Enforcing security based on a security state assessment of a mobile device
First Claim
Patent Images
1. A system comprising:
- a server for assessing the security state of a mobile communications device, the server having a server security component in communication with the mobile communications device, the server security component further accessing a database available to store security data generated by the mobile communications device;
the server security component receiving from the mobile communications device security data generated by at least one application running on the mobile communications device, and causing the received mobile communications device security data to be stored in the database accessible to the server security component;
the server security component processing the received mobile communications device security data to assess a current security state of the mobile communications device; and
in response to a request from the mobile communications device for access to a service provider or to a request from a service provider to access the mobile communications device, the server security component providing current security state assessment data to the mobile communication device for enforcement of an application-level security policy on the mobile device that determines whether to grant access to a service provider and at what level depending on the current security state assessment of the mobile communications device.
10 Assignments
0 Petitions
Accused Products
Abstract
Security data generated by an application running on a mobile communications device is stored in a database. The security data is processed to assess a current security state of the device. In response to a request from the device for access to a service provider or a request from a service provider to access the device, the current security state assessment can be provided for enforcement of a security policy.
279 Citations
17 Claims
-
1. A system comprising:
-
a server for assessing the security state of a mobile communications device, the server having a server security component in communication with the mobile communications device, the server security component further accessing a database available to store security data generated by the mobile communications device; the server security component receiving from the mobile communications device security data generated by at least one application running on the mobile communications device, and causing the received mobile communications device security data to be stored in the database accessible to the server security component; the server security component processing the received mobile communications device security data to assess a current security state of the mobile communications device; and in response to a request from the mobile communications device for access to a service provider or to a request from a service provider to access the mobile communications device, the server security component providing current security state assessment data to the mobile communication device for enforcement of an application-level security policy on the mobile device that determines whether to grant access to a service provider and at what level depending on the current security state assessment of the mobile communications device. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
a server having a security component for communicating with a mobile communications device and with a service provider, the server security component further accessing a database available to store security data about the mobile communications device; the server security component receiving from the mobile communications device security data generated by the mobile communications device and causing the received mobile communications device security data to be stored in the database accessible to the server security component; the server security component processing the received mobile communications device security data to assess a current security state of the mobile communications device; and in response to a request from the mobile communications device for access to the service provider, the server security component providing current security state assessment data to the requested mobile communications device for enforcement of an application-level security policy on the mobile communication device that determines whether access to the service provider is to be granted to the mobile communication device and at what level.
-
-
6. A system comprising:
-
a server having a security component for communicating with a mobile communications device and with a service provider, the server security component further accessing a database available to store security data generated by the mobile communications device; the server security component receiving from the mobile communications device security data generated by the mobile communications device and causing the received mobile communications device security data to be stored in the database accessible to the server security component; the server security component processing the received mobile communications device security data to assess a current security state of the mobile communications device; and in response to a request from a service provider for access to the mobile communications device, the server security component providing current security state assessment data to the requested mobile communications device for enforcement of an application-level security policy on the mobile communications device that determines whether access to the mobile communications device is to be granted to the mobile communications device and at what level.
-
-
7. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server security component in communication with a mobile communications device, receiving security event data generated by at least one application running on the mobile communications device; at the server security component, processing the received event security data to determine severity levels for the security events and using this determination to assess a current security state of the mobile communications device; at the service security component, receiving a request from the mobile communications device to access a service provider; and
,in response to request for access, at the server security component, determining whether to grant the requested access to the service provider and at what level depending upon the current security state assessment for the mobile communications device.
