System, Method and Computer Program Product for Administering Trust Dependent Functional Control over a Portable Endpoint Security Device

US 20080098478A1
Filed: 10/20/2006
Published: 04/24/2008
Est. Priority Date: 10/20/2006
Status: Abandoned Application

First Claim

Patent Images

1. A system for administering trust dependent functional control over a portable endpoint security device comprising:

a trust enforcement policy including one or more predefined trust dependent characteristics for which the trust dependent functional control is to be administered;

a reconnoitering application including instructions executable by a processor to;

reconnoiter one or more trust dependent characteristics associated with a host processing unit;

determine a relative trusted state of the host processing unit in dependence on the trust enforcement policy and the trust dependent characteristics reconnoitered from the host processing unit; and

,administer the trust dependent functional control over the portable endpoint security device in dependence on the determined relative trusted state of the host processing unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for administering trust dependent functional control over a portable endpoint security device (PEPS). A reconnoitering application in conjunction with a trust enforcement policy determines a relative trusted state of the host processing unit and administers trust dependent functional control over the PEPS in dependence on one or more trust dependent characteristics reconnoitered from the host processing unit. The trust dependent characteristics reconnoitered from the host processing unit may be location dependent, context dependent, hardware configuration dependent and logical state dependent.

Citations

51 Claims

1. A system for administering trust dependent functional control over a portable endpoint security device comprising:
- a trust enforcement policy including one or more predefined trust dependent characteristics for which the trust dependent functional control is to be administered;
  
  a reconnoitering application including instructions executable by a processor to;
  
  reconnoiter one or more trust dependent characteristics associated with a host processing unit;
  
  determine a relative trusted state of the host processing unit in dependence on the trust enforcement policy and the trust dependent characteristics reconnoitered from the host processing unit; and
  
  ,administer the trust dependent functional control over the portable endpoint security device in dependence on the determined relative trusted state of the host processing unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of;
    - controlling access to a secure memory area internal to the portable endpoint security device and controlling the transfer of information between a networked resource and the portable endpoint security device.
  - 3. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of;
    - limiting access to an internal anti-malware application, displaying graphical indicia of malware detected by the reconnoitering application on the host processing unit, removing the detected malware from the host processing unit and any combination thereof.
  - 4. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of, controlling offline usage of temporarily cached information and controlling audit functions internal to the portable endpoint security device.
  - 5. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of, controlling distribution of an internally maintained application, controlling usage of the internally maintained application, providing change management of the internally maintained application and any combination thereof.
  - 6. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of, controlling distribution of a document, controlling access to the document and providing change management of the document.
  - 7. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is one of, determining if an existing host application has an executable association with an internally maintained file, allowing the host application to access the internally maintained file, executing an internally maintained application, downloading an internally maintained application, and any combination thereof.
  - 8. The system according to claim 1 wherein at least one of the one or more trust dependent characteristics reconnoitered from the host processing unit is location dependent, context dependent and any combination thereof.
  - 9. The system according to claim 8 wherein the location dependence is inferred from one of;
    - an IP address, an IP address range, a MAC address, a domain name, a set of GPS coordinates and any combination thereof.
  - 10. The system according to claim 8 wherein the context dependence is inferred from one of;
    - a memory execution stack, a registry entry, a DSOM object, Windows COM object, a Windows DCOM object, a service, a process and any combination thereof.
  - 11. The system according to claim 8 wherein the context dependence is inferred from one of, a footprint of an operating system, a hardware configuration, an object, a binary file, a security policy, a verification indicia and any combination thereof.
  - 12. The system according to claim 11 wherein the verification indicia is one of;
    - a cryptogram, a digital credential, a digital signature, a checksum value, a cyclic redundancy check value, a hash value and any combination thereof.
  - 13. The system according to claim 1 wherein the determined relative trusted state of the host processing unit is determinative of a level of access a user is afforded to information contained in or available using the portable endpoint security device.
  - 14. The system according to claim 1 wherein the determined relative trusted state is determinative of a level of required user interaction with the portable endpoint security device.
  - 15. The system according to claim 1 wherein the administered trust dependent functional control over the portable endpoint security device is established for one of, internal data manipulation, an application execution, an application manipulation and any combination thereof.
  - 16. The system according to claim 15 wherein the application execution includes execution of internal maintained applications when the relative trusted state of the host processing unit is low and execution of external applications when the relative trusted state of the host processing unit is high.
  - 17. The system according to claim 1 wherein the administered level of functional control over the portable endpoint security device is scalable in at least partial dependence on the determined relative trusted state of the host processing unit.

