Methods and systems for granting access to services based on a security state that varies with the severity of security events

US 10,509,910 B2
Filed: 06/17/2019
Issued: 12/17/2019
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a software component executing on a server, a request from a mobile communications device for access to a service provider;

determining, by the software component, a current security state of the mobile communications device by;

processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;

comparing, by the software component, the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and

,by the software component granting access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software component, upon receiving a request for access to a provider having a plurality of service levels, determines the current security state of the requesting device. The security state of the requesting device varies according to severity levels of device security events. The software component compares that security state to a policy associated with the provider. The software component then allows the requesting device access to the provider services where the device'"'"'s current security state meets or exceeds the security state required for the service.

314 Citations

26 Claims

1. A method comprising:
- receiving, by a software component executing on a server, a request from a mobile communications device for access to a service provider;
  
  determining, by the software component, a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  comparing, by the software component, the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and
  
  ,by the software component granting access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein:
    - the request also requests access to a service provided by the service provider or requests a task be performed by the service provider;
      
      the policy specifies a second minimum security state of the device required for access to the requested service or for access to the requested task to be granted to the device; and
      
      granting access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state includes granting access to the service provider, and granting access to the requested service or to the requested task, only when the comparison results in a determination that the current security state meets the required first minimum security state requirement and meets the required second minimum security state requirement.
  - 3. The method of claim 2, wherein the service provided by the service provider or the task to be performed by the service provider includes at least one of:
    - a service or task related to viewing data files;
      
      a service or task related to editing data files;
      
      a service or task related to sending data files;
      
      a service or task related to uploading data files;
      
      a service or task related to viewing only portions of certain data files;
      
      a service or task related to checking an account balance;
      
      a service or task related to viewing previous financial transactions;
      
      ora service or task related to transferring funds.
  - 4. The method of claim 1, wherein the software component is a security component of the service provider and is tasked with receiving access requests intended for the service provider.
  - 5. The method of claim 1, wherein:
    - the software component is a security component that is not integrated into the service provider;
      
      the software component is tasked with receiving access requests intended for the service provider before the access requests are received by the service provider; and
      
      the software component prevents the access request from being received by the service provider when the current security state does not meet the required first minimum security state.
  - 6. The method of claim 1, wherein the determining, by the software component, a current security state of the mobile communications device further includes:
    - accessing a database containing security data received from the mobile communications device;
      
      comparing the event security data generated by the mobile communications device to security data from the mobile communications device stored in the database; and
      
      using the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 7. The method of claim 1, wherein the event security data generated by the mobile communications device is generated by at least one application executing on the mobile communications device.
  - 8. The method of claim 1 further comprising:
    - receiving, by the software component from the mobile communications device, the event security data generated by the mobile communications device; and
      
      causing, by the software component, the received event security data to be stored in a database accessible to the software component.
  - 9. The method of claim 1, wherein using the determined severity levels to assess the current security state of the mobile communications device includes:
    - using the determined severity levels and at least one from the group of;
      
      historical data for the state of the mobile communications device, andsecurity state information for the mobile communications device stored on the server,to assess the current security state of the mobile communications device.
  - 10. The method of claim 1, wherein the policy is based on a risk response implemented by an enterprise that is not the service provider.

11. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to:
- receive a request from a mobile communications device for access to a service provider;
  
  determine a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  compare the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and
  
  grant access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 21)
- - 12. The computer-readable storage medium of claim 11, wherein:
    - the request also requests access to a service provided by the service provider or requests a task be performed by the service provider;
      
      the policy specifies a second minimum security state of the device required for access to the requested service or for access to the requested task to be granted to the device; and
      
      the instructions to grant of access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state includes instructions to grant access to the service provider, and grant access to the requested service or to the requested task, only when the comparison results in a determination that the current security state meets the required first minimum security state requirement and meets the required second minimum security state requirement.
  - 13. The computer-readable storage medium of claim 11, wherein the service provided by the service provider or the task to be performed by the service provider includes at least one of:
    - a service or task related to viewing data files;
      
      a service or task related to editing data files;
      
      a service or task related to sending data files;
      
      a service or task related to uploading data files;
      
      a service or task related to viewing only portions of certain data files;
      
      a service or task related to checking an account balance;
      
