(12) United States Patent
`Shahbazi
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,635,661 B2
`Jan. 21, 2014
`
`US008635661 B2
`
`(54) SYSTEMAND METHOD FOR ENFORCING A
`SECURITY POLICY ON MOBILE DEVICES
`USING DYNAMICALLY GENERATED
`SECURITY PROFILES
`
`(75) Inventor: Majid Shahbazi, Fairfax, VA (US)
`
`(73) Assignee: McAfee, Inc., Santa Clara, CA (US)
`
`(*) Notice:
`
`(21) Appl. No.:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 1207 days.
`111578,420
`
`AU
`EP
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,727,202 A
`3, 1998 Kucala
`5,884.323 A
`3, 1999 Hawkins et al.
`5,987,610 A 11/1999 Franczek et al.
`6,000,000 A 12/1999 Hawkins et al.
`6,006,274. A 12/1999 Hawkins et al.
`Continued
`(
`)
`FOREIGN PATENT DOCUMENTS
`
`3, 2004
`20032.60071
`7, 1995
`O661677
`(Continued)
`OTHER PUBLICATIONS
`
`(22) PCT Filed:
`
`Dec. 22, 2004
`
`(86). PCT No.:
`S371 (c)(1),
`(2), (4) Date:
`
`PCT/US2004/0425.65
`
`Oct. 13, 2006
`
`(87) PCT Pub. No.: WO2005/064498
`PCT Pub. Date: Jul. 14, 2005
`Prior Publication Data
`US 2007/0143824A1
`Jun. 21, 2007
`
`(65)
`
`Related U.S. Application Data
`(60) Eyal application No. 60/531,668, filed on Dec.
`s
`(51) Int. Cl.
`G06F I7/00
`(52) U.S. Cl
`726/1:38Of 270: 726/26
`USPG
`(58) Field o f Classification search
`s
`s
`USPC .......................... G.I. 26.380,270,455,410
`See application file for complete search history.
`
`(2006.01)
`
`Smith, Randy F. “Tracking Logon and Logoff Activity in Windows
`2000, Feb. 2001, Microsoft TechNet, http://www.microsoft.com/
`technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.
`mspx (printed Jul. 1, 2010, (C) 2010).
`(Continued)
`Primary Examiner — Samson Lemma
`(74) Attorney, Agent, or Firm — Patent Capital Group
`(57)
`ABSTRACT
`A system and method for enforcing security parameters that
`collects information from a source relating to a mobile device
`(104). Based on the collected information, an identity status
`for the mobile device (104) is determined that uniquely iden
`tifies the mobile device (104) and distinguishes it from other
`mobile devices. The identity status of the mobile device (104)
`can be determined when the mobile device (104) connects to
`a computing node source (102) or when the mobile device
`(104) accesses a resource (124) within the network. A secu
`rity profile based on the identity status of the mobile device
`(104) is generated and the security profile is applied to the
`mobile device (104).
`19 Claims, 7 Drawing Sheets
`
`
`
`Enterprise
`Security(ES)
`
`60
`
`
`
`Reports &
`Events
`Alarms and Reports based on defined
`thresholds
`
`stop
`
`Dynamic Analysis of device identity
`status, ES, and best practices
`
`Instantaneous Description
`of the mobile device
`
`
`
`Mobile
`Security
`
`Real-time policies
`
`1
`
`APPLE 1004
`
`

