CONTROLLING ENTERPRISE ACCESS BY MOBILE DEVICES

US 20130239177A1
Filed: 03/07/2012
Published: 09/12/2013
Est. Priority Date: 03/07/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one component running on at least one server and receiving vulnerability data comprising a plurality of vulnerabilities of a plurality of processing components, wherein each vulnerability is represented by a severity rating;

wherein the at least one component identifies a set of vulnerabilities that corresponds to a device based on a set of processing components hosted on the device;

wherein the at least one component generates a severity score for each vulnerability of the set of vulnerabilities using the severity rating corresponding to the vulnerability, and generates a trust score that represents severity scores of the set of vulnerabilities.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score.

94 Citations

View as Search Results

64 Claims

1. A system comprising:
- at least one component running on at least one server and receiving vulnerability data comprising a plurality of vulnerabilities of a plurality of processing components, wherein each vulnerability is represented by a severity rating;
  
  wherein the at least one component identifies a set of vulnerabilities that corresponds to a device based on a set of processing components hosted on the device;
  
  wherein the at least one component generates a severity score for each vulnerability of the set of vulnerabilities using the severity rating corresponding to the vulnerability, and generates a trust score that represents severity scores of the set of vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The system of claim 1, wherein the trust score comprises an indicator of a level of security applied to the device by an enterprise that corresponds to the device.
  - 3. The system of claim 1, wherein the trust score comprises a numerical value.
  - 4. The system of claim 3, wherein the numerical value is in a range between and including zero (0) and ten (10).
  - 5. The system of claim 3, wherein the generating of the trust score comprises selecting a base score that corresponds to a highest trust level.
  - 6. The system of claim 5, wherein the generating of the trust score comprises reducing the base score by an amount corresponding to a severity of each vulnerability of the set of vulnerability data.
  - 7. The system of claim 6, wherein the generating of the trust score comprises applying to the base score the severity score corresponding to each vulnerability of the set of vulnerability data.
  - 8. The system of claim 7, wherein the base score is represented by a value of approximately ten (10).
  - 9. The system of claim 8, wherein the generating of the severity score comprises a formula
    D=(i²÷
    - 6)−
      
      ((2·
      
      i)÷
      
      3),wherein variable D represents the severity score, and variable i represents the severity rating of the vulnerability.
  - 10. The system of claim 1, wherein the at least one component updates and maintains the trust score.
  - 11. The system of claim 10, wherein the at least one component updates the trust score in response to receiving a new version of the vulnerability data.
  - 12. The system of claim 10, wherein the at least one component updates the trust score in response to receiving updated device data.
  - 13. The system of claim 10, wherein the at least one component updates the trust score in response to receiving device data corresponding to a new device.
  - 14. The system of claim 1, wherein the trust score comprises a color-coded indicator.
  - 15. The system of claim 1, wherein the at least one component receives device data of the device, wherein the device data represents the set of processing components.
  - 16. The system of claim 15, wherein the device data comprises data of at least one of device identification, configuration, operating system (OS) name, OS version, platform name, platform software components, device system image, device manufacturer, device brand, device model, device code name, user agent, central processor unit (CPU) type, and bootloader version.
  - 17. The system of claim 15, wherein the at least one component uses the device data to identify the set of vulnerabilities.
  - 18. The system of claim 15, wherein the at least one component generates the trust score using the set of vulnerabilities and the device data of the device.
  - 19. The system of claim 15, wherein the at least one component couples to a remote database and receives the vulnerability data from the remote database.
  - 20. The system of claim 19, wherein the at least one component periodically receives the vulnerability data.
  - 21. The system of claim 19, wherein the remote database comprises the National Vulnerabilities Database.
  - 22. The system of claim 15, wherein the at least one component generates a mapping between the device data and the vulnerability data and identifies the set of vulnerabilities corresponding to the device using the mapping.
  - 23. The system of claim 15, wherein the at least one component generates a status list using at least one of the trust score and the device data, wherein the status list corresponds to an enterprise associated with the plurality of devices and includes a status corresponding to each device, wherein access of each device to the enterprise is controlled according to the status list.
  - 24. The system of claim 23, wherein control of the access comprises comparing the status list with data received from the device during a communication attempt and one of allowing and denying access to the device based on the results of the comparison.
  - 25. The system of claim 23, wherein the status is determined using at least one access policy of the enterprise.
  - 26. The system of claim 23, wherein the status is determined using at least one policy exception of the enterprise.
  - 27. The system of claim 23, wherein the status list includes the trust score.
  - 28. The system of claim 23, wherein the status comprises a first status that allows the device access to the enterprise.
  - 29. The system of claim 23, wherein the status comprises a second status that denies the device access to the enterprise.
  - 30. The system of claim 23, wherein the status comprises a third status that quarantines the device during an attempt to access the enterprise.
  - 31. The system of claim 23, wherein control of the access comprises separately controlling access to the enterprise by each software component of each device of the plurality of devices.
  - 32. The system of claim 1, wherein the status list includes type identification describing device type of the device.

