System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
First Claim
Patent Images
1. A method, comprising:
- collecting, from a source, information characterizing attributes of a mobile device at a particular instance;
based on the collected information, determining, using at least one processor device, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, the identity status corresponding to a set of the attributes characterized in the collected information, the set of attributes including at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, wherein the static attribute is a fixed attribute of the mobile device and relates to a physical device identification of the mobile device, and the dynamic attribute is a changeable attribute of the mobile device and relates to a security policy for the mobile device;
determining a particular security profile based on the identity status of the mobile device, wherein the particular security profile corresponds to the attributes of the mobile device at the particular instance and includes;
a first parameter identifying, for the mobile device, that at least one resource internal to the mobile device is unauthorized, anda second parameter identifying, for the mobile device, that at least one resource external to the mobile device is unauthorized; and
applying the security profile to the mobile device, wherein collected information characterizing attributes of the mobile device at a second instance is used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is used to determine that a second security profile is to be applied to the mobile device at the second instance based on the second identity status.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method for enforcing security parameters that collects information from a source relating to a mobile device (104). Based on the collected information, an identity status for the mobile device (104) is determined that uniquely identifies the mobile device (104) and distinguishes it from other mobile devices. The identity status of the mobile device (104) can be determined when the mobile device (104) connects to a computing node source (102) or when the mobile device (104) accesses a resource (124) within the network. A security profile based on the identity status of the mobile device (104) is generated and the security profile is applied to the mobile device (104).
202 Citations
19 Claims
-
1. A method, comprising:
-
collecting, from a source, information characterizing attributes of a mobile device at a particular instance; based on the collected information, determining, using at least one processor device, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, the identity status corresponding to a set of the attributes characterized in the collected information, the set of attributes including at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, wherein the static attribute is a fixed attribute of the mobile device and relates to a physical device identification of the mobile device, and the dynamic attribute is a changeable attribute of the mobile device and relates to a security policy for the mobile device; determining a particular security profile based on the identity status of the mobile device, wherein the particular security profile corresponds to the attributes of the mobile device at the particular instance and includes; a first parameter identifying, for the mobile device, that at least one resource internal to the mobile device is unauthorized, and a second parameter identifying, for the mobile device, that at least one resource external to the mobile device is unauthorized; and applying the security profile to the mobile device, wherein collected information characterizing attributes of the mobile device at a second instance is used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is used to determine that a second security profile is to be applied to the mobile device at the second instance based on the second identity status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
using at least one processor device to collect information from a plurality of different mobile devices, wherein the information characterizes attributes of the plurality of different mobile devices including one or more static attributes of the mobile devices and one or more dynamic attributes of the mobile devices, wherein each static attribute is a fixed attribute and relates to a physical device identification of the mobile devices, and each dynamic attribute is a changeable attribute and relates to a security policy for the mobile devices; determining, for each of the plurality of different mobile devices, a respective identity status, wherein each identity status is determined based on at least a portion of the collected information, is unique to the corresponding mobile device distinguishing it from other mobile devices in the plurality of mobile devices, and corresponds to to one or more of the attributes characterized in the collected information, wherein a first identity status of a particular one of the plurality of different mobile devices is determined at a first instance; applying security rules to the different mobile devices in accordance with corresponding device parameters contained in a security signature file; determining a second identity status of the particular mobile device unique to the particular mobile device and corresponding to collected information characterizing attributes of the particular mobile device at the second instance; detecting a change in at least one of the device parameters of the particular mobile device from the second identity status; and modifying the security rules applied to the particular mobile device at a computing node in accordance with one or more device parameters of an updated security signature file, wherein the security policy includes a first parameter associated with a first unauthorized resource in the particular mobile device, and a second parameter associated with a second unauthorized resource external to the particular mobile device. - View Dependent Claims (17)
-
-
18. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
collect, from a source, information characterizing attributes of a mobile device at a particular instance; determine, based at least in part on the collected information, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, wherein the identity status is to correspond to a set of the attributes characterized in the collected information, the set of attributes is to include at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, the static attribute is to be a fixed attribute of the mobile device and relate to a physical device identification of the mobile device, and the dynamic attribute is to be a changeable attribute of the mobile device and relate to a security policy for the mobile device; determine a particular security profile based on the identity status of the mobile device, wherein the particular security profile is to correspond to the attributes of the mobile device at the particular instance and include; a first parameter to identify, for the mobile device, that at least one resource internal to the mobile device is unauthorized, and a second parameter to identify, for the mobile device, that at least one resource external to the mobile device is unauthorized; and apply the security profile to the mobile device, wherein information characterizing attributes of the mobile device at a second instance is to be used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is to be used to determine that a second security profile is to be applied to the mobile device at the second instance based at least in part on the second identity status.
-
-
19. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
collect information from a plurality of different mobile devices, wherein the information is to characterize attributes of the plurality of different mobile devices including one or more static attributes of the mobile devices and one or more dynamic attributes of the mobile devices, wherein each static attribute is to be a fixed attribute and relate to a physical device identification of the mobile devices, and each dynamic attribute is to be a changeable attribute and relate to a security policy for the mobile devices; determine, for each of the plurality of different mobile devices, a respective identity status, wherein each identity status is to be determined based on at least a portion of the collected information, is to be unique to the corresponding mobile device distinguishing it from other mobile devices in the plurality of mobile devices, and correspond to to one or more of the attributes characterized in the collected information, wherein a first identity status of a particular one of the plurality of different mobile devices is to be determined at a first instance; apply security rules to the different mobile devices in accordance with corresponding device parameters contained in a security signature file; determine a second identity status of the particular mobile device that is to be unique to the particular mobile device and correspond to collected information that characterizes attributes of the particular mobile device at the second instance; detect a change in at least one of the device parameters of the particular mobile device from the second identity status; and modify the security rules applied to the particular mobile device at a computing node in accordance with one or more device parameters of an updated security signature file, wherein the security policy is to include a first parameter associated with a first unauthorized resource in the particular mobile device, and a second parameter associated with a second unauthorized resource external to the particular mobile device.
-
Specification