System and method for enforcing a security policy on mobile devices using dynamically generated security profiles

US 8,635,661 B2
Filed: 12/22/2004
Issued: 01/21/2014
Est. Priority Date: 12/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

collecting, from a source, information characterizing attributes of a mobile device at a particular instance;

based on the collected information, determining, using at least one processor device, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, the identity status corresponding to a set of the attributes characterized in the collected information, the set of attributes including at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, wherein the static attribute is a fixed attribute of the mobile device and relates to a physical device identification of the mobile device, and the dynamic attribute is a changeable attribute of the mobile device and relates to a security policy for the mobile device;

determining a particular security profile based on the identity status of the mobile device, wherein the particular security profile corresponds to the attributes of the mobile device at the particular instance and includes;

a first parameter identifying, for the mobile device, that at least one resource internal to the mobile device is unauthorized, anda second parameter identifying, for the mobile device, that at least one resource external to the mobile device is unauthorized; and

applying the security profile to the mobile device, wherein collected information characterizing attributes of the mobile device at a second instance is used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is used to determine that a second security profile is to be applied to the mobile device at the second instance based on the second identity status.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enforcing security parameters that collects information from a source relating to a mobile device (104). Based on the collected information, an identity status for the mobile device (104) is determined that uniquely identifies the mobile device (104) and distinguishes it from other mobile devices. The identity status of the mobile device (104) can be determined when the mobile device (104) connects to a computing node source (102) or when the mobile device (104) accesses a resource (124) within the network. A security profile based on the identity status of the mobile device (104) is generated and the security profile is applied to the mobile device (104).

202 Citations

19 Claims

1. A method, comprising:
- collecting, from a source, information characterizing attributes of a mobile device at a particular instance;
  
  based on the collected information, determining, using at least one processor device, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, the identity status corresponding to a set of the attributes characterized in the collected information, the set of attributes including at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, wherein the static attribute is a fixed attribute of the mobile device and relates to a physical device identification of the mobile device, and the dynamic attribute is a changeable attribute of the mobile device and relates to a security policy for the mobile device;
  
  determining a particular security profile based on the identity status of the mobile device, wherein the particular security profile corresponds to the attributes of the mobile device at the particular instance and includes;
  
  a first parameter identifying, for the mobile device, that at least one resource internal to the mobile device is unauthorized, anda second parameter identifying, for the mobile device, that at least one resource external to the mobile device is unauthorized; and
  
  applying the security profile to the mobile device, wherein collected information characterizing attributes of the mobile device at a second instance is used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is used to determine that a second security profile is to be applied to the mobile device at the second instance based on the second identity status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the source is at least one of an internal source to the mobile device or external source to the mobile device.
  - 3. The method of claim 2, wherein the source is a back-up source.
  - 4. The method of claim 1, wherein the identity status of the mobile device is determined internal to the mobile device or external to the mobile device.
  - 5. The method of claim 1, wherein the static attribute of the mobile device comprises an attribute relating to at least one of device manufacturer, device model number, device serial number, input-output port, and a device capability.
  - 6. The method of claim 1, wherein the dynamic attribute of the mobile device comprises an attribute that relates to at least one of installed operating system, application, attached peripheral, usage pattern, historical activity, synchronization, location, network, communication link, domain, and a connection attribute between the mobile device and computing node.
  - 7. The method of claim 1, wherein the device security profile includes a parameter relating to at least one of protection of the mobile device, restriction on use of a resource, and configuration of a resource.
  - 8. The method of claim 1, wherein the identity status of the mobile device is determined when the mobile device connects to a computing node source or when the mobile device accesses a resource.
  - 9. The method of claim 1, further including controlling the mobile device according to a parameter in the particular security profile that relates to an unauthorized resource in the mobile device.
  - 10. The method of claim 9, wherein controlling the mobile device comprises at least one of deleting the unauthorized resource, hard or soft resetting the mobile device, locking the mobile device, preventing the unauthorized resource from running on the mobile device, deleting one or more files that are associated with the unauthorized resource, and hiding the unauthorized resource.
  - 11. The method of claim 1, further including controlling the mobile device according to a parameter that relates to an unauthorized external resource.
  - 12. The method of claim 11, wherein the unauthorized external resource comprises at least one of a computing node resource, an external application program, and an external database.
  - 13. The method of claim 1, wherein corresponding device security profiles for different identity statuses of the mobile device are administered by a security policy engine.
  - 14. The method of claim 1, wherein the particular security profile is transferred to the mobile device after access to the computing node is granted.
  - 15. The method of claim 14, wherein the particular security profile is transferred wirelessly.

