CONTEXT-AWARE RISK MEASUREMENT MOBILE DEVICE MANAGEMENT SYSTEM

US 20140359777A1
Filed: 05/31/2013
Published: 12/04/2014
Est. Priority Date: 05/31/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for determining security risk of a mobile device, the method comprising:

receiving risk measurements from at least one mobile device;

calculating a risk score by evaluating the risk measurements based on rules;

determining whether the calculated risk score exceeds a threshold; and

taking a protective action upon the risk score exceeding the threshold.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device management server and method are provided for determining the security risk for deployed mobile devices. The mobile device management server receives risk measurements from mobile devices that are used to calculate a risk score based on rules. The risk score can also be adjusted by correlating the received risk measurements with past security breaches or typical usage measurements. The calculated risk score is compared to a one or more thresholds to determine whether to take a protective action that is associated with exceeding a threshold.

103 Citations

View as Search Results

22 Claims

1. A method for determining security risk of a mobile device, the method comprising:
- receiving risk measurements from at least one mobile device;
  
  calculating a risk score by evaluating the risk measurements based on rules;
  
  determining whether the calculated risk score exceeds a threshold; and
  
  taking a protective action upon the risk score exceeding the threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein calculating risk score further comprises correlating the risk measurements with a past security breach.
  - 3. The method of claim 2, wherein the past security breach is associated with historical risk measurements.
  - 4. The method of claim 2, wherein calculating risk score further comprises correlating the risk measurements with typical usage risk measurements.
  - 5. The method of claim 4 further comprising periodically storing risk measurements from the at least one mobile device to determine the typical usage risk measurements.
  - 6. The method of claim 1, wherein the protective action is sending an administrator notification.
  - 7. The method of claim 1, wherein the protective action is sending a protective management command to the at least one mobile device.
  - 8. The method of claim 1, wherein the protective management command instructs the at least one mobile device to prevent access to privileged information
  - 9. The method of claim 1, wherein the protective management command instructs a user access privilege server to disable network access to privileged information from the at least one mobile device.
  - 10. The method of claim 1, wherein the protective management command instructs the at least one mobile device to delete data from the at least one mobile device.
  - 11. The method of claim 1, wherein the protective action is disabling the at least one mobile device user account in a user access privilege server.
  - 12. The method of claim 1 further comprising collecting a portion of the risk measurements from a user access privileges server.

13. The method of claim 13, wherein the portion of the risk measurements comprises a job title of a user of the at least one mobile device.

14. A method for determining security risk of a mobile device, the method comprising:
- obtaining risk measurements from mobile device sensors; and
  
  transmitting the risk measurements to a mobile device management server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 further comprising detecting a change in at least one of the risk measurements and wherein transmitting the risk measurements upon detecting the change.
  - 16. The method of claim 14 further comprising receiving a protective management command in response to transmitted risk measurement that instructs the mobile device to limit access to privileged information.
  - 17. The method of claim 14, wherein the sensors comprise any one of a hardware sensor and a software sensor.
  - 18. The method of claim 14, wherein the risk measurements are any one of static and dynamic.
  - 19. The method of claim 18, wherein the static risk measurements comprise any one of:
    - installed applications;
      
      installed application permissions;
      
      author signing key of installed applications;
      
      operating system version;
      
      user identification;
      
      owner of the mobile device; and
      
      malware indicators.
  - 20. The method of claim 18, wherein the dynamic risk measurements comprise any one of:
    - network connections;
      
      available memory;
      
      CPU temperature;
      
      GPS location;
      
      current roaming carrier, currently running applications;
      
      current date and time; and
      
      information privileges of a user of the mobile device.

21. A method for providing mobile device security, the method comprising:
- receiving a timeout rule that specifies a timeout period and a protective action from a mobile device management server;
  
  attempt to contact the mobile device management server within the timeout period; and
  
  perform the protective action upon failure to contact the mobile device management server within the timeout period.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the timeout rule is received during provisioning of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Good Technology Holdings Limited (Blackberry Limited)
Original Assignee
Fixmo US Incorporated (Blackberry Limited)
Inventors
Lam, Wing Young, Yuen, Chun Fung, Segal, Richard

Application Number

US13/906,893
Publication Number

US 20140359777A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

H04W 12/67   Risk-dependent, e.g. select...

CONTEXT-AWARE RISK MEASUREMENT MOBILE DEVICE MANAGEMENT SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

CONTEXT-AWARE RISK MEASUREMENT MOBILE DEVICE MANAGEMENT SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links