System and method for controlling mobile device access to a network

US 8,259,568 B2
Filed: 10/23/2007
Issued: 09/04/2012
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

intercepting a data stream from a mobile device attempting to access a network resource, wherein the data stream is an application level data stream;

extracting information from the intercepted data stream relating to the mobile device;

accessing enterprise service based information and third party information regarding at least one of the mobile device or a user of the mobile device;

determining whether the mobile device is authorized to access the network resource;

preparing an access decision based at least on whether an anti-virus application is present on the mobile device;

storing the access decision in a database on a network;

evaluating a subsequent attempt to access the network resource;

accessing a cache in order to determine whether a previous attempt to access the network resource was successful; and

permitting the mobile device to access the network resource based on data provided in the cache.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method for managing access to a network resource on a network from a mobile device, the method including the steps of intercepting a data stream from the mobile device attempting to access the network resource, extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device, accessing at least one of enterprise service based information and third party information regarding at least one of the mobile device or the user of the mobile device, determining whether the mobile device is authorized to access the network resource, preparing an access decision that specifies whether the mobile device is authorized to access the network resource, and storing the access decision in a database on the network. The method may also include the step of enforcing the access decision by granting access to the mobile device to the network resource if the mobile device is determined to be authorized and denying access to the mobile device to the network resource if the mobile device is determined not to be authorized.

Citations

13 Claims

1. A method comprising:
- intercepting a data stream from a mobile device attempting to access a network resource, wherein the data stream is an application level data stream;
  
  extracting information from the intercepted data stream relating to the mobile device;
  
  accessing enterprise service based information and third party information regarding at least one of the mobile device or a user of the mobile device;
  
  determining whether the mobile device is authorized to access the network resource;
  
  preparing an access decision based at least on whether an anti-virus application is present on the mobile device;
  
  storing the access decision in a database on a network;
  
  evaluating a subsequent attempt to access the network resource;
  
  accessing a cache in order to determine whether a previous attempt to access the network resource was successful; and
  
  permitting the mobile device to access the network resource based on data provided in the cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the access decision includes information regarding at least one of a health profile of the mobile device, the authenticity of the mobile device or a user of the mobile device, or the authorization of the mobile device or the user of the mobile device to access the network resource.
  - 3. The method of claim 1, further comprising enforcing the access decision by granting access to the mobile device to the network resource if the mobile device is determined to be authorized and denying access to the mobile device to the network resource if the mobile device is determined not to be authorized.
  - 4. The method of claim 1, further comprising storing the extracted information in the database.
  - 5. The method of claim 1, wherein the data stream is an application data stream.
  - 6. The method of claim 1, wherein the enterprise service based information includes at least one of information stored within a database and information stored within a directory service.
  - 7. The method of claim 1, wherein the third party information includes a certificate authority.

8. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server; and
  
  if the received response indicates that the query was not received by the compliance server, accessing a decision cache to determine if the decision cache includes cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, and granting or denying the mobile device access to the network resource based on the cached information in the decision cache, and wherein the access to the network is at least based on whether an anti-virus application is present on the mobile device.
- View Dependent Claims (9, 10)
- - 9. The method of claim 8, further comprising granting the mobile device access to the network resource if the mobile device is authorized to access the network resource.
  - 10. The method of claim 8, further comprising denying the mobile device access to the network resource if the mobile device is not authorized to access the network resource.

11. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server;
  
  if the received response indicates that the query was not received by the compliance server, prohibiting the mobile device access to the network resource;
  
  accessing a cache in order to determine whether a previous attempt to access the network resource was successful; and
  
  permitting the mobile device to access the network resource based on data provided in the cache, and wherein the access to the network resource is at least based on whether an anti-virus application is present on the mobile device.

12. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource;
  
  receiving a response from the compliance server;
  
  if the received response indicates that the query was not received by the compliance server, denying the mobile device access to the network resource;
  
  accessing a cache in order to determine whether a previous attempt to access the network resource was successful; and
  
  permitting the mobile device to access the network resource based on data provided in the cache, and wherein the access to the network resource is at least based on whether an anti-virus application is present on the mobile device.

13. A method for managing access to a network resource on a network from a mobile device, the method comprising:
- intercepting a data stream from the mobile device attempting to access the network resource;
  
  extracting information from the intercepted data stream relating to at least one of the mobile device or a user of the mobile device;
  
  accessing a decision cache to determine whether the mobile device has been granted access or denied access during a previous attempt to access the network resource;
  
  if the decision cache includes cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, granting or denying the mobile device access to the network resource based on the cached information in the decision cache, wherein the access to the network is at least based on whether an anti-virus application is present on the mobile device; and
  
  if the decision cache does not include cached information regarding whether the mobile device has been granted access or denied access during a previous attempt to access the network resource, submitting a query to a compliance server to determine whether the mobile device is authorized to access the network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC, Trust Digital
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Goldschlag, David, Laudermilch, Norm, Supernor, William, Boroday, Roman
Primary Examiner(s)
Yao, Kwang B
Assistant Examiner(s)
DUDA, ADAM K

Application Number

US11/877,656
Publication Number

US 20080137593A1
Time in Patent Office

1,778 Days
Field of Search

726/1, 726/11, 726/29, 726/3, 717/127, 715/764, 713/189, 713/168, 709/229, 709/227, 709/220, 705/59, 705/52, 455/502, 455/435.3, 455/423, 455/422.1, 455/500, 455/412.1, 455/414.1, 370/230, 370/229, 370/231, 370/235, 370/236, 370/252
US Class Current

370/230
CPC Class Codes

H04L 51/18   Commands or executable codes

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/30   Security of mobile devices;...

H04W 4/14   Short messaging services, e...

H04W 48/02   Access restriction performe...

H04W 8/22   Processing or transfer of t...

System and method for controlling mobile device access to a network

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling mobile device access to a network

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links