`

`US 8,635,661 B2
`Page 2
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`6/2000 Geiger et al.
`6,073,142 A
`6,158,010 A 12/2000 Moriconi et al.
`6,301,484 B1
`10/2001 Rogers et al.
`6,317.868 B1
`11/2001 Grimm et al.
`6.460.050 B1
`10/2002 Paceletal.
`666.780 B3
`2/2003 Li
`6.678.827 B1
`1/2004 Rothermel
`6,684,244 B1
`1/2004 Goldman et al.
`6694.434 B
`22004 McGee et al.
`6,766.165 B2
`7/2004 Sharma et al.
`6.798.757 B2
`92004 Mizutani
`6,804.722 B1
`10/2004 Nishi
`6,839,766 B1
`1/2005 Parna?es et al.
`6,944, 183 B1
`9/2005 Iyer et al.
`6,954,790 B2 10/2005 Forslow
`6,973.488 B1
`12/2005 Yavatkar et al.
`7.003562 B2
`2/2006 Mayer
`7,089,592 B2
`8/2006 Adjaoute
`7,103,772 B2
`9/2006 Jorgensen et al.
`7.136,645 B2 11/2006 Hanson et al.
`736907 B1
`11/2006 Nordstrom et al.
`7, 194689 B2
`3/2007 Mannietal.
`7,222,359 B2
`5/2007 Freund et al.
`T.249,369 B2
`7/2007 Knouse et al.
`7.308,703 B2 12/2007 Wright et al.
`7,317,699 B2
`1/2008 Godfrey et al.
`7.346,340 B2
`3/2008 Purnadiet al.
`7.386.888 B2
`6/2008 Liangletal.
`7,428,583 B1
`9, 2008 Lortz et al.
`7,448,067 B2 11/2008 Yadav
`7,506,155 B1
`3/2009 Stewart et al.
`7.546,629 B2
`6/2009 Albert et al.
`7.562,388 B2
`7/2009 Hackenberger et al.
`T574.208 B2
`8, 2009 Hanson et al.
`7,665.iis B2
`2/2010 Mannet al.
`7669.237 B3
`2.2010 Shahbazi
`7734,284 B2* 6/2010 Adams et al. ... 455,418
`T.774.363 B2
`8, 2010 Lim
`7,774,504 B2
`& 2010 Chene et al.
`7.853,998 B2 12/2010 Blaisdell et al.
`T865,938 B2
`1/2011 Shahbazi
`7971332 B2
`6/2011 Hasbun
`8,010,997 B2
`8/2011 Limont et al.
`8.131,851 B2
`3/2012 Harlow
`8,134954 B2
`3/2012 Godfrey et al.
`8,259,568 B2
`9/2012 Laudermilch et al.
`8,259,611 B2
`9/2012 Godfrey et al.
`8.341.693 B2 12/2012 Shahbazi
`8.495.700 B2
`7/2013 Shahbazi
`2001/0039624 A1* 11/2001 Kellum ......................... T13 201
`2001/0041576 A1 11/2001 IAnson et al.
`2002fOO27569 A1
`3, 2002 Manni et al.
`2002/0032853 A1
`3f2002 Preston et al.
`2002fOO68559 A1
`6, 2002 Sharma et al.
`2002/0098830 A1
`7/2002 Lauper et al.
`2002/0098840 A1
`7/2002 Hanson et al.
`20O2/O120599 A1
`8/2002 Knouse et al.
`2002/0184532 Al 12/2002 Hackenberger et al.
`2002/01943 17 A1 12/2002 Kanada et al.
`2003/0028651 A1
`2/2003 Schreckengast et al.
`2003/0037129 A1
`2/2003 Beadles et al.
`2003/008 1621 A1
`5/2003 Godfrey et al.
`2003/01080 15 A1
`6, 2003 Li
`2003/O130953 A1
`7/2003 Narasimhan et al.
`2003. O140246 A1
`7/2003 Kammer et al.
`2003/O162555 A1
`8, 2003 Loveland
`2003.0167405 A1
`9, 2003 Freund et al.
`2003/0177389 A1
`9, 2003 Albert et al.
`2003/0182394 A1
`9/2003 Ryngler et al.
`2003/0228866 A1 12, 2003 Pezeshki
`2004/00097.68 A1
`1/2004 Waters et al.
`2004/0022258 A1
`2/2004 Tsukada et al.
`2004/0030705 A1
`2/2004 Bowman-Amuah
`2004/0030796 A1
`2/2004 Cooper et al.
`2004/0043762 A1
`3f2004 Kim et al. ..................... 455,418
`
`3, 2004 Friend et al.
`2004.0054739 A1
`4, 2004 Yadav
`2004, OO64727 A1
`4/2004 Rao et al.
