Wireless manager and method for configuring and securing wireless access to a network
First Claim
1. A wireless manager for configuring and securing wireless access to a network, the wireless manager adapted to:
- intercept a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device;
automatically identify a security profile based on the characteristics describing the mobile device, the security profile including one or more security parameters defining an access zone for the network;
automatically provision at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; and
authorize the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network, wherein the connection profile enforces the security parameters defining the access zone by instructing the mobile device to;
automatically collect security information;
encrypt the collected security information; and
provide the encrypted security information to the wireless manager.
3 Assignments
0 Petitions
Accused Products
Abstract
The disclosure provides a wireless manager operable to receive a request from a mobile device to wirelessly communicate with an enterprise network, with the request including information operable to dynamically identify a location of the mobile device. The wireless manager is further operable to automatically associate an access zone with the mobile device with the access zone comprising at least one logical characteristic, compare the location information to the associated access zone, and, if the location information indicates that the mobile device does not violate the access zone, authorize wireless communications with the enterprise network.
453 Citations
35 Claims
-
1. A wireless manager for configuring and securing wireless access to a network, the wireless manager adapted to:
-
intercept a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically identify a security profile based on the characteristics describing the mobile device, the security profile including one or more security parameters defining an access zone for the network; automatically provision at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; and authorize the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network, wherein the connection profile enforces the security parameters defining the access zone by instructing the mobile device to; automatically collect security information; encrypt the collected security information; and provide the encrypted security information to the wireless manager. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for configuring and securing wireless access to a network, comprising:
-
intercepting a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically identifying a security profile based on the characteristics describing the mobile device, the security profile including one or more security parameters defining an access zone for the networks; automatically provisioning at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; and authorizing the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network, wherein the connection profile enforces the security parameters defining the access zone by instructing the mobile device to; automatically collect security information; encrypt the collected security information; and provide the encrypted security information to a wireless manager. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for configuring and securing wireless access to a network, comprising:
-
a memory storing at least one security profile, the security profile including one or more security parameters defining an access zone for a network, wherein at least one of the security parameters define the access zone according to a three-dimensional geographical space; and one or more processors operable to; intercept a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically provision at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; and authorize the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network, wherein the connection profile enforces the security parameters defining the access zone by instructing the mobile device to; automatically collect security information, encrypt the collected security information, and provide the encrypted security information to a wireless manager. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A wireless manager for configuring and securing wireless access to a network, the wireless manager adapted to:
-
intercept a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically identify a security profile based on the characteristics describing the mobile device, the security profile including one or more security parameters defining an access zone for the network; automatically provision at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; authorize the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network; monitor the characteristics describing the mobile device; invoke at least one action when one or more of the monitored characteristics violate one or more of the security parameters defining the access zone; and dynamically determine the action to be invoked based on a role of an end user logged in to the network through the mobile device.
-
-
34. A method for configuring and securing wireless access to a network, comprising:
-
intercepting a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically identifying a security profile based on the characteristics describing the mobile device, the security profile including one or more security parameters defining an access zone for the network; automatically provisioning at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; authorizing the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network; monitoring the characteristics describing the mobile device; invoking at least one action when one or more of the monitored characteristics violate one or more of the security parameters defining the access zone; and dynamically determining the action to be invoked based on a role of an end user logged in to the network through the mobile device.
-
-
35. A system for configuring and securing wireless access to a network, comprising:
-
a memory storing at least one security profile, the security profile including one or more security parameters defining an access zone for a network, wherein at least one of the security parameters define the access zone according to a three-dimensional geographical space; and one or more processors operable to; intercept a request from a mobile device to wirelessly communicate with a network, the request including one or more characteristics dynamically describing the mobile device, wherein the characteristics describing the mobile device include at least one of a physical characteristic or a logical characteristic describing a location of the mobile device; automatically provision at least one connection profile to the mobile device based on the characteristics describing the mobile device, the connection profile configuring one or more of the characteristics describing the mobile device to enforce the security parameters defining the access zone; authorize the mobile device to wirelessly communicate with the network from within the access zone, wherein the security parameters include one or more in-house security parameters in effect when the location of the mobile device is within the network and one or more on-the-road security parameters in effect when the location of the mobile device is remote from the network; monitor the characteristics describing the mobile device; invoke at least one action when one or more of the monitored characteristics violate one or more of the security parameters defining the access zone; and dynamically determine the action to be invoked based on a role of an end user logged in to the network through the mobile device.
-
Specification