System, apparatuses, methods and computer-readable media for determining security status of computer before establishing connection thereto first group of embodiments-claim set 1

US 20050262570A1
Filed: 05/05/2005
Published: 11/24/2005
Est. Priority Date: 05/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

(a) retrieving security state data at a first computer;

(b) incorporating the security state data into a request message to request a connection with a second computer via a network; and

(c) transmitting the request message including the security state data to the second computer via the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.

Citations

45 Claims

1. A method comprising the steps of:
- (a) retrieving security state data at a first computer;
  
  (b) incorporating the security state data into a request message to request a connection with a second computer via a network; and
  
  (c) transmitting the request message including the security state data to the second computer via the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method as claimed in claim 1 wherein the security state data is generated by an anti-virus application running on the first computer.
  - 3. A method as claimed in claim 1 wherein the security state data comprises data generated by a firewall application running on the first computer.
  - 4. A method as claimed in claim 1 wherein the security state data comprises data generated by an operating system running on the first computer.
  - 5. A method as claimed in claim 1 wherein the security state data comprises data received via the Internet from a website of a developer of at least one of an anti-virus application, firewall application, and operating system running on the first computer.
  - 6. A method as claimed in claim 1 wherein the security state data comprises data indicating whether an anti-virus application is running on the first computer.
  - 7. A method as claimed in claim 6 wherein the security state data comprises data indicating whether the anti-virus application is up-to-date.
  - 8. A method as claimed in claim 1 wherein the security state data comprises data indicating whether a firewall application is running on the first computer.
  - 9. A method as claimed in claim 8 wherein the security state data comprises data indicating whether the firewall application is up-to-date.
  - 10. A method as claimed in claim 1 wherein the security state data comprises data indicating whether operating system patches have been installed to close vulnerabilities in the operating system running on the first computer.
  - 11. A method as claimed in claim 10 wherein the security state data comprises data indicating whether the operating system patches are up-to-date.
  - 12. A method as claimed in claim 1 wherein the request message is a TCP SYN packet.
  - 13. A method as claimed in claim 1 wherein the network is the Internet.
  - 14. A method as claimed in claim 1 further comprising the step of:
    - (d) receiving the request message including the security state data from the first computer at the second computer;
      
      (e) determining at the second computer whether the connection to the first computer is permitted based on security policy data stored in the second computer and the security state data received from the first computer;
      
      (f) proceeding with establishing the network connection if the determining of step (e) establishes that the network connection to the second computer is permitted; and
      
      (g) terminating further processing to establish the network connection if the second computer determines in step (e) that the network connection to the second computer is not permitted.
  - 15. A method as claimed in claim 1 further comprising the step of:
    - (d) receiving the request message including the security state data from the first computer at the second computer;
      
      (e) determining at the second computer whether the security state data in the request message is to be processed based on security activation data stored in the second computer; and
      
      if the determining in step (e) establishes that the security activation data indicates that the security state data is to be processed, (f) determining at the second computer whether the network connection to the first computer poses an impermissible security risk based on security policy data stored in the second computer and the security state data received from the first computer;
      
      (g) proceeding with establishing the network connection if the determining of step (f) establishes that connection to the second computer is permitted; and
      
      (h) terminating further processing to establish the network connection if the second computer if the determining of step (f) establishes that the connection to the second computer is not permitted.

16. A computer-readable medium storing computer code that when executed by a first computer attempting to open a network connection with a second computer via a network, the first computer performs the following steps:
- (a) retrieving security state data at a first computer;
  
  (b) incorporating the security state data into a request message to request a connection with a second computer via a network; and
  
  (c) transmitting the request message including the security state data to the second computer via the network.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data generated by an anti-virus application running on the first computer.
  - 18. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data generated by a firewall application running on the first computer.
  - 19. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data generated by an operating system running on the first computer.
  - 20. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data received via the Internet from a website of a developer of at least one of an anti-virus application, firewall application, and operating system running on the first computer.
  - 21. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data indicating whether an anti-virus application is running on the first computer.
  - 22. A computer-readable medium as claimed in claim 21 wherein the security state data comprises data indicating whether the anti-virus application is up-to-date.
  - 23. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data indicating whether a firewall application is running on the first computer.
  - 24. A computer-readable medium as claimed in claim 23 wherein the security state data comprises data indicating whether the firewall application is up-to-date.
  - 25. A computer-readable medium as claimed in claim 16 wherein the security state data comprises data indicating whether an operating system patch has been installed to close a vulnerability in the operating system running on the first computer.
  - 26. A computer-readable medium as claimed in claim 25 wherein the security state data comprises data indicating whether the operating system patch is up-to-date.
  - 27. A computer-readable medium as claimed in claim 16 wherein the request message is a TCP SYN packet.
  - 28. A computer-readable medium as claimed in claim 16 wherein the network is the Internet.
  - 29. A computer-readable medium as claimed in claim 16 wherein the first computer further executes the computer code to perform the following steps:
    - (d) receiving the request message including the security state data from the first computer at the second computer;
      
