System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices

US 8,572,676 B2
Filed: 11/06/2009
Issued: 10/29/2013
Est. Priority Date: 11/06/2008
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a data server by a mobile device, the mobile device having policy compliance capabilities, the method comprising:

receiving, by a policy proxy, a data stream between the data server and the mobile device;

identifying the mobile device;

identifying a policy in an integrated policy server applicable to the mobile device based on the identity of the mobile device; and

determining whether the mobile device is in compliance with the policy,wherein when the mobile device is in compliance with the policy and the data stream includes a device settings query result, the method further comprises;

adding the device settings query result to a group of one or more device settings query results, wherein the group of device settings query results is received in response to a device settings query from the data server, wherein the device settings query is translated into a form compatible with the mobile device and sent to the mobile device via a plurality of policy transports;

translating the group of device settings query results into a form compatible with the data server; and

sending the translated group of device settings query results to the data server,wherein when the mobile device is not in compliance with the policy, the method further comprises;

obtaining a common policy to apply to the mobile device;

translating the common policy into at least first and second policy sets compatible with the mobile device; and

sending the first policy set and the second policy set to the mobile device by a first policy transport and a second policy transport, respectively.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to providing policy from an integrated policy server to a mobile device, comprising identifying a policy in an integrated policy server applicable to the mobile device and supplying policy elements to policy transports for transmission to the mobile device. The invention also relates to providing policy from an integrated policy server to a mobile device, including identifying a policy in the integrated policy server applicable to the mobile device, determining whether the mobile device is in compliance with the policy, and supplying policy elements to policy transports for transmission to the mobile device when the mobile device is not in compliance with the policy. The invention further relates to controlling access to a data server by a mobile device, including identifying a policy in an integrated policy server applicable to the mobile device, and determining whether the mobile device is in compliance with the policy.

192 Citations

21 Claims

1. A method for controlling access to a data server by a mobile device, the mobile device having policy compliance capabilities, the method comprising:
- receiving, by a policy proxy, a data stream between the data server and the mobile device;
  
  identifying the mobile device;
  
  identifying a policy in an integrated policy server applicable to the mobile device based on the identity of the mobile device; and
  
  determining whether the mobile device is in compliance with the policy,wherein when the mobile device is in compliance with the policy and the data stream includes a device settings query result, the method further comprises;
  
  adding the device settings query result to a group of one or more device settings query results, wherein the group of device settings query results is received in response to a device settings query from the data server, wherein the device settings query is translated into a form compatible with the mobile device and sent to the mobile device via a plurality of policy transports;
  
  translating the group of device settings query results into a form compatible with the data server; and
  
  sending the translated group of device settings query results to the data server,wherein when the mobile device is not in compliance with the policy, the method further comprises;
  
  obtaining a common policy to apply to the mobile device;
  
  translating the common policy into at least first and second policy sets compatible with the mobile device; and
  
  sending the first policy set and the second policy set to the mobile device by a first policy transport and a second policy transport, respectively.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising granting the mobile device access to the data server when the mobile device is in compliance with the policy when the data stream does not include a device settings query result.
  - 3. The method of claim 1, further comprising denying the mobile device access to the data server when the mobile device is not in compliance with the policy.
  - 4. The method of claim 1, wherein each of the first and second policy sets includes one or more policy elements and wherein, when the mobile device is not in compliance with the policy, the method further comprises:
    - assigning the first and second policy sets to the first and second policy transports; and
      
      supplying the first and second policy sets to the first and second policy transports for transmission to the mobile device.
  - 5. The method of claim 1, wherein compliance with the policy is determined by detecting the presence of one or more policy indicators in the mobile device, wherein when the mobile device is not in compliance with the policy, the method further comprises:
    - adding a policy indicator to the first policy set before sending the first policy set to the mobile device by the first policy transport.
  - 6. The method of claim 5, wherein the one or more policy indicators include one or more of a digital certificate, a device configuration setting, and a policy specification.
  - 7. The method of claim 1, wherein compliance with the policy is determined by determining the presence of one or more device settings and comparing one or more of the device settings to one or more of the policy elements.

