MOBILE POSTURE-BASED POLICY, REMEDIATION AND ACCESS CONTROL FOR ENTERPRISE RESOURCES

US 20150133082A1
Filed: 09/11/2014
Published: 05/14/2015
Est. Priority Date: 11/19/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;

determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and

responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.

66 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;
  
  determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and
  
  responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising blocking the new application from launching on the mobile device.
  - 3. The method of claim 1, further comprising transmitting a command to the control agent installed on the mobile device, the command operative to cause the control agent to delete one or more files on the mobile device.
  - 4. The method of claim 1, further comprising transmitting one or more notifications if the new application is not recognized.
  - 5. The method of claim 1, further comprising updating a security state table based at least in part on the determination that the application is not a recognized application.
  - 6. The method of claim 1, wherein denying access includes configuring the intermediate node to block traffic from the mobile device to the network application service.
  - 7. The method of claim 1, wherein denying access includes updating a security state information of the mobile device based on the determination that the application is not a recognized application.
  - 8. The method of claim 7, wherein the intermediate node is configured to block traffic from the mobile device to the network application service based on the updated security state information.
  - 9. The method of claim 7, wherein the intermediate node is configured to consult the security state information of the mobile device to determine a current security state of the mobile device, and to filter traffic associated with the mobile device based at least in part on the security state of the mobile device.
  - 10. The method of claim 9, wherein the network application service to which access is blocked comprises a first network application service, and the intermediate node is configured to allow access by the mobile device to a second network application service.

11. A mobile device management system, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  receive via the communication interface, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;
  
  determine, at least in part by applying one or more policies, that the new application is not a recognized application; and
  
  responsive to the determination that the application is not a recognized application, deny access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the processor is further configured to cause the control agent to block the new application from launching on the mobile device.
  - 13. The system of claim 11, wherein the processor is further configured to transmit a command to the control agent installed on the mobile device, the command operative to cause the control agent to delete one or more files on the mobile device.
  - 14. The system of claim 11, wherein the processor is further configured to transmit one or more notifications if the new application is not recognized.
  - 15. The system of claim 11, wherein the processor is further configured to update a security state table based at least in part on the determination that the application is not a recognized application.
  - 16. The system of claim 11, wherein the processor is further configured to configure the intermediate node to block traffic from the mobile device to the network application service.
  - 17. The system of claim 11, wherein denying access includes updating a security state information of the mobile device based on the determination that the application is not a recognized application.
  - 18. The system of claim 17, wherein the intermediate node is configured to block traffic from the mobile device to the network application service based on the updated security state information.
  - 19. The system of claim 17, wherein the intermediate node is configured to consult the security state information of the mobile device to determine a current security state of the mobile device, and to filter traffic associated with the mobile device based at least in part on the security state of the mobile device.

20. A computer program product to manage mobile devices, the computer program product being embodied in a tangible, non-transitory computer readable storage medium, and comprising computer instructions for:
- receiving, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;
  
  determining, at least in part by applying one or more policies, that the new application is not a recognized application; and
  
  responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
MobileIron, Inc.
Inventors
Singamsetty, Ratnarekha, Lindeman, Jesse Wagner, Batchu, Suresh Kumar, Broch, Joshua Glenn

Granted Patent

US 10,171,648 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

H04M 1/72403   with means for local suppor...

H04M 1/72463   to restrict the functionali...

H04M 1/724631   by limiting the access to t...

H04W 12/08   Access security

H04W 12/082   using revocation of authori...

H04W 12/37   Managing security policies ...

H04W 24/00   Supervisory, monitoring or ...

H04W 48/02   Access restriction performe...

H04W 8/22   Processing or transfer of t...

MOBILE POSTURE-BASED POLICY, REMEDIATION AND ACCESS CONTROL FOR ENTERPRISE RESOURCES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE POSTURE-BASED POLICY, REMEDIATION AND ACCESS CONTROL FOR ENTERPRISE RESOURCES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links