On device policy enforcement to secure open platform via network and open network
First Claim
1. A method of using policy enforcement for securing open devices and networks, the method comprising:
- monitoring, by a policy enforcer executing on a mobile device, an integrity of the policy enforcer;
determining, by the policy enforcer executing on the mobile device, if the policy enforcer has been compromised;
in response to determining that the policy enforcer has not been compromised, allowing, by the policy enforcer executing on the mobile device, the mobile device to access a network;
accessing, by the policy enforcer executing on the mobile device, a policy database storing a plurality of policies configured to enforce network integrity on the network providing a plurality of services, the plurality of services including at least a cellular communication service, and an Internet service;
retrieving, by the policy enforcer executing on the mobile device, the plurality of policies from the policy database;
monitoring, at random intervals by the policy enforcer executing on the mobile device, programs, services, O/S, firmware, drivers, hardware, and peripherals running on the mobile device;
based on at least one of the plurality of policies, comparing, by the policy enforcer executing on the mobile device, the programs, the services, the O/S, the firmware, the drivers, the hardware, and the peripherals running on the mobile device against programs, services, O/S, firmware, drivers, hardware, and peripherals allowed by the at least one of the plurality of policies; and
based on the comparison and in response to determining, by the policy enforcer executing on the mobile device, that the mobile device is running one or more programs, services, O/S, firmware, drivers, hardware, and peripherals not allowed by the at least one of the plurality of policies, prohibiting, by the policy enforcer executing on the mobile device, access of the mobile device to one or more services of the plurality of services provided by the network based on the at least one of the plurality of policies; and
implementing a mitigation process while continuing to allow the mobile device to access the network and one or more other services of the plurality of services provided by the network based on the at least one of the plurality of policies.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide methods and systems for using policy enforcement for securing open devices and networks. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity and monitoring programs and/or services running on a device. The method further includes based on at least one of the plurality of policies, comparing the programs and/or services running on the device against the programs and/or services allowed by the at least one of the plurality of policies, and based on the comparison, determining that the device is running at least one program and/or service disallowed by the at least one policy. Further, the method includes in response, prohibiting access of the device to the network.
-
Citations
17 Claims
-
1. A method of using policy enforcement for securing open devices and networks, the method comprising:
-
monitoring, by a policy enforcer executing on a mobile device, an integrity of the policy enforcer; determining, by the policy enforcer executing on the mobile device, if the policy enforcer has been compromised; in response to determining that the policy enforcer has not been compromised, allowing, by the policy enforcer executing on the mobile device, the mobile device to access a network; accessing, by the policy enforcer executing on the mobile device, a policy database storing a plurality of policies configured to enforce network integrity on the network providing a plurality of services, the plurality of services including at least a cellular communication service, and an Internet service; retrieving, by the policy enforcer executing on the mobile device, the plurality of policies from the policy database; monitoring, at random intervals by the policy enforcer executing on the mobile device, programs, services, O/S, firmware, drivers, hardware, and peripherals running on the mobile device; based on at least one of the plurality of policies, comparing, by the policy enforcer executing on the mobile device, the programs, the services, the O/S, the firmware, the drivers, the hardware, and the peripherals running on the mobile device against programs, services, O/S, firmware, drivers, hardware, and peripherals allowed by the at least one of the plurality of policies; and based on the comparison and in response to determining, by the policy enforcer executing on the mobile device, that the mobile device is running one or more programs, services, O/S, firmware, drivers, hardware, and peripherals not allowed by the at least one of the plurality of policies, prohibiting, by the policy enforcer executing on the mobile device, access of the mobile device to one or more services of the plurality of services provided by the network based on the at least one of the plurality of policies; and implementing a mitigation process while continuing to allow the mobile device to access the network and one or more other services of the plurality of services provided by the network based on the at least one of the plurality of policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for policy enforcement for securing open devices and networks, the system comprising:
-
a network providing a plurality of services, the plurality of services including at least a cellular communication service, and an Internet service; a mobile device communicatively coupled with the network and configured to execute programs and access files; a policy enforcer executing on the mobile device, the policy enforcer configured to; monitor an integrity of the policy enforcer; determine if the policy enforcer has been compromised; in response to determining that the policy enforcer has not been compromised, allow the mobile device to access the network; access a policy database storing a plurality of policies configured to enforce network integrity; retrieve the plurality of policies from the policy database; monitor at random intervals programs, services, O/S, firmware, drivers, hardware, and peripherals running on the mobile device; based on at least one of the plurality of policies, compare the programs, services, O/S, firmware, drivers, hardware, and peripherals running on the mobile device against programs, services, O/S, firmware, drivers, hardware, and peripherals allowed by the at least one of the plurality of policies; based on the comparison and in response to determining that the mobile device is running one or more programs, services, O/S, firmware, drivers, hardware, and peripherals not allowed by the at least one of the plurality of policies, prohibiting, by the policy enforcer executing on the mobile device, access of the mobile device to one or more services of the plurality of services provided by the network based on the at least one of the plurality of policies; and implementing a mitigation process while continuing to allow the mobile device to access to the network and one or more other services of the plurality of services provided by the network based on the at least one of the plurality of policies; and a network provider in connection with the policy enforcer, the network provider configured to receive from the policy enforcer a request to deny access to the one or more services of the network, and implement denial of access to the one or more services of the network to the mobile device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory machine-readable medium including sets of instructions stored thereon for using policy enforcement for securing open devices and networks which, when executed by a machine, causes the machine to:
-
monitor, by a policy enforcer executing on a mobile device, an integrity of the policy enforcer; determine, by the policy enforcer executing on the mobile device, if the policy enforcer has been compromised; in response to determining that the policy enforcer has not been compromised, allow, by the policy enforcer executing on the mobile device, the mobile device to access a network; access, by the policy enforcer executing on the mobile device, a policy database storing a plurality of policies configured to enforce network integrity on the network providing a plurality of services, the plurality of services including at least a cellular communication service, and an Internet service; retrieve, by the policy enforcer executing on the mobile device, the plurality of policies from the policy database; monitor, at random intervals by the policy enforcer executing on the mobile device, programs, services, O/S, firmware, drivers, hardware, and peripherals running on the mobile device; based on at least one of the plurality of policies, compare, by the policy enforcer executing on the mobile device, the programs, the services, the O/S, the firmware, the drivers, the hardware, and the peripherals running on the mobile device against programs, services, O/S, firmware, drivers, hardware, and peripherals allowed by the at least one of the plurality of policies; based on the comparison and in response to determining, by the policy enforcer executing on the mobile device, that the mobile device is running one or more programs, services, O/S, firmware, drivers, hardware, and peripherals not allowed by the at least one of the plurality of policies prohibiting, by the policy enforcer executing on the mobile device, access of the mobile device to one or more services of the plurality of services provided by the network based on the at least one of the plurality of policies; and implementing a mitigation process while continuing to allow the mobile device to access to the network and one or more other services of the plurality of services provided by the network based on the at least one of the plurality of policies.
-
Specification