,disablement of a quality of service setting,disablement of a priority setting,disablement of a network access control setting,disablement of a proxy setting,disablement of an authentication requirement,disablement of an intrusion detection setting,disablement of an intrusion prevention setting,disablement of access to a network,disablement of access to a server, ordisablement of access to a directory.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods dynamically adapt network policies for mobile devices by accessing context-based values to allocate or restrict capabilities on the mobile devices or within the network. Context-based values may include position or velocity as well as more general environment features such as proximity of other devices, the presence or absence of other wireless signals or network traffic, parameters measured by local or remote sensors, user credentials, or unique user or signal inputs to the device. Relevant capabilities may include access to hardware and software interfaces and related parameter sets including priority settings.
-
Citations
38 Claims
-
1. A method of selecting a first network policy for a mobile device that operates as an endpoint in a communications network, the method comprising:
-
storing network policy values for a mobile device in a storage system, the network policy values relating context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network in which the mobile device operates as an endpoint, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; receiving first context-based values for the mobile device from at least one context-based data source; using the first context-based values to select the first network policy for the mobile device from the stored network policy values, the first network policy specifying first operational features configured to manage the communications between the mobile device and the network infrastructure; sending endpoint configuration values for the first network policy to an endpoint policy management unit to control operations of the mobile device; and sending network-infrastructure configuration values for the first network policy to a network infrastructure policy management unit to control operations of the network infrastructure, wherein the sent network-infrastructure configuration values control operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
9. An apparatus configured to select a first network policy for a mobile device that operates as an endpoint in a communications network, the apparatus comprising at least one computer configured to instantiate computer-implemented modules including:
-
a policy-storage module that is configured to store network policy values for a mobile device in a storage system, the network policy values relating context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; a value-receiving module that is configured to receive first context-based values for the mobile device from at least one context-based data source; a policy-selection module that is configured to use the first context-based values to select the first network policy for the mobile device from the stored network policy values, the first network policy specifying first operational features configured to manage the communications between the mobile device and the network infrastructure; a first value-sending module configured to send endpoint configuration values for the first network policy to an endpoint policy management unit to control operations of the mobile device; and a second value-sending module configured to send network-infrastructure configuration values for the first network policy to a network infrastructure policy management unit to control operations of the network infrastructure, wherein the sent network-infrastructure configuration values control operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium that stores one or more computer programs that, when executed by one or more processors, effectuate operations comprising:
-
storing network policy values for a mobile device in a storage system, the network policy values relating context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; receiving first context-based values for the mobile device from at least one context-based data source; using the first context-based values to select the first network policy for the mobile device from the stored network policy values, the first network policy specifying first operational features for managing the communications between the mobile device and the network infrastructure; sending endpoint configuration values for the first network policy to an endpoint policy management unit to control operations of the mobile device; and sending network-infrastructure configuration values for the first network policy to a network infrastructure policy management unit to control operations of the network infrastructure, wherein the sent network-infrastructure configuration values control operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory.
-
-
17. A method of implementing a network policy for a mobile device that operates as an endpoint in a communications network, the method comprising:
-
receiving context-based values for a mobile device from at least one context-based data source; sending the context-based values to a dynamic policy unit that determines network policies related to the mobile device from the context-based values, the network policies relating the context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; receiving values for a network policy from the dynamic policy unit, the network policy specifying the operational features for managing the communications between the mobile device and the network infrastructure; sending instructions to a control unit that enforces the network policy for at least a portion of the communications network, the control unit including a network-infrastructure control unit that controls operations of the network infrastructure by controlling at least some hardware or software of the at least one server or router included in the network infrastructure, wherein controlling operations of the network infrastructure comprises controlling operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An apparatus for implementing a network policy for a mobile device that operates as an endpoint in a communications network, the apparatus comprising at least one computer to perform operations for computer-implemented modules including:
-
a data-retrieval module configured to receive context-based values for the mobile device from at least one context-based data source and sends the context-based values to a dynamic policy unit that determines network policies related to the mobile device from the context-based values, the network policies relating the context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in the communications network, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; a dynamic-policy-enforcement module configured to receive values for a network policy from the dynamic policy unit and sends instructions to a control unit that enforces the network policy for at least a portion of the communications network, the control unit including a network-infrastructure control unit that controls operations of the network infrastructure by controlling at least some hardware or software of the at least one server or router included in the network infrastructure, wherein controlling operations of the network infrastructure comprises controlling operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A non-transitory computer-readable medium that stores a computer program including instructions that, when executed by a computer, cause the computer to perform operations comprising:
-
receiving, with one or more processors, context-based values for a mobile device from at least one context-based data source; sending, with one or more processors, the context-based values to a dynamic policy unit that determines network policies related to the mobile device from the context-based values, the network policies relating the context-based values for the mobile device to operational features for managing communications between the mobile device and network infrastructure that supports operations of the mobile device in a communications network, the network infrastructure including at least one server or router that provides access to the communications network for the mobile device; receiving, with one or more processors, values for a network policy from the dynamic policy unit, the network policy specifying the operational features configured to manage the communications between the mobile device and the network infrastructure; sending, with one or more processors, instructions to a control unit that enforces the network policy for at least a portion of the communications network, the control unit including a network-infrastructure control unit that controls operations of the network infrastructure by controlling at least some hardware or software of the at least one server or router included in the network infrastructure, wherein controlling operations of the network infrastructure comprises controlling operations of the network infrastructure by at least four of the following; enablement of a quality of service setting, enablement of a priority setting, enablement of a network access control setting, enablement of a proxy setting, enablement of an authentication requirement, enablement of an intrusion detection setting, enablement of an intrusion prevention setting, enablement of access to a network, enablement of access to a servers, enablement of access to a directory, disablement of a quality of service setting, disablement of a priority setting, disablement of a network access control setting, disablement of a proxy setting, disablement of an authentication requirement, disablement of an intrusion detection setting, disablement of an intrusion prevention setting, disablement of access to a network, disablement of access to a server, or disablement of access to a directory.
-
Specification