Enterprise-wide security system for computer devices

US 7,865,938 B2
Filed: 05/26/2006
Issued: 01/04/2011
Est. Priority Date: 08/27/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling synchronization of a mobile device configured to communicate with a computing node over a network, the method comprising:

defining at least one security parameter, wherein the at least one security parameter specifies at least one access rights for synchronizing the mobile device with a network resource;

storing a device security profile in the mobile device, the device security profile specifying the at least one security parameter specifying the at least one access right;

executing a device security program at the mobile device to implement the device security profile based on said defined at least one security parameter, on the mobile device;

transmitting locking instructions to the mobile device to lock the mobile device if not authorized to access the network resources;

updating the device security profile periodically by checking one or more designated web sites, accessing the computing node, accessing a central station or accessing a server station,wherein the device security profile is created dynamically based on time or location of the device having a validation life span indicating a time frame that the device security profile can be used;

ascertaining the location of the mobile device; and

managing, with the mobile device, synchronization with the at least one network resource by the mobile device in accordance with the at least one access right specified by the at least one security parameter,wherein said managing including using the device security profile to determine and enforce allowable synchronization activities of the mobile device at least in part in response to the ascertained location.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for securing data in mobile devices (104) includes a computing mode (102) and a plurality of mobile devices (104). A node security program (202) executed in the computing node (102) interfaces with a device security program (204) executed at a mobile device (104). The computing node (102) is responsible for managing the security based on a node security profile (208) interpreted by a node security program (202) executed in the computing node (102). A device discovery method and arrangement (106) also detects and locates various information (120) about the mobile devices (104) based on a scan profile (206).

Citations

45 Claims

1. A method for controlling synchronization of a mobile device configured to communicate with a computing node over a network, the method comprising:
- defining at least one security parameter, wherein the at least one security parameter specifies at least one access rights for synchronizing the mobile device with a network resource;
  
  storing a device security profile in the mobile device, the device security profile specifying the at least one security parameter specifying the at least one access right;
  
  executing a device security program at the mobile device to implement the device security profile based on said defined at least one security parameter, on the mobile device;
  
  transmitting locking instructions to the mobile device to lock the mobile device if not authorized to access the network resources;
  
  updating the device security profile periodically by checking one or more designated web sites, accessing the computing node, accessing a central station or accessing a server station,wherein the device security profile is created dynamically based on time or location of the device having a validation life span indicating a time frame that the device security profile can be used;
  
  ascertaining the location of the mobile device; and
  
  managing, with the mobile device, synchronization with the at least one network resource by the mobile device in accordance with the at least one access right specified by the at least one security parameter,wherein said managing including using the device security profile to determine and enforce allowable synchronization activities of the mobile device at least in part in response to the ascertained location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. The method of claim 1, further comprising securing at least one of a storage area, data file, program, process and application.
  - 3. The method of claim 2, wherein the step of securing comprises at least one of authorizing, denying, preventing, disabling, locking and password protecting at least one of a data synchronization, data transfer, data query, data collection, program execution, data manipulation process initialization, execution and termination.
  - 4. The method of claim 1, wherein the device security profile comprises at least one of a text, .ini and binary, XML format.
  - 5. The method of claim 1, wherein the at least one security parameter comprises an attribute relating to at least one of a data, file, security profile, application, process, and program.
  - 6. The method of claim 5, wherein the attribute is expressed in terms of at least one of a size and type.
  - 7. The method of claim 1, wherein the at least one security parameter comprises at least one of a temporal or a position attribute.
  - 8. The method of claim 7, wherein the temporal attribute is expressed in terms of at least one of a date, minute, hour, week, month and a year.
  - 9. The method of claim 1, wherein ascertaining location comprises determining at least one of a zip code, an address, and a region.
  - 10. The method of claim 1, wherein the at least one security parameter is expressed in terms of at least one of a serial number, a model number, and a software license number.
  - 11. The method of claim 1, wherein the at least one security parameter is expressed in terms of at least one of a mobile device type, a computing node type, a connection type, resource type and a network type.
  - 12. The method of claim 1, wherein the at least one security parameter is expressed in terms of at least one of a physical address, a network resource ID, an IP address, a domain name, a client station ID, a mobile device ID and a server ID.
  - 13. The method of claim 1, wherein the at least one security parameter relates to handling at least one of a guest and unknown device.
  - 14. The method of claim 1, further comprising locking and denying unauthorized access to the mobile device attempting to synchronize with the network.
  - 15. The method of claim 1, further including discovering the mobile device.
  - 16. The method of claim 15, further including remotely discovering the mobile device location.
  - 17. The method of claim 15, further including discovering the mobile device location at the computing node.
  - 18. The method of claim 15, further including detecting the mobile device based on at least one of a registry resource, a file resource, a process resource, a network management parameter, a data format, a packet format, a synchronization log entry, a directory structure, or a database entry.
  - 19. The method of claim 1, wherein synchronizing includes synchronizing the mobile device with at least one of a server station, a central station, a computing node and a website.
  - 20. The method of claim 1, further including transferring the device security profile based on at least one temporal attribute and at least one geographical position of the mobile device.
  - 21. The method of claim 1, wherein synchronizing includes at least one of data synchronization, data transfer, file transfer, and email.
  - 22. The method of claim 1, further including pushing or pulling device security profile.
  - 23. The method of claim 1, further including transmitting the device security profile over the air.
  - 24. The method of claim 1, further including scanning the network based on a scan profile to detect the mobile device.
  - 25. The method of claim 24, wherein the scan profile contains information regarding at least one of network, domain, IP address, and netmask identity to be scanned, time of synchronization and device connection.
  - 26. The method of claim 25, wherein the scan profile contains information regarding at least one of network, domain, IP address, and netmask identity not to be scanned.
  - 27. The method of claim 25, further including analyzing the scanning results displaying an analysis result to at least one user.
  - 28. The method of claim 1 wherein said managing includes selectively enabling and disabling synchronization based on geographical position determined by the mobile device.

