Systems and methods for dynamically validating remote requests within enterprise networks

US 10,200,369 B1
Filed: 02/16/2016
Issued: 02/05/2019
Est. Priority Date: 02/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for dynamically validating a remote request within an enterprise network including a target system, a remote system, and a server, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving, by the target system and from the remote system, the remote request for access to a portion of the target system, the target system and the remote system being host systems that perform direct Peer-to-Peer (P2P) communications with one another within the enterprise network;

performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;

querying, by the target system, an enterprise security system included in the server to authorize the remote request from the remote system;

receiving, by the target system and from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, the notification based at least in part on contextual information about the remote request, the remote system sending the contextual information to the server, and the remote system sending, by way of P2P communications, the remote request to the target system at approximately the same time; and

determining, by the target system, whether to grant the remote request from the remote system based at least in part on the notification received from the enterprise security system; and

based on the notification indicating that the remote system is trustworthy, allowing, by the target system, the remote system access to the portion of the target system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.

72 Citations

View as Search Results

20 Claims

1. A computer-implemented method for dynamically validating a remote request within an enterprise network including a target system, a remote system, and a server, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving, by the target system and from the remote system, the remote request for access to a portion of the target system, the target system and the remote system being host systems that perform direct Peer-to-Peer (P2P) communications with one another within the enterprise network;
  
  performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying, by the target system, an enterprise security system included in the server to authorize the remote request from the remote system;
  
  receiving, by the target system and from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, the notification based at least in part on contextual information about the remote request, the remote system sending the contextual information to the server, and the remote system sending, by way of P2P communications, the remote request to the target system at approximately the same time; and
  
  determining, by the target system, whether to grant the remote request from the remote system based at least in part on the notification received from the enterprise security system; and
  
  based on the notification indicating that the remote system is trustworthy, allowing, by the target system, the remote system access to the portion of the target system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the contextual information identifies:
    - an action requested by the remote system in connection with the remote request; and
      
      supplemental data related to the action requested by the remote system in connection with the remote request.
  - 3. The method of claim 1, wherein querying the enterprise security system to authorize the remote request comprises providing, by the target system and to the enterprise security system, identification information that identifies the remote system.
  - 4. The method of claim 3, wherein the identification information includes an Internet Protocol (IP) address of the remote system.
  - 5. The method of claim 1, wherein the remote request comprises at least one of:
    - a request to launch a process on the target system;
      
      a request to access data stored on the target system;
      
      a request to write data to the target system;
      
      a request to transfer an executable to the target system;
      
      ora request to transfer data from the target system to an additional device outside the enterprise network.
  - 6. The method of claim 1, wherein the notification comprises at least one of:
    - an instruction on whether the target system is to grant the remote request from the remote system;
      
      information indicating whether the remote system is trustworthy to access the portion of the target system;
      
      orinformation with which the target system is able to determine whether the remote system is trustworthy to access the portion of the target system.
  - 7. The method of claim 1, wherein:
    - the enterprise security system is included in a remote security server;
      
      querying the enterprise security system to authorize the remote request from the remote system comprises querying, by the target system, the remote security server such that, in response to the query, the remote security server;
      
      obtains, from the remote system, contextual information about the remote request from the remote system; and
      
      determines whether the target system is to trust the remote system with respect to the remote request based at least in part on the contextual information; and
      
      receiving, by the target system and from the enterprise security system in response to the query, the notification indicating whether the remote system is trustworthy to access the portion of the target system comprises receiving the notification from the remote security server.
  - 8. The method of claim 1, wherein:
    - a portion of the enterprise security system is running on the target system;
      
      querying, by the target system, the enterprise security system to authorize the remote request from the remote system further comprises querying the portion of the enterprise security system running on the target system such that, in response to the query, the portion of the enterprise security system running on the target system obtains, from the remote system by way of P2P communications, the contextual information; and
      
      receiving the notification indicating whether the remote system is trustworthy to access the portion of the target system further comprises receiving the notification from the portion of the enterprise security system running on the target system.
  - 9. The method of claim 1, further comprising:
    - based on the notification indicating that the remote system is not trustworthy, not allowing, by the target system, the remote system to access the portion of the target system.

