Universal security agent

US 10,503,545 B2
Filed: 04/12/2017
Issued: 12/10/2019
Est. Priority Date: 04/12/2017
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

loading, by a base agent of a universal security agent deployed on a computing endpoint, a security agent plugin module into a memory associated with the computing endpoint;

registering, by the base agent, a plugin task of the security agent plugin module;

scheduling, by the base agent, the plugin task of the security agent plugin module based on one of a policy associated with the security agent plugin module and system access information associated with the security agent plugin module;

executing, by the base agent, the plugin task based on the scheduling;

controlling, by the base agent, a request for system access generated during the execution of the plugin task based on an inspection of the policy associated with the security agent plugin module; and

monitoring and logging, by the base agent, system access information associated with the security agent plugin module, the system access information comprising data associated with the request for system access,wherein controlling the request for system access comprises;

receiving, by the base agent, the request for system access, the request for system access comprising identifying information associated with the security agent plugin module;

based on the identifying information, determining, by the base agent, that the security agent plugin module is associated with the request for system access;

retrieving, by the base agent, the policy associated with the security agent plugin module from a plugin policy database of the memory of the computing endpoint;

determining, by the base agent, that the policy allows the request for system access by the security agent plugin module; and

interacting, by the base agent, with system resources of the computing endpoint based on an allowed system access request by the security agent plugin module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A universal security agent deployed on a computing endpoint includes one or both of a base agent and a security agent plugin module. The base agent loads the security agent plugin module and, in response, receives plugin tasks from the security agent plugin module for registration. The base agent schedules the received plugin tasks based on a policy and/or a system access information associated with the security agent plugin module. Further, the base agent executes the plugin tasks based on the scheduling. The base agent controls system access requests generated during the execution of the plugin tasks based on the policy associated with the security agent plugin module. Additionally, the base agent monitors and logs system access information associated with the security agent plugin module.

31 Citations

20 Claims

1. A method comprising:
- loading, by a base agent of a universal security agent deployed on a computing endpoint, a security agent plugin module into a memory associated with the computing endpoint;
  
  registering, by the base agent, a plugin task of the security agent plugin module;
  
  scheduling, by the base agent, the plugin task of the security agent plugin module based on one of a policy associated with the security agent plugin module and system access information associated with the security agent plugin module;
  
  executing, by the base agent, the plugin task based on the scheduling;
  
  controlling, by the base agent, a request for system access generated during the execution of the plugin task based on an inspection of the policy associated with the security agent plugin module; and
  
  monitoring and logging, by the base agent, system access information associated with the security agent plugin module, the system access information comprising data associated with the request for system access,wherein controlling the request for system access comprises;
  
  receiving, by the base agent, the request for system access, the request for system access comprising identifying information associated with the security agent plugin module;
  
  based on the identifying information, determining, by the base agent, that the security agent plugin module is associated with the request for system access;
  
  retrieving, by the base agent, the policy associated with the security agent plugin module from a plugin policy database of the memory of the computing endpoint;
  
  determining, by the base agent, that the policy allows the request for system access by the security agent plugin module; and
  
  interacting, by the base agent, with system resources of the computing endpoint based on an allowed system access request by the security agent plugin module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein loading the security agent plugin module comprises:
    - registering the base agent with a universal security agent controller that is communicably coupled to the universal security agent over a communication network;
      
      transmitting, by the base agent, a current list of configured security agent plugin modules to the universal security agent controller, the current list of configured security agent plugin modules comprising the security agent plugin module;
      
      downloading, by the base agent, plugin package files associated with the security agent plugin module that are received from a repository associated with the universal security agent controller in response to transmitting the current list of configured security agent plugin modules; and
      
      loading, by the base agent, the plugin package files associated with the security agent plugin module to the memory associated with the computing endpoint.
  - 3. The method of claim 2:
    - wherein the plugin package files of the security agent plugin module comprise a plugin policy file that defines the policy associated with the security agent plugin module, a plugin object file, and a signed digital certificate of the plugin package files; and
      
