Critical period protection

US 20060282896A1
Filed: 06/08/2005
Published: 12/14/2006
Est. Priority Date: 06/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

monitoring a computing device having an first security state for one or more events indicating a time period of increased vulnerability;

adjusting one or more security policies in response to the one or more events to initiate a second security state;

identifying an end of the time of increased vulnerability; and

initiating a third security state.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for protecting a computer during a period of increased vulnerability. In one implementation, a method for protecting a computer is provided. The method includes monitoring a computing device having an first security state for one or more events indicating a time period of increased vulnerability. The method includes adjusting one or more security policies in response to the one or more events to generate a second security state. The method also includes identifying an end of the time of increased vulnerability, and restoring the computing to the first security state. In one implementation, the computer is an embedded device.

70 Citations

View as Search Results

20 Claims

1. A method, comprising:
- monitoring a computing device having an first security state for one or more events indicating a time period of increased vulnerability;
  
  adjusting one or more security policies in response to the one or more events to initiate a second security state;
  
  identifying an end of the time of increased vulnerability; and
  
  initiating a third security state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, the third security state and the first security state being a same security state.
  - 3. The method of claim 1, further comprising:
    - verifying the changes to the computing device during the time period of increased system vulnerability.
  - 4. The method of claim 1, the monitoring further comprising:
    - monitoring a behavior of one or more applications.
  - 5. The method of claim 1, the monitoring further comprising:
    - monitoring the behavior of an enhanced write filter.
  - 6. The method of claim 1, the monitoring further comprising:
    - monitoring input traffic over a network.
  - 7. The method of claim 1, the monitoring further comprising:
    - monitoring one or more registry entries.
  - 8. The method of claim 1, the adjusting further comprising:
    - adjusting one or more security policies to restrict network access.
  - 9. The method of claim 1, the adjusting further comprising:
    - initiating a virus scan of the computing device memory.
  - 10. The method of claim 1, the adjusting further comprising:
    - disabling unnecessary devices coupled to the computing device.
  - 11. The method of claim 1, the monitoring further comprising:
    - monitoring a plurality of computing devices for one or more events indicating a time of increased vulnerability.

12. A security device, comprising:
- a monitoring engine operable to monitor a computing device for events indicating a time period of increased system vulnerability;
  
  a security engine operable to execute one or more security policies including different security policies for different states of the computing device; and
  
  a policy module operable to store the one or more security policies.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The security device of claim 12, further comprising:
    - a verification engine operable to verify one or more changes to a computer system during the time period of increased system vulnerability.
  - 14. The security system of claim 12, the monitoring engine further comprising:
    - an application behavior monitor; and
      
      a network monitor.
  - 15. The security system of claim 12, the monitoring engine operable to monitor one or more of a network traffic, a behavior of an application, a file modification, and a registry entry change.
  - 16. The security system of claim 12, wherein the computing device is an embedded device.
  - 17. The security system of claim 12, further comprising a policy module including one or more security policies.
  - 18. The security system of claim 12, the security engine operable to dynamically adjust one or more security policies in response to a triggering condition.

19. An embedded device, comprising:
- a security device operable to adjust one or more security policies during a time of increased device vulnerability; and
  
  an enhanced write filter operable to write data to an overlay.

20. A computer program product, tangibly stored on a computer-readable medium, comprising instructions operable to cause a programmable processor to:
- monitor a computing device having an first security state for one or more events indicating a time period of increased vulnerability;
  
  adjust one or more security policies in response to the one or more events to initiate a second security state;
  
  identify an end of the time of increased vulnerability; and
  
  initiate a third security state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Qi, Fei

Granted Patent

US 7,600,259 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 2221/2105 Dual mode as a secondary as...

Critical period protection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Critical period protection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links