SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CENTRALLY MANAGING POLICIES ASSIGNABLE TO A PLURALITY OF PORTABLE END-POINT SECURITY DEVICES OVER A NETWORK

US 20070266421A1
Filed: 05/12/2006
Published: 11/15/2007
Est. Priority Date: 05/12/2006
Status: Abandoned Application

First Claim

Patent Images

1. A system for centrally managing policy files prescriptively assignable to a plurality of portable end-point security devices over a network comprising:

a central management console in processing communications with at least one administration server, said central management console being configured to;

define a plurality of group folders on said at least one administration server;

said plurality of group folders being permissively accessible by said plurality of portable end-point security devices upon presentation of proper credentials to at least said plurality of portable end-point security devices;

define separate file-based policies for each of said plurality of group folders;

selectively assign said plurality of portable end-point security devices to one or more of said plurality of group folders in at least partial dependence on said defined separate policies;

wherein said separate policies are inherited by said portable end-point security devices from said assigned plurality of group folders when operatively coupled thereto.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for centrally managing policies prescriptively assignable to a plurality of portable end-point security devices over a network is provided. Various embodiments incorporate an central management console configured to define a plurality of group folders on at least one administration server accessible by the plurality of portable end-point security devices, define separate policies for each of the plurality of group folders, assign the plurality of portable end-point security devices to one or more of the plurality of group folders in a many to many relationship such that the separate policies of the plurality of group folders are inherited by the portable end-point security devices when operatively coupled thereto. In an embodiment, the portable end-point security devices are disposed as a handheld computer peripheral device connectable to a computer system using a communications port.

Citations

40 Claims

1. A system for centrally managing policy files prescriptively assignable to a plurality of portable end-point security devices over a network comprising:
- a central management console in processing communications with at least one administration server, said central management console being configured to;
  
  define a plurality of group folders on said at least one administration server;
  
  said plurality of group folders being permissively accessible by said plurality of portable end-point security devices upon presentation of proper credentials to at least said plurality of portable end-point security devices;
  
  define separate file-based policies for each of said plurality of group folders;
  
  selectively assign said plurality of portable end-point security devices to one or more of said plurality of group folders in at least partial dependence on said defined separate policies;
  
  wherein said separate policies are inherited by said portable end-point security devices from said assigned plurality of group folders when operatively coupled thereto.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system according to claim 1 wherein said selectively assign maps each of said plurality of portable end-point security devices to a plurality of uniquely identified nodes in relational correspondence with a unique identifier assigned to each of said plurality of portable end-point security devices.
  - 3. The system according to claim 2 wherein said plurality of uniquely identified nodes represents an address in which a member of said plurality of portable end-point security devices accesses its assigned group folder.
  - 4. The system according to claim 1 wherein a relational correspondence between each of said plurality of group folders to each of said plurality of portable end-point security devices includes a one-to-many relationship.
  - 5. The system according to claim 1 wherein a relational correspondence between each of said plurality of portable end-point security devices to each of said plurality of group folders includes a many-to-many relationship.
  - 6. The system according to claim 1 wherein said separate policies are sharable between one or more of said plurality of group folders.
  - 7. The system according to claim 1 wherein a member of said plurality of portable end-point security devices inherits said separate policies from each of said plurality of group folders to which said member is assigned.
  - 8. The system according to claim 7 wherein said member implements the more restrictive policies inherited for resolution of potential conflicts.
  - 9. The system according to claim 1 wherein said proper credentials are first provided to said plurality of portable end-point security devices and another set of proper credentials is provided to said at least one administrative server to access said assigned group folders.
  - 10. The system according to claim 9 wherein said another set of proper credentials is obtained from a unique set of credentials internal to said plurality of portable end-point security devices.
  - 11. The system according to claim 1 wherein at least some information included in at least a portion of said separate policies is retrieved from an X.500 compliant directory.
  - 12. The system according to claim 1 wherein said plurality of group folders at least intermittently contain policy update files for inheritance by said selectively assigned plurality of portable end-point security devices.
  - 13. The system according to claim 1 wherein each of said plurality of portable end-point security devices is configured to enforce said inherited separate policies when operatively coupled to a computer system.
  - 14. The system according to claim 1 wherein said separate policies includes one of, an executable code, a data file, an object, an application policy, a security policy, a license policy, a malware policy, a configuration policy, a connectivity policy, a storage policy, an auditing policy, a document management policy and any combination thereof.
  - 15. The system according to claim 1 wherein said separate policies are distributed from said at least one administration server to each of said plurality of portable end-point security devices in at least partial dependence on a unique identifier associated with each of said plurality of portable end-point security devices.
  - 16. The system according to claim 1 wherein said separate policies are distributed from said plurality of separate group folders in an XML format.
  - 17. The system according to claim 1 wherein said separate policies includes different requirements based on trusted and untrusted configurations.
  - 18. The system according to claim 17 wherein said trusted and untrusted configurations are dependent at least in part on one of;
    - a local host connection, a network connection, a location, a network domain and any combination thereof.
  - 19. The system according to claim 1 wherein each of said plurality of portable end-point security devices comprises a handheld computer peripheral device connectable to a computer system through a communications channel.
  - 20. The system according to claim 16 wherein said XML format further includes one of;
    - a digital signature, a checksum, encrypted information and any combination thereof.

