Security policy enforcement for mobile devices based on device state
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
receive a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at a security device, wherein the HIP report includes device state information for the mobile device;
apply a policy based on the HIP report for the mobile device, comprising to;
determine whether the HIP report matches one of a plurality of policy reports, the one policy report including disk encryption not being enabled on the mobile device; and
in response to a determination that the HIP report matches the one policy report, remove a required certificate for accessing an enterprise resource; and
perform access control at the security device based on the policy based on the HIP report for the mobile device, comprising to;
determine whether the required certificate for accessing the enterprise resource has been removed; and
in response to a determination that the required certificate for accessing the enterprise resource has been removed, deny the mobile device access to the enterprise resource; and
a memory coupled to the processor and configured to provide the processor with instructions.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for network-based security for mobile devices based on device state are disclosed. In some embodiments, network-based security for mobile devices based on device state includes receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, in which the HIP report includes device state information for the mobile device; applying a policy based on the HIP report for the mobile device and the device state; and performing access control at the security device based on the policy based on the HIP report for the mobile device.
-
Citations
14 Claims
-
1. A system, comprising:
-
a processor configured to; receive a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at a security device, wherein the HIP report includes device state information for the mobile device; apply a policy based on the HIP report for the mobile device, comprising to; determine whether the HIP report matches one of a plurality of policy reports, the one policy report including disk encryption not being enabled on the mobile device; and in response to a determination that the HIP report matches the one policy report, remove a required certificate for accessing an enterprise resource; and perform access control at the security device based on the policy based on the HIP report for the mobile device, comprising to; determine whether the required certificate for accessing the enterprise resource has been removed; and in response to a determination that the required certificate for accessing the enterprise resource has been removed, deny the mobile device access to the enterprise resource; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at a security device, wherein the HIP report includes device state information for the mobile device; applying a policy based on the HIP report for the mobile device, comprising; determining whether the HIP report matches one of a plurality of policy reports, the one policy report including disk encryption not being enabled on the mobile device; and in response to a determination that the HIP report matches the one policy report, removing a required certificate for accessing an enterprise resource; and performing access control at the security device based on the policy based on the HIP report for the mobile device, comprising; determining whether the required certificate for accessing the enterprise resource has been removed; and in response to a determination that the required certificate for accessing the enterprise resource has been removed, denying the mobile device access to the enterprise resource. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
-
receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at a security device, wherein the HIP report includes device state information for the mobile device; applying a policy based on the HIP report for the mobile device, comprising; determining whether the HIP report matches one of a plurality of policy reports, the one policy report including disk encryption not being enabled on the mobile device; and in response to a determination that the HIP report matches the one policy report, removing a required certificate for accessing an enterprise resource; and performing access control at the security device based on the policy based on the HIP report for the mobile device, comprising; determining whether the required certificate for accessing the enterprise resource has been removed; and in response to a determination that the required certificate for accessing the enterprise resource has been removed, denying the mobile device access to the enterprise resource. - View Dependent Claims (12, 13, 14)
-
Specification