Methods and systems for conditionally granting access to services based on the security state of the device requesting access

US 10,509,911 B2
Filed: 06/17/2019
Issued: 12/17/2019
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a software component executing on a server, a request from a mobile communications device for access to a provider of a service having a plurality of service levels, each service level allowing a different level of access to the service;

determining, by the software component, a current security state of the mobile communications device by;

processing event security data, generated by the mobile security device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;

comparing, by the software component, the current security state of the mobile communications device to a policy associated with the provider, wherein for each service level the policy specifies a minimum security state of a device required for the device to be granted access to the service level;

determining, by the software component from the comparison, that the current security state meets or exceeds the minimum security state for a subset of the plurality of service levels; and

permitting, by the software component, the mobile communications device to access the subset of the plurality of service levels based on the determination that the current security state meets or exceeds the minimum security state required for each service level in the subset.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for conditionally granting access to service levels based on a determined security state of the device requesting access. A software component, upon receiving a request for access to a provider having a plurality of service levels, determines the current security state of the requesting device. The software component compares that security state to a policy associated with the provider. The software component then allows the requesting device access to the provider services where the device'"'"'s current security state meets or exceeds the security state required for the service.

309 Citations

26 Claims

1. A method comprising:
- receiving, by a software component executing on a server, a request from a mobile communications device for access to a provider of a service having a plurality of service levels, each service level allowing a different level of access to the service;
  
  determining, by the software component, a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile security device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  comparing, by the software component, the current security state of the mobile communications device to a policy associated with the provider, wherein for each service level the policy specifies a minimum security state of a device required for the device to be granted access to the service level;
  
  determining, by the software component from the comparison, that the current security state meets or exceeds the minimum security state for a subset of the plurality of service levels; and
  
  permitting, by the software component, the mobile communications device to access the subset of the plurality of service levels based on the determination that the current security state meets or exceeds the minimum security state required for each service level in the subset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the determining, by the software component, a current security state of the mobile communications device further includes:
    - accessing a database containing security data received from the mobile communications device;
      
      comparing the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      using the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 3. The method of claim 1, wherein the software component is a security component of the provider and is tasked with receiving access requests intended for the provider.
  - 4. The method of claim 1, wherein the event security data generated by the mobile communications device is generated by at least one application executing on the mobile communications device.
  - 5. The method of claim 1 further comprising:
    - receiving, by the software component from the mobile communications device, the event security data generated by the mobile communications device; and
      
      causing, by the software component, the received event security data to be stored in a database accessible to the software component.
  - 6. The method of claim 1 further comprising:
    - receiving, by the software component from the mobile communications device, the event security data generated by the mobile communications device;
      
      accessing a database containing security data received from the mobile communications device;
      
      comparing the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      when the comparison of the event security data to the security data stored in the database indicates a stored security state of the mobile communications device is outdated, updating the stored security state of the mobile communications device.
  - 7. The method of claim 1, wherein the plurality of service levels includes at least one of:
    - a first level providing the ability to access, edit, send, and upload data files;
      
      a second level providing the ability to view data files, but not edit, send, or upload files;
      
      a third level providing the ability to view only portions of certain data files, but not edit, send, or upload files;
      
      a fourth level providing the ability to check an account balance, view previous financial transactions, and transfer funds;
      
      a fifth level providing the ability to check an account balance and view previous financial transactions, but not transfer funds;
      
      a sixth level providing the ability to check an account balance, but not view previous financial transactions or transfer funds;
      
      a seventh level providing the ability to access all activities of the service;
      
      oran eighth level providing the ability to access a subset of all activities of the service.
  - 8. The method of claim 1, wherein using the determined severity levels to assess the current security state of the mobile communications device includes:
    - using the determined severity levels and one or both of;
      
      security state information for the mobile communications device stored on the mobile communications device, orsecurity state information for the mobile communications device stored on the server, to assess the current security state of the mobile communications device.
  - 9. The method of claim 1, wherein the policy is based on a risk response implemented by an enterprise that is not the provider.

10. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor of a server, cause the server to:
- receive a request from a mobile communications device for access to a provider of a service having a plurality of service levels, each service level allowing a different level of access to the service;
  
  determine a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile security device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  compare the current security state of the mobile communications device to a policy associated with the provider, wherein for each service level the policy specifies a minimum security state of a device required for the device to be granted access to the service level;
  
  determine from the comparison that the current security state meets or exceeds the minimum security state for a subset of the plurality of service levels; and
  
  permitting the mobile communications device to access the subset of the plurality of service levels based on the determination that the current security state meets or exceeds the minimum security state required for each service level in the subset.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer-readable storage medium of claim 10, wherein the instructions causing the server to determine a current security state of the mobile communications device further include instructions to:
    - access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      use the determined severity levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 12. The computer-readable storage medium of claim 10, wherein the event security data generated by the mobile communications device is generated by at least one application executing on the mobile communications device.
  - 13. The computer-readable storage medium of claim 10 further including instructions causing the server to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device; and
      
      cause the received event security data to be stored in a database accessible to the software component.
  - 14. The computer-readable storage medium of claim 10 further including instructions causing the server to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device;
      