      wherein loading the plugin package files comprises;
      
      validating, by the base agent, an authenticity of the plugin package files associated with the security agent plugin module prior to loading the plugin package files;
      
      loading, by the base agent, the plugin object file into the memory associated with the computing endpoint; and
      
      loading, by the base agent, the plugin policy file into a plugin policy database of the memory.
  - 4. The method of claim 3, wherein validating comprises:
    - generating, by the base agent, a hash of the plugin package files associated with the security agent plugin module; and
      
      determining, by the base agent, that the hash of the plugin package files matches the signed digital certificate of the plugin package files.
  - 5. The method of claim 1, wherein registering the plugin task comprises:
    - receiving, by the base agent, a registration request comprising the plugin task of the security agent plugin module after an initialization of the security agent plugin module that is loaded; and
      
      validating, by the base agent, that the plugin task is compliant with the policy associated with the security agent plugin module.
  - 6. The method of claim 1, wherein the scheduling of the plugin task of the security agent plugin module is controlled to avoid contention of the security agent plugin module with another security agent plugin module for simultaneous access of system resources of the computing endpoint.
  - 7. The method of claim 1, further comprising:
    - receiving, by the base agent, one of data and an error code in response to the allowed system access request; and
      
      transmitting, by the base agent, one of the data and the error code to the security agent plugin module associated with the allowed system access request.
  - 8. The method of claim 1, further comprising:
    - transmitting, by the base agent, an error code to the security agent plugin module when the policy associated with the security agent plugin module does not allow the request for system access.
  - 9. The method of claim 1, further comprising:
    - multiplexing and encrypting, by the base agent, communication data from the security agent plugin module and another security agent plugin module deployed on the computing endpoint to generate multiplexed and encrypted communication data; and
      
      transmitting, by the base agent, the multiplexed and encrypted communication data from the security agent plugin module and the another security agent plugin module to a proxy gateway as a single communication session over a common communication channel.
  - 10. The method of claim 1, further comprising transmitting, by the base agent, communication data from the security agent plugin module to a controller associated with the security agent plugin module based on the policy associated with the security agent plugin module, the controller being located remotely from the computing endpoint.

11. A non-transitory tangible computer-readable medium comprising a plurality of instructions, which, when executed by a base agent deployed in a computing endpoint, cause the base agent to perform operations comprising:
- receiving a plugin task of a security agent plugin module deployed on the computing endpoint;
  
  scheduling the plugin task of the security agent plugin module based on one of a policy associated with the security agent plugin module and system access information associated with the security agent plugin module;
  
  executing the plugin task based on the scheduling;
  
  controlling a request for system access generated during the executing of the plugin task based on an inspection of the policy associated with the security agent plugin module;
  
  monitoring and logging system access information associated with the security agent plugin module, the system access information comprising data associated with the request for system access;
  
  multiplexing and encrypting communication data from the security agent plugin module and another security agent plugin module deployed on the computing endpoint to generate multiplexed and encrypted communication data; and
  
  transmitting the multiplexed and encrypted communication data from the security agent plugin module and the another security agent plugin module to a proxy gateway as a single communication session over a common communication channel,wherein controlling the request for system access comprises;
  
  receiving, by the base agent, the request for system access, the request for system access comprising identifying information associated with the security agent plugin module;
  
  based on the identifying information, determining, by the base agent, that the security agent plugin module is associated with the request for system access;
  
  retrieving, by the base agent, the policy associated with the security agent plugin module from a plugin policy database of the memory of the computing endpoint;
  
  determining, by the base agent, that the policy allows the request for system access by the security agent plugin module; and
  
  interacting, by the base agent, with system resources of the computing endpoint based on an allowed system access request by the security agent plugin module.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory tangible computer readable medium of claim 11, wherein receiving the plugin task comprises:
    - receiving a registration request comprising the plugin task of the security agent plugin module after an initialization of the security agent plugin module; and
      