21. A method for centrally managing policy files prescriptively assignable to a plurality of portable end-point security devices over a network comprising:
- defining a plurality of group folders on at least one administration server;
  
  said plurality of group folders being permissively accessible by said plurality of portable end-point security devices upon presentation of proper credentials to at least said plurality of portable end-point security devices;
  
  defining separate file-based policies for each of said plurality of group folders;
  
  selectively assigning said plurality of portable end-point security devices to one or more of said plurality of group folders in at least partial dependence on said defined separate policies;
  
  wherein said separate policies are inherited by said portable end-point security devices from said assigned plurality of group folders when operatively coupled thereto.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The method according to claim 21 further including assigning each of said plurality of portable end-point security devices to a plurality of individually assigned nodes having many-to-many relationships with said assigned plurality of group folders.
  - 23. The method according to claim 21 further including receiving a license policy from said at least one of;
    - an administration server, an update server and a third party service provider.
  - 24. The method according to claim 21 further includes initially provisioning said plurality of portable end-point security devices with one or more default policies prior to inheriting said separate policies.
  - 25. The method according to claim 21 further including accessing said at least one administration server at least intermittently to receive policy update files from said assigned plurality of group folders.
  - 26. The method according to claim 21 further including authenticating a user to at least one of said plurality of portable end-point security devices prior to accessing said at least one administration server.
  - 27. The method according to claim 21 wherein said separate policies includes one of;
    - an executable code, a data file, an object, an application policy, a security policy, a license policy, a malware policy, a configuration policy, a connectivity policy, a storage policy, an auditing policy, a document management policy and any combination thereof.
  - 28. The method according to claim 24 further including distributing said separate policies to each of said plurality of portable end-point security devices in at least partial dependence on said default policies.
  - 29. The method according to claim 21 wherein each of said plurality of portable end-point security devices comprises a handheld computer peripheral device connectable to a computer system through a communications channel.
  - 30. The method according to claim 21 wherein each of said plurality of portable end-point security devices is configured to enforce said inherited separate policies when operatively coupled to a computer system.
  - 31. The method according to claim 21 wherein said separate policies are distributed from said plurality of separate group folders in an XML format.
  - 32. The method according to claim 31 wherein said XML format further includes one of;
    - a digital signature, a checksum, encrypted information and any combination thereof.

33. A computer program product embodied in a tangible form comprising executable instructions for a processor associated with at least one administration server to:
- generate a plurality of group folders on said at least one administration server;
  
  said plurality of group folders being permissively accessible by a plurality of portable end-point security devices upon presentation of proper credentials to said at least one administration server;
  
  generate separate file-based policies for each of said plurality of group folders;
  
  selectively assign said plurality of portable end-point security devices to one or more of said plurality of group folders in at least partial dependence on said defined separate policies;
  
  wherein said separate policies are inherited by said portable end-point security devices from said assigned plurality of group folders when operatively coupled thereto.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The computer program product according to claim 33 further including executable instructions by said processor to;
    - assign each of said plurality of portable end-point security devices to a plurality of nodes having unique identifiers corresponding to those of said plurality of portable end-point security devices.
  - 35. The computer program product according to claim 33 wherein each of said plurality of portable end-point security devices comprises a handheld computer peripheral device connectable to a computer system through a communications channel.
  - 36. The computer program product according to claim 33 wherein said separate policies are distributed in an XML format to each of said plurality of portable end-point security devices as part of said inherited.
  - 37. The computer program product according to claim 33 wherein said assign maps each of said plurality of portable end-point security devices to a plurality of individually assigned nodes having many-to-many relationships to said assigned plurality of group folders.
  - 38. The computer program product according to claim 33 wherein said tangible form comprises magnetic media, optical media, logical media and any combination thereof.
  - 39. The computer program product according to claim 36 wherein said XML format further includes one of, a digital signature, a checksum, encrypted information and any combination thereof.
  - 40. The computer program product according to claim 33 wherein each of said plurality of portable end-point security devices is configured to enforce said inherited separate policies when operatively coupled to a computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Redcannaon Incorporated
Original Assignee
Redcannon Incorporated
Inventors
Vaidya, Vimal, Siu, Silvia

Application Number

US11/383,154
Publication Number

US 20070266421A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/145 the attack involving the pr...

H04L 63/20 for managing network securi...

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CENTRALLY MANAGING POLICIES ASSIGNABLE TO A PLURALITY OF PORTABLE END-POINT SECURITY DEVICES OVER A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CENTRALLY MANAGING POLICIES ASSIGNABLE TO A PLURALITY OF PORTABLE END-POINT SECURITY DEVICES OVER A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links