Method and system for dynamic adjustment of computer security based on network activity of users

US 20070094711A1
Filed: 10/20/2005
Published: 04/26/2007
Est. Priority Date: 10/20/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing operations with respect to a set of computational resources in a data processing system, the method comprising:

employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;

employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating-value is associated with the second user; and

automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, apparatus, or computer program product is presented for securing computational resources in a data processing system. A first user uses a first computational device, and a user security level is associated with the first user. Likewise, a second user uses a second computational device, and a user security level is associated with the second user. The computational resources on the first computational device are automatically reconfigured based on the second user security level of the second user. A computational security level may be assigned to a computational resource on the first computational device, and the computational security level is dynamically adjusted in response to detected network activity by the second computational device that is being used by the second user. Modified security-related parameters for reconfiguring computational resources on the first computational device are reconfigured based on the adjusted computational security level.

92 Citations

View as Search Results

20 Claims

1. A computer-implemented method for securing operations with respect to a set of computational resources in a data processing system, the method comprising:
- employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating-value is associated with the second user; and
  
  automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising:
    - monitoring network activity with respect to computational resources that are used by the second user;
      
      filtering the network activity with respect to computational resources that are used by the second user; and
      
      logging problematic network activity with respect to computational resources that are used by the second user.
  - 3. The method of claim 2 further comprising:
    - employing a first configurable policy that indicates rules and/or conditions for filtering the network activity.
  - 4. The method of claim 2 further comprising:
    - examining the logged problematic network activity of the second user; and
      
      determining the second user security level indicating value based on information from the examined logged problematic network activity.
  - 5. The method of claim 4 further comprising:
    - employing a second configurable policy that indicates rules and/or conditions for determining the second user security level indicating value.
  - 6. The method of claim 1 further comprising:
    - assigning a computational security level indicating value to a computational resource on the first computational device; and
      
      adjusting the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
  - 7. The method of claim 6 further comprising:
    - employing a third configurable policy that indicates rules and/or conditions for adjusting the computational security level indicating value for the computational resource on the first computational device.
  - 8. The method of claim 6 further comprising:
    - determining modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.
  - 9. The method of claim 8 further comprising:
    - employing a fourth configurable policy that indicates rules and/or conditions for determining modified security-related parameters for reconfiguring the computational resources on the first computational device.
  - 10. The method of claim 6 further comprising:
    - sending modified security-related parameters from a centralized security management application to a network security agent on the first computational device.
  - 11. The method of claim 1 further comprising:
    - notifying the first user of the reconfiguration of the first computational device.
  - 12. The method of claim 1 further comprising:
    - retrieving the second user security level indicating value from a source external to the data processing system.

13. A computer program product on a computer-readable storage medium for securing operations with respect to a set of computational resources in a data processing system, the computer program product comprising:
- means for employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  means for employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user; and
  
  means for automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 further comprising:
    - means for monitoring network activity with respect to computational resources that are used by the second user;
      
      means for filtering the network activity with respect to computational resources that are used by the second user; and
      
      means for logging problematic network activity with respect to computational resources that are used by the second user.
  - 15. The computer program product of claim 14 further comprising:
    - means for examining the logged problematic network activity of the second user; and
      
      means for determining the second user security level indicating value based on information from the examined logged problematic network activity.
  - 16. The computer program product of claim 13 further comprising:
    - means for assigning a computational security level indicating value to a computational resource on the first computational device; and
      
      means for adjusting the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
  - 17. The computer program product of claim 16 further comprising:
    - means for determining modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.

18. An apparatus for securing operations with respect to a set of computational resources in a data processing system, the apparatus comprising:
- means for employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  means for employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user; and
  
  means for automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18 further comprising:
    - means for assigning a computational security level indicating value to a computational resource on the first computational device; and
      
      means for adjusting the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
  - 20. The apparatus of claim 19 further comprising:
    - means for determining modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Janakiraman, Janani, Ullman, Lorin, Corley, Carole

Granted Patent

US 7,627,893 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 2221/2149   Restricted operating enviro...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

Method and system for dynamic adjustment of computer security based on network activity of users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for dynamic adjustment of computer security based on network activity of users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links