Incremental compliance remediation

US 10,652,242 B2
Filed: 03/15/2013
Issued: 05/12/2020
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, using at least one computing device, a request from a client device to access a first networked resource;

determining, using the at least one computing device, that a second networked resource is associated with accessing the first networked resource for the client device based on a resource group identifier, the resource group identifier being associated with a pairing of a user credential and a device identifier associated with the client device;

associating, using the at least one computing device, a compliance rule with the client device based on the resource group identifier, the compliance rule being associated with the first networked resource and the second networked resource;

determining, using the at least one computing device, whether the compliance rule is violated;

responsive to determining that the compliance rule is violated, determining, using the at least one computing device, whether the compliance rule is associated with an alternative setting that is more stringent than a current setting associated with the client device;

responsive to determining that the compliance rule is associated with the alternative setting that is more stringent than the current setting associated with the client device, changing, using the at least one computing device, the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement, wherein increasing the password complexity requirement causes access to at least one of the client device, a network, a client device resource, or a network resource to be restricted until a user of the client device has configured a new password that complies with the password complexity requirement; and

responsive to determining that the compliance rule is not associated with the alternative setting that is more stringent than the current setting associated with the client device, causing, using the at least one computing device, access to at least one of the client device, the network, the client device resource, or the network resource to be restricted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for enforcing device compliance parameters by inhibiting access to devices, networks or resources. Methods may include associating a compliance rule with a client device. If the compliance rule is violated, a setting associated with the client device may be altered. The altered setting may inhibit access to the client device, a network, a client device resource and/or a network resource. For example, necessary password complexities may be increased, password lifetimes may be decreased and/or resources may be restricted based on a geofence, a time of day and/or a day of the week.

157 Citations

20 Claims

1. A method, comprising:
- receiving, using at least one computing device, a request from a client device to access a first networked resource;
  
  determining, using the at least one computing device, that a second networked resource is associated with accessing the first networked resource for the client device based on a resource group identifier, the resource group identifier being associated with a pairing of a user credential and a device identifier associated with the client device;
  
  associating, using the at least one computing device, a compliance rule with the client device based on the resource group identifier, the compliance rule being associated with the first networked resource and the second networked resource;
  
  determining, using the at least one computing device, whether the compliance rule is violated;
  
  responsive to determining that the compliance rule is violated, determining, using the at least one computing device, whether the compliance rule is associated with an alternative setting that is more stringent than a current setting associated with the client device;
  
  responsive to determining that the compliance rule is associated with the alternative setting that is more stringent than the current setting associated with the client device, changing, using the at least one computing device, the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement, wherein increasing the password complexity requirement causes access to at least one of the client device, a network, a client device resource, or a network resource to be restricted until a user of the client device has configured a new password that complies with the password complexity requirement; and
  
  responsive to determining that the compliance rule is not associated with the alternative setting that is more stringent than the current setting associated with the client device, causing, using the at least one computing device, access to at least one of the client device, the network, the client device resource, or the network resource to be restricted.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the access is restricted based on at least one of a location, a date, a time of day, or a day of week.
  - 3. The method of claim 1, wherein the at least one computing device is the client device.
  - 4. The method of claim 1, wherein the at least one computing device comprises a remote server.
  - 5. The method of claim 1, wherein increasing the required password complexity is performed based on at least one instruction provided by a remote server.
  - 6. The method of claim 1, wherein at least one of the client device resource or the network resource comprises at least one of an application, a computer folder, a data file, an electronic document, or a network address.
  - 7. The method of claim 1, further comprising generating, using the at least one computing device, an alert indicative of the required password complexity being increased.

8. A computing device, comprising:
- a processor; and
  
  a storage device accessible to the processor, wherein the storage device comprises a plurality of program instructions that, upon execution by the processor, cause the processor to at least;
  
  receive a request from a client device to access a first networked resource;
  
  determine that a second networked resource is associated with accessing the first networked resource for the client device based on a resource group identifier, the resource group identifier being associated with a pairing of a user credential and a device identifier associated with the client device;
  
  associate a compliance rule with the client device based on the resource group identifier, the compliance rule being associated with the first networked resource and the second networked resource;
  
  detect whether the compliance rule is violated;
  
  in response to detecting that the compliance rule is violated, determine whether the compliance rule is associated with an alternative setting that is more stringent than a current setting;
  
