Cloud based mobile device security and policy enforcement

US 9,119,017 B2
Filed: 09/23/2011
Issued: 08/25/2015
Est. Priority Date: 03/18/2011
Status: Active Grant

First Claim

Patent Images

1. A cloud based security method for a mobile device, comprising:

providing a mobile configuration to the mobile device, the mobile configuration configured to provide communications between the mobile device and external network through a cloud based system that is in an external network relative to both the mobile device and the external network;

receiving communications associated with the mobile device and the external network in the cloud based system;

analyzing the communications associated with the mobile device for policy and security compliance therewith in the cloud based system utilizing one or more data inspection engines to classify content of the communications; and

blocking, in the cloud based system, the communications to or from the mobile device before the communications reach either the mobile device or the external network based on a violation of the policy and security compliance responsive to the classification of the content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to cloud based mobile device security and policy systems and methods to use the “cloud” to pervasively enforce security and policy on mobile devices. The cloud based mobile device security and policy systems and methods provide uniformity in securing mobile devices for small to large organizations. The cloud based mobile device security and policy systems and methods may enforce one or more policies for users wherever and whenever the users are connected across a plurality of different devices including mobile devices. This solution ensures protection across different types, brands, operating systems, etc. for smartphones, tablets, netbooks, mobile computers, and the like.

36 Citations

View as Search Results

19 Claims

1. A cloud based security method for a mobile device, comprising:
- providing a mobile configuration to the mobile device, the mobile configuration configured to provide communications between the mobile device and external network through a cloud based system that is in an external network relative to both the mobile device and the external network;
  
  receiving communications associated with the mobile device and the external network in the cloud based system;
  
  analyzing the communications associated with the mobile device for policy and security compliance therewith in the cloud based system utilizing one or more data inspection engines to classify content of the communications; and
  
  blocking, in the cloud based system, the communications to or from the mobile device before the communications reach either the mobile device or the external network based on a violation of the policy and security compliance responsive to the classification of the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19)
- - 2. The cloud based security method of claim 1, further comprising:
    - if the communications from the mobile device are blocked, providing a notification of the blocking to the mobile device, the notification providing a reason for the blocking.
  - 3. The cloud based security method of claim 1, further comprising:
    - receiving communications from the external network for the mobile device;
      
      analyzing the communications from the external network for policy and security compliance therewith; and
      
      blocking the communications from the external network based on a violation of the policy and security compliance.
  - 4. The cloud based security method of claim 3, further comprising:
    - if the communications from the external network are blocked, providing a notification of the blocking to the mobile device, the notification providing a reason for the blocking.
  - 5. The cloud based security method of claim 1, further comprising:
    - providing the mobile configuration to the mobile device via a two dimensional bar code input into the mobile device.
  - 6. The cloud based security method of claim 1, further comprising:
    - receiving communications from the mobile device for the external network over a Virtual Private Network (VPN).
  - 7. The cloud based security method of claim 1, further comprising:
    - receiving communications from the mobile device for the external network over a Secure Socket Layer (SSL) Virtual Private Network (VPN).
  - 8. The cloud based security method of claim 1, further comprising:
    - defining policy for one or more users associated with the cloud based system, wherein the policy is enforced based on the one or more users and not on an underlying device of the one or more users.
  - 9. The cloud based security method of claim 1, further comprising:
    - aggregating events based on the filtering in a log.
  - 18. The cloud based security method of claim 1, further comprising:
    - performing the receiving, analyzing, and blocking continuously for real-time inspection of the communications of mobile device data transactions while not impacting performance of the mobile device and performing independent of a platform associated with the mobile device.
  - 19. The cloud based security method of claim 1, further comprising:
    - emulating, by cloud based system, a configuration server to the mobile device to form a corresponding association with the mobile device, wherein the mobile device comprises a corresponding association with an enterprise server that also is configured to provide configuration thereto.

10. A mobile device, comprising:
- a network interface configured to connect to a wireless network;
  
  memory; and
  
  a processor, the network interface, the memory, and the processor are communicatively coupled therebetween;
  
  wherein the processor with the network interface and the memory is configured to;
  
  connect to a cloud based security system over the wireless network, wherein the cloud based security system is in an external network relative to both the mobile device and the wireless network;
  
  communicate data with an external network interface through the cloud based security system, wherein the cloud based security system monitors the data between the mobile device and the external network for analysis utilizing one or more data inspection engines to classify content of the data; and
  
  receive notifications of content blocking of the data from the cloud based security system based on security and policy violations responsive to the classification of the content, wherein the content blocking is before the data either reaches the mobile device or the wireless network.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The mobile device of claim 10, wherein the notifications comprise a reason for content blocking.
  - 12. The mobile device of claim 10, further comprising:
    - an input device, wherein the input device is configured to receive a two dimensional bar code for a mobile device configuration profile.
  - 13. The mobile device of claim 10, wherein the network interface connects to the cloud based security system over an Internet Protocol security (IPSec) Virtual Private Network (VPN).
  - 14. The mobile device of claim 10, wherein the network interface connects to the cloud based security system over Secure Socket Layer (SSL) Virtual Private Network (VPN).

15. A cloud network configured to perform mobile device security and policy enforcement, comprising:
- a plurality of cloud nodes communicatively coupled to a network, each of the plurality of cloud nodes is configured to;
  
  communicate with a mobile device, wherein the cloud based security system is in an external network relative to both the mobile device and the network;
  
  monitor communications to and from the mobile device;
  
  analyze the communications utilizing one or more data inspection engines to classify content of the communications; and
  
  perform mobile device policy and security enforcement of the mobile device while concurrently providing access to the network, wherein the mobile device policy and security enforcement based on the classification of the content, wherein the mobile device policy and security enforcement is before the communications reach either the mobile device or the network.
- View Dependent Claims (16, 17)
- - 16. The cloud network of claim 15, wherein the mobile device connects to one of the cloud nodes over an Internet Protocol security (IPSec) Virtual Private Network (VPN).
  - 17. The cloud network of claim 15, wherein the mobile device connects to one of the cloud nodes over a Secured Socket Layer (SSL) Virtual Private Network (VPN).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
Sinha, Amit
Primary Examiner(s)
Katsikis, Kostas

Application Number

US13/243,807
Publication Number

US 20120240183A1
Time in Patent Office

1,432 Days
Field of Search

709/223, 709/224
US Class Current

1/1
CPC Class Codes

H04L 63/104   Grouping of entities

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

H04W 12/128   Anti-malware arrangements, ...

H04W 4/60   Subscription-based services...

Cloud based mobile device security and policy enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Cloud based mobile device security and policy enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others