Centralized Dynamic Security Control for a Mobile Device Network
First Claim
1. A security system for use in aiding in the exclusion of unauthorized access to an enterprise network or to enterprise data, said system comprising:
- a mobile device on which operates a software security agent that monitors compliance of said mobile device with at least one security policy and limits access of said mobile device to a networked environment when said mobile device is not in compliance with said security policy;
a security policy server on which is stored said at least one security policy applicable to said mobile device;
server management agent software through which said at least one security policy on said security policy server can be modified by an administrator, and which automatically sends a command message over said networked environment to said mobile device upon a change to said security policy; and
wherein upon processing said command message by said software security agent operating on said mobile device said security policy on said mobile device is revised.
6 Assignments
0 Petitions
Accused Products
Abstract
An security system for an enterprise network and data automates the revision, deployment, enforcement, auditing and control of security policies on mobile devices connected to said enterprise network, through automated communication between a security policy server and the mobile device. Control of the security system is centralized through administrative control of security policies stored on the security policy server. Automation of deployment of security policies to mobile devices occurs through transparent background communication and transfer of updated policies either triggered by a change in a security policy within the central repository of security policies or upon the expiration of a certain time period during which no policies were downloaded to the mobile device. When the mobile device is not in compliance with a security policy, a software security agent operating thereon limits access to said enterprise network and enterprise data. To aid in preventing the overwhelming of the enterprise network and the security policy server as a result of to many synchronization communications coming from too many mobile devices, a randomized timer is set by the software security agent upon receipt by the mobile device of a synchronization command from the security policy server.
-
Citations
6 Claims
-
1. A security system for use in aiding in the exclusion of unauthorized access to an enterprise network or to enterprise data, said system comprising:
-
a mobile device on which operates a software security agent that monitors compliance of said mobile device with at least one security policy and limits access of said mobile device to a networked environment when said mobile device is not in compliance with said security policy;
a security policy server on which is stored said at least one security policy applicable to said mobile device;
server management agent software through which said at least one security policy on said security policy server can be modified by an administrator, and which automatically sends a command message over said networked environment to said mobile device upon a change to said security policy; and
wherein upon processing said command message by said software security agent operating on said mobile device said security policy on said mobile device is revised. - View Dependent Claims (2, 3)
-
-
4. A method for automated centralized control of security features of an enterprise communication network, said method comprising the steps of:
-
providing a security system comprising;
a mobile device on which operates a software security agent that monitors compliance of said mobile device with at least one security policy;
a security policy server on which is stored said at least one security policy applicable to said mobile device and through use of which said at least one security policy can be modified;
a networked environment through which said mobile device can transmit data to and receive data from said security policy server;
providing said mobile device with an initial configuration compliant with said at least one security policy;
initiating a communication session between said mobile device and said security policy server without mobile device user participation;
downloading a revised security policy from said security policy server to said mobile device. - View Dependent Claims (5, 6)
-
Specification