End point reputation credential for controlling network access

US 10,536,448 B2
Filed: 06/24/2015
Issued: 01/14/2020
Est. Priority Date: 06/24/2015
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a resource, the method comprising:

monitoring, by one or more hardware processors, a first set of usage of an endpoint computing device within a network, wherein the first set of usage includes usage data received and sent by the endpoint computing device;

calculating, by one or more hardware processors, an endpoint computing device reputation for the endpoint computing device based on the monitored first set of usage of the endpoint computing device;

associating, by one or more hardware processors, the endpoint computing device reputation with the endpoint computing device;

receiving, by one or more hardware processors, a request from the endpoint computing device to access a resource within the network, wherein the resource is at least one of a database, an email program, and a server; and

determining, by one or more hardware processors, whether the endpoint computing device shall be granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the endpoint computing device reputation;

monitoring, by one or more hardware processors, a second set of usage of the endpoint computing device;

determining, by one or more hardware processors, that the second set of usage of the endpoint computing device affects the endpoint computing device reputation;

adjusting;

by one or more hardware processors, the endpoint computing device reputation based on the second set of usage of the endpoint computing device; and

determining, by one or more hardware processors, whether the endpoint computing device is granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the adjusted endpoint computing device reputation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an approach for controlling access to a resource a processor monitors a first set of traffic of a computing device. A processor calculates reputation based on the first set of traffic of the computing device. A processor associates the reputation with the computing device. A processor receives a request to access a resource from the computing device. A processor determines whether the computing device shall be granted access to the resource based on the reputation.

12 Citations

16 Claims

1. A method for controlling access to a resource, the method comprising:
- monitoring, by one or more hardware processors, a first set of usage of an endpoint computing device within a network, wherein the first set of usage includes usage data received and sent by the endpoint computing device;
  
  calculating, by one or more hardware processors, an endpoint computing device reputation for the endpoint computing device based on the monitored first set of usage of the endpoint computing device;
  
  associating, by one or more hardware processors, the endpoint computing device reputation with the endpoint computing device;
  
  receiving, by one or more hardware processors, a request from the endpoint computing device to access a resource within the network, wherein the resource is at least one of a database, an email program, and a server; and
  
  determining, by one or more hardware processors, whether the endpoint computing device shall be granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the endpoint computing device reputation;
  
  monitoring, by one or more hardware processors, a second set of usage of the endpoint computing device;
  
  determining, by one or more hardware processors, that the second set of usage of the endpoint computing device affects the endpoint computing device reputation;
  
  adjusting;
  
  by one or more hardware processors, the endpoint computing device reputation based on the second set of usage of the endpoint computing device; and
  
  determining, by one or more hardware processors, whether the endpoint computing device is granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the adjusted endpoint computing device reputation.
- View Dependent Claims (2, 3, 4, 5, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - responsive to determining that the endpoint computing device shall be granted access to the resource, granting, by one or more hardware processors, the endpoint computing device access to the resource.
  - 3. The method of claim 1, further comprising:
    - responsive to determining that the endpoint computing device shall not be granted access to the resource, denying, by one or more hardware processors, the endpoint computing device access to the resource.
  - 4. The method of claim 3, further comprising:
    - receiving, by one or more hardware processors, a command to override the access denial; and
      
      granting, by one or more hardware processors, the endpoint computing device access to the resource.
  - 5. The method of claim 3, further comprising:
    - generating, by one or more hardware processors, an alert indicating that the endpoint computing device has been denied access to the resource.
  - 14. The method of claim 1, wherein usage data comprises a website visited, an application used, a server accessed, a database accessed, and an additional computing device communicated with.
  - 15. The method of claim 1, wherein the second set of usage of the endpoint computing device comprises positive usage, wherein positive usage comprises visiting an approved webpage and accessing an approved database.
  - 16. The method of claim 1, wherein the second set of usage of the endpoint computing device comprises negative usage, wherein negative usage comprises visiting a restricted webpage and using a restricted application, wherein the restricted webpage includes a predetermined trigger word selected from the group consisting of sexually explicit words, profanities, words related to job hunting, words associated with stereotypes, and words related to competitors.