      a service or task related to viewing previous financial transactions;
      
      ora service or task related to transferring funds.
  - 14. The computer-readable storage medium of claim 11, wherein:
    - the instructions are executed as part of a security component that is not integrated into the service provider;
      
      the security component is tasked with receiving access requests intended for the service provider before the access requests are received by the service provider; and
      
      the instructions include instructions that;
      
      prevent the access request from being received by the service provider when the current security state does not meet the required first minimum security state.
  - 15. The computer-readable storage medium of claim 11, wherein the instructions to determine a current security state of the mobile communications device include further instructions to:
    - access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile communications device to security data from the mobile communications device stored in the database; and
      
      use the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 16. The computer-readable storage medium of claim 11 further comprising instructions to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device; and
      
      cause the received event security data to be stored in a database accessible to the software component.
  - 17. The computer-readable storage medium of claim 11, wherein the instructions to use the determined severity levels to assess the current security state of the mobile communications device include instructions to:
    - use the determined severity levels and at least one from the group of;
      
      historical data for the state of the mobile communications device, andsecurity state information for the mobile communications device stored on the server,to assess the current security state of the mobile communications device.
  - 18. The computer-readable storage medium of claim 11, wherein the policy is based on a risk response implemented by an enterprise that is not the service provider.
  - 21. The system of claim 18, wherein the service provided by the service provider or the task to be performed by the service provider includes at least one of:
    - a service or task related to viewing data files;
      
      a service or task related to editing data files;
      
      a service or task related to sending data files;
      
      a service or task related to uploading data files;
      
      a service or task related to viewing only portions of certain data files;
      
      a service or task related to checking an account balance;
      
      a service or task related to viewing previous financial transactions;
      
      ora service or task related to transferring funds.

19. A system, comprising a server with at least one processor and memory and instructions that when executed by the at least one processor cause the server to:
- receive a request from a mobile communications device for access to a service provider;
  
  determine a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile communications device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  compare the current security state to a policy associated with the service provider, the policy specifying a first minimum security state of a device required for access to the service provider to be granted to the device; and
  
  grant access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state.
- View Dependent Claims (20, 22, 23, 24, 25, 26)
- - 20. The system of claim 19, wherein:
    - the request also requests access to a service provided by the service provider or requests a task be performed by the service provider;
      
      the policy specifies a second minimum security state of the device required for access to the requested service or for access to the requested task to be granted to the device; and
      
      the instructions to grant of access to the service provider only when the comparison results in a determination that the current security state meets the required first minimum security state includes instructions to grant access to the service provider, and grant access to the requested service or to the requested task, only when the comparison results in a determination that the current security state meets the required first minimum security state requirement and meets the required second minimum security state requirement.
  - 22. The system of claim 19, wherein:
    - the instructions are executed as part of a security component that is not integrated into the service provider;
      
      the security component is tasked with receiving access requests intended for the service provider before the access requests are received by the service provider; and
      
      the instructions include instructions that;
      
      prevent the access request from being received by the service provider when the current security state does not meet the required first minimum security state.
  - 23. The system of claim 19, wherein the instructions to determine a current security state of the mobile communications device include further instructions to:
    - access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile communications device to security data from the mobile communications device stored in the database; and
      
      use the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 24. The system of claim 19 further comprising instructions to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device; and
      
      cause the received event security data to be stored in a database accessible to the software component.
  - 25. The system of claim 19, wherein the instructions to use the determined severity levels to assess the current security state of the mobile communications device include instructions to:
    - use the determined severity levels and at least one from the group of;
      
      historical data for the state of the mobile communications device, andsecurity state information for the mobile communications device stored on the server,to assess the current security state of the mobile communications device.
  - 26. The system of claim 19, wherein the policy is based on a risk response implemented by an enterprise that is not the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Hering, John G., Burgess, James David, Buck, Brian James, Robinson, William
Primary Examiner(s)
Smithers, Matthew

Application Number

US16/443,682
Publication Number

US 20190311134A1
Time in Patent Office

183 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/166   at the transport layer

H04L 69/14   Multichannel or multilink p...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/67   Risk-dependent, e.g. select...

Methods and systems for granting access to services based on a security state that varies with the severity of security events

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

314 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for granting access to services based on a security state that varies with the severity of security events

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

314 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links