Enforcing trusted application settings for shared code libraries

US 10,127,375 B2
Filed: 03/04/2016
Issued: 11/13/2018
Est. Priority Date: 03/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method of restricting access to a shared library within a computer security system, the method comprising:

storing, by a security database for each of a plurality of trusted applications, a trusted application profile identifying a set of application constraints each associated with an application property that must be satisfied before an application can access a shared library;

detecting, by an administrative server, an attempt from a customer application to access the shared library;

responsive to the attempt, generating, by the administrative server, a profile of the customer application, the customer application profile representative of a set of properties of the customer application, each property of the set of properties represented by the customer application profile corresponding to a constraint identified by a trusted application profile;

retrieving, by the administrative server from the security database, a profile for each trusted application of a set of trusted applications;

comparing the customer application profile to each retrieved trusted application profile by comparing each property of the customer application represented by the customer application profile to the corresponding constraint identified by the retrieved trusted application profile;

responsive to a successful comparison between the customer application profile and at least one trusted application profile, verifying, by the administrative server, that the customer application can access the shared library;

responsive to verifying that the customer application can access the shared library, allowing, by the administrative server, the attempt from the customer application to access the shared library; and

responsive to not verifying that the customer application can access the shared library, denying, by the administrative server, the attempt from the customer application to access the shared library.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to a shared library API is restricted for a customer application by a security system. A profile for each of a plurality of trusted applications is generated and stored in a security database. When a customer application attempts to access the shared library API, the customer application is verified by extracting a customer application profile for the customer application, comparing the customer application profile with each stored trusted application profile, and verifying that the customer application can access the shared library API based on the comparison. Based on the verification, the customer application may be allowed to or access to the shared library API or may be prevented from accessing the shared library API.

16 Citations

View as Search Results

21 Claims

1. A method of restricting access to a shared library within a computer security system, the method comprising:
- storing, by a security database for each of a plurality of trusted applications, a trusted application profile identifying a set of application constraints each associated with an application property that must be satisfied before an application can access a shared library;
  
  detecting, by an administrative server, an attempt from a customer application to access the shared library;
  
  responsive to the attempt, generating, by the administrative server, a profile of the customer application, the customer application profile representative of a set of properties of the customer application, each property of the set of properties represented by the customer application profile corresponding to a constraint identified by a trusted application profile;
  
  retrieving, by the administrative server from the security database, a profile for each trusted application of a set of trusted applications;
  
  comparing the customer application profile to each retrieved trusted application profile by comparing each property of the customer application represented by the customer application profile to the corresponding constraint identified by the retrieved trusted application profile;
  
  responsive to a successful comparison between the customer application profile and at least one trusted application profile, verifying, by the administrative server, that the customer application can access the shared library;
  
  responsive to verifying that the customer application can access the shared library, allowing, by the administrative server, the attempt from the customer application to access the shared library; and
  
  responsive to not verifying that the customer application can access the shared library, denying, by the administrative server, the attempt from the customer application to access the shared library.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein each trusted application profile includes one or more of:
    - a trusted application name, a trusted application user, a trusted application host id, a location of the trusted application within a computer system, an access date and time of the trusted application, and an internet protocol address of a system that executes the trusted application.
  - 3. The method of claim 1, wherein one or more trusted application profiles are received from a system administrator.
  - 4. The method of claim 1, wherein the customer application is verified in response to each application constraint in a trusted application profile being satisfied by the customer application profile.
  - 5. The method of claim 1, wherein an audit record is created for the customer application in response to denying the attempt from the customer application to access the shared library.
  - 6. The method of claim 1, wherein determining an attempt from a customer application to access the shared library comprises intercepting a call to an API of the shared library from a function of the application.
  - 7. The method of claim 1, wherein responsive to verifying that the customer application can access the shared library further comprises storing the customer application profile in the security database as a trusted application profile.