-
-
8. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
on a mobile communications device, receiving a request for access to the mobile communications device from a service provider; at the mobile communications device, assessing by a mobile communication device security component a current security state of the mobile communications device based upon processing of security event data generated by the mobile communications device to determine severity levels for the security events and using this determination as part of assessing the current security state of the mobile communication device; and at the mobile communication device security component, granting the requesting service provider access to the mobile communications device at an access level determined by the mobile communications device security component depending upon the current security state assessment of the mobile communications device. - View Dependent Claims (9)
-
-
10. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
providing a server security component in communication with a mobile communications device and with a service provider; at the server security component, receiving a request for access to the service provider from the mobile communications device; at the server security component, in response to the request for access, assessing the current security state of the mobile communications device by (i) processing security data generated by at least one application running on the mobile communications device; (ii) at the server security component, providing access to a database containing mobile communications device security event information; and at the server security component, comparing the security data generated by at least one application running on the mobile communications device received by the server security component and stored in the database against mobile communications device security event data stored in the database to assess a current security state of the mobile communications device and (iii) at the server security component, processing the mobile communications device data received by the server security component to assess a severity of security events on the mobile communications device to determine severity levels for the security events, and using this data as part of the current security state assessment determining whether to grant access to the service provider and at what level depending upon the current security state assessment of the mobile communications device.
-
-
11. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
providing a server security component in communication with a mobile communications device and a service provider; at the server security component, receiving a request from the service provider for the current security state assessment of the mobile communications device; at the server security component, assessing the current security state of the mobile communications device by (i) processing security data generated by the mobile communications device; and (ii) at the server security component, providing access to a database containing mobile communications device security event information; and at the server security component, comparing the security data generated by at least one application running on the mobile communications device received by the server security component and stored in the database against mobile communications device security event data stored in the database to assess a current security state of the mobile communications device and (iii) at the server security component, processing the mobile communications device data received by the server security component to assess a severity of security events on the mobile communications device to determine severity levels for the security events, and using this data as part of the current security state assessment providing the security state assessment of the mobile communications device to the service provider. - View Dependent Claims (12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server in communication with a mobile communication device and with a service provider, receiving a request from the mobile communications device for access to the service provider; in response to the request for access to the service provider, requesting by a server security component current security state assessment data concerning the mobile communications device requesting access to the service provider; if the server security component determines that the mobile communications device security state assessment data is not current, assessing the current security state of the mobile communications device by the server security component obtaining from the mobile communications device event security data generated by the mobile communications device to determine severity levels for the security events and using this determination as part of assessing the current security state of the mobile communication device; and
,at the server security component, granting access to the requested service provider by the mobile communications device at an access level depending upon the current security state assessment of the mobile communications device.
-
-
14. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server security component in communication with a mobile communications device, receiving security event data generated by at least one application running on the mobile communications device; at the server security component, processing the received event security data to determine severity levels for the security events and using this determination to assess a current security state of the mobile communications device; at the service security component, receiving a request from the mobile communications device to access a service provider; and
,in response to request for access, at the server security component, determining whether to grant the requested access to the service provider and at what level depending upon the current security state assessment for the mobile communications device.
-
-
15. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server security component in communication with a mobile communications device, receiving security event data generated by at least one application running on the mobile communications device; at the server security component, processing the received security event data to determine severity levels for the security events and using this determination to assess a current security state of the mobile communications device; at the server security component, receiving a request from a service provider to access the mobile communications device; and
,in response to request for access, at the server security component, determining whether to grant the requested access to the mobile communications device and at what level depending upon the current security state assessment for the mobile communications device.
-
-
16. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server security component in communication with a mobile communications device, receiving security event data generated by at least one application running on the mobile communications device; at the server security component, processing the received security data to determine severity levels for the security events and using this determination to assess a current security state of the mobile communications device; at the service security component, receiving a request from the mobile communications device to access a service provider; and
,in response to request for access, at the server security component, determining whether to grant the requested access to the service provider and at what level depending upon the current security state assessment for the mobile communications device.
-
-
17. A non-transitory computer-readable storage medium having stored thereon a plurality of instructions which, when executed by a processor, cause the processor to perform the steps of a method comprising:
-
at a server security component in communication with a mobile communications device, receiving security event data generated by at least one application running on the mobile communications device; at the server security component, processing the received security event data to determine severity levels for the security events and using this determination to assess a current security state of the mobile communications device; at the server security component, receiving a request from a service provider to access the mobile communications device; and
,in response to request for access, at the server security component, determining whether to grant the requested access to the mobile communications device and at what level depending upon the current security state assessment for the mobile communications device.
-
Specification