      (e) determining at the second computer whether the connection to the first computer is permitted based on security policy data stored in the second computer and the security state data received from the first computer;
      
      (f) proceeding with establishing the network connection if the determining of step (e) establishes that the network connection to the second computer is permitted; and
      
      (g) terminating further processing to establish the network connection if the second computer determines in step (e) that the network connection to the second computer is not permitted.
  - 30. A computer-readable medium as claimed in claim 16 wherein the first computer further executes the computer code to perform the following steps:
    - (d) receiving the request message including the security state data from the first computer at the second computer;
      
      (e) determining at the second computer whether the security state data in the request message is to be processed based on security activation data stored in the second computer; and
      
      if the determining in step (e) establishes that the security activation data indicates that the security state data is to be processed, (f) determining at the second computer whether the network connection to the first computer poses an impermissible security risk based on security policy data stored in the second computer and the security state data received from the first computer;
      
      (g) proceeding with establishing the network connection if the determining of step (f) establishes that connection to the second computer is permitted; and
      
      (h) terminating further processing to establish the network connection if the determining of step (f) establishes that the connection to the second computer is not permitted.

31. An apparatus using a communications network, the apparatus comprising:
- a first computer retrieving security state data related to the first computer, incorporating the security state data into a request message to request a connection with a second computer via the network, and transmitting the request message including the security state data to the second computer via the network.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 32. An apparatus as claimed in claim 31 wherein the security state data comprises data generated by an anti-virus application running on the first computer.
  - 33. An apparatus as claimed in claim 31 wherein the security state data comprises data generated by a firewall application running on the first computer.
  - 34. An apparatus as claimed in claim 31 wherein the security data comprises data generated by an operating system running on the first computer.
  - 35. An apparatus as claimed in claim 31 wherein the security state data comprises data received via the Internet from a website of a developer of at least one of an anti-virus application, firewall application, and operating system running on the first computer.
  - 36. An apparatus as claimed in claim 31 wherein the security state data comprises data indicating whether an anti-virus application is running on the first computer.
  - 37. An apparatus as claimed in claim 36 wherein the security state data comprises data indicating whether the anti-virus application is up-to-date.
  - 38. An apparatus as claimed in claim 31 wherein the security state data comprises data indicating whether a firewall application is running on the first computer.
  - 39. An apparatus as claimed in claim 38 wherein the security state data comprises data indicating whether the firewall application is up-to-date.
  - 40. An apparatus as claimed in claim 31 wherein the security state data comprises data indicating whether an operating system patch has been installed to close a vulnerability in the operating system running on the first computer.
  - 41. An apparatus as claimed in claim 40 wherein the security state data comprises data indicating whether the operating system patch is up-to-date.
  - 42. An apparatus as claimed in claim 31 wherein the request message is a TCP SYN packet.
  - 43. An apparatus as claimed in claim 31 wherein the proceeding with establishing the network connection is performed at the second computer by generating and transmitting a SYNACK packet to the first computer in response to the SYN packet.
  - 44. An apparatus as claimed in claim 31 wherein the terminating of establishing the network connection is performed by the second computer disregarding the SYN packet.
  - 45. An apparatus as claimed in claim 31 wherein the network is the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liquidware Labs, Inc.
Original Assignee
Trusted Network Technologies, Inc. (Liquidware Labs, Inc.)
Inventors
Shay, A. David

Granted Patent

US 7,549,159 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/102   Entity profiles

H04L 67/1095   Replication or mirroring of...

System, apparatuses, methods and computer-readable media for determining security status of computer before establishing connection thereto first group of embodiments-claim set 1

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatuses, methods and computer-readable media for determining security status of computer before establishing connection thereto first group of embodiments-claim set 1

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links