6. A computer program product for controlling access to a resource, the computer program product comprising:
- one or more computer readable storage devices and program instructions stored on the one or more computer readable storage devices, the program instructions comprising;
  
  program instructions to monitor a first set of usage of an endpoint computing device within a network, wherein the first set of usage includes usage data received and sent by the endpoint computing device;
  
  program instructions to calculate an endpoint computing device reputation for the endpoint computing device based on the monitored first set of usage of the endpoint computing device;
  
  program instructions to associate the endpoint computing device reputation with the endpoint computing device;
  
  program instructions to receive a request from the endpoint computing device to access a resource within the network, wherein the resource is at least one of a database, an email program, and a server;
  
  program instructions to determine whether the endpoint computing device shall be granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the endpoint computing device reputation;
  
  program instructions to monitor a second set of usage of the endpoint computing device within the network;
  
  program instructions to determine that the second set of usage of the endpoint computing device affects the endpoint computing device reputation;
  
  program instructions to adjust the endpoint computing device reputation based on the second set of usage of the endpoint computing device; and
  
  program instructions to determine whether the endpoint computing device is granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the adjusted endpoint computing device reputation.
- View Dependent Claims (7, 8, 9)
- - 7. The computer program product of claim 6, further comprising:
    - program instructions, stored on the one or more computer readable storage devices, to responsive to the program instructions to determine that the endpoint computing device shall be granted access to the resource, grant the endpoint computing device access to the resource.
  - 8. The computer program product of claim 6, further comprising:
    - program instructions, stored on the one or more computer readable storage devices, to responsive to the program instructions to determine that the endpoint computing device shall not be granted access to the resource, deny the endpoint computing device access to the resource.
  - 9. The computer program product of claim 8, further comprising:
    - program instructions, stored on the one or more computer readable storage devices, to receive a command to override the access denial; and
      
      program instructions, stored on the one or more computer readable storage devices, to grant the endpoint computing device access to the resource.

10. A computer system for controlling access to a resource, the computer program product comprising:
- one or more computer hardware processors, one or more computer readable storage devices, and program instructions stored on the one or more computer readable storage devices for execution by at least one of the one or more hardware processors, the program instructions comprising;
  
  program instructions to monitor a first set of usage of an endpoint computing device within a network, wherein the first set of usage includes usage data received and sent by the endpoint computing device;
  
  program instructions to calculate an endpoint computing device reputation for the endpoint computing device based on the monitored first set of usage of the endpoint computing device;
  
  program instructions to associate the endpoint computing device reputation with the endpoint computing device;
  
  program instructions to receive a request from the endpoint computing device to access a resource within the network, wherein the resource is at least one of a database, an email program, and a server; and
  
  program instructions to determine whether the endpoint computing device shall be granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the endpoint computing device reputation;
  
  program instructions to monitor a second set of usage of the endpoint computing device within the network;
  
  program instructions to determine that the second set of usage of the endpoint computing device affects the endpoint computing device reputation;
  
  program instructions to adjust the endpoint computing device reputation based on the second set of usage of the endpoint computing device; and
  
  program instructions to determine whether the endpoint computing device is granted access to the resource based on a comparison of a minimum reputation requirement of the resource to the adjusted endpoint computing device reputation.
- View Dependent Claims (11, 12, 13)
- - 11. The computer system of claim 10, further comprising:
    - program instructions, stored on the one or more computer readable storage devices for execution by at least one of the one or more hardware processors, to responsive to the program instructions to determine that the endpoint computing device shall be granted access to the resource, grant the endpoint computing device access to the resource.
  - 12. The computer system of claim 10, further comprising:
    - program instructions, stored on the one or more computer readable storage devices for execution by at least one of the one or more hardware processors, to responsive to the program instructions to determine that the endpoint computing device shall not be granted access to the resource, deny the endpoint computing device access to the resource.
  - 13. The computer system of claim 12, further comprising:
    - program instructions, stored on the one or more computer readable storage devices for execution by at least one of the one or more hardware processors, to receive a command to override the access denial; and
      
      program instructions, stored on the one or more computer readable storage devices for execution by at least one of the one or more hardware processors, to grant the endpoint computing device access to the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jackson, Vernon A., Larsen, Andrew R., Leeder, Glen J., McCane, Gregory O., Rathi, Anand
Primary Examiner(s)
Rahim, Monjur

Application Number

US14/748,362
Publication Number

US 20160381022A1
Time in Patent Office

1,665 Days
Field of Search

726 7
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

End point reputation credential for controlling network access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

End point reputation credential for controlling network access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links