`2004/0076128 A1
`4/2004 Markham et al.
`2004/0083382 A1
`6/2004 Wright et al.
`2004/O123150 A1
`7/2004 Knauerhase et al.
`2004/O128394 A1
`9, 2004 Soliman
`2004/0179690 A1
`2004/0214570 A1 10/2004 Zhang et al.
`2004/0225524 A1 11/2004 Narasimhan et al.
`2004/0266395 A1 12, 2004 Pales et al.
`2004/02681.45 A1 12/2004 Watkins et al.
`2005/0022012 A1
`1/2005 BlueStone et al.
`2005/0055578 A1
`3/2005 Wright et al.
`2005, OO60393 A1
`3/2005 Parnafes et al.
`2005/0097199 A1
`5.2005 Woodard et al.
`2005/0101293 A1
`5.2005 Mentze et al.
`2005. O135375 A1
`6, 2005 Hurtta et al.
`2005, 0164691 A1
`7/2005 Payne
`2005, 01983 06 A1
`9/2005 Palojarvi et al.
`2005/0203881 A1
`9, 2005 Sakamoto et al.
`2005/025 1853 Al 1 1/2005 Bhargavan et al.
`2005/0254652 A1* 1 1/2005 Engler et al. .................. 380,270
`2005/0255838 A1 11/2005 Adams et al.
`2005/0257246 A1 11/2005 Adams et al.
`2005/0262343 Al 1 1/2005 Jorgensen et al.
`2005/0268326 A1 12/2005 Bhargavan et al.
`2006,0005254 A1
`1/2006 ROSS
`2006, OO31351 A1
`2/2006 Marston et al.
`2006/0036,730 A1
`2/2006 Graham et al.
`2006.0075472 A1
`4/2006 Sanda et al.
`2006.0089938 A1
`4/2006 Leonard et al.
`2006/0095953 A1
`5.2006 Frank
`2006, O112427 A1
`5, 2006 Shahbazi
`2006, O130 139 A1
`6/2006 Sobel et al.
`2006/014 1995 A1
`6/2006 Purnadi et al.
`2006/0161646 A1
`7/2006 Chene et al.
`2006/0184490 A1
`8/2006 Heim et al.
`2006, O190684 A1
`8/2006 McCammon et al.
`2006/O190984 A1
`8/2006 Heard et al.
`2006/0224742 A1 10, 2006 Shahbazi
`2006/0277590 A1 12/2006 Limot et al.
`2007,0006289 A1
`1/2007 Limot et al.
`2007/0088948 A1
`4, 2007 Ji et al.
`2007/0156670 Al
`7/2007 Lim
`2007. O156694 A1
`7, 2007 Lim
`2007. O157287 A1
`T/2007 Lim
`2007/0157288 Al
`7/2007 Lim
`2007, 0169168 A1
`7, 2007 Lim
`2007,0186275 A1
`8, 2007 Shahbazi
`2007/0266422 A1 11/2007 Germano et al.
`2008/0034401 A1
`2/2008 Wang
`2008/0052383 A1
`2/2008 O'Shaughnessy et al.
`2008, OO65700 A1
`3, 2008 Lim
`2008/0066149 A1
`3/2008 Lim
`2008.0070495 A1
`3/2008 Stricklen et al.
`2008/0098062 A1
`4, 2008 Balia
`2008.01251.02 AI
`52008 Abel et al.
`2008/O137593 A1
`6/2008 Laudermilch et al.
`2008. O184200 A1
`7/2008 Burns et al.
`2008. O1842O1 A1
`7/2008 Burns et al.
`2008/O184277 A1
`7/2008 Burns et al.
`2008/0209505 A1
`8, 2008 Ghai et al.
`2009.0049166 A1
`2/2009 Roman et al.
`2009.0049518 A1
`2/2009 Roman et al.
`2009/0138939 A1
`5/2009 Kumar et al.
`2009/0164560 Al
`6/2009 Fiatal
`2009,0265754 A1 10, 2009 Hinds
`2009/02.98478 A1 12/2009 Tyhurst et al.
`2009/0322890 Al 12/2009 Bocking et al.
`2010, 0037088 A1
`2/2010 Krivopaltsev et al.
`2010.006.4341 A1
`3/2010 Aldera
`2010, 0112983 A1
`5, 2010 Walker et al.
`2010/01 15581 A1
`5/2010 Goldschlag et al.
`2010/01 15582 A1
`5/2010 Sapp et al.
`2010, 0154025 A1
`6, 2010 Balducci et al.
`2010/019 1847 A1
`7/2010 Raleigh
`2011/0004913 A1
`1/2011 Nagarajan et al.
`2011/0162049 A1
`6, 2011 Shahbazi
`2011/O167470 A1
`7, 2011 Walker et al.
`
`2
`
`