  in response to determining that the compliance rule is associated with the alternative setting that is more stringent than the current setting, change the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement, wherein increasing the password complexity requirement causes access to at least one of the computing device, a network, a computing device resource, or a network resource to be restricted until a new password that complies with the password complexity requirement has been created; and
  
  responsive to determining that the compliance rule is not associated with the alternative setting that is more stringent than the current setting associated with the client device, cause access to at least one of the client device, the network, the client device resource, or the network resource to be restricted.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The computing device of claim 8, wherein the access is restricted based on at least one of a location, a date, a time of day, or a day of week.
  - 10. The computing device of claim 9, wherein the access is restricted based on a location, and the access is restricted by at least one of:
    - blocking an outgoing call;
      
      blocking an outgoing message;
      
      routing an inbound call to an alternate number, an alternate address, or an alternate device;
      
      orproviding an automated response for an inbound communication.
  - 11. The computing device of claim 9, wherein the access is restricted based on a location, and wherein the access is restricted by at least one of:
    - blocking a first outgoing call via a first carrier;
      
      routing a second outgoing call to an NFC-enabled device;
      
      orrouting an incoming call to the NFC-enabled device.
  - 12. The computing device of claim 9, wherein the access is restricted by at least one of:
    - blocking an outgoing call during a first predetermined time period;
      
      blocking an outgoing message during a second time period;
      
      routing a first inbound call to an alternate number, an alternate address, or an alternate device during a third predetermined time period;
      
      orproviding an automated response for an inbound communication during a fourth time period.
  - 13. The computing device of claim 8, wherein the processor is further configured to at least one of:
    - determine whether the compliance rule is violated;
      
      orreceive an indication that the compliance rule is violated from a remote server.
  - 14. The computing device of claim 8, wherein changing the current setting to the alternative setting further comprises decreasing a password lifetime, and wherein the password lifetime is decreased based on a plurality of instructions provided by a remote server.
  - 15. The computing device of claim 8, wherein the plurality of program instructions are further configured to cause the processor to at least send an alert to a remote server including an indication of a setting being altered.

16. A system comprising:
- a server device comprising a processor; and
  
  a storage device that is accessible to the processor, wherein the storage device comprises program instructions that, upon execution by the processor, cause the processor to at least;
  
  receive a request from a client device to access a first networked resource;
  
  determine that a second networked resource is associated with accessing the first networked resource for the client device based on a resource group identifier, the resource group identifier being associated with a pairing of a user credential and a device identifier associated with the client device;
  
  transmit a compliance rule to the client device based on the resource group identifier, the compliance rule being associated with the first networked resource and the second networked resource;
  
  determine whether the client device is not in compliance with the compliance rule;
  
  in response to determining that the client device is not in compliance with the compliance rule, determine whether the compliance rule is associated with an alternative setting that is more stringent than a current setting for the client device;
  
  in response to determining that the compliance rule is associated with the alternative setting that is more stringent than the current setting for the client device, transmit an instruction for the client device to change the current setting to the alternative setting, wherein changing the current setting to the alternative setting comprises increasing a password complexity requirement, wherein increasing the password complexity requirement causes access to at least one of the client device, a network, a client device resource, or a network resource to be restricted until a new password that complies with the password complexity requirement has been created; and
  
  in response to determining that the compliance rule is not associated with the alternative setting that is more stringent than the current setting for the client device, cause access to at least one of the client device, the network, the client device resource, or the network resource to be restricted.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein changing the current setting to the alternative setting further comprises decreasing a password lifetime.
  - 18. The system of claim 16, wherein the access is restricted based on at least one of a location, a date, a time of day, or a day of week.
  - 19. The system of claim 16, wherein at least one of the client device resource or the network resource comprises at least one of an application, a computer folder, a data file, an electronic document, or a network address.
  - 20. The system of claim 16, wherein the storage device comprises program instructions that, upon execution by the processor, further cause the processor to at least:
    - determine the resource group identifier for the request based on the user credential provided by the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Dabbiere, Alan, Stuntebeck, Erich
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US13/839,112
Publication Number

US 20140282829A1
Time in Patent Office

2,615 Days
Field of Search

726 1- 7, 726 13, 726 16, 726 17, 713166
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06Q 10/0631   Resource planning, allocati...

H04L 63/10   for controlling access to d...

Incremental compliance remediation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Incremental compliance remediation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links