16. A method, comprising:
- using at least one processor device to collect information from a plurality of different mobile devices, wherein the information characterizes attributes of the plurality of different mobile devices including one or more static attributes of the mobile devices and one or more dynamic attributes of the mobile devices, wherein each static attribute is a fixed attribute and relates to a physical device identification of the mobile devices, and each dynamic attribute is a changeable attribute and relates to a security policy for the mobile devices;
  
  determining, for each of the plurality of different mobile devices, a respective identity status, wherein each identity status is determined based on at least a portion of the collected information, is unique to the corresponding mobile device distinguishing it from other mobile devices in the plurality of mobile devices, and corresponds to to one or more of the attributes characterized in the collected information, wherein a first identity status of a particular one of the plurality of different mobile devices is determined at a first instance;
  
  applying security rules to the different mobile devices in accordance with corresponding device parameters contained in a security signature file;
  
  determining a second identity status of the particular mobile device unique to the particular mobile device and corresponding to collected information characterizing attributes of the particular mobile device at the second instance;
  
  detecting a change in at least one of the device parameters of the particular mobile device from the second identity status; and
  
  modifying the security rules applied to the particular mobile device at a computing node in accordance with one or more device parameters of an updated security signature file,wherein the security policy includes a first parameter associated with a first unauthorized resource in the particular mobile device, and a second parameter associated with a second unauthorized resource external to the particular mobile device.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein the one or more device parameters comprise at least one of a serial number, security settings, manufacturer, and a model number.

18. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- collect, from a source, information characterizing attributes of a mobile device at a particular instance;
  
  determine, based at least in part on the collected information, an identity status for the mobile device that is unique to the mobile device and distinguishes it from other mobile devices in a set of mobile devices, wherein the identity status is to correspond to a set of the attributes characterized in the collected information, the set of attributes is to include at least one static attribute of the mobile device and at least one dynamic attribute of the mobile device, the static attribute is to be a fixed attribute of the mobile device and relate to a physical device identification of the mobile device, and the dynamic attribute is to be a changeable attribute of the mobile device and relate to a security policy for the mobile device;
  
  determine a particular security profile based on the identity status of the mobile device, wherein the particular security profile is to correspond to the attributes of the mobile device at the particular instance and include;
  
  a first parameter to identify, for the mobile device, that at least one resource internal to the mobile device is unauthorized, anda second parameter to identify, for the mobile device, that at least one resource external to the mobile device is unauthorized; and
  
  apply the security profile to the mobile device, wherein information characterizing attributes of the mobile device at a second instance is to be used to determine a second identity status for the mobile device that is unique to the mobile device, corresponds to the attributes of the mobile device at the second instance, and is to be used to determine that a second security profile is to be applied to the mobile device at the second instance based at least in part on the second identity status.

19. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- collect information from a plurality of different mobile devices, wherein the information is to characterize attributes of the plurality of different mobile devices including one or more static attributes of the mobile devices and one or more dynamic attributes of the mobile devices, wherein each static attribute is to be a fixed attribute and relate to a physical device identification of the mobile devices, and each dynamic attribute is to be a changeable attribute and relate to a security policy for the mobile devices;
  
  determine, for each of the plurality of different mobile devices, a respective identity status, wherein each identity status is to be determined based on at least a portion of the collected information, is to be unique to the corresponding mobile device distinguishing it from other mobile devices in the plurality of mobile devices, and correspond to to one or more of the attributes characterized in the collected information, wherein a first identity status of a particular one of the plurality of different mobile devices is to be determined at a first instance;
  
  apply security rules to the different mobile devices in accordance with corresponding device parameters contained in a security signature file;
  
  determine a second identity status of the particular mobile device that is to be unique to the particular mobile device and correspond to collected information that characterizes attributes of the particular mobile device at the second instance;
  
  detect a change in at least one of the device parameters of the particular mobile device from the second identity status; and
  
  modify the security rules applied to the particular mobile device at a computing node in accordance with one or more device parameters of an updated security signature file,wherein the security policy is to include a first parameter associated with a first unauthorized resource in the particular mobile device, and a second parameter associated with a second unauthorized resource external to the particular mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Shahbazi, Majid
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US11/578,420
Publication Number

US 20070143824A1
Time in Patent Office

3,317 Days
Field of Search

726/1, 726/26, 380/270, 455/410
US Class Current

726/1
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04W 12/06   Authentication

H04W 12/08   Access security

System and method for enforcing a security policy on mobile devices using dynamically generated security profiles

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enforcing a security policy on mobile devices using dynamically generated security profiles

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links