Detection of Hardware Tampering
US-2016247002-A1 · Aug 25, 2016 · US
Mobile posture-based policy, remediation and access control for enterprise resources
US10171648B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10171648-B2 |
| Application number | US-201414484159-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 11, 2014 |
| Priority date | Nov 19, 2010 |
| Publication date | Jan 1, 2019 |
| Grant date | Jan 1, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: receiving at a remote management device, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining at the remote management device, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at the remote management device, consulting, by an intermediate node, the table to determine the security state of the mobile device; denying, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permitting mobile device traffic that identifies a port that corresponds to an authorized application; accepting or rejecting, by an enterprise application of the mobile device, requests of the mobile device based on the security state of the mobile device in the table, in response to the enterprise application of the mobile device accessing the security state of the mobile device in the table; causing, by the intermediate node, the new application to be blocked from launching on the mobile device; and updating a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied. 2. The method of claim 1 , further comprising transmitting a command to the control agent installed on the mobile device, the command operative to cause the control agent to delete one or more files on the mobile device. 3. The method of claim 1 , further comprising transmitting one or more notifications if the new application is not recognized. 4. The method of claim 1 , further comprising updating a security state table based at least in part on the determination that the new application is not a recognized application. 5. The method of claim 1 , wherein the intermediate node is configured to block traffic from the mobile device to the network application service based on the updated security state information. 6. The method of claim 1 , wherein the intermediate node is configured to consult the security state information of the mobile device to determine a current security state of the mobile device, and to filter traffic associated with the mobile device based at least in part on the current security state of the mobile device. 7. The method of claim 6 , wherein the network application service to which access is blocked comprises a first network application service, and the intermediate node is configured to allow access by the mobile device to a second network application service. 8. A mobile device management system, comprising: a communication interface; and a hardware processor coupled to the communication interface and configured to: receive via the communication interface, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determine, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at a remote management device, consult, by an intermediate node, the table to determine the security state of the mobile device; deny, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permit mobile device traffic that identifies a port that corresponds to an authorized application; cause, by the intermediate node, the new application to be blocked from launching on the mobile device: and update a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied wherein in response to an enterprise application of the mobile device accessing the security state of the mobile device in the table, the enterprise application of the mobile device is configured to accept or reject requests of the mobile device based on the security state of the mobile device in the table. 9. The system of claim 8 , wherein the hardware processor is further configured to transmit a command to the control agent installed on the mobile device, the command operative to cause the control agent to delete one or more files on the mobile device. 10. The system of claim 8 , wherein the hardware processor is further configured to transmit one or more notifications if the new application is not recognized. 11. The system of claim 8 , wherein the hardware processor is further configured to update the security state in the table based at least in part on the determination that the new application is not a recognized application. 12. The system of claim 8 , wherein the intermediate node is configured to block traffic from the mobile device to the network application service based on the updated security state information. 13. The system of claim 8 , wherein the intermediate node is configured to consult the security state information of the mobile device to determine a current security state of the mobile device, and to filter traffic associated with the mobile device based at least in part on the current security state of the mobile device. 14. A computer program product to manage mobile devices, the computer program product being embodied in a tangible, non-transitory computer readable storage medium, and comprising computer instructions for: receiving, from a control agent installed on a mobile device, information indicating that a new application has been installed on the mobile device; determining, at least in part by applying one or more policies, that the new application is not a recognized application; and responsive to the determination that the new application is not a recognized application, setting a security state of the mobile device in a table, wherein the table is stored at a remote management device, consulting, by an intermediate node, the table to determine the security state of the mobile device; denying, by the intermediate node, access of the mobile device to a network application service based on the security state of the mobile device in the table; and permitting mobile device traffic that identifies a port that corresponds to an authorized application; accepting or rejecting, by an enterprise application of the mobile device, requests of the mobile device based on the security state of the mobile device in the table, in response to the enterprise application of the mobile device accessing the security state of the mobile device in the table; causing, by the intermediate node, the new application to be blocked from launching on the mobile device; and updating a security state information of the mobile device in the table based on the determination that the new application is not a recognized application when access is denied.
Assignees
Inventors
Classifications
by limiting the access to the user interface, e.g. locking a touch-screen or a keypad · CPC title
to restrict the functionality of the device · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Processing or transfer of terminal data, e.g. status or physical capabilities · CPC title
Access restriction performed under specific conditions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10171648B2 cover?
- A mobile device management system that monitors the security state of one or more mobile devices and sets indicators related to such security state. Enterprise network applications, such as an email application, can access the security state information when making access control decisions with respect to a given mobile device.
- Who is the assignee on this patent?
- Mobile Iron Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).