Methods and systems for intelligently controlling access to computing resources
First Claim
1. A method operable on a computer for controlling the access of an endpoint computing system to a resource accessible by a host computing system, comprising:
- identifying within at least one of the endpoint and host computing systems a plurality of conditions, each condition having a state;
establishing a policy based upon the state of each of the plurality of conditions for access to the resource by the endpoint computing system, the policy including at least one rule and an analysis method for determining compliance with the rule;
collecting the state of each of the plurality of conditions;
processing the state of each of the plurality of conditions using the analysis method;
determining, based on the processing, the compliance of the conditions with the rule; and
controlling, based on the determining, the access of the endpoint computing system to the resource.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.
-
Citations
28 Claims
-
1. A method operable on a computer for controlling the access of an endpoint computing system to a resource accessible by a host computing system, comprising:
-
identifying within at least one of the endpoint and host computing systems a plurality of conditions, each condition having a state; establishing a policy based upon the state of each of the plurality of conditions for access to the resource by the endpoint computing system, the policy including at least one rule and an analysis method for determining compliance with the rule; collecting the state of each of the plurality of conditions; processing the state of each of the plurality of conditions using the analysis method; determining, based on the processing, the compliance of the conditions with the rule; and controlling, based on the determining, the access of the endpoint computing system to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for controlling the access of an endpoint computing system to a resource accessible by a host computing system, comprising:
-
a processor; a memory connected to the processor storing instructions to control the operation of the processor to perform the steps of identifying within at least one of the endpoint and host computing systems a plurality of conditions, each condition having a state; establishing a policy based upon the state of each of the plurality of conditions for access to the resource by the endpoint computing system, the policy including at least one rule and an analysis method for determining compliance with the rule; collecting the state of each of the plurality of conditions; processing the state of each of the plurality of conditions using the analysis method; determining, based on the processing, the compliance of the conditions with the rule; and controlling, based on the determining, the access of the endpoint computing system to the resource.
-
-
15. A method for generating signals to control the access of an endpoint computing system to a resource in a host computing system, comprising:
-
collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system; identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule; processing, using the analysis method, the state of each of the plurality of conditions; determining, based upon the processing, if the plurality of conditions are in compliance with the rule; and generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
22. A system for generating signals to control the access of an endpoint computing system to a resource in a host computing system, comprising:
-
means for collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system; means for identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule; means for processing, using the analysis method, the state of each of the plurality of conditions; means for determining, based upon the processing, if the plurality of conditions are in compliance with the rule; and means for generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
-
-
23. A program product storing instructions operable on computer to control the computer to generate signals to control the access of an endpoint computing system to a resource in a host computing system,
the instructions stored on the program product operable to control the computer to perform the steps of: -
collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system; identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule; processing, using the analysis method, the state of each of the plurality of conditions; determining, based upon the processing, if the plurality of conditions are in compliance with the rule; and generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
-
-
24. A method for developing a compliance policy to control the access of an endpoint computing system to a resource in a host computing system, comprising:
-
identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state; developing at least one rule; developing a policy for determining the compliance of each of the plurality of conditions with the at least one rule, the policy including at least one analysis method for processing each of the condition states to determine if the plurality of conditions are in compliance with the at least one rule. - View Dependent Claims (25, 26, 27)
-
-
28. A system for developing a compliance policy to control the access of an endpoint computing system to a resource in a host computing system, comprising:
-
means for identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state; means for developing at least one rule; means for developing a policy for determining the compliance of each of the plurality of conditions with the at least one rule, the policy including at least one analysis method for processing each of the condition states to determine if the plurality of conditions are in compliance with the at least one rule.
-
Specification