`

`US 8,635,661 B2
`Page 3
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`2011/0276683 A1
`2011/0320819 A1
`2012fO270522 A1
`2012fO270523 A1
`2013,0047219 A1
`
`11/2011 Goldschlag et al.
`12/2011 Weber et al.
`10/2012 Laudermilch et al.
`10/2012 Laudermilch et al.
`2/2013 Shahbazi
`
`FOREIGN PATENT DOCUMENTS
`
`10, 2000
`1041506
`EP
`6, 2005
`1540446
`EP
`7/2005
`17O9556
`EP
`12/2007
`1866,789
`EP
`T 2011
`2345205
`EP
`1496.984. A 12, 1975
`GB
`WO O2, 19116 A2
`3, 2002
`WO
`WO O2/44892
`6, 2002
`WO
`WOO3,O27878 A1
`4/2003
`WO
`WOO3,O90492 A1 10, 2003
`WO
`WO WO 2004/021114 A2
`3, 2004
`WO WO 2004/057834 A2
`T 2004
`WO WO2005064498
`7/2005
`WO
`WO2005107144
`11, 2005
`WO WO 2006/0939.17 A2
`9, 2006
`WO WO 2007/073278 A2
`6, 2007
`WO WO 2008/109866
`9, 2008
`WO WO 2010/O54258 A1
`5, 2010
`
`OTHER PUBLICATIONS
`
`International Search Report for International Application No. PCT/
`US03/26645 mailed Feb. 13, 2004 (3 pages).
`International Preliminary Examination Report for International
`Application No. PCT/US03/26645 completed Mar. 3, 2005 (6
`pages).
`Written Opinion of the International Searching Authority for Inter
`national Application No. PCT/US04/42565 mailed May 25, 2005 (6
`pages).
`International Search Report for International Application No. PCT/
`US04/42565 mailed May 25, 2005 (1 page).
`“Face-Image Capturing Method for Unattended Terminal”, IBM
`Technical Disclosure Bulletin, IBM Corporation, New York, US, vol.
`38, No. 1, Jan. 1995, pp. 101-102, XP000498703 ISSN: 00 18-8689.
`International Search Report for International Application No. PCT/
`US06/06968 mailed Feb. 29, 2008 (1 page).
`International Preliminary Report on Patentability issued Mar. 24.
`2009 (1 page) and Written Opinion of the International Searching
`Authority mailed Feb. 29, 2008 (4 pages) for International Applica
`tion No. PCTUSO6,06968.
`International Search Report for International Application No. PCT/
`US2009/063640 mailed Apr. 20, 2010 (6 pages).
`Supplementary European Search Report for EPO Application No. EP
`04 81 4713 completed Apr. 25, 2007.
`U.S. Appl. No. 12/972.410, filed Dec. 17, 2010, entitled “Enterprise
`Wide Security System for Computer Devices.” Inventor Majid
`Shahbazi.
`International Search Report and Written Opinion for International
`Application No. PCT/US2009/063640 mailed Apr. 20, 2010 (6
`pages).
`USPTO Aug. 6, 2010 Nonfinal Office Action from U.S. Appl. No.
`1 1/877,656.
`USPTO Nov. 8, 2010 Response to Aug. 6, 2010 Nonfinal Office
`Action from U.S. Appl. No. 1 1/877,656.
`USPTO Mar. 1, 2011 Final Office Action from U.S. Appl. No.
`1 1/877,656.
`USPTO Jun. 1, 2011 RCE Response to Mar. 1, 2011 Final Office
`Action from U.S. Appl. No. 1 1/877,656.
`USPTO Jun. 2, 2009 Nonfinal Office Action from U.S. Appl. No.
`1 1/363,283.
`USPTO Oct. 2, 2009 Response to Jun. 2, 2009 Nonfinal Office Action
`from U.S. Appl. No. 1 1/363.283.
`
`USPTO Jan. 5, 2010 Final Office Action from U.S. Appl. No.
`1 1/363,283.
`USPTO Jul. 6, 2010 RCE Response to Jan. 5, 2010 Final Office
`Action from U.S. Appl. No. 1 1/363,283.
`USPTO Sep. 23, 2010 Office Action from U.S. Appl. No. 1 1/363,283.
`USPTO Dec. 20, 2010 Response to Sep. 23, 2010 Nonfinal Office
`Action from U.S. Appl. No. 1 1/363,283.
`USPTO Mar. 9, 2011 Final Office Action from U.S. Appl. No.
`1 1/363,283.
`May 19, 2011 International Preliminary Report on Patentability for
`International Application No. PCT/US2009/063640.
`May 30, 2011 Replacement International Search Report for Appli
`cation No. 04814713.6-1238/1709556.
`Replacement International Search Report for Application No.
`04814713.6-1238/1709556 mailed on May 30, 2011.
`International Preliminary Report on Patentability for International
`Application No. PCT/US2009/063640 mailed on May 19, 2011.
`European Patent Office Action dated Jun. 15, 2011 in EP Application
`No. 097.59830.4-1244 PCT/US2009063640.
`Non-Final Office Action in U.S. Appl. No. 10/527,235 mailed on Jun.
`28, 2006.
`Response to Non-Final Office Action dated Jun. 28, 2006 in U.S.
`Appl. No. 10/527,235, filed Sep. 28, 2006.
`Final Office Action in U.S. Appl. No. 10/527.235 mailed on Dec. 12,
`2006.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 10/527,235, filed Jun. 12, 2007.
`Non-Final Office Action in U.S. Appl. No. 10/527.235 mailed on
`Aug. 28, 2007.
`Response to Non-Final Office Action dated Aug. 28, 2007 in U.S.
`Appl. No. 10/527,235, filed Feb. 28, 2008.
`Final Office Action in U.S. Appl. No. 10/527.235 mailed on Jul. 11,
`2008.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 10/527,235, filed Dec. 11, 2008.
`Non-Final Office Action in U.S. Appl. No. 10/527,235 mailed on Jan.
`9, 2009.
`Response to Non-Final Office Action dated Jan. 9, 2009 in U.S. Appl.
`No. 10/527,235, filed Jul. 9, 2009.
`Notice of Allowance in U.S. Appl. No. 10/27,235 mailed on Oct. 5,
`2009.
`Non-Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on Oct.
`17, 2006.
`Response to Non-Final Office Action dated Oct. 17, 2006 in U.S.
`Appl. No. 1 1/441,049, filed Jan. 17, 2007.
`Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on Mar. 22.
`2007.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/441,049, filed Jun. 22, 2007.
`Non-Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on Sep.
`24, 2007.
`Response to Non-Final Office Action dated Sep. 24, 2007 in U.S.
`Appl. No. 1 1/441,049, filed Mar. 24, 2008.
`Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on Jul. 9,
`2008.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/441,049, filed Jan. 9, 2009.
`Non-Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on Feb.
`2, 2009.
`Examiner Interview Summary in U.S. Appl. No. 1 1/441,049 mailed
`on Jul. 27, 2009.
`Response to Non-Final Office Action dated Feb. 2, 2009 in U.S. Appl.
`No. 1 1/441,049, filed Aug. 27, 2009.
`Non-Final Office Action in U.S. Appl. No. 1 1/441,049 mailed on
`Dec. 10, 2009.
`Response to Non-Final Office Action dated Dec. 10, 2009 in U.S.
`Appl. No. 1 1/441,049, filed Jun. 10, 2010.
`Examiner Interview Summary in U.S. Appl. No. 1 1/441,049 mailed
`on Jun. 14, 2010.
`Notice of Allowance in U.S. Appl. No. 1 1/441,049 mailed on Aug.
`23, 2010.
`Requested for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/363,283, filed Jun. 9, 2011.
`
`3
`
`

