Policy-protection proxy

US 20050005129A1
Filed: 07/01/2004
Published: 01/06/2005
Est. Priority Date: 07/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A policy-enforcement proxy system comprising:

a first network of computing devices including a first device;

a proxy through which the first network is connected to a second network of computing devices;

a database of configuration information comprising, for each of a plurality of devices in the first network, including the first device;

an identifier for the device; and

a security status flag indicating whether the device complies with a predetermined security policy. wherein the proxy blocks connection requests from devices in the plurality of devices to devices in the second network when the security status flag associated with the requesting device indicates that the requesting device does not comply with the predetermined security policy.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database maintains security status information on each device in a network, based on whether the device'"'"'s operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.

33 Citations

View as Search Results

5 Claims

1. A policy-enforcement proxy system comprising:
- a first network of computing devices including a first device;
  
  a proxy through which the first network is connected to a second network of computing devices;
  
  a database of configuration information comprising, for each of a plurality of devices in the first network, including the first device;
  
  an identifier for the device; and
  
  a security status flag indicating whether the device complies with a predetermined security policy. wherein the proxy blocks connection requests from devices in the plurality of devices to devices in the second network when the security status flag associated with the requesting device indicates that the requesting device does not comply with the predetermined security policy.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the identifier is a network address within the first network.
  - 3. The system of claim 1, wherein the information in the database further comprises, for each of the plurality of devices, data identifying the operating system, software, and patches installed thereon.
  - 4. The system of claim 1, wherein the information in the database further comprises, for each of the plurality of devices, data characterizing the system policy settings and configuration data for the device.
  - 5. The system of claim 1, wherein the proxy redirects blocked connection attempts to an explanatory message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brett M. Oliphant
Original Assignee
Brett M. Oliphant
Inventors
Oliphant, Brett M.

Application Number

US10/882,853
Publication Number

US 20050005129A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 8/60   Software deployment

H04L 63/0281   Proxies

H04L 63/104   Grouping of entities

Policy-protection proxy

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-protection proxy

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links