System for device-access policy enforcement

US 20040128394A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. An access policy enforcement system, comprising:

an environment state detector for determining a present environment state from a plurality of predetermined environment states in which a computing device that is structured to provide one or more services to a second device is operating; and

an access gate structured to prohibit or allow access to selected of the one or more services based on the present environment state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention include an access policy enforcement system for a system that provides services to other devices. As a service-providing device changes environments, or mobile states, access to the device'"'"'s services is automatically and transparently limited or expanded. One aspect of the access policy determines the particular state in which the service-providing device is operating. Another aspect uses the determined state to dictate which services will be available to other devices.

Citations

30 Claims

1. An access policy enforcement system, comprising:
- an environment state detector for determining a present environment state from a plurality of predetermined environment states in which a computing device that is structured to provide one or more services to a second device is operating; and
  
  an access gate structured to prohibit or allow access to selected of the one or more services based on the present environment state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The access policy enforcement system of claim 1, wherein the environment state detector comprises:
    - an input for receiving one or more state factors; and
      
      a state selector for determining which of the plurality of predetermined environment states is the present environment state based on the one or more state factors received at the input.
  - 3. The access policy enforcement system of claim 2 wherein one of the one or more state factors is a speed of a network to which the computing device is coupled.
  - 4. The access policy enforcement system of claim 2 wherein one of the one or more state factors is a trust level between the computing device and the second device.
  - 5. The access policy enforcement system of claim 1 wherein the environment state detector is structured to initiate requests for the one or more state factors.
  - 6. The access policy enforcement system of claim 1 wherein the access gate comprises a firewall.
  - 7. The access policy enforcement system of claim 1 wherein the access gate comprises a service directory.

8. A computer system for providing services to a second device, the computer system comprising:
- a microprocessor structured to execute instructions that cause services to be provided to the second device;
  
  a main memory coupled to the microprocessor and structured to store data and programs for use by the microprocessor;
  
  a communication module coupled to the microprocessor and to the main memory, the communication module structured to transfer data between the computer and the second device; and
  
  an access policy enforcement system operable on the computing device, the access policy enforcement system including;
  
  an environment state detector for determining a present environment state from a plurality of predetermined environment states in which the computing device is operating, and an access gate structured to prohibit or allow access to one or more selected services based on the present environment state.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer system of claim 8 wherein the environment state detector comprises:
    - an input for receiving one or more environment factors; and
      
      a state selector for determining which of the plurality of predetermined environment states is the present environment state based on the one or more environment factors received at the input.
  - 10. The computer system of claim 9 wherein the environment state detector is structured to initiate requests for the one or more environment factors.
  - 11. The computer system of claim 9 wherein the environment state detector is structured to periodically acquire one or more environment factors.
  - 12. The computer system of claim 8 wherein the access gate comprises a firewall.
  - 13. The computer system of claim 8 wherein the access policy enforcement system is structured to operate in a first virtual machine on the computer system.
  - 14. The computer system of claim 13, further comprising a second virtual machine that includes a second access policy enforcement system.

15. A method for tailoring services, comprising:
- determining a present operating environment state of a service provider;
  
  comparing services presently offered by the service provider to those services appropriate for the present operating environment state; and
  
  when the services presently offered by the service provider do not match the services appropriate for the present operating environment state, changing services offered by the service provider to those services appropriate for the present operating environment state.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein determining the present operating environment state of the service provider comprises:
    - accepting one or more environmental factors; and
      
      determining the present operating environment state from the one or more environmental factors.
  - 17. The method of claim 16 wherein determining the present operating environment comprises matching one of a number of predetermined environments to the one or more environmental factors.
  - 18. The method of claim 16 wherein accepting one or more environmental factors comprises polling one or more components of the service provider for a present state.
  - 19. The method of claim 16 wherein accepting one or more environmental factors comprises performing an interrupt service routine.
  - 20. The method of claim 15 wherein changing services offered by the service provider to those services appropriate for the present operating environment state comprises changing states of one or more ports in a firewall.

21. A method for dynamically changing security levels, comprising:
- making a first set of services provided by a device accessible when the device is operating at a first mobile state;
  
  changing from the first mobile state to a second mobile state; and
  
  making a second set of services accessible, the second set of services different from the first set of services.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21 wherein, in the first mobile state the device is connected to a first network, and wherein changing from the first mobile state to a second mobile state comprises connecting the device to a second network.
  - 23. The method of claim 21 wherein changing from the first mobile state to a second mobile state comprises establishing communication with a trusted device.
  - 24. The method of claim 21 wherein making a second set of services accessible comprises changing a state of ports of a firewall.
  - 25. The method of claim 21 wherein one or more services in the first set of services is also in the second set of services.

26. An article comprising a machine-accessible medium having associated data that, when accessed, results in a machine:
- determining a present operating environment state of a service-providing machine;
  
  comparing services presently offered by the service-providing machine to those services appropriate for the present operating environment state; and
  
  when the services presently offered by the service-providing machine do not match the services appropriate for the present operating environment state, changing services offered by the service-providing machine to those services appropriate for the present operating environment state.
- View Dependent Claims (27, 28)
- - 27. The article of claim 26 wherein determining a present operating environment state of the service-providing machine comprises:
    - accepting one or more environmental factors; and
      
      determining the present operating environment state from the one or more environmental factors.
  - 28. The article of claim 26 wherein changing services offered by the service provider to those services appropriate for the present operating environment state comprises changing states of one or more ports in a firewall.

29. An article comprising a machine-accessible medium having associated data that, when accessed, results in a machine:
- making a first set of services accessible when operating the machine in a first mobile state;
  
  changing from the first mobile state to a second mobile state; and
  
  after changing to the second mobile state, changing a security level of the machine by making a second set of services accessible, the second set of services different from the first set of services.
- View Dependent Claims (30)
- - 30. The article of claim 29 wherein, in the first mobile state the machine is connected to a first network, and wherein changing from the first mobile state to a second mobile state comprises connecting the machine to a second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Knauerhase, Robert C., Robinson, Scott H.

Granted Patent

US 7,631,089 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 67/30   Profiles

H04L 67/52   specially adapted for the l...

H04L 67/54   Presence management, e.g. m...

H04L 67/60   Scheduling or organising th...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System for device-access policy enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System for device-access policy enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links