MOBILE POSTURE-BASED POLICY, REMEDIATION AND ACCESS CONTROL FOR ENTERPRISE RESOURCES
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device;
determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and
responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.
3 Assignments
0 Petitions
Accused Products
Abstract
A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.
66 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A mobile device management system, comprising:
-
a communication interface; and a processor coupled to the communication interface and configured to; receive via the communication interface, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determine, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the application is not a recognized application, deny access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product to manage mobile devices, the computer program product being embodied in a tangible, non-transitory computer readable storage medium, and comprising computer instructions for:
-
receiving, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the application is not a recognized application, denying access by the mobile device to a network application service, including by blocking, at an intermediate node, traffic from the mobile device to the network application service.
-
Specification