      validating that the plugin task is compliant with the policy associated with the security agent plugin module.
  - 13. The non-transitory tangible computer readable medium of claim 11, wherein the scheduling of the plugin task of the security agent plugin module is controlled to avoid contention of the security agent plugin module with another security agent plugin module for simultaneous access of system resources of the computing endpoint.
  - 14. The non-transitory tangible computer readable medium of claim 11, further comprising instructions to perform operations comprising:
    - receiving one of data and an error code in response to the allowed system access request; and
      
      transmitting one of the data and the error code to the security agent plugin module associated with the allowed system access request.
  - 15. The non-transitory tangible computer readable medium of claim 11, further comprising instructions to perform operations comprising:
    - transmitting an error code to the security agent plugin module when the policy associated with the security agent plugin module does not allow the request for system access.

16. A method comprising:
- loading, by a base agent of a universal security agent deployed on a computing endpoint, a security agent plugin module into a memory associated with the computing endpoint;
  
  registering, by the base agent, a plugin task of the security agent plugin module;
  
  scheduling, by the base agent, the plugin task of the security agent plugin module based on one of a policy associated with the security agent plugin module and system access information associated with the security agent plugin module;
  
  executing, by the base agent, the plugin task based on the scheduling;
  
  controlling, by the base agent, a request for system access generated during the execution of the plugin task based on an inspection of the policy associated with the security agent plugin module; and
  
  monitoring and logging, by the base agent, system access information associated with the security agent plugin module, the system access information comprising data associated with the request for system access,wherein loading the security agent plugin module comprises;
  
  registering the base agent with a universal security agent controller that is communicably coupled to the universal security agent over a communication network;
  
  transmitting, by the base agent, a current list of configured security agent plugin modules to the universal security agent controller, the current list of configured security agent plugin modules comprising the security agent plugin module;
  
  downloading, by the base agent, plugin package files associated with the security agent plugin module that are received from a repository associated with the universal security agent controller in response to transmitting the current list of configured security agent plugin modules; and
  
  loading, by the base agent, the plugin package files associated with the security agent plugin module to the memory associated with the computing endpoint.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16:
    - wherein the plugin package files of the security agent plugin module comprise a plugin policy file that defines the policy associated with the security agent plugin module, a plugin object file, and a signed digital certificate of the plugin package files; and
      
      wherein loading the plugin package files comprises;
      
      validating, by the base agent, an authenticity of the plugin package files associated with the security agent plugin module prior to loading the plugin package files;
      
      loading, by the base agent, the plugin object file into the memory associated with the computing endpoint; and
      
      loading, by the base agent, the plugin policy file into a plugin policy database of the memory.
  - 18. The method of claim 17, wherein validating comprises:
    - generating, by the base agent, a hash of the plugin package files associated with the security agent plugin module; and
      
      determining, by the base agent, that the hash of the plugin package files matches the signed digital certificate of the plugin package files.
  - 19. The method of claim 16, wherein registering the plugin task comprises:
    - receiving, by the base agent, a registration request comprising the plugin task of the security agent plugin module after an initialization of the security agent plugin module that is loaded; and
      
      validating, by the base agent, that the plugin task is compliant with the policy associated with the security agent plugin module.
  - 20. The method of claim 16, wherein the scheduling of the plugin task of the security agent plugin module is controlled to avoid contention of the security agent plugin module with another security agent plugin module for simultaneous access of system resources of the computing endpoint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Hope, Edward, Solero, Daniel, Moran, Christopher, Meyer, Frederick Henry
Primary Examiner(s)
Potratz, Daniel B

Application Number

US15/486,118
Publication Number

US 20180302409A1
Time in Patent Office

972 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/62   Protecting access to data v...

G06F 21/6281   at program execution time, ...

G06F 9/4881   Scheduling strategies for d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Universal security agent

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Universal security agent

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links