METHODS AND APPARATUS FOR RATING DEVICE SECURITY AND AUTOMATICALLY ASSESSING SECURITY COMPLIANCE
First Claim
1. A method, comprising:
- (a) storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;
(b) generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device; and
(c) using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object.
4 Assignments
0 Petitions
Accused Products
Abstract
Automatic Security Compliance Assessment (ASCA) systems and methods are provided for automatically generating and determining a security rating for a plurality of Settings Objects (SOs), where each of the SOs define particular configurations of subsystems of a wireless computing device. Each SO collectively defines a collection of Values specified for Configurable Attributes that can be used to define a different configuration for a particular subsystem associated with a particular Setting Class that is used to guide the creation of that particular SO. The server can store a group of security rating templates, each of which includes the information needed to determine an expected security rating for any SOs created per a particular Settings Class. For any combination of device settings, the resultant SOs can be used to generate an expected security rating. In addition, a security interaction template (SIT) and security test scripts can be generated that correspond to each particular group of SOs, and can be used to produce an Overall Device Security Rating (ODSR) for that particular group of SOs or a sub-set thereof.
-
Citations
20 Claims
-
1. A method, comprising:
-
(a) storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class; (b) generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device; and (c) using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a computer; a server in communication with the computer and being designed to; store one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class; generate, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device; and use a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification