Security policy enforcement for mobile devices based on device state

US 9,705,919 B1
Filed: 07/30/2013
Issued: 07/11/2017
Est. Priority Date: 07/12/2013
Status: Active Grant

First Claim

Patent Images

1. A system for a security device that provides network-based security for mobile devices based on device state, comprising:

a processor configured to;

receive a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, wherein the HIP report includes device state information for the mobile device, and wherein the HIP report for the mobile device includes configuration information of the mobile device, the configuration information of the mobile device including a list of installed malware apps;

apply a policy based on the HIP report for the mobile device, comprising to;

compare a first app included in the list of installed malware apps with a second app in an exclude list; and

in the event that the first app included in the list of installed malware apps matches with the second app in the exclude list, omit applying the policy; and

perform access control at the security device based on the policy based on the HIP report for the mobile device; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for network-based security for mobile devices based on device state are disclosed. In some embodiments, network-based security for mobile devices based on device state includes receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, in which the HIP report includes device state information for the mobile device; applying a policy based on the HIP report for the mobile device and the device state; and performing access control at the security device based on the policy based on the HIP report for the mobile device.

50 Citations

View as Search Results

21 Claims

1. A system for a security device that provides network-based security for mobile devices based on device state, comprising:
- a processor configured to;
  
  receive a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, wherein the HIP report includes device state information for the mobile device, and wherein the HIP report for the mobile device includes configuration information of the mobile device, the configuration information of the mobile device including a list of installed malware apps;
  
  apply a policy based on the HIP report for the mobile device, comprising to;
  
  compare a first app included in the list of installed malware apps with a second app in an exclude list; and
  
  in the event that the first app included in the list of installed malware apps matches with the second app in the exclude list, omit applying the policy; and
  
  perform access control at the security device based on the policy based on the HIP report for the mobile device; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
- - 2. The system recited in claim 1, wherein the security device includes a firewall.
  - 3. The system recited in claim 1, wherein the security device comprises an access gateway.
  - 4. The system recited in claim 1, wherein the HIP report for the mobile device further includes one or more of the following device state information:
    - a type of the mobile device and software installed on the mobile device.
  - 5. The system recited in claim 1, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes allowing access to an enterprise resource.
  - 6. The system recited in claim 1, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes denying access to an enterprise network.
  - 7. The system recited in claim 1, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes allowing restricted access to an enterprise network.
  - 21. The system recited in claim 1, wherein the list of installed malware apps is identified by a cloud security service.

8. A method for a security device that provides network-based security for mobile devices based on device state, comprising:
- receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, wherein the HIP report includes device state information for the mobile device, and wherein the HIP report for the mobile device includes configuration information of the mobile device, the configuration information of the mobile device including a list of installed malware apps;
  
  applying a policy based on the HIP report for the mobile device;
  
  device, comprising;
  
  comparing a first app included in the list of installed malware apps with a second app in an exclude list; and
  
  in the event that the first app included in the list of installed malware apps matches with the second app in the exclude list, omitting applying the policy; and
  
  performing access control at the security device based on the policy based on the HIP report for the mobile device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method recited in claim 8, wherein the security device includes a firewall.
  - 10. The method recited in claim 8, wherein the security device comprises an access gateway.
  - 11. The method recited in claim 8, wherein the HIP report for the mobile device further includes one or more of the following device state information:
    - a type of the mobile device and software installed on the mobile device.
  - 12. The method recited in claim 8, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes allowing access to an enterprise resource.
  - 13. The method recited in claim 8, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes denying access to an enterprise network.
  - 14. The method recited in claim 8, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes allowing restricted access to an enterprise network.

15. A computer program product for a security device that provides network-based security for mobile devices based on device state, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- receiving a Host Information Profile (HIP) report for a mobile device from a mobile device management (MDM) service at the security device, wherein the HIP report includes device state information for the mobile device, and wherein the HIP report for the mobile device includes configuration information of the mobile device, the configuration information of the mobile device including a list of installed malware apps;
  
  applying a policy based on the HIP report for the mobile device, comprising;
  
  comparing a first app included in the list of installed malware apps with a second app in an exclude list; and
  
  in the event that the first app included in the list of installed malware apps matches with the second app in the exclude list, omitting applying the policy; and
  
  performing access control at the security device based on the policy based on the HIP report for the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product recited in claim 15, wherein the security device includes a firewall.
  - 17. The computer program product recited in claim 15, wherein the security device comprises an access gateway.
  - 18. The computer program product recited in claim 15, wherein the HIP report for the mobile device further includes one or more of the following device state information:
    - a type of the mobile device and software installed on the mobile device.
  - 19. The computer program product recited in claim 15, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes allowing access to an enterprise resource.
  - 20. The computer program product recited in claim 15, wherein performing access control at the security device based on the policy based on the HIP report for the mobile device includes denying access to an enterprise network or allowing restricted access to the enterprise network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Jacobsen, Michael Soren, Wang, Song, Menon, Joby
Primary Examiner(s)
Dinh, Minh

Application Number

US13/954,655
Time in Patent Office

1,442 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Security policy enforcement for mobile devices based on device state

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Security policy enforcement for mobile devices based on device state

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links