29. An arrangement for controlling synchronization of mobile devices with a computing node on a network, the arrangement comprising:
- a mobile device configured to communicate with the computing node by connecting with the computing node over the network,wherein the mobile device including a processor configured to execute a stored security program to access and use a stored security profile that defines at least one security parameter, wherein the at least one security parameter specifies at least one criterion for controlling synchronization of at least one resource of the mobile device;
  
  a memory device coupled to the processor, said memory device storing said device security profile, the device security profile being based on the at least one security parameter specifying at least one criterion for controlling synchronization of the at least one device resource;
  
  a locking arrangement that locks the mobile device if not authorized to access the network resources by transmitting locking instructions to the mobile device;
  
  an updating arrangement that updates the device security profile periodically by checking one or more designated web sites, accessing the computing node, accessing a central station or accessing a server station,wherein the device security profile is created dynamically based on time or location of the device having a validation life span indicating a time frame that the device security profile can be used;
  
  a locator that determines the position of the mobile device; and
  
  a synchronizing arrangement that controllably synchronizes the at least one device resource in accordance with the at least one criterion for controlling synchronization of the at least one device resource specified by the at least one security parameter and in response at least in part to said determined device position.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 30. The arrangement of claim 29, wherein:
    - the mobile device is configured to, after terminating the connection between the mobile device and the computing node on the network, maintain control of the use of the at least one device resource by the mobile device in accordance with at least one of the criteria for controlling use of the at least one device resource specified by the at least one security parameter.
  - 31. The arrangement of claim 29, wherein the connection between the mobile device and the computing node on the network is an off-line connection.
  - 32. The arrangement of claim 29, wherein the node security profile comprises at least one of a text, .ini and binary, XML format.
  - 33. The arrangement of claim 29, wherein at least one of the security parameters comprises an attribute relating to at least one of a data, file, security profile, application, process, and program.
  - 34. The arrangement of claim 33, wherein the attribute is expressed in terms of at least one of a size and type.
  - 35. The arrangement of claim 29, wherein at least one of the security parameters comprises at least one of a temporal or a position attribute.
  - 36. The arrangement of claim 35, wherein the temporal attribute is expressed in terms of at least one of a date, minute, hour, week, month and a year.
  - 37. The arrangement of claim 35, wherein the ascertained position comprises at least one of a zip code, an address, and a region.
  - 38. The arrangement of claim 29, wherein at least one of the security parameters is expressed in terms of at least one of a serial number, a model number, and a software license number.
  - 39. The arrangement of claim 29, wherein at least one of the security parameters is expressed in terms of at least one of a mobile device type, a computing node type, a connection type, resource type and a network type.
  - 40. The arrangement of claim 29, wherein at least one of the security parameters is expressed in terms of at least one of a physical address, a network resource ID, an IP address, a domain name, a client station ID, a mobile device ID or a server ID.
  - 41. The arrangement of claim 29, wherein at least one of the security parameters relates to handling at least one of a guest and unknown device.
  - 42. The arrangement of claim 29, further comprising an access control mechanism that at least one of locks and denies access by said mobile device attempting to synchronize with a network resource without authorization after a connection between the mobile device and the computing node has been established.
  - 43. The arrangement of claim 29, wherein the device security profile is configured based on at least one of a temporal attribute and a geographical position of the mobile device.
  - 44. The arrangement of claim 29, wherein the mobile device is configured to receive the device security profile using push or pull.
  - 45. The arrangement or claim 29, wherein the mobile device is configured to receive the device security profile over the air.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Shahbazi, Majid
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US11/441,049
Publication Number

US 20070186275A1
Time in Patent Office

1,684 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

Enterprise-wide security system for computer devices

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise-wide security system for computer devices

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links