`

`US 8,635,661 B2
`Page 4
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`Non-Final Office Action in U.S. Appl. No. 1 1/363,283 mailed on
`Aug. 17, 2011.
`Notice of Allowance in U.S. Appl. No. 1 1/877,656 mailed on Jul. 12,
`2011.
`U.S. Appl. No. 12/830,831, filed Jul. 6, 2011.
`Non-Final Office Action in U.S. Appl. No. 12/614.333 mailed on
`Mar. 28, 2012.
`Final Office Action in U.S. Appl. No. 12,972,410 mailed on Mar. 7,
`2012.
`Notice of Allowance in U.S. Appl. No. 1 1/877,656 mailed on Jan. 24.
`2012.
`Request for Continued Examination in U.S. Appl. No. 1 1/877,656,
`filed Mar. 14, 2012.
`Response to Non-Final Office Action in U.S. Appl. No. 12/614.326,
`filed Mar. 16, 2012.
`U.S. Appl. No. 12/830,861, filed Jul. 6, 2010 and entitled “Mobile
`Data Security System and Methods”.
`Request for Continued Examination in U.S. Appl. No. 12,972,410,
`filed Sep. 23, 2012.
`Notice of Allowance in U.S. Appl. No. 12,972,410 mailed on Oct. 17.
`2012.
`U.S. Appl. No. 13/630,830, filed Sep. 28, 2012 entitled “Enterprise
`Wide Security System for Computer Devices”. Inventor, Majid
`Shahbazi.
`Non-Final Office Action in U.S. Appl. No. 13,459.213 mailed on
`Dec. 17, 2012.
`Non-Final Office Action in U.S. Appl. No. 13,459.216 mailed on
`Dec. 7, 2012.
`Final Office Action in U.S. Appl. No. 12/614,319 mailed on Sep. 20,
`2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 12/614,319, filed Nov. 28, 2012.
`Non-Final Office Action in U.S. Appl. No. 12/614.326 mailed on
`Dec. 12, 2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 12/614,333, filed Nov. 1, 2012.
`Request for Continued Examiation and Amedment in U.S. Appl. No.
`1 1/441,049, filed Aug. 14, 2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 12/972.410, filed Jun. 7, 2012.
`Notice of Allowance in U.S. Appl. No. 12,972,410 mailed on Jun. 25.
`2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/363,283, filed Apr. 29, 2012.
`Notice of Allowance in U.S. Appl. No. 1 1/877,656 mailedon Mar. 29.
`2012.
`Request for Continued Examination in U.S. Appl. No. 1 1/877,656,
`filed Jun. 29, 2012.
`Notice of Allowance in U.S. Appl. No. 1 1/877,656 mailed on Jul. 20,
`2012.
`U.S. Appl. No. 13/459.213, filed Apr. 29, 2012, entitled “System and
`Method for Controlling Mobile Device Access to a Network'; inven
`tors Norm Laudermilch et al.
`U.S. Appl. No. 13/459.216, filed Apr. 29, 2012, entitled “System and
`Method for Controlling Mobile Device Access to a Network'; inven
`tors Norm Laudermilch et al.
`Non-Final Office Action in U.S. Appl. No. 12/614.319 mailed on Apr.
`19, 2012.
`Response to Non-Final Office Action dated Apr. 19, 2012 in U.S.
`Appl. No. 12/614,319, filed Jun. 22, 2012.
`Final Office Action in U.S. Appl. No. 12/614.333 mailed on Aug. 1,
`2012.
`Final Office Action in U.S. Appl. No. 12/614.326 mailed on May 10,
`2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 12/614,326, filed Aug. 10, 2012.
`Response to Non-Final Office Action dated Mar. 28, 2012 in U.S.
`Appl. No. 12/614.333, filed May 29, 2012.
`
`Non-Final Office Action in U.S. Appl. No. 12/830,861 in U.S. Appl.
`No. 12/830,861 mailed on Jun. 21, 2012.
`“Can You Manage an iPhone Like a BlackBerry?', Network World
`Middle East, Copyright IDG Middle East, Jul. 9, 2009 (3 pages).
`“GuardianEdge Releases Smartphone Protection
`Product”.
`ComputerTechnology Review, Nov. 28, 2007 (1 page).
`PCT Written Opinion in International Application U.S. Appl. No.
`PCT/US03/26645 mailed on Jan. 21, 2005 (7 pages).
`European Patent Office Communication Pursuant to Article 94(3)
`EPC (Examination Report) dated Sep. 29, 2011 in EP Application
`No. 0481471.3.6.
`Non-Final Office Action in U.S. Appl. No. 12,972,410 mailed on Sep.
`21, 2011.
`Response to Non-Final Office Action in U.S. Appl. No. 12,972,410,
`filed Dec. 21, 2011.
`Response to Non-Final Office Action dated Aug. 17, 2011 in U.S.
`Appl. No. 1 1/363,283, filed Nov. 17, 2011.
`Final Office Action in U.S. Appl. No. 1 1/363,283 mailed on Jan. 30.
`2012.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/877,656, filed Sep. 22, 2011.
`Notice of Allowance in U.S. Appl. No. 1 1/877,656 mailed on Oct. 5,
`2011.
`Request for Continued Examination in U.S. Appl. No. 1 1/877,656,
`filed Jan. 4, 2012.
`Notice of Allowance in U.S. Appl. No. 1 1/877.565 mailed on Jan. 24.
`2012.
`Non-Final Office Action in U.S. Appl. No. 12/614.326 mailed on
`Dec. 16, 2011.
`U.S. Appl. No. 13/102,627, filed May 6, 2011.
`Nayak, et al., “Security Issues in Mobile Data Networks.” Vehicular
`Technology Conference, 2004;VTC2004-Fall 2004; IEEE 60th., vol.
`5, pp. 3229-3233.
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 1 1/578.420, filed Apr. 18, 2013.
`Notice of Allowance in U.S. Appl. No. 1 1/363,283 mailed on Jan. 7.
`2013.
`Request for Continued Examination in U.S. Appl. No. 13/363,283,
`filed Apr. 8, 2013.
`Response to Non-Final Office Action dated Dec. 17, 2012 in U.S.
`Appl. No. 13/459.213, filed Mar. 18, 2013.
`Response to Non-Final Office Action dated Dec. 7, 2012 in U.S.
`Appl. No. 13/459.216, filed Mar. 7, 2013.
`Final Office Action in U.S. Appl. No. 13/459.216 mailed on Mar. 26.
`2013.
`Response to Non-Final Office Action dated Dec. 12, 2012 in U.S.
`Appl. No. 12/614,326, filed Mar. 8, 2013.
`Notice of Allowance in U.S. Appl. No. 12/614.326 mailed on Mar. 19.
`2013.
`Notice of Allowance in U.S. Appl. No. 12/614.333 mailed on Mar. 5,
`2013.
`Non-Final Office Action in U.S. Appl. No. 13/102,627 mailed on
`Mar. 28, 2013.
`Non-Final Office Action in U.S. Appl. No. 12/614.319 mailed on Feb.
`7, 2013.
`Response to Non-Final Office Action dated Jul. 2, 2013 in U.S. Appl.
`No. 12/614,319, filed May 7, 2013.
`Request for Continued Examination in U.S. Appl. No. 1 1/363,283,
`filed Apr. 8, 2013.
`Notice of Allowance in U.S. Appl. No. 1 1/363,283 mailed on May 24,
`2013.
`Final Office Action in U.S. Appl. No. 13,459.213 mailed on Jun. 11,
`2013.
`Response to Non-Final Office Action dated Feb. 7, 2013 in U.S. Appl.
`No. 12/614,319, filed May 7, 2013.
`Request for Continued Examination in U.S. Appl. No. 12/614.333,
`filed Jun. 5, 2013.
`Response to Non-Final Office Action dated Mar. 28, 2013 in U.S.
`Appl. No. 13/102,627, filed Jun. 17, 2013.
`AF Response to Final Office Action datedMar. 26, 2013 in U.S. Appl.
`No. 13/459.216, filed Jun. 26, 2013.
`Request for Continued Examination in U.S. Appl. No. 12/614.326,
`filed Jun. 19, 2013.
`
`4
`
`

`

`US 8,635,661 B2
`Page 5
`
`(56)
`
`References Cited
`
`OTHER PUBLICATIONS
`
`Notice of Allowance in U.S. Appl. No. 12/614.326 mailed on Jul. 15,
`2013.
`Notice of Allowance in U.S. Appl. No. 12/614.333 mailed on Jul. 1,
`2013.
`European Patent Office Communication Pursuant to Article 94(3)
`EPC (Examination Report) dated Jul. 5, 2013 in EP Application No.
`O975983O4.
`Non-Final Office Action in U.S. Appl. No. 13/630,830 mailed on
`Aug. 26, 2013.
`
`Request for Continued Examination and Amendment in U.S. Appl.
`No. 13/459.213, filed Sep. 11, 2013.
`Advisory Action in U.S. Appl. No. 13/459.216 mailed on Jul. 19.
`2013.
`Final Office Action in U.S. Appl. No. 12/614.319 mailed on Aug. 7,
`2013.
`Notice of Allowance in U.S. Appl. No. 13/459,219 mailed on Oct. 9,
`2013.
`Final Office Action in U.S. Appl. No. 13/102,627 mailed on Sep. 26.
`2013.
`
`* cited by examiner
`
`5
`
`

`

`U.S. Patent
`U.S. Patent
`
`Jan. 21, 2014
`
`Sheet 1 of 7
`
`US 8,635,661 B2
`US 8,635,661 B2
`
`
`Joyndwoodoj}de)|wiam“an
`
`BeesAuinsag=.sOBpaU
`
`i''JeNeS
`=woskyg=|scoped=OMIDN.=
`
`SOBHOGORpOIU.preoan
`
`
`
`
`
`cob
`
`ce}
`
`
`
`UONEIS[ERUZDASOH
`
`Aunoesg
`
`eseqeieg
`
`
`
`JOM}OIPEYSSBB
`
`ao
`
`Ob}
`
`b‘Sid
`
`wom
`
`ee ee ee + oe
`
`6
`
`
`
`
`

`

`U.S. Patent
`U.S. Patent
`
`Jan. 21, 2014
`
`Sheet 2 of 7
`
`US 8,635,661 B2
`US 8,635,661 B2
`
`
`
`
`
`uojequomyousS
`
`JBjORUOD
`
`ZO}
`
`¢Old
`
`
`
`
`
`ennaeecay
`JSEIEC@pONSSOO
`
`puBsa|JOLNUODepoN
`
`Aqinaegspon——-
`
`
`elyoddAnsiBoqeponFECSPON
`
`—_—GIJAaqSIIGOW
`
`podseyy
`
`S2{A0q
`
`sayjo3UED
`
`pug
`
`QaV
`
`padayuy
`
`902
`
`
`
`Aunsagaoj,eq
`
`weGoig
`
`uojeajunwwo0s
`
`Beppu}
`
`SOSSG00!d
`
`
`
`@219qS1IGOW
`
`vOL
`
`
`
`ad|Aegsounosey
`
`BIpayyeGe10}g"Be
`
`7
`
`
`
`
`
`
`
`

