SYSTEM AND METHOD FOR CONTROLLING MOBILE DEVICE ACCESS TO A NETWORK

US 20080137593A1
Filed: 10/23/2007
Published: 06/12/2008
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method for managing access to a network resource on a network from a mobile device, the method comprising:

intercepting a data stream from the mobile device attempting to access the network resource;

extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;

accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device;

determining whether the mobile device is authorized to access the network resource based on the extracted information and the enterprise service based information or the third party information;

preparing an access decision based on the extracted information and the at least one of enterprise service based information and third party information, wherein the access decision specifies whether the mobile device is authorized to access the network resource; and

storing the access decision in a database on the network.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method for managing access to a network resource on a network from a mobile device, the method including the steps of intercepting a data stream from the mobile device attempting to access the network resource, extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device, accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device, determining whether the mobile device is authorized to access the network resource, preparing an access decision that specifies whether the mobile device is authorized to access the network resource, and storing the access decision in a database on the network. The method may also include the step of enforcing the access decision by granting access to the mobile device to the network resource if the mobile device is determined to be authorized and denying access to the mobile device to the network resource if the mobile device is determined not to be authorized.

198 Citations

View as Search Results

22 Claims

1. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device;
  
  determining whether the mobile device is authorized to access the network resource based on the extracted information and the enterprise service based information or the third party information;
  
  preparing an access decision based on the extracted information and the at least one of enterprise service based information and third party information, wherein the access decision specifies whether the mobile device is authorized to access the network resource; and
  
  storing the access decision in a database on the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the access decision includes information regarding at least one of a health profile of the mobile device, the authenticity of the mobile device or a user of the mobile device, or the authorization of the mobile device or the user of the mobile device to access the network resource.
  - 3. The method of claim 1, further comprising enforcing the access decision by granting access to the mobile device to the network resource if the mobile device is determined to be authorized and denying access to the mobile device to the network resource if the mobile device is determined not to be authorized.
  - 4. The method of claim 1, further comprising storing the extracted information in the database.
  - 5. The method of claim 1, wherein the data stream is an application data stream.
  - 6. The method of claim 1, wherein the enterprise service based information includes at least one of information stored within a database and information stored within a directory service.
  - 7. The method of claim 1, wherein the third party information includes a certificate authority.
  - 8. The method of claim 1, further comprising storing the access decision in a decision cache.

9. A system for managing access to a network resource on a network from a mobile device, the system comprising:
- a means for intercepting a data stream from the mobile device attempting to access the network resource;
  
  a means for extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  a means for accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device;
  
  a means for determining whether the mobile device is authorized to access the network resource based on the extracted information and the enterprise service based information or the third party information;
  
  a means for preparing an access decision based on the extracted information and the at least one of enterprise service based information and third party information, wherein the access decision specifies whether the mobile device is authorized to access the network resource; and
  
  a means for storing the access decision in a database on the network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the access decision includes information regarding at least one of a health profile of the mobile device, the authenticity of the mobile device or a user of the mobile device, or the authorization of the mobile device or the user of the mobile device to access the network resource.
  - 11. The system of claim 9, further comprising a means for enforcing the access decision by granting access to the mobile device to the network resource if the mobile device is determined to be authorized and denying access to the mobile device to the network resource if the mobile device is determined not to be authorized.
  - 12. The system of claim 9, further comprising a means for storing the extracted information in the database.
  - 13. The system of claim 9, wherein the data stream is an application data stream.
  - 14. The system of claim 9, wherein the enterprise service based information includes at least one of information stored within a database and information stored within an directory service.
  - 15. The system of claim 9, wherein the third party information includes a certificate authority.
  - 16. The system of claim 9, further comprising a means for storing the access decision in a decision cache.

17. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server; and
  
  if the received response indicates that the query was not received by the compliance server, accessing a decision cache to determine if the decision cache includes cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, and granting or denying the mobile device access to the network resource based on the cached information in the decision cache.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, further comprising granting the mobile device access to the network resource if the received response indicates that the query was received by the compliance server and that the mobile device is authorized to access the network resource.
  - 19. The method of claim 17, further comprising denying the mobile device access to the network resource if the received response indicates that the query was received by the compliance server and that the mobile device is not authorized to access the network resource.

20. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server; and
  
  if the received response indicates that the query was not received by the compliance server, granting the mobile device access to the network resource.

21. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server; and
  
  if the received response indicates that the query was not received by the compliance server, denying the mobile device access to the network resource.

22. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  accessing a decision cache to determine whether the mobile device has been granted access or denied access during a previous attempt to access the network resource;
  
  if the decision cache includes cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, granting or denying the mobile device access to the network resource based on the cached information in the decision cache; and
  
  if the decision cache does not include cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC, Trust Digital
Original Assignee
Trust Digital
Inventors
LAUDERMILCH, Norm, SUPERNOR, William, GOLDSCHLAG, David, BORODAY, Roman

Granted Patent

US 8,259,568 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/328
CPC Class Codes

H04L 51/18   Commands or executable codes

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 4/14   Short messaging services, e...

H04W 48/02   Access restriction performe...

H04W 8/22   Processing or transfer of t...

SYSTEM AND METHOD FOR CONTROLLING MOBILE DEVICE ACCESS TO A NETWORK

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

198 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR CONTROLLING MOBILE DEVICE ACCESS TO A NETWORK

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

198 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others