Mobile data security system and methods

US 8,495,700 B2
Filed: 02/28/2006
Issued: 07/23/2013
Est. Priority Date: 02/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network;

detecting an attempt by the mobile device to access the network;

obtaining a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time;

determining whether the mobile device complies with a static security policy based on the static mobile device information of the state structure;

determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure;

andcomparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to security systems and methods for mobile network-based data environments. The present invention provides an integration of security, mobile computing, wireless and IT infrastructure management technology, to create a new level of automation and enforcement to enable the transparent application of mobile security across an enterprise, while embracing end user “transparency” and “ease of use” and empowering IT administration.

487 Citations

37 Claims

1. A method comprising:
- transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network;
  
  detecting an attempt by the mobile device to access the network;
  
  obtaining a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time;
  
  determining whether the mobile device complies with a static security policy based on the static mobile device information of the state structure;
  
  determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure;
  
  andcomparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the static mobile device information includes at least one of a phone number or a device ESN.
  - 3. The method of claim 1, wherein the dynamic mobile device information includes at least one of user ID, user domain/group, device operating system name, device operating system version, device ROM version, device peripherals list, device total memory, device free memory, application list and versions, applications currently running on the mobile device, registry setting snapshot, date/time of last hard reset, date/time of last soft reset, date/time of last policy receipt, date/time of last OTA sync, date/time of last USB sync, date/time of last IR sync, date/time of last Bluetooth sync, policy number, network interface list and configuration, network names that interfaces are connected to, GPS location information, and combinations thereof.
  - 4. The method of claim 1, wherein a server computer maintains a historical state structure based on prior instances of the state structures of the mobile device.
  - 5. The method of claim 4, further comprising comparing the state structure of the mobile device to the historical state structure of the mobile device to identify changes in the state structure of the mobile device relative to the historical state structure of the mobile device.
  - 6. The method of claim 1, further comprising monitoring the mobile device to identify variations in at least one of the static device information of the mobile device and the dynamic device information of the mobile device.
  - 7. The method of claim 6, further comprising determining whether any of the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 8. The method of claim 7, further comprising restricting access of the mobile device to the network if the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 9. The method of claim 1, further comprising creating a visualization of one or more security risks associated with the mobile device, wherein the security risks are determined from at least one of the static device information and the dynamic device information.
  - 10. The method of claim 9, wherein the visualization comprises a graphical representation of the security risks associated with the mobile device.
  - 11. The method of claim 1, further comprising running a discovery program to identify the mobile device, wherein the discovery program identifies mobile devices that are connected to, or are attempting to connect to, the network.
  - 12. The method of claim 1, wherein compliance with the dynamic security policy requires that the mobile device have an authorized use status.
  - 13. The method of claim 12, wherein the authorized use status requires that the mobile device has a unique identifier and an authorized user.

14. A system comprising:
- a device management module for identifying a mobile device in communication with a network, the system being configured for;
  
  transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network,obtaining a state structure of the mobile device including static mobile device information and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time; and
  
  a compliance management module for;
  
  determining whether the mobile device complies with a static security policy based on the static mobile device information,determining whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information,comparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The system of claim 14, wherein the static mobile device information includes at least one of a phone number or a device ESN.
  - 16. The system of claim 14, wherein the dynamic mobile device information includes at least one of user ID, user domain/group, device operating system name, device operating system version, device ROM version, device peripherals list, device total memory, device free memory, application list and versions, applications currently running on the mobile device, registry setting snapshot, date/time of last hard reset, date/time of last soft reset, date/time of last policy receipt, date/time of last OTA sync, date/time of last USB sync, date/time of last IR sync, date/time of last Bluetooth sync, policy number, network interface list and configuration, network names that interfaces are connected to, GPS location information, and combinations thereof.
  - 17. The system of claim 14, wherein at least one of the static mobile device information and the dynamic mobile device information includes information about a user of the mobile device.
  - 18. The system of claim 14, wherein a database maintains a historical state structure based on prior instances of the state structures of the mobile device.
  - 19. The system of claim 18, wherein the compliance management module compares the state structure of the mobile device to the historical state structure of the mobile device to identify changes in the state structure of the mobile device relative to the historical state structure of the mobile device.
  - 20. The system of claim 14, wherein the device management module monitors the mobile device to identify variations in at least one of the static device information of the mobile device and the dynamic device information of the mobile device.
  - 21. The system of claim 20, wherein the compliance management module determines whether any of the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 22. The system of claim 21, wherein the compliance management module restricts access of the mobile device to the network if the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 23. The system of claim 14, further comprising a visualization means for creating a visualization of one or more security risks associated with the mobile device, wherein the security risks are determined from at least one of the static device information and the dynamic device information.
  - 24. The system of claim 23, wherein the visualization comprises a graphical representation of the security risks associated with the mobile device.
  - 25. The system of claim 14, wherein the device management module executes a discovery program to identify the mobile device, wherein the discovery program identifies mobile devices that are connected to, or are attempting to connect to, the network.