18. A method for administering trust dependent functional control over a portable endpoint security device comprising a trust enforcement policy including one or more predefined trust dependent characteristics for which the trust dependent functional control is to be administered coupled to a reconnoitering application including instructions executable by a processor for;
- reconnoitering one or more trust dependent characteristics associated with a host processing unit;
  
  determining a relative trusted state of the host processing unit in dependence on the trust enforcement policy and the trust dependent characteristics reconnoitered from the host processing unit; and
  
  ,administering the trust dependent functional control over the portable endpoint security device in dependence on the determined relative trusted state of the host processing unit.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method according to claim 18 further including instructions executable by the processor for performing one of, controlling access to a secure memory area internal to the portable endpoint security device and controlling the transfer of information between a networked resource and the portable endpoint security device.
  - 20. The method according to claim 18 further including instructions executable by the processor for performing one of, limiting access to an internal anti-malware application, displaying graphical indicia of malware detected by the reconnoitering application on the host processing unit, removing the detected malware from the host processing unit and any combination thereof.
  - 21. The method according to claim 18 further including instructions executable by the processor for performing one of;
    - controlling offline usage of temporarily cached information and controlling audit functions internal to the portable endpoint security device.
  - 22. The method according to claim 18 further including instructions executable by the processor for performing one of;
    - controlling distribution of an internally maintained application, controlling usage of the internally maintained application, providing change management of the internally maintained application and any combination thereof.
  - 23. The method according to claim 18 further including instructions executable by the processor for performing one of;
    - controlling distribution of a document, controlling access to the document and providing change management of the document.
  - 24. The method according to claim 18 further including instructions executable by the processor for performing one of;
    - determining if an existing host application has an executable association with an internally maintained file, allowing the host application to access the internally maintained file, executing an internally maintained application, downloading an internally maintained application and any combination thereof.
  - 25. The method according to claim 18 wherein at least one of the one or more trust dependent characteristics reconnoitered from the host processing unit is location dependent, context dependent and any combination thereof.
  - 26. The method according to claim 25 wherein the location dependence is inferred from one of;
    - an IP address, an IP address range, a MAC address, a domain name, a set of GPS coordinates and any combination thereof.
  - 27. The method according to claim 25 wherein the context dependence is inferred from one of;
    - a memory execution stack, a registry entry, a Windows COM object, a Windows DCOM object, a DSOM object, a service, a process and any combination thereof.
  - 28. The method according to claim 25 wherein the context dependence is inferred from one of;
    - a footprint of an operating system, a hardware configuration, an object, a binary file, a security policy, verification indicia and any combination thereof.
  - 29. The method according to claim 28 wherein the verification indicia is one of, a cryptogram, a digital credential, a digital signature, a checksum value, a cyclic redundancy check value, a hash value and any combination thereof
  - 30. The method according to claim 18 wherein the determined relative trusted state of the host processing unit is determinative of a level of access a user is afforded to information contained in or available using the portable endpoint security device.
  - 31. The method according to claim 18 wherein the determined relative trusted state is determinative of a level of required user interaction with the portable endpoint security device.
  - 32. The method according to claim 18 wherein the administered trust dependent functional control over the portable endpoint security device is established for one of, internal data manipulation, application execution, application manipulation and any combination thereof.
  - 33. The method according to claim 32 wherein the application execution includes execution of internal maintained applications when the relative trusted state of the host processing unit is low and execution of external applications when the relative trusted state of the host processing unit is high.
  - 34. The method according to claim 18 wherein the administered level of functional control over the portable endpoint security device is scalable in at least partial dependence on the determined relative trusted state of the host processing unit.