33. A method comprising:
- receiving vulnerability data comprising a plurality of vulnerabilities of a plurality of processing components, wherein each vulnerability is represented by a severity rating;
  
  identifying a set of vulnerabilities that corresponds to a device based on a set of processing components hosted on the device;
  
  selecting a base score corresponding to a highest trust level;
  
  generating a deduction for each vulnerability of the set of vulnerabilities using the severity rating corresponding to the vulnerability; and
  
  generating a trust score by applying to the base score the deduction corresponding to each vulnerability of the set of vulnerabilities.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 34. The method of claim 33, wherein the trust score comprises an indicator of a level of security applied to the device by an enterprise that corresponds to the device.
  - 35. The method of claim 33, wherein the trust score comprises a numerical value.
  - 36. The method of claim 35, wherein the numerical value is in a range between and including zero (0) and ten (10).
  - 37. The method of claim 35, wherein the generating of the trust score comprises reducing the base score by an amount corresponding to a severity of each vulnerability of the set of vulnerability data.
  - 38. The method of claim 37, wherein the generating of the trust score comprises applying to the base score the severity score corresponding to each vulnerability of the set of vulnerability data.
  - 39. The method of claim 38, wherein the base score is represented by a value of approximately ten (10).
  - 40. The method of claim 39, wherein the generating of the deduction comprises a formula
    D=(i²÷
    - 6)−
      
      ((2·
      
      i)÷
      
      3),wherein variable D represents the deduction, and variable i represents the severity rating of the vulnerability.
  - 41. The method of claim 33, comprising updating and maintaining the trust score.
  - 42. The method of claim 41, comprising updating the trust score in response to receiving a new version of the vulnerability data.
  - 43. The method of claim 41, comprising updating the trust score in response to receiving updated device data.
  - 44. The method of claim 41, comprising updating the trust score in response to receiving device data corresponding to a new device.
  - 45. The method of claim 33, wherein the trust score comprises a color-coded indicator.
  - 46. The method of claim 33, comprising receiving device data of the device, wherein the device data represents the set of processing components.
  - 47. The method of claim 46, wherein the device data comprises data of at least one of device identification, configuration, operating system (OS) name, OS version, platform name, platform software components, device system image, device manufacturer, device brand, device model, device code name, user agent, central processor unit (CPU) type, and bootloader version.
  - 48. The method of claim 46, comprising using the device data to identify the set of vulnerabilities.
  - 49. The method of claim 46, comprising generating the trust score using the set of vulnerabilities and the device data of the device.
  - 50. The method of claim 46, comprising receiving the vulnerability data from a remote database.
  - 51. The method of claim 50, comprising periodically receiving the vulnerability data.
  - 52. The method of claim 50, wherein the remote database comprises the National Vulnerabilities Database.
  - 53. The method of claim 46, comprising generating a mapping between the device data and the vulnerability data and identifying the set of vulnerabilities corresponding to the device using the mapping.
  - 54. The method of claim 46, comprising generating a status list using at least one of the trust score and the device data, wherein the status list corresponds to an enterprise associated with the plurality of devices and includes a status corresponding to each device.
  - 55. The method of claim 54, comprising controlling access of each device to the enterprise according to the status list.
  - 56. The method of claim 54, wherein the controlling of the access comprises comparing the status list with data received from the device during a communication attempt and one of allowing and denying access to the device based on the results of the comparison.
  - 57. The method of claim 54, comprising determining the status using at least one access policy of the enterprise.
  - 58. The method of claim 54, comprising determining the status using at least one policy exception of the enterprise.
  - 59. The method of claim 54, wherein the status list includes the trust score.
  - 60. The method of claim 54, wherein the status comprises a first status that allows the device access to the enterprise.
  - 61. The method of claim 54, wherein the status comprises a second status that denies the device access to the enterprise.
  - 62. The method of claim 54, wherein the status comprises a third status that quarantines the device during an attempt to access the enterprise.
  - 63. The method of claim 54, wherein the controlling of the access comprises separately controlling access to the enterprise by each software component of each device of the plurality of devices.
  - 64. The method of claim 33, wherein the status list includes type identification describing device type of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rapid7, Inc.
Original Assignee
Giridhar Sreenivas
Inventors
SIGURDSON, Derek, SREENIVAS, Giridhar

Granted Patent

US 9,668,137 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/1433   Vulnerability analysis

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

CONTROLLING ENTERPRISE ACCESS BY MOBILE DEVICES

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

64 Claims

Specification

Use Cases

Quick Links

Others

CONTROLLING ENTERPRISE ACCESS BY MOBILE DEVICES

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

64 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others