      access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      when the comparison of the event security data to the security data stored in the database indicates a stored security state of the mobile communications device is outdated, update the stored security state of the mobile communications device.
  - 15. The computer-readable storage medium of claim 10, wherein the plurality of service levels includes at least one of:
    - a first level providing the ability to access, edit, send, and upload data files;
      
      a second level providing the ability to view data files, but not edit, send, or upload files;
      
      a third level providing the ability to view only portions of certain data files, but not edit, send, or upload files;
      
      a fourth level providing the ability to check an account balance, view previous financial transactions, and transfer funds;
      
      a fifth level providing the ability to check an account balance and view previous financial transactions, but not transfer funds;
      
      a sixth level providing the ability to check an account balance, but not view previous financial transactions or transfer funds;
      
      a seventh level providing the ability to access all activities of the service;
      
      oran eighth level providing the ability to access a subset of all activities of the service.
  - 16. The computer-readable storage medium of claim 10, wherein the instructions to use the determined severity levels to assess the current security state of the mobile communications device further include instructions to:
    - use the determined severity levels and one or both of;
      
      security state information for the mobile communications device stored on the mobile communications device, orsecurity state information for the mobile communications device stored on the server,to assess the current security state of the mobile communications device.
  - 17. The computer-readable storage medium of claim 10, wherein the policy is based on a risk response implemented by an enterprise that is not the provider.

18. A system, comprising a server with at least one processor and memory and instructions that when executed by the at least one processor cause the server to:
- receive a request from a mobile communications device for access to a provider of a service having a plurality of service levels, each service level allowing a different level of access to the service;
  
  determine a current security state of the mobile communications device by;
  
  processing event security data, generated by the mobile security device regarding security events on the mobile communications device, to determine severity levels for the security events, andusing the determined severity levels to assess the current security state of the mobile communications device;
  
  compare the current security state to a policy associated with the provider, the policy specifying, for each service level, a minimum security state of a device required for the device to be granted access to the service level;
  
  determine from the comparison that the current security state meets or exceeds the minimum security state for a subset of the plurality of service levels; and
  
  grant, to the mobile communications device, access to the subset of the plurality of service levels based on the determination that the current security state meets or exceeds the minimum security state required for each service level in the subset.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The system of claim 18, wherein the instructions causing the server to determine a current security state of the mobile communication device further include instructions to:
    - access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      use the determined security levels and the comparison of the event security data to the security data stored in the database to assess the current security state of the mobile communications device.
  - 20. The system of claim 18, wherein the instructions are executed as part of a security component of the provider, the security component tasked with receiving access requests intended for the provider.
  - 21. The system of claim 18, wherein the event security data generated by the mobile communications device is generated by at least one application executing on the mobile communications device.
  - 22. The system of claim 18 further including instructions causing the server to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device; and
      
      cause the received event security data to be stored in a database accessible to the software component.
  - 23. The system of claim 18 further including instructions causing the server to:
    - receive, from the mobile communications device, the event security data generated by the mobile communications device;
      
      access a database containing security data received from the mobile communications device;
      
      compare the event security data generated by the mobile security device to security data from the mobile communications device stored in the database; and
      
      when the comparison of the event security data to the security data stored in the database indicates a stored security state of the mobile communications device is outdated, update the stored security state of the mobile communications device.
  - 24. The system of claim 18, wherein the plurality of service levels includes at least one from the group of:
    - a first level providing the ability to access, edit, send, and upload data files;
      
      a second level providing the ability to view data files, but not edit, send, or upload files;
      
      a third level providing the ability to view only portions of certain data files, but not edit, send, or upload files;
      
      a fourth level providing the ability to check an account balance, view previous financial transactions, and transfer funds;
      
      a fifth level providing the ability to check an account balance and view previous financial transactions, but not transfer funds;
      
      a sixth level providing the ability to check an account balance, but not view previous financial transactions or transfer funds;
      
      a seventh level providing the ability to access all activities of the service; and
      
      an eighth level providing the ability to access a subset of all activities of the service.
  - 25. The system of claim 18, wherein the instructions to use the determined severity levels to assess the current security state of the mobile communications device further include instructions to:
    - use the determined severity levels and at least one from the group of;
      
      historical data for the state of the mobile communications device, andsecurity state information for the mobile communications device stored on the server,to assess the current security state of the mobile communications device.
  - 26. The system of claim 18, wherein the policy is based on a risk response implemented by an enterprise that is not the provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Burgess, James David, Golombek, David, Wyatt, Timothy Michael, Lineberry, Anthony McKay, Barton, Kyle, Evans, Daniel Lee, Richardson, David Luke, Wootton, Bruce, Hering, John G., Grubb, Jonathan Pantera, Buck, Brian James, Robinson, William
Primary Examiner(s)
Chen, Shin-Hon (Eric)

Application Number

US16/443,697
Publication Number

US 20190303586A1
Time in Patent Office

183 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/166   at the transport layer

H04L 69/14   Multichannel or multilink p...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

H04W 12/67   Risk-dependent, e.g. select...

Methods and systems for conditionally granting access to services based on the security state of the device requesting access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

309 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for conditionally granting access to services based on the security state of the device requesting access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

309 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links