8. An administrative server computer system for restricting access to a shared library, the administrative server comprising a hardware processor and a security database, the hardware processor configured to perform steps comprising:
- storing, in the security database for each of a plurality of trusted applications, a trusted application profile identifying a set of application constraints each associated with an application property that must be satisfied before an application can access a shared library;
  
  detecting an attempt from a customer application to access the shared library;
  
  responsive to the attempt, generating a profile of the customer application, the customer application profile representative of a set of properties of the customer application, each property of the set of properties represented by the customer application profile corresponding to a constraint identified by a trusted application profile;
  
  retrieving a profile for each trusted application of a set of trusted applications;
  
  comparing the customer application profile to each retrieved trusted application profile by comparing each property of the customer application represented by the customer application profile to the corresponding constraint identified by the retrieved trusted application profile;
  
  responsive to a successful comparison between the customer application profile and at least one trusted application profile, verifying that the customer application can access the shared library;
  
  responsive to verifying that the customer application can access the shared library, allowing the attempt from the customer application to access the shared library; and
  
  responsive to not verifying that the customer application can access the shared library, denying the attempt from the customer application to access the shared library.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The administrative server of claim 8, wherein each trusted application profile includes one or more of:
    - a trusted application name, a trusted application user, a trusted application host id, a location of the trusted application within a computer system, an access date and time of the trusted application, and an internet protocol address of a system that executes the trusted application.
  - 10. The administrative server of claim 8, wherein one or more trusted application profiles are received from a system administrator.
  - 11. The administrative server of claim 8, wherein the customer application is verified in response to each application constraint in a trusted application profile being satisfied by the customer application profile.
  - 12. The administrative server of claim 8, wherein an audit record is created for the customer application in response to denying the attempt from the customer application to access the shared library.
  - 13. The administrative server of claim 8, wherein determining an attempt from a customer application to access the shared library comprises intercepting a call to an API of the shared library from a function of the application.
  - 14. The administrative server of claim 8, wherein responsive to verifying that the customer application can access the shared library further comprises storing the customer application profile in the security database as a trusted application profile.

15. A non-transitory computer-readable storage medium storing executable computer instructions for restricting access to a shared library within a computer security system, the instructions configured to, when executed by a hardware processor, perform steps comprising:
- storing, in a security database for each of a plurality of trusted applications, a trusted application profile identifying a set of application constraints each associated with an application property that must be satisfied before an application can access a shared library;
  
  detecting an attempt from a customer application to access the shared library;
  
  responsive to the attempt, generating a profile of the customer application, the customer application profile representative of a set of properties of the customer application, each property of the set of properties represented by the customer application profile corresponding to a constraint identified by a trusted application profile;
  
  retrieving, from the security database, a profile for each trusted application of a set of trusted applications;
  
  comparing the customer application profile to each retrieved trusted application profile by comparing each property of the customer application represented by the customer application profile to the corresponding constraint identified by the retrieved trusted application profile;
  
  responsive to a successful comparison between the customer application profile and at least one trusted application profile, verifying that the customer application can access the shared library;
  
  responsive to verifying that the customer application can access the shared library, allowing the attempt from the customer application to access the shared library; and
  
  responsive to not verifying that the customer application can access the shared library, denying the attempt from the customer application to access the shared library.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-readable storage medium of claim 15, wherein each trusted application profile includes one or more of:
    - a trusted application name, a trusted application user, a trusted application host id, a location of the trusted application within a computer system, an access date and time of the trusted application, and an internet protocol address of a system that executes the trusted application.
  - 17. The computer-readable storage medium of claim 15, wherein one or more trusted application profiles are received from a system administrator.
  - 18. The computer-readable storage medium of claim 15, wherein the customer application is verified in response to each application constraint in a trusted application profile being satisfied by the customer application profile.
  - 19. The computer-readable storage medium of claim 15, wherein an audit record is created for the customer application in response to denying the attempt from the customer application to access the shared library.
  - 20. The computer-readable storage medium of claim 15, wherein determining an attempt from a customer application to access the shared library comprises intercepting a call to an API of the shared library from a function of the application.
  - 21. The computer-readable storage medium of claim 15, wherein responsive to verifying that the customer application can access the shared library further comprises storing the customer application profile in the security database as a trusted application profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Rozenberg, Yigal, Burlin, Pierre, Boberg, Jan
Primary Examiner(s)
Dinh, Minh
Assistant Examiner(s)
Gao, Shu C

Application Number

US15/061,837
Publication Number

US 20160259934A1
Time in Patent Office

984 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/102   Entity profiles

Enforcing trusted application settings for shared code libraries

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing trusted application settings for shared code libraries

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links