Mobile data security system and methods
First Claim
Patent Images
1. A method comprising:
- transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network;
detecting an attempt by the mobile device to access the network;
obtaining a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time;
determining whether the mobile device complies with a static security policy based on the static mobile device information of the state structure;
determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure;
andcomparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network.
13 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to security systems and methods for mobile network-based data environments. The present invention provides an integration of security, mobile computing, wireless and IT infrastructure management technology, to create a new level of automation and enforcement to enable the transparent application of mobile security across an enterprise, while embracing end user “transparency” and “ease of use” and empowering IT administration.
487 Citations
37 Claims
-
1. A method comprising:
-
transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network; detecting an attempt by the mobile device to access the network; obtaining a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time; determining whether the mobile device complies with a static security policy based on the static mobile device information of the state structure; determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure; and comparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a device management module for identifying a mobile device in communication with a network, the system being configured for; transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network, obtaining a state structure of the mobile device including static mobile device information and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time; and a compliance management module for; determining whether the mobile device complies with a static security policy based on the static mobile device information, determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information, comparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method comprising:
-
transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network, wherein the user specific policy includes an application security policy, the application security policy including an identification of trusted applications; detecting an attempt by the mobile device to access the network; obtaining a state structure of the mobile device, wherein the state structure includes static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, an identified software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time; comparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device; determining whether the application is compliant with an application security policy; if the identified application is determined to be compliant with the application security policy, allowing the mobile device to run the identified application, wherein if the identified application fails to comply with the application security policy, then the identified application is prohibited from running on the mobile device until the mobile device undergoes a virus scan, wherein compliance with the application security policy is verified continuously while the mobile device is connected to the network. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. At least one non-transitory computer readable medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
-
transfer a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network; detect an attempt by the mobile device to access the network; obtain a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time; determine whether the mobile device complies with a static security policy based on the static mobile device information of the state structure; determine whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure; and compare a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network. - View Dependent Claims (34, 35, 36, 37)
-
Specification