35. A computer program product for administering trust dependent functional control over a portable endpoint security device embodied in a tangible form comprising instructions executable by a processor for;
- reconnoitering one or more trust dependent characteristics associated with a host processing unit;
  
  determining a relative trusted state of the host processing unit in dependence on a trust enforcement policy and the one or more trust dependent characteristics reconnoitered from the host processing unit; and
  
  ,administering trust dependent functional control over the portable endpoint security device in dependence on the determined relative trusted state of the host processing unit.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 36. The computer program product according to claim 35 further including instructions executable by the processor for performing one of;
    - controlling access to a secure memory area internal to the portable endpoint security device and controlling the transfer of information between a networked resource and the portable endpoint security device.
  - 37. The computer program product according to claim 35 further including instructions executable by the processor for performing one of;
    - limiting access to an internal anti-malware application, displaying graphical indicia of malware detected by the reconnoitering application on the host processing unit, removing the detected malware from the host processing unit and any combination thereof.
  - 38. The computer program product according to claim 35 further including instructions executable by the processor for performing one of, controlling offline usage of temporarily cached information and controlling audit functions internal to the portable endpoint security device.
  - 39. The computer program product according to claim 35 including instructions executable by the processor for performing one of, controlling distribution of an internally maintained application, controlling usage of the internally maintained application, providing change management of the internally maintained application and any combination thereof.
  - 40. The computer program product according to claim 35 further including instructions executable by the processor for performing one of;
    - controlling distribution of a document, controlling access to the document and providing change management of the document.
  - 41. The computer program product according to claim 35 further including instructions executable by the processor for performing one of, determining if an existing host application has an executable association with an internally maintained file, allowing the host application to access the internally maintained file, executing an internally maintained application, downloading an internally maintained application and any combination thereof.
  - 42. The computer program product according to claim 35 wherein at least one of the one or more trust dependent characteristics reconnoitered from the host processing unit is location dependent, context dependent and any combination thereof.
  - 43. The computer program product according to claim 42 wherein the location dependence is inferred from one of;
    - an IP address, an IP address range, a MAC address, a domain name, a set of GPS coordinates and any combination thereof.
  - 44. The computer program product according to claim 42 wherein the context dependence is inferred from one of, a memory execution stack, a registry entry, a Windows COM object, a Windows DCOM object, a DSOM object, a service, a process and any combination thereof.
  - 45. The computer program product according to claim 42 wherein the context dependence is inferred from one of, a footprint of an operating system, a hardware configuration, an object, a binary file, a security policy, verification indicia and any combination thereof.
  - 46. The computer program product according to claim 45 wherein the verification indicia is one of;
    - a cryptogram, a digital credential, a digital signature, a checksum value, a cyclic redundancy check value, a hash value and any combination thereof.
  - 47. The computer program product according to claim 35 wherein the determined relative trusted state of the host processing unit is determinative of a level of access a user is afforded to information contained in or available using the portable endpoint security device.
  - 48. The computer program product according to claim 35 wherein the determined relative trusted state is determinative of a level of required user interaction with the portable endpoint security device.
  - 49. The computer program product according to claim 35 wherein the administered trust dependent functional control over the portable endpoint security device is established for one of, internal data manipulation, internal application manipulation, application execution and any combination thereof.
  - 50. The computer program product according to claim 49 wherein the application execution includes execution of internal maintained applications when the relative trusted state of the host processing unit is low and execution of external applications when the relative trusted state of the host processing unit is high.
  - 51. The computer program product according to claim 35 wherein the tangible form is one of;
    - magnetic media, optical media, logical media and any combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Redcannon Incorporated
Original Assignee
Redcannon Incorporated
Inventors
Siu, Sylvia, Vaidya, Vimal

Application Number

US11/551,451
Publication Number

US 20080098478A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/57   Certifying or maintaining t...

G06F 21/70   Protecting specific interna...

G06F 2221/2111   Location-sensitive, e.g. ge...

System, Method and Computer Program Product for Administering Trust Dependent Functional Control over a Portable Endpoint Security Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

System, Method and Computer Program Product for Administering Trust Dependent Functional Control over a Portable Endpoint Security Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links