Systems and methods for implementing computer security
First Claim
1. A computing device, comprising:
- one or more processing units;
memory; and
a first security control module, wherein the first security control module is stored in the memory and executed by the one or more of the processing units to monitor integrity of files and directories, the first security control module including instructions for;
obtaining an Application Programming Interface (API) key;
transmitting to a remote security server the API key;
receiving from the remote security server a first cryptographic key uniquely associated with the first security control module responsive to the transmitting of the API key;
transmitting to the remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to a first operating system running on the computing device and applies to one or more applications running in the first operating system;
obtaining from the remote security server a plurality of commands to be executed according to the security policy assigned to the first security control module, wherein the plurality of commands to be executed are received through encrypted communication between the first security control module and the remote security server using the first cryptographic key, and wherein the plurality of commands to be executed includes a specification of a first set of files and directories that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one of the one or more applications running in the first operating system;
periodically collecting metadata for the first set of files and directories and computing a content signature for each file in the first set; and
using the first cryptographic key to securely transmit the collected metadata and computed content signatures to the remote security server for evaluation of integrity against baseline data for the first set of files and directories, wherein the baseline data is stored at the remote security server.
4 Assignments
0 Petitions
Accused Products
Abstract
A security server transmits a specification of a first set of files and directories to a computing device for monitoring according to a security policy. Each of the files or directories in the first set is associated with the operating system of the computing device or associated with an application running on the computing device. The server securely receiving data collected at the remote computing device, which includes metadata for the files and directories and content signatures computed for each file. The server compares the received metadata and content signatures for each file or directory against corresponding baseline metadata and baseline content signatures. The baseline metadata and baseline content signatures are stored at the security server. When there is a mismatch between the received metadata and corresponding baseline metadata or a mismatch between a received content signature and a corresponding baseline content signature, the server performs a remedial action.
-
Citations
34 Claims
-
1. A computing device, comprising:
-
one or more processing units; memory; and a first security control module, wherein the first security control module is stored in the memory and executed by the one or more of the processing units to monitor integrity of files and directories, the first security control module including instructions for; obtaining an Application Programming Interface (API) key; transmitting to a remote security server the API key; receiving from the remote security server a first cryptographic key uniquely associated with the first security control module responsive to the transmitting of the API key; transmitting to the remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to a first operating system running on the computing device and applies to one or more applications running in the first operating system; obtaining from the remote security server a plurality of commands to be executed according to the security policy assigned to the first security control module, wherein the plurality of commands to be executed are received through encrypted communication between the first security control module and the remote security server using the first cryptographic key, and wherein the plurality of commands to be executed includes a specification of a first set of files and directories that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one of the one or more applications running in the first operating system; periodically collecting metadata for the first set of files and directories and computing a content signature for each file in the first set; and using the first cryptographic key to securely transmit the collected metadata and computed content signatures to the remote security server for evaluation of integrity against baseline data for the first set of files and directories, wherein the baseline data is stored at the remote security server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 32, 33, 34)
-
-
18. A security server, comprising:
-
one or more processing units; memory; a token generation module, wherein the token generation module is stored in the memory and executed by the one or more processing units, the token generation module including instructions for; receiving a request from a security control module running within a first operating system on a remote computing device distinct from the security server, wherein the request includes an Application Programming Interface (API) key and a policy identifier that identifies a security policy; in accordance with a determination that the API key is valid, generating a unique agent identity token, which includes a cryptographic key; and transmitting the agent identity token to the security control module responsive to the receiving and the generating; and an integrity validation module, wherein the integrity validation module is stored in the memory and executed by the one or more of the processing units, the integrity validation module including instructions for; transmitting to the security control module a specification of a first set of files and directories at the remote computing device that are being monitored according to the security policy, wherein each of the files or directories in the first set is associated with the first operating system or associated with one or more applications running in the first operating system; securely receiving from the security control module data collected at the remote computing device, wherein the received data includes metadata for the first set of files and directories and content signatures computed for each file in the first set; comparing the received metadata and content signatures for each file or directory in the first set against corresponding baseline metadata and baseline content signatures for the first set of files and directories, wherein the baseline metadata and baseline content signatures are stored at the security server; and when there is a mismatch between the received metadata and corresponding baseline metadata or a mismatch between a received content signature and a corresponding baseline content signature, performing a remedial action, and wherein the security control module initiates all communication with the security server and the security server cannot initiate communication with the security control module. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
Specification