Mobile Posture-based Policy, Remediation and Access Control for Enterprise Resources

US 20120131685A1
Filed: 11/19/2010
Published: 05/24/2012
Est. Priority Date: 11/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

responsive to detection of installation of an application on a mobile device at a remote management device, applying by the remote management device one or more policies to determine whether the application is authorized to be installed on the mobile device; and

if the application is not authorized, adjusting the state of one or more mobile device posture data objects operative to cause one or more network applications services to deny access to the mobile device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.

269 Citations

18 Claims

1. A method, comprising:
- responsive to detection of installation of an application on a mobile device at a remote management device, applying by the remote management device one or more policies to determine whether the application is authorized to be installed on the mobile device; and
  
  if the application is not authorized, adjusting the state of one or more mobile device posture data objects operative to cause one or more network applications services to deny access to the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprisingblocking access to the one or more network application services.
  - 3. The method of claim 1 further comprisingreceiving an indication from a control client installed on the mobile device that the application has been installed on the mobile device.
  - 4. The method of claim 1 further comprisingtransmitting a command to a control client installed on the mobile device, the command operative to cause the control client to delete one or more files on the mobile device.
  - 5. The method of claim 1 further comprisingtransmitting one or more notifications if the application is not authorized.
  - 6. The method of claim 1 wherein the mobile device posture data objects are accessible to one or more remote network application services.

7. An apparatus, comprising:
- a memory;
  
  a network interface;
  
  one or more processors; and
  
  computer program code stored on a computer-readable medium comprising instructions operative, when executed, to cause the one or more processors to;
  
  responsive to detection of installation of an application on a mobile device at a remote management device, apply one or more policies to determine whether the application is authorized to be installed on the mobile device; and
  
  if the application is not authorized, adjusting the state of one or more mobile device posture data objects operative to cause one or more network applications services to deny access to the mobile device.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The apparatus of claim 7 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - receiving an indication from a control client installed on the mobile device that the application has been installed on the mobile device.
  - 9. The apparatus of claim 7 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - transmit a command to a control client installed on the mobile device, the command operative to cause the control client to delete one or more files on the mobile device.
  - 10. The apparatus of claim 7 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - transmit one or more notifications if the application is not authorized.
  - 11. The apparatus of claim 7 wherein the mobile device posture data objects are accessible to one or more remote network application services.

12. An apparatus, comprising:
- a memory;
  
  a network interface;
  
  one or more processors; and
  
  computer program code stored on a computer-readable medium comprising instructions operative, when executed, to cause the one or more processors to;
  
  interact with control clients installed on managed mobile devices to monitor the security state of the managed mobile devices; and
  
  maintain a mobile device security posture data structure indicating the security state of the one or more managed mobile devices, wherein the mobile device security posture data structure is accessible to one or more network application services.
- View Dependent Claims (13, 14, 15)
- - 13. The apparatus of claim 12 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - responsive to detection of installation of an application on a mobile device at a remote management device, apply one or more policies to determine whether the application is authorized to be installed on the mobile device; and
      
      if the application is not authorized, adjusting the state of a mobile device posture data object associated with the mobile device.
  - 14. The apparatus of claim 13 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - receiving an indication from a control client installed on the mobile device that the application has been installed on the mobile device.
  - 15. The apparatus of claim 12 wherein the computer program code further comprises instructions operative to cause the one or more processors to:
    - receiving an indication from a control client installed on the mobile device that a security profile configuration of the mobile device does not meet a current security policy.

16. A system, comprising:
- a mobile device management system operative to;
  
  monitor security state of one or more managed mobile devices; and
  
  maintain a mobile device security posture data structure indicating the security state of the one or more managed mobile devices, wherein the mobile device security posture data structure is accessible to one or more network application services;
  
  one or more network application services, each operative to;
  
  host an enterprise network application;
  
  receive a request from a managed mobile device;
  
  access the data structure to determine the security state of the managed mobile device;
  
  permit or deny the managed mobile device access to the enterprise network application based on the determined security state.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16 wherein the mobile device management system is operative to interact with control clients installed on the managed mobile devices to monitor the security state of the one or more managed mobile devices.
  - 18. The system of claim 16 further comprising one or more managed mobile devices, each comprising a control client operative to interact with the mobile device management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Singamsetty, Ratnarekha, Lindeman, Jesse Wagner, Broch, Josh Glenn

Granted Patent

US 8,869,307 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

H04M 1/72403   with means for local suppor...

H04M 1/72463   to restrict the functionali...

H04M 1/724631   by limiting the access to t...

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 12/37   Managing security policies ...

H04W 24/00   Supervisory, monitoring or ...

H04W 48/02   Access restriction performe...

H04W 8/22   Processing or transfer of t...

Mobile Posture-based Policy, Remediation and Access Control for Enterprise Resources

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

269 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile Posture-based Policy, Remediation and Access Control for Enterprise Resources

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

269 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links