8. A system for controlling access to a data server by a mobile device, the mobile device having policy compliance capabilities, the system comprising:
- a data server;
  
  an integrated policy server;
  
  at least one processor device; and
  
  a policy proxy configured to interface with the at least one processor device to;
  
  receive a data stream between the data server and the mobile device;
  
  identify the mobile device;
  
  identify a policy in an integrated policy server applicable to the mobile device based on the identity of the mobile device; and
  
  determine whether the mobile device is in compliance with the policy,wherein when the mobile device is in compliance with the policy and the data stream includes a device settings query result, the policy proxy is further configured to;
  
  add the device settings query result to a group of one or more device settings query results, wherein the group of device settings query results is received in response to a device settings query from the data server, wherein the device settings query is translated into a form compatible with the mobile device and sent to the mobile device via a plurality of policy transports;
  
  translate the group of device settings query results into a form compatible with the data server; and
  
  send the translated group of device settings query results to the data server,wherein when the mobile device is not in compliance with the policy, the policy proxy is further configured to;
  
  obtain a common policy to apply to the mobile device;
  
  translate the common policy into at least first and second policy sets compatible with the mobile device; and
  
  send the first policy set and the second policy set to the mobile device by a first policy transport and a second policy transport, respectively.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein, when the mobile device is in compliance with the policy, the policy proxy is further configured to grant the mobile device access to the data server when the data stream does not include a device settings query result.
  - 10. The system of claim 8, wherein, when the mobile device is not in compliance with the policy, the policy proxy is further configured to deny the mobile device access to the data server.
  - 11. The system of claim 8, wherein each of the first and second policy sets includes one or more policy elements, and wherein, when the mobile device is not in compliance with the policy, the policy proxy is further configured to:
    - assign the first and second policy sets to the first and second policy transports; and
      
      supply the first and second policy sets to the first and second policy transports for transmission to the mobile device.
  - 12. The system of claim 8, wherein compliance with the policy is determined by detecting the presence of one or more policy indicators in the mobile device, wherein when the mobile device is not in compliance with the policy, the policy proxy is further configured to:
    - add a policy indicator to the first policy set before sending the first policy set to the mobile device by the first policy transport.
  - 13. The system of claim 12, wherein the one or more policy indicators include one or more of a digital certificate, a device configuration setting, and a policy specification.
  - 14. The system of claim 8, wherein compliance with the policy is determined by determining the presence of one or more device settings and comparing one or more of the device settings to one or more of the policy elements.

15. A device for controlling access to a data server by a mobile device, the mobile device having policy compliance capabilities, the device comprising at least one processor device and a policy proxy configured to interface with the at least one processor device to:
- receive a data stream between the data server and the mobile device;
  
  identify the mobile device;
  
  identify a policy in an integrated policy server applicable to the mobile device based on the identity of the mobile device; and
  
  determine whether the mobile device is in compliance with the policy,wherein when the mobile device is in compliance with the policy and the data stream includes a device settings query result, the policy proxy is further configured to;
  
  add the device settings query result to a group of one or more device settings query results, wherein the group of device settings query results is received in response to a device settings query from the data server, wherein the device settings query is translated into a form compatible with the mobile device and sent to the mobile device via a plurality of policy transports;
  
  translate the group of device settings query results into a form compatible with the data server; and
  
  send the translated group of device settings query results to the data server,wherein when the mobile device is not in compliance with the policy, the policy proxy is further configured to;
  
  obtain a common policy to apply to the mobile device;
  
  translate the common policy into at least first and second policy sets compatible with the mobile device; and
  
  send the first policy set and the second policy set to the mobile device by a first policy transport and a second policy transport, respectively.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The device of claim 15, wherein, when the mobile device is in compliance with the policy, the policy proxy is further configured to grant the mobile device access to the data server when the data stream does not include a device settings query result.
  - 17. The device of claim 15, wherein, when the mobile device is not in compliance with the policy, the policy proxy is further configured to deny the mobile device access to the data server.
  - 18. The device of claim 15, wherein each of the first and second policy sets includes one or more policy elements, and wherein, when the mobile device is not in compliance with the policy, the policy proxy is further configured to:
    - assign the first and second policy sets to the first and second policy transports; and
      
      supply the first and second policy sets to the first and second policy transports for transmission to the mobile device.
  - 19. The device of claim 15, wherein compliance with the policy is determined by detecting the presence of one or more policy indicators in the mobile device, wherein when the mobile device is not in compliance with the policy, the policy proxy is further configured to:
    - add a policy indicator to the first policy set before sending the first policy set to the mobile device by the first policy transport.
  - 20. The device of claim 19, wherein the one or more policy indicators include one or more of a digital certificate, a device configuration setting, and a policy specification.
  - 21. The device of claim 15, wherein compliance with the policy is determined by determining the presence of one or more device settings and comparing one or more of the device settings to one or more of the policy elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhigh Security LLC, Trust Digital
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sapp, Kevin, Goldschlag, David, Walker, David
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US12/614,333
Publication Number

US 20100115582A1
Time in Patent Office

1,453 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

H04L 41/022   Multivendor or multi-standa...

H04L 41/0806   for initial configuration o...

H04L 41/082   the condition being updates...

H04L 41/0869   Validating the configuratio...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/08   for authentication of entit...

H04W 8/245   from a network towards a te...

System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

192 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

192 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others