10. A system for dynamically validating remote requests within enterprise networks, the system comprising:
- a request module, stored in memory, that receives, on a target system within an enterprise network, a remote request to access a portion of the target system from a remote system included in the enterprise network, the target system and the remote system being host systems that perform direct Peer-to-Peer (P2P) communications with one another within the enterprise network;
  
  a validation module, stored in memory, that performs a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying an enterprise security system included in a server included in the enterprise network to authorize the remote request from the remote system; and
  
  receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, the notification based at least in part on contextual information about the remote request, the remote system sending the contextual information to the server and the remote system sending, by way of P2P communications, the remote request to the target system at approximately the same time;
  
  a security module, stored in memory, that;
  
  determines whether to grant the remote request from the remote system based at least in part on the notification received from the enterprise security system as part of the validation operation; and
  
  based on the notification indicating that the remote system is trustworthy, allows the remote system access to the portion of the target system; and
  
  at least one physical processor that executes the request module, the validation module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the contextual information identifies:
    - an action requested by the remote system in connection with the remote request; and
      
      supplemental data related to the action requested by the remote system in connection with the remote request.
  - 12. The system of claim 10, wherein the validation module queries the enterprise security system to authorize the remote request by providing the enterprise security system with identification information that identifies the remote system.
  - 13. The system of claim 12, wherein the identification information includes an Internet Protocol (IP) address of the remote system.
  - 14. The system of claim 10, wherein the remote request comprises at least one of:
    - a request to launch a process on the target system;
      
      a request to access data stored on the target system;
      
      a request to write data to the target system;
      
      a request to transfer an executable to the target system;
      
      ora request to transfer data from the target system to an additional device outside the enterprise network.
  - 15. The system of claim 10, wherein the notification comprises at least one of:
    - an instruction on whether the target system is to grant the remote request from the remote system;
      
      information indicating whether the remote system is trustworthy to access the portion of the target system;
      
      orinformation with which the target system is able to determine whether the remote system is trustworthy to access the portion of the target system.
  - 16. The system of claim 10, wherein:
    - the enterprise security system is included in a remote security server; and
      
      the validation module;
      
      queries, at the target system, the remote security server such that, in response to the query, the remote security server;
      
      obtains, from the remote system, the contextual information about the remote request from the remote system;
      
      determines whether the target system is to trust the remote system with respect to the remote request based at least in part on the contextual information; and
      
      receives the notification indicating whether the remote system is trustworthy to access the portion of the target system comprises receiving the notification from the remote security server.
  - 17. The system of claim 10, wherein the security module, based on the notification indicating that the remote system is not trustworthy, does not allow the remote system to access the portion of the target system.

18. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive, by a target system and from a remote system, a request for access to a portion of the target system, the target system and the remote system being host systems that perform direct Peer-to-Peer (P2P) communications with one another within an enterprise network;
  
  perform a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying, by the target system, an enterprise security system included in a server to authorize the remote request from the remote system; and
  
  receiving, by the target system and from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, the notification based at least in part on contextual information about the remote request, the remote system sending the contextual information to the server, and the remote system sending, by way of P2P communications, the remote request to the target system at approximately the same time; and
  
  determining, by the target system, whether to grant the remote request from the remote system based at least in part on the notification received from the enterprise security system; and
  
  based on the notification indicating that the remote system is trustworthy, allow, by the target system, the remote system access to the portion of the target system.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the remote request comprises at least one of:
    - a request to launch a process on the target system;
      
      a request to access data stored on the target system;
      
      a request to write data to the target system;
      
      a request to transfer an executable to the target system;
      
      ora request to transfer data from the target system to an additional device outside the enterprise network.
  - 20. The non-transitory computer-readable medium of claim 18, wherein the notification comprises at least one of:
    - an instruction on whether the target system is to grant the remote request from the remote system;
      
      information indicating whether the remote system is trustworthy to access the portion of the target system;
      
      orinformation with which the target system is able to determine whether the remote system is trustworthy to access the portion of the target system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Roundy, Kevin Alejandro, Gates, Christopher, Viljoen, Petrus Johannes
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Gundry, Stephen T

Application Number

US15/044,708
Time in Patent Office

1,085 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/10   for controlling access to d...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/52   specially adapted for the l...

Systems and methods for dynamically validating remote requests within enterprise networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for dynamically validating remote requests within enterprise networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others