Attempted security breach remediation

US 9,544,306 B2
Filed: 10/29/2013
Issued: 01/10/2017
Est. Priority Date: 10/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a computing device, comprising:

defining, by an enterprise using a remote compliance server, a plurality of geofence boundaries of known suspicious locations;

creating, at the remote compliance server, a plurality of compliance rules that define;

restrictions for authenticating to the computing device within one of the plurality of geofence boundaries; and

restrictions that define a manner in which the computing device must be operated to gain access to resources of the enterprise, the computing device being a user device;

installing, at the computing device, an agent application configured to monitor operation of the computing device;

receiving, from the compliance server by the agent application executing on the computing device, the plurality of compliance rules;

receiving information regarding at least one authentication attempt;

determining, using at least one processor, based at least in part on the information regarding the at least one authentication attempt, whether the at least one authentication attempt comprises a suspected attempted security breach on the computing device; and

in an instance in which it is determined that the at least one authentication attempt comprises a suspected attempted security breach;

causing at least one recording to be captured via at least one recording device communicatively coupled to the at least one processor,causing at least a portion of the at least one recording to be compared against at least one database, the database comprising information regarding at least one person,transmitting a command to the agent application executing on the computing device to turn on a global positioning sensor on the computing device in response to determining that the at least one authentication attempt comprises a suspected attempted security breach;

determining whether the computing device is located within one of the defined geofence boundaries identifying a suspicious location, based on a location of the computing device determined using the global positioning sensor,transmitting the location of the computing device to the remote compliance server;

locking the computing device and initiating a countdown timer when the comparison indicates a suspected attempted security breach and when the computing device is within one of the defined geofence boundaries, andautomatically wiping data from the computing device when the countdown timer expires without completing a successful authentication attempt.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, apparatuses, and computer program products are provided for remediating suspected attempted security breaches. For example, a method is provided that includes receiving information regarding at least one authentication attempt and determining, based at least in part on the information regarding the at least one authentication attempt, whether the at least one authentication attempt comprises a suspected attempted security breach. The method further includes causing, in an instance in which it is determined that the at least one authentication attempt comprises a suspected attempted security breach, at least one recording to be captured via at least one recording device communicatively coupled to the at least one processor and causing at least a portion of the at least one recording to be compared against at least one database.

205 Citations

20 Claims

1. A method for controlling access to a computing device, comprising:
- defining, by an enterprise using a remote compliance server, a plurality of geofence boundaries of known suspicious locations;
  
  creating, at the remote compliance server, a plurality of compliance rules that define;
  
  restrictions for authenticating to the computing device within one of the plurality of geofence boundaries; and
  
  restrictions that define a manner in which the computing device must be operated to gain access to resources of the enterprise, the computing device being a user device;
  
  installing, at the computing device, an agent application configured to monitor operation of the computing device;
  
  receiving, from the compliance server by the agent application executing on the computing device, the plurality of compliance rules;
  
  receiving information regarding at least one authentication attempt;
  
  determining, using at least one processor, based at least in part on the information regarding the at least one authentication attempt, whether the at least one authentication attempt comprises a suspected attempted security breach on the computing device; and
  
  in an instance in which it is determined that the at least one authentication attempt comprises a suspected attempted security breach;
  
  causing at least one recording to be captured via at least one recording device communicatively coupled to the at least one processor,causing at least a portion of the at least one recording to be compared against at least one database, the database comprising information regarding at least one person,transmitting a command to the agent application executing on the computing device to turn on a global positioning sensor on the computing device in response to determining that the at least one authentication attempt comprises a suspected attempted security breach;
  
  determining whether the computing device is located within one of the defined geofence boundaries identifying a suspicious location, based on a location of the computing device determined using the global positioning sensor,transmitting the location of the computing device to the remote compliance server;
  
  locking the computing device and initiating a countdown timer when the comparison indicates a suspected attempted security breach and when the computing device is within one of the defined geofence boundaries, andautomatically wiping data from the computing device when the countdown timer expires without completing a successful authentication attempt.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein:
    - determining whether the authentication attempt comprises a suspected attempted security breach comprises;
      
      determining whether the failed authentication attempt exceeds a threshold number of failed authentication attempts.
  - 3. The method of claim 1, further comprising:
    - presenting an alternative authentication option to a user of the computing device when the recording indicates the user is an authorized user.
  - 4. The method of claim 1, wherein:
    - the authentication attempt comprises an attempt to obtain authorization to access a wrapped mobile application, the wrapped mobile application comprising stock functionality and wrapper-provided functionality; and
      
      determining whether the authentication attempt comprises a suspected attempted security breach comprises determining, via the wrapper-provided functionality, whether the authentication attempt comprises a suspected attempted security breach.
  - 5. The method of claim 1, wherein:
    - the at least one database comprising information regarding at least one person comprises a criminal database.
  - 6. The method of claim 1, wherein:
    - the at least one database comprising information regarding at least one person comprises an employee database.
  - 7. The method of claim 1, wherein:
    - causing at least a portion of the at least one recording to be compared against the at least one database comprises causing the at least one recording to be transmitted to a compliance server in communication with the at least one database.
  - 8. The method of claim 1, wherein:
    - the at least one recording comprises a photograph.
  - 9. The method of claim 1, wherein:
    - the at least one recording comprises biometric data.
  - 10. The method of claim 9, wherein:
    - the biometric data comprises fingerprint data.
  - 11. The method of claim 9, wherein:
    - the biometric data comprises iris image data.
  - 12. The method of claim 1, further comprising:
    - causing, following causing the at least a portion of the at least one recording to be compared against the at least one database, a remedial action to be performed, the remedial action having been determined based at least in part on at least one result of comparing the at least one recording against the at least one database.