26. A method comprising:
- transferring a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network, wherein the user specific policy includes an application security policy, the application security policy including an identification of trusted applications;
  
  detecting an attempt by the mobile device to access the network;
  
  obtaining a state structure of the mobile device, wherein the state structure includes static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, an identified software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time;
  
  comparing a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device;
  
  determining whether the application is compliant with an application security policy;
  
  if the identified application is determined to be compliant with the application security policy, allowing the mobile device to run the identified application, wherein if the identified application fails to comply with the application security policy, then the identified application is prohibited from running on the mobile device until the mobile device undergoes a virus scan,wherein compliance with the application security policy is verified continuously while the mobile device is connected to the network.
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. The method of claim 26, wherein the step of determining includes:
    - performing a SHA-1 hash of the identified application to obtain a hash associated with the identified application;
      
      comparing the hash of the identified application with a corresponding hash included with the identification of the trusted applications; and
      
      if the hash of the identified application matches the corresponding hash included with the identification of the trusted applications, determining the identified application to be compliant.
  - 28. The method of claim 26, further comprising dynamically verifying the compliance of the identified application each time the mobile device attempts to run the identified application.
  - 29. The method of claim 26, wherein, if the identified application is determined to be in compliance with the application security policy, the identified application is identified as a trusted application.
  - 30. The method of claim 29, further comprising granting the trusted application access rights.
  - 31. The method of claim 30, wherein the access rights include at least one of read only or read and write access rights.
  - 32. The method of claim 29, further comprising providing a secure signature to the trusted application.

33. At least one non-transitory computer readable medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
- transfer a user specific policy to a mobile device based on authentication of a corresponding authorized user, wherein the user specific policy is synchronized with mobile device policies of a security system in a network;
  
  detect an attempt by the mobile device to access the network;
  
  obtain a state structure of the mobile device, wherein the state structure provides a set of information including static and dynamic mobile device information based on parameters, the parameters including one or more of an operating system, a software application, a device location, network information, personality information, and a current usage state, wherein the state structure is populated by the mobile device as a state of the mobile device changes over time;
  
  determine whether the mobile device complies with a static security policy based on the static mobile device information of the state structure;
  
  determine whether the mobile device complies with a dynamic security policy based on the dynamic mobile device information of the state structure; and
  
  compare a historical usage state of the mobile device to the current usage state of the mobile device to determine a usage anomaly, which reflects a level of current e-mail messages being higher than historical levels of e-mail messages being sent by the mobile device, wherein if the mobile device fails to comply with at least one of the static security policy and the dynamic security policy, then access to the network is denied until the mobile device undergoes a virus scan, wherein compliance with the dynamic security policy is verified continuously while the mobile device is connected to the network.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The medium of claim 33, wherein the instructions when executed by the processor further cause the processor to monitor the mobile device to identify variations in at least one of the static device information of the mobile device and the dynamic device information of the mobile device.
  - 35. The medium of claim 34, wherein the instructions when executed by the processor further cause the processor to determine whether any of the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 36. The medium of claim 34, wherein the instructions when executed by the processor further cause the processor to restrict access of the mobile device to the network if the identified variations in the static device information of the mobile device or the dynamic device information of the mobile device cause the mobile device to be non-compliant with either of the static security policy or the dynamic security policy.
  - 37. The medium of claim 33, wherein the instructions when executed by the processor further cause the processor to run a discovery program to identify the mobile device, wherein the discovery program is configured to identify mobile devices that are connected to, or are attempting to connect to, the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Shahbazi, Majid
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US11/363,283
Publication Number

US 20060224742A1
Time in Patent Office

2,702 Days
Field of Search

726/1, 726/3, 726/11, 726/12, 726/29, 726/35, 4555561-559, 455/565, 455/466, 455/26.1, 455/426.2, 455/442, 455410-411, 380247-274, 380/201, 380/30, 713/168, 713/201, 713/189, 713/182, 713/151, 713/152, 713/155, 713/175, 713/200, 709/223, 709/201, 709224-225, 709/203, 370/328, 370/395.21, 370/392, 345/764, 345/840
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04W 12/37   Managing security policies ...

Mobile data security system and methods

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

487 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile data security system and methods

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

487 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links