Secure posture assessment
First Claim
Patent Images
1. A system comprising:
- a posture assessment system comprising one or more server computing devices, wherein the posture assessment system is configured to at least;
receive a posture assessment request from a user computing device, the posture assessment request comprising configuration data regarding an operating system configuration of the user computing device;
generate configuration verification data based at least partly on the configuration data, wherein the configuration verification data comprises an encoded representation of at least a portion of an operating system expected to be present on the user computing device;
generate an expected assessment result comprising an encoded representation of the configuration verification data, and output of an execution confirmation function that takes at least a threshold period of time to execute;
generate client-side executable instructions that, when executed, cause the user computing device to generate an assessment result comprising an encoded representation of at least a portion of an operating system present on the user computing device and output of the execution confirmation function;
transmit the client-side executable instructions to the user computing device;
receive the assessment result from the user computing device;
analyze the assessment result with respect to the expected assessment result; and
transmit a verification token to the user computing device; and
a client-side operating system component that configures the user computing device to at least;
receive the client-side executable instructions from the posture assessment system;
execute the client-side executable instructions using a temporarily heightened degree of operating system access privileges;
transmit the assessment result to the posture assessment system; and
receive the verification token from the posture assessment system.
1 Assignment
0 Petitions
Accused Products
Abstract
A posture assessment system is provided that uses an application programming interface (“API”), integrated into a computing device operating system, to assess the posture of the computing device. The API provides temporarily heightened access to the operating system, and executes code provided by the posture assessment system. The code may cause performance of various operations on the computing device, such as generating encoded representations of operating system components, performing computationally-expensive functions to verify execution of the code, and the like. The output of these operations can be sent to the posture assessment system for verification.
25 Citations
20 Claims
-
1. A system comprising:
-
a posture assessment system comprising one or more server computing devices, wherein the posture assessment system is configured to at least; receive a posture assessment request from a user computing device, the posture assessment request comprising configuration data regarding an operating system configuration of the user computing device; generate configuration verification data based at least partly on the configuration data, wherein the configuration verification data comprises an encoded representation of at least a portion of an operating system expected to be present on the user computing device; generate an expected assessment result comprising an encoded representation of the configuration verification data, and output of an execution confirmation function that takes at least a threshold period of time to execute; generate client-side executable instructions that, when executed, cause the user computing device to generate an assessment result comprising an encoded representation of at least a portion of an operating system present on the user computing device and output of the execution confirmation function; transmit the client-side executable instructions to the user computing device; receive the assessment result from the user computing device; analyze the assessment result with respect to the expected assessment result; and transmit a verification token to the user computing device; and a client-side operating system component that configures the user computing device to at least; receive the client-side executable instructions from the posture assessment system; execute the client-side executable instructions using a temporarily heightened degree of operating system access privileges; transmit the assessment result to the posture assessment system; and receive the verification token from the posture assessment system. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
as performed by a computing system configured to execute specific instructions, receiving configuration data representing a configuration of a computing device; generating an encoded representation of at least a portion of data expected to be present on the computing device; determining an execution confirmation function that takes at least a threshold period of time to execute; generating an expected response using the encoded representation and output of the execution confirmation function; generating executable code that, when executed by the computing device, causes the computing device to generate a response comprising an encoded representation of at least a portion of data present on the computing device and output of the execution confirmation function, wherein the executable code comprises a first portion of code for executing auxiliary functions and a second portion of code for generating the response, wherein output from at least a portion of the auxiliary functions is excluded from the response; receiving the response from the computing device; and determining whether to validate the computing device based at least partly on analyzing the response with respect to the expected response. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer storage system storing executable instructions, wherein the executable instructions configure a computing system to perform a process comprising:
-
receiving executable code from a remote server system via an application programming interface (API) of an operating system of the computing system; granting the executable code a temporarily heightened degree of access privileges; executing the executable code using the temporarily heightened degree of access privileges to generate a result, wherein the result comprises an encoded representation of at least a portion of data present on the computing system and output of an execution confirmation function that takes at least a threshold period of time to execute; transmitting the result to the remote server system; and revoking the temporarily heightened degree of access privileges. - View Dependent Claims (18, 19, 20)
-
Specification