Controlling enterprise access by mobile devices
First Claim
Patent Images
1. A system comprising:
- a component running on a device and configured to transfer device data of the device into at least one server;
at least one component running on a hardware processor of the at least one server and receiving vulnerability data of a national database comprising a plurality of vulnerabilities of a set of processing components hosted on the device and included in the device data, wherein each vulnerability is represented by a severity rating;
wherein the at least one component generates a mapping between the device data and the vulnerability data, and uses the mapping to identify in the device data a set of vulnerabilities that corresponds to the set of processing components hosted on the device;
wherein the at least one component generates a severity score for each vulnerability of each processing component using a formula D=(i2÷
6)−
((2·
i)÷
3), wherein variable D represents the severity score and variable i represents the severity rating of the vulnerability, and generates a trust score for the device by combining the severity score of each vulnerability and adjusting a base score using the combined severity scores of each vulnerability, wherein access by the device to an enterprise is granted based on the trust score.
6 Assignments
0 Petitions
Accused Products
Abstract
A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score.
-
Citations
60 Claims
-
1. A system comprising:
-
a component running on a device and configured to transfer device data of the device into at least one server; at least one component running on a hardware processor of the at least one server and receiving vulnerability data of a national database comprising a plurality of vulnerabilities of a set of processing components hosted on the device and included in the device data, wherein each vulnerability is represented by a severity rating; wherein the at least one component generates a mapping between the device data and the vulnerability data, and uses the mapping to identify in the device data a set of vulnerabilities that corresponds to the set of processing components hosted on the device; wherein the at least one component generates a severity score for each vulnerability of each processing component using a formula D=(i2÷
6)−
((2·
i)÷
3), wherein variable D represents the severity score and variable i represents the severity rating of the vulnerability, and generates a trust score for the device by combining the severity score of each vulnerability and adjusting a base score using the combined severity scores of each vulnerability, wherein access by the device to an enterprise is granted based on the trust score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method comprising:
-
transferring device data of a device into at least one server from a component running on the device; at least one application running on at least one hardware processor of a server, the at least one application, receiving vulnerability data of a national database comprising a plurality of vulnerabilities of a set of processing components hosted on the device and included in the device data, wherein each vulnerability is represented by a severity rating; generating a mapping between the device data and the vulnerability data and, using the mapping, identifying in the device data a set of vulnerabilities that corresponds to the set of processing components hosted on the device; selecting a base score corresponding to a highest trust level; generating a deduction for each vulnerability of each processing component using a formula D=(i2÷
6)−
((2·
i)÷
3), wherein variable D represents the deduction and variable i represents the severity rating of the vulnerability;generating a trust score for the device by combining the deductions of each vulnerability and applying to the base score the combined deductions corresponding to the set of vulnerabilities; and controlling access by the device to an enterprise based on the trust score. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification