Policy-based compliance management and remediation of devices in an enterprise system

US 10,075,429 B2
Filed: 08/23/2017
Issued: 09/11/2018
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assessing, by a second computer system, based on the compliance policy, a level of non-compliance of the device;

establishing, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;

responsive to a request from the device for a computing resource at the first computer system, providing access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and

instructing the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

126 Citations

20 Claims

1. A method comprising:
- based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assessing, by a second computer system, based on the compliance policy, a level of non-compliance of the device;
  
  establishing, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
  
  responsive to a request from the device for a computing resource at the first computer system, providing access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and
  
  instructing the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the compliance policy indicates the action to remedy the non-compliance and indicates a time period for performing the action.
  - 3. The method of claim 1, further comprising:
    - determining, based on use of the device with the first computer system satisfying a condition in the compliance policy, the non-compliance with the compliance policy for using the device with the first computer system.
  - 4. The method of claim 3, further comprising:
    - determining one or more attributes of the device and a geolocation of the device, wherein the condition is further based on an attribute of the device and one or more geolocations; and
      
      determining that the condition is satisfied based on the one or more attributes of the device matching the attribute of the device and based on the geolocation of the device matching the one or more geolocations.
  - 5. The method of claim 3, wherein the condition in the compliance policy is based on a role of a user that uses the device with the first computer system.
  - 6. The method of claim 1, further comprising:
    - identifying the compliance policy for using the device with the first computer system, wherein the device is registered to access the first computer system.
  - 7. The method of claim 1, wherein providing access to the computing resource includes inhibiting access to the computing resource based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired compliance and based on determining that the time period for remediation of the non-compliance has expired.
  - 8. The method of claim 1, wherein the non-compliance of the device includes modifying a configuration of the device or an unauthorized application on the device.
  - 9. The method of claim 1, wherein the compliance policy indicates one or more roles for the non-compliance, and wherein the non-compliance includes operating the device in a manner defined by a compliance rule for the non-compliance.
  - 10. The method of claim 1, wherein the compliance policy indicates a plurality of levels of non-compliance, wherein each of the plurality of levels of non-compliance are defined by one of a plurality of conditions, and wherein the level of non-compliance is one of the plurality of levels of non-compliance.
  - 11. The method of claim 10, wherein one or more of the plurality of levels of non-compliance are defined based on one or more roles.
  - 12. The method of claim 1, wherein the action to remedy the non-compliance is one of:
    - denying access to use of the device, modifying memory accessible to the device, or configuring an application configured to communicate with the second computer system.

13. A system comprising:
- one or more processors; and
  
  a memory accessible to the one or more processors, wherein the memory stores instructions that, when executed by the one or more processors, cause the one or more processors to;
  
  based on determining a non-compliance with a compliance policy for using a device with a computer system of an organization, assess, based on the compliance policy, a level of non-compliance of the device;
  
  establish, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
  
  responsive to a request from the device for a computing resource at the computer system, provide access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and
  
  instruct the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the instructions that, when executed by the one or more processors, further cause the one or more processors to:
    - determine one or more attributes of the device and a geolocation of the device, wherein the compliance policy indicates a condition for determining the non-compliance, and wherein the condition is based on an attribute of the device and one or more geolocations;
      
      determine that the condition is satisfied based on the one or more attributes of the device matching the attribute of the device and based on the geolocation of the device matching the one or more geolocations; and
      
      determine, based on use of the device with the computer system satisfying a condition in the compliance policy, the non-compliance with the compliance policy for using the device with the computer system.
  - 15. The system of claim 14, wherein the condition in the compliance policy is further based on a role of a user that uses the device with the computer system.
  - 16. The system of claim 13, wherein the compliance policy indicates a plurality of levels of non-compliance, wherein each of the plurality of levels of non-compliance are defined by one of a plurality of conditions, wherein the level of non-compliance is one of the plurality of levels of non-compliance, and wherein one or more of the plurality of levels of non-compliance are defined based on one or more roles.

17. A non-transitory computer-readable storage media storing one or more instructions that are executable by one or more processors to:
- based on determining a non-compliance with a compliance policy for using a device with a first computer system of an organization, assess, by a second computer system, based on the compliance policy, a level of non-compliance of the device;
  
  establish, by the second computer system, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
  
  responsive to a request from the device for a computing resource at the first computer system, provide access to the computing resource based on the level of non-compliance, wherein the access to the computing resource is inhibited based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired; and
  
  instruct the device to perform an action to remedy the non-compliance upon expiration of the time period for remediation of the non-compliance.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable storage media of claim 17, wherein the one or more instructions are further executable by one or more processors to:
    - determine one or more attributes of the device and a geolocation of the device, wherein the compliance policy indicates a condition for determining the non-compliance, and wherein the condition is based on an attribute of the device and one or more geolocations;
      
      determine that the condition is satisfied based on the one or more attributes of the device matching the attribute of the device and based on the geolocation of the device matching the one or more geolocations; and
      
      determine, based on use of the device with the first computer system satisfying a condition in the compliance policy, the non-compliance with the compliance policy for using the device with the first computer system.
  - 19. The non-transitory computer-readable storage media of claim 17, wherein providing access to the computing resource includes inhibiting access to the computing resource based on the level of non-compliance and based on determining that the time period for the remediation of the non-compliance has expired compliance and based on determining that the time period for remediation of the non-compliance has expired.
  - 20. The non-transitory computer-readable storage media of claim 17, wherein the compliance policy indicates one or more roles for the non-compliance, and wherein the non-compliance includes operating the device in a manner defined by a compliance rule for the non-compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Jayanti Venkata, Bhagavati Kumar, Maheshwari, Harsh, Mohamad Abdul, Mohamad Raja Gani, Kandasamy, Parthipan
Primary Examiner(s)
To, Baotran N

Application Number

US15/684,142
Publication Number

US 20170374061A1
Time in Patent Office

384 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 8/71   Version control security ar...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 41/082   the condition being updates...

H04L 41/0895   Configuration of virtualise...

H04L 41/20   Network management software...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 41/5096   wherein the managed service...

H04L 47/125   by balancing the load, e.g....

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/20 : for managing network securi...

H04L 63/205 : involving negotiation or de...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/12 : specially adapted for propr...

H04L 67/306 : User profiles

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

H04L 9/3268 : using certificate validatio...

H04W 12/06 : Authentication

H04W 12/33 : using wearable devices, e.g...

H04W 16/06 : Hybrid resource partitionin...

H04W 4/08 : User group management

H04W 4/50 : Service provisioning or rec...

H04W 4/60 : Subscription-based services...

H04W 4/70 : Services for machine-to-mac...

View All

Policy-based compliance management and remediation of devices in an enterprise system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

126 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-based compliance management and remediation of devices in an enterprise system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links