`

`U.S. Patent
`U.S. Patent
`
`Jan. 21, 2014
`Jan. 21, 2014
`
`Sheet 3 of 7
`Sheet 3 of 7
`
`US 8,635,661 B2
`US 8,635,661 B2
`
`€‘Sls
`
`
`
`</,a5]@J,=9njedaGueyopromssegieqo}9}2ql04>
`
`
`
`</,Japjojaanrag,=anjeaawenapjo4>
`
`
`
`</,[,=9n|esiyGusypiomssequiy>
`
`
`
`</,0;=3n]epouaquogesdx3>
`
`
`
`</[t].=enjespuomssequiupymay>
`
`
`
`</,85}2},=2N|eapuomssegaiuey>
`
`
`
`
`
`</,8924PEpB1S999522920)00623569P2q162eTzpe,=anjedAayuoissag>
`
`
`
`</2B0ZdANVEDIZBO-N,=aN|eAaqunyjeuas>
`
`
`
`</,829969P001,=anjedanjenaibew>
`
`
`
`</[1),=2njeapaomssequiupy>
`
`
`
`</2d38420d,=anjeaaweNouAsjoy>
`
`
`
`</1d38420g,=9N[0Aawepasy>
`
`
`
`</,12,=9n|eduoiss9A>
`
`
`
`
`
`</,9P°PERLT92-80-€002,=9n|esdweysuonea)>
`
`<£9b1.06P80004-S368-42Sb-G8¥0-0002608>-
`
`
`
`</Jd38420d,=anjeaadh[aoiAag>
`
`
`
`</,anay,=anjeaAoyoguowwoss]>
`
`
`
`<JOUPJAII[Og>-
`
`
`
`</,anay=enjershumaseasuesuasp>
`
`</,0,=2njeaauyyeysuoqoinsay>
`
`
`
`</9ESS9,=aNjeAazisaberoys>
`
`
`
`
`
`</P24,=9N]eApoujayoydLy>
`
`
`
`
`
`</QTO9B9EE,=eN[eAVORDLASeyproMsseg>
`
`
`
`
`
`</,0,22N2saut)puyuORpLAsay>
`
`
`</,0,22n|eaSkeQGuDL0%4></,Z,=9N]eA
`
`
`UOMPLRSAypoMssedadiss></,2,29N|PAVOILASSYpUOMSSeqI00p}IeG>
`
`
`
`
`
`</Jeubiaysnay,=anjeahuedwo>>
`
`
`
`</p@ONjRASSAIPPY>
`
`
`
`UOROUASaYpsoMsseg|eqo|)></,Z.=aNjeAUOMLASaYPIOMsseged]></,Z,=an]es
`
`
`
`
`
`8
`
`

`

`U.S. Patent
`U.S. Patent
`
`Jan. 21, 2014
`Jan. 21, 2014
`
`Sheet 4 of 7
`Sheet 4 of 7
`
`US 8,635,661 B2
`US 8,635,661 B2
`
`
`
`SNeayctx
`
`Te
`
`rel
`
`ea
`
`eaes
`:ee
`
`aeracsayaaaeSeneeee<
`
`Wadecnaa’
`
`a
`erea+Esaes:zBaaeaeGE
`
`AREAGACTaREECRaeinaiseoemsae
`
`
`
`‘BreanneisuoaeseeRXReoecf?
`
`
`STENIEGLMTTTTAtEmAeSeeeee:MBRCIEeee
`eeuar=i::SeeensBaerga
`"iete=SnErsuoaoe=zSarayaeee
`
`
`
`FelaoetentEatRgeeCedetuatarnceaeceaOndiabaleaeHugeapueuane:
`:BaisSyeps:-yAda:eemae:5
`
`SEesereaperceeeee
`!ma
`ct
`rang
`
`
`=seatSEN
`iceesayesSepatereideonule:
`
`SeEeeeelastaete
`
`cit
`
`
`
`72uia$3ee
`
`ySd
`
`EHS:
`
`aedae
`
`erat
`
`etch
`
`Beanies
`
`Saad
`
`9
`
`
`
`
`
`

`

`U.S. Patent
`
`Jan. 21, 2014
`
`Sheet 5 of 7
`
`US 8,635,661 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`O O
`
`äüöjä?TË
`
`() () ()
`
`
`
`2010)}}\ \s|10001 Á?/m35
`}} @ @ @ @ @ @
`
`10
`
`

`

`U.S. Patent
`
`Jan. 21, 2014
`
`Sheet 6 of 7
`
`US 8,635,661 B2
`
`
`
`
`
`_-Joyou)squ?upy uaqsÁS
`
`11
`
`

`

`U.S. Patent
`
`Jan. 21, 2014
`
`Sheet 7 of 7
`
`US 8,635,661 B2
`
`
`
`Alarms and Reports based on defined
`thresholds
`
`Enterprise
`Security(ES)
`/
`
`Dynamic Analysis of device identity
`status, ES, and best practices
`
`
`
`instantaneous Description
`of the mobile device
`
`Mobile
`Security
`
`Real-time policies
`
`FIG. 8
`
`12
`
`