13. An apparatus comprising at least one processor and at least one memory storing program code instructions, the at least one memory and program code instructions being configured to, with the at least one processor, direct the apparatus to at least:
- install an agent application configured to monitor operation of the apparatus;
  
  receive, from a remote compliance server by the agent application, a plurality of compliance rules defined by an enterprise and including;
  
  restrictions for authenticating to the apparatus within one of a plurality of geofence boundaries of known suspicious locations; and
  
  restrictions that define a manner in which the apparatus must be operated to gain access to resources of the enterprise, the apparatus being a user device;
  
  receive information regarding at least one authentication attempt;
  
  determine, based at least in part on the information regarding the at least one authentication attempt, whether the at least one authentication attempt comprises a suspected attempted security breach; and
  
  in an instance in which it is determined that the at least one authentication attempt comprises a suspected attempted security breach;
  
  cause at least one recording to be captured via at least one recording device communicatively coupled to the at least one processor,cause at least a portion of the at least one recording to be compared against at least one database, the database comprising information regarding at least one person,receive a command to turn on a global positioning sensor on the apparatus in response to determining that the at least one authentication attempt comprises a suspected attempted security breach,determine whether the apparatus is located within one of the defined geofences identifying a suspicious location, based on a location of the computing device determined using the global positioning sensor,cause a countdown timer to begin executing when the comparison indicates a suspected attempted security breach and when the apparatus is located within one of the defined geofence boundaries, andcause at least one remedial action to be automatically performed upon expiration of the countdown timer without completing a successful authentication attempt, the at least one remedial action having been determined based at least in part on at least one result of comparing the at least one recording against the at least one database.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13, wherein:
    - the authentication attempt comprises an attempt to obtain authorization to access at least one resource of a mobile device.
  - 15. The apparatus of claim 14, wherein:
    - the at least one remedial action comprises restricting access to at least a portion of the mobile device.
  - 16. The apparatus of claim 14, wherein:
    - the at least one remedial action comprises activating at least one location service of the mobile device.
  - 17. The apparatus of claim 14, wherein:
    - the at least one remedial action comprises deleting data stored in a memory of the mobile device.
  - 18. The apparatus of claim 13, wherein:
    - the at least one remedial action is further determined based at least in part on one or more remedial action rules.
  - 19. The apparatus of claim 18, wherein:
    - the at least one remedial action is further determined based at least in part on contextual information.

20. A computer program product comprising a non-transitory computer-readable storage medium having program code portions embodied therein, the program code portions being configured to, upon execution, direct an apparatus to at least define, by an enterprise using a remote compliance server, a plurality of geofence boundaries of known suspicious locations;
- create, at the remote compliance server, a plurality of compliance rules that define;
  
  restrictions for authenticating to the computing device within one of the plurality of geofence boundaries; and
  
  restrictions that define a manner in which the computing device must be operated to gain access to resources of the enterprise, the computing device being a user device;
  
  install, at the computing device, an agent application configured to monitor operation of the computing device;
  
  receive, from the compliance server by the agent application executing on the computing device, the plurality of compliance rules;
  
  receive information regarding at least one authentication attempt;
  
  determine, using at least one processor, based at least in part on the information regarding the at least one authentication attempt, whether the at least one authentication attempt comprises a suspected attempted security breach on the computing device; and
  
  in an instance in which it is determined that the at least one authentication attempt comprises a suspected attempted security breach;
  
  cause at least one recording to be captured via at least one recording device communicatively coupled to the at least one processor, cause at least a portion of the at least one recording to be compared against at least one database, the database comprising information regarding at least one person, transmit a command to the agent application executing on the computing device to turn on a global positioning sensor on the computing device in response to determining that the at least one authentication attempt comprises a suspected attempted security breach;
  
  determine whether the computing device is located within one of the defined geofence boundaries identifying a suspicious location, based on a location of the computing device determined using the global positioning sensor, transmit the location of the computing device to the remote compliance server;
  
  lock the computing device and initiate a countdown timer when the comparison indicates a suspected attempted security breach and when the computing device is within one of the defined geofence boundaries, and automatically wipe data from the computing device when the countdown timer expires without completing a successful authentication attempt.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Brannon, Jonathan Blake
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
CORUM JR, WILLIAM A

Application Number

US14/062,309
Publication Number

US 20140053238A1
Time in Patent Office

1,169 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/45   Structures or tools for the...

G06F 21/55   Detecting local intrusion o...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

H04L 9/3231   Biological data, e.g. finge...

Attempted security breach remediation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

205 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Attempted security breach remediation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others