Assessing the security state of a mobile communications device

US 8,997,181 B2
Filed: 09/23/2013
Issued: 03/31/2015
Est. Priority Date: 10/21/2008
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:

receiving, at a server security component, security data generated by an application running on a mobile communications device;

processing, at the server security component, the received security data to make an assessment of a current security state of the mobile communications device; and

in response to a request from the mobile communications device for access to a service provider received at the server security component, providing, by the server security component, the assessment of the current security state of the mobile communications device by the server security component to the service provider for enforcement of an application-level security policy that determines whether or not to grant access to the mobile communications device and at what level.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for assessing the current security state of a mobile communications device. A security component installed in either the server or the mobile communications device is configured to assess the current security state by processing security data generated by the mobile communications device. If the security data is not current, then security events on the mobile communications device are evaluated to determine a severity level for the security events, and this determination is used to assess the current security state of the mobile communications device.

318 Citations

20 Claims

1. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- receiving, at a server security component, security data generated by an application running on a mobile communications device;
  
  processing, at the server security component, the received security data to make an assessment of a current security state of the mobile communications device; and
  
  in response to a request from the mobile communications device for access to a service provider received at the server security component, providing, by the server security component, the assessment of the current security state of the mobile communications device by the server security component to the service provider for enforcement of an application-level security policy that determines whether or not to grant access to the mobile communications device and at what level.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-readable medium of claim 1, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.
  - 3. The computer-readable medium of claim 1, further comprising:
    - assessing, by the server security component, security events on the mobile communications device received as part of the security data from the mobile communications device to determine severity levels for the security events, and using the assessment of the security events as part of the assessment of the current security state of the mobile communications device.
  - 4. The computer-readable medium of claim 1, further comprising:
    - if the server security component determines that the security data received from the mobile communications device is not current, then assessing, by the server security component, security events on the mobile communications device received from the mobile communications device to determine severity levels for the security events and using this determination of severity levels to assess the current security state of the mobile communication device.

5. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- receiving, at a server security component, security data generated by an application running on a mobile communications device;
  
  processing, at the server security component, the received security data to make an assessment of a current security state of the mobile communications device; and
  
  in response to a request from a service provider for access to the mobile communications device, received at the server security component, providing, by the server security component, the assessment of the current security state of the mobile communications device from the server security component to the mobile communications device for enforcement of an application-level security policy that determines whether or not to grant access to the service provider and at what level.
- View Dependent Claims (6, 7, 8)
- - 6. The computer-readable medium of claim 5, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.
  - 7. The computer-readable medium of claim 5, further comprising:
    - assessing, by the server security component, security events on the mobile communications device received as part of the security data from the mobile communications device to determine severity levels for the security events, and using the assessment of the security events as part of the assessment of the current security state of the mobile communications device.
  - 8. The computer-readable medium of claim 5, further comprising:
    - if the server security component determines that the security data received from the mobile communications device is not current, then assessing, by the server security component, security events on the mobile communications device received from the mobile communications device to determine severity levels for the security events and using this determination of severity levels to assess the current security state of the mobile communication device.

9. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- providing a server security component in communication with a mobile communications device and a service provider;
  
  receiving, at the server security component, security data generated by the mobile communications device;
  
  storing the security data in a database accessible to the server security component;
  
  processing, at the server security component, the received and stored security data to make an assessment of a current security state of the mobile communications device; and
  
  in response to a request from the mobile communications device for access to a service provider, received at the server security component, providing, by the server security component, the assessment of the current security state of the mobile communications device from the server security component to the service provider for enforcement of an application-level security policy that determines whether or not to grant access to the mobile communications device and at what level.

10. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- providing a server security component in communication with a mobile communications device and a service provider;
  
  receiving, at the server security component, security data generated by the mobile communications device;
  
  storing the security data in a database accessible to the server security component;
  
  processing, at the server security component, the received and stored security data to make an assessment of a current security state of the mobile communications device; and
  
  in response to a request from a service provider for access to the mobile communications device, received at the server security component, providing, by the server security component, the assessment of the current security state of the mobile communications device from the server security component to the service provider for enforcement of an application-level security policy that determines whether or not to grant access to the mobile communications device and at what level.

11. A method comprising:
- at a server security component in communication with a mobile communications device, receiving security data generated by at least one application running on the mobile communications device;
  
  at the server security component, processing the received security data to assess a current security state of the mobile communications device;
  
  at a server in communication with the server security component, receiving a request from the mobile communications device to access a service provider;
  
  in response to the request for access received by the server, at the server security components, determining whether to grant the requested access to the service provider and at what access level depending upon the assessment of the current security state for the mobile communications device; and
  
  communicating to the service provider the determination of whether to grant the requested access, and if so, the access level.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.
  - 13. The method of claim 11, further comprising:
    - assessing, by the server security component, security events on the mobile communications device received as part of the security data from the mobile communications device to determine severity levels for the security events, and using the assessment of the security events to make the assessment of the current security state of the mobile communications device.

14. A method comprising:
- at a server security component in communication with a mobile communications device, receiving security data generated by at least one application running on the mobile communications device;
  
  at the server security component, processing the received security data to assess a cuurent security state of the mobile communications device;
  
  at a server in communication with the server security component, receiving a request from a service provider to access the mobile communications device;
  
  in response to the request for access received by the server, at the server security component, determining whether to grant the requested access to the mobile communications device and at what level depending upon the assessment of the current security state for the mobile communications device; and
  
  communicating to the service provider the determination of whether to grant the requested access, and if so, the access level.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.
  - 16. The method of claim 14, further comprising:
    - assessing, by the server security component, security events on the mobile communications device received as part of the security data from the mobile communications device to determine severity levels for the security events, and using the assessment of the security events to make the assessment of the current security state of the mobile communications device.

17. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- receiving, at a server security component, security data generated by an application running on a mobile communications device;
  
  processing, at the server security component, the received security data to make an assessment of a current security state of the mobile communications device;
  
  receiving, at the server security component, a request from the mobile communications device to access a service provider;
  
  in response to the request for access received at the server security component, determining, at the server security component, whether to grant the requested access to the service provider and at what access level depending upon the assessment of the current security state for the mobile communications device; and
  
  communicating to the service provider the determination of whether to grant the requested access, and if so, the access level.
- View Dependent Claims (18)
- - 18. The computer-readable medium of claim 17, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.

19. A non-transitory computer-readable medium encoded with a plurality of instructions which, when executed by a processor, cause the processor to perform a method comprising:
- receiving, at a server security component, security data generated by an application running on a mobile communications device;
  
  processing, at the server security component, the received security data to make an assessment of a current security state of the mobile communications device;
  
  receiving, at the server security component, a request from a service provider to access the mobile communications device;
  
  in response to the request for access received at the server security component, determining, at the server security component, whether to grant the requested access to the mobile communications device and at what access level depending upon the assessment of the current security state for the mobile communications device; and
  
  communicating to the service provider the determination of whether to grant the requested access, and if so, the access level.
- View Dependent Claims (20)
- - 20. The computer-readable medium of claim 19, further comprising:
    - storing the received security data in a database accessible to the server security component; and
      
      comparing the received security data to other data stored in the database in order to make the assessment of the current security state of the mobile communications device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Hering, John G., Burgess, James David
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US14/034,320
Publication Number

US 20140024345A1
Time in Patent Office

554 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2129   Authenticate client device ...

H04L 2463/102   applying security measure f...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04W 12/08   Access security

Assessing the security state of a mobile communications device

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

318 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Assessing the security state of a mobile communications device

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

318 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links