`

`US 8,635,661 B2
`
`1.
`SYSTEMAND METHOD FORENFORCNGA
`SECURITY POLICY ON MOBILE DEVICES
`USING DYNAMICALLY GENERATED
`SECURITY PROFILES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a U.S. National Stage Patent Applica
`tion under 35 U.S.C. 371 of PCT International Patent Appli
`cation Ser. No. PCT/US2004/042565 filed on Dec. 22, 2004,
`and entitled SYSTEMAND METHOD FORENFORCING
`A SECURITY POLICY ON MOBILE DEVICES USING
`DYNAMICALLY GENERATED SECURITY PROFILES,
`which application in turn claims priority to U.S. Provisional
`Patent Application Ser. No. 60/531,668, filed on Dec. 23,
`2003 and entitled SYSTEMAND METHOD FOR SECUR
`ING DATA IN MOBILE COMPUTERS.
`
`10
`
`15
`
`TECHNICAL FIELD
`
`The present invention relates in general to the field of data
`security and more particularly to providing data security to
`mobile devices.
`
`BACKGROUND
`
`25
`
`2
`puter Network for Identifying and Synchronizing a Preferred
`Computer with a Portable Computer.” Also, U.S. Pat. Nos.
`6,000,000 and 5,884,323 both describe an “Extendible
`Method and Apparatus for Synchronizing Multiple Files on
`Two Different Computer Systems.” Generally, the synchro
`nization process is activated either by detecting a mobile
`device on a cradle or by the manual press of a button. The
`synchronization process proceeds to synchronize data for
`several different applications that run on the mobile devices
`with data for corresponding application on other computers.
`AS Society continues to adopt handheld devices as a stan
`dard computing platform and applications become more
`powerful with the standardization of wired and wireless com
`puting, security threats to data stored in and access by these
`types of mobile devices have become a serious concern and
`have created a heightened awareness and increased need for
`security. In fact, the U.S. Air Force Research Laboratory
`(AFRL), which develops some of the government's most
`advanced technologies, is crafting a policy to deal with Secu
`rity risks for data stored in mobile devices.
`Various types of security software incorporating different
`data security encryption standards have been used in the past
`for securing network, desktop, laptop, and PDA environ
`ments. On such suit of software is called the Trusted Mobility
`SuiteTM offered by Trust DigitalTM, which is used to set access
`control, encryption, and other parameters and push them to
`such mobile devices as Palm Pilot'TM, Pocket PCTM, Black
`berryTM or SymbianTM OS devices to protect against fraud,
`theft, sabotage, malicious hacking, and other adverse expo
`sure caused by data compromise. Mobile DesktopSecureTM is
`a security and encryption software designed to protect files,
`data, applications, databases, directories, or an entire hard
`drive. It is also used to push security profiles containing
`defined security policies from a server to protect laptops and
`desktops within a network. Generally, Trusted Mobility
`SuiteTM implements security using a graphical user interface
`(GUI) that allows administrators and users to secure all or
`selected applications. In this way, the users and administra
`tors can selectively secure application(s) from unwanted and
`unauthorized access.
`Trusted Mobility SuiteTM manages data security for mobile
`devices at different levels. At a higher server level, Trusted
`Mobility Server'TM deploys, manages, and secures networks
`containing mobile devices using a centralized management
`Solution. A policy-profile editor is used to set security param
`eters for groups of users based on defined security policies. At
`a lower device level, PDASecureTM encrypts the data on the
`mobile device itself and offers security-management for
`those devices through the Trust Mobility Server. Once
`installed on a mobile device, PDASecureTM provides for uni
`versal integration with all available mobile devices on the
`network, without the requirement for moving data into sepa
`rate, secured applications. Also, Trusted Mobility Software
`Development KitTM allows software developers to incorpo
`rate Trust Digitals Mobility Framework, comprising secu
`rity, encryption, and centralized rule-based management
`technologies into their products, for mobile/PDA users.
`Also, U.S. Pat. No. 6,158,010 discloses a system and
`method for maintaining security in a distributed computing
`environment that comprises a policy manager located on a
`server for managing and distributing a security policy, and an
`application guard located on a client for managing access to
`securable components as specified by the security policy. A
`global policy specifies access privileges of the user to secur
`able components. The policy manager may then preferably
`distribute a local client policy based on the global policy to the
`
`Recent advances in hardware and communication tech
`nologies have brought about the proliferation of powerful
`mobile devices ranging from notebook computers to much
`Smaller personal digital assistants (PDAs) that operate over
`wired and wireless networks. The productivity enhancements
`associated with exponential growth of mobile technologies
`have fundamentally changed the security landscape—no
`longer are devices and data landlocked, the free flow and
`distribution of information to any place, at any time, to any
`device, creates a unique set of challenges which will continue
`to evolve. These mobile devices (also known as handheld
`devices) operate on various platforms, such as palm comput
`ing platform, WindowsCE, etc. Other types of mobile devices
`include paging and messaging devices, laptop computers,
`data-capable Smart phones, etc. These devices can provide
`users with network access connectivity, which allows them to
`be quickly notified of changing events, and provide them with
`the resources necessary to respond even when in transit. In
`this way, users can be given the power to access mission
`critical information in quick and reliable manner. For
`example, data generated by client applications running on a
`wide variety of mobile devices may be transported over net
`works having various access protocols and wired and wireless
`links. One such protocol is Transmission Control Protocol/
`Internet Protocol (TCP/IP), which is designed to connect
`computer systems that use different operating systems and
`network technologies. Many popular network applications
`have been built directly on top of TCP over the past decade,
`making TCP/IP ade-facto network access protocol standard.
`Many personal computer users use Personal Information
`Management (PIM) applications such as an address book, a
`daily organizer, and a To-Do list application-on their personal
`computers and mobile devices. The data for these PIMS are
`stored in corresponding databases at the personal computers
`and mobile devices. Often, data in these databases must be
`synchronized in order to maintain data uniformity. The Syn
`chronization of data between devices of this type is known.
`For example, U.S. Pat. No. 6,006,274 describes a “Method
`and Apparatus Using a Pass Through Personal Computer
`Connected to Both a Local Communication Link and a Com
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`