Client enforced network tunnel vision

US 20080120690A1
Filed: 11/17/2006
Published: 05/22/2008
Est. Priority Date: 11/17/2006
Status: Abandoned Application

First Claim

Patent Images

1. One or more computer-readable media comprising computer-executable instructions for restricting network access based on one or more monitored states, the computer-executable instructions directed to steps comprising:

monitoring the one or more monitored states;

comparing the one or more monitored states to one or more benchmark states indicating acceptable states;

restricting network access if the comparing indicates that the one or more monitored states are not acceptable; and

re-enabling network access if the one or more monitored unacceptable states become acceptable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

If a service detects that a state of a computer system deviates from an acceptable state, the computer system can be prevented from accessing network resources or locations, except for those network resources or locations that would bring the state into compliance. Monitored states can include whether applications or the operating system have been properly purchased, whether they have been properly updated, and whether they are being properly used given the environment of their usage. Network restrictions can be implemented through a parental control mechanism, a domain name service mechanism, or other like mechanisms, and can include redirection to appropriate network resources or locations.

78 Citations

View as Search Results

20 Claims

1. One or more computer-readable media comprising computer-executable instructions for restricting network access based on one or more monitored states, the computer-executable instructions directed to steps comprising:
- monitoring the one or more monitored states;
  
  comparing the one or more monitored states to one or more benchmark states indicating acceptable states;
  
  restricting network access if the comparing indicates that the one or more monitored states are not acceptable; and
  
  re-enabling network access if the one or more monitored unacceptable states become acceptable.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-readable media of claim 1, wherein the restricting network access comprises allowing network access directed to network resources that are necessary for rendering acceptable the one or more monitored unacceptable states.
  - 3. The computer-readable media of claim 1, wherein the restricting network access comprises redirecting network access to network resources that are necessary for rendering acceptable the one or more monitored unacceptable states.
  - 4. The computer-readable media of claim 1, wherein the benchmark states are dynamically obtained from an external source.
  - 5. The computer-readable media of claim 1, wherein the restricting network access comprises modifying a network name service agent configuration and cache.
  - 6. The computer-readable media of claim 1, wherein the restricting network access is performed by a parental control mechanism.
  - 7. The computer-readable media of claim 1, wherein the comparing comprises determining if an appropriate license has been purchased.
  - 8. The computer-readable media of claim 1, wherein the comparing comprises determining if one or more critical updates have been installed.

9. A method of enforcing a policy, the method comprising the steps of:
- monitoring one or more monitored states associated with the policy;
  
  comparing the one or more monitored states to one or more benchmark states selected according to the policy;
  
  restricting network access if the comparing indicates that the one or more monitored states are not in conformance with the policy; and
  
  re-enabling network access if the one or more monitored states changes to conform with the policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the restricting network access comprises allowing network access directed to network resources that are necessary for modifying the one or more monitored states so as to comply with the policy.
  - 11. The method of claim 9, wherein the restricting network access comprises redirecting network access to network resources that are necessary for modifying the one or more monitored states so as to comply with the policy.
  - 12. The method of claim 9, wherein the benchmark states are dynamically obtained from an external source.
  - 13. The method of claim 9, wherein the policy is directed to prevention of software piracy, and wherein further the comparing comprises determining if an appropriate license has been purchased.
  - 14. The method of claim 9, wherein the policy is directed to prevention of the spread of malicious software, and wherein further the comparing comprises determining if one or more critical updates have been installed.
  - 15. The method of claim 9, wherein the policy is directed to prevention of inappropriate behavior, and wherein further the comparing comprises determining if a request for a network resource is being made during a predefined time.

16. A parental control mechanism for limiting activities of one or more users of a computing device, the parental control mechanism performing steps comprising:
- receiving a request to restrict network access based on the activities of the one or more users, the activities of the one or more users consisting of at least one of;
  
  failing to properly purchase a license to one or more software products installed on the computing device, failing to properly apply critical updates to one or more software products installed on the computing device, and attempting to access specific network resources during predetermined times; and
  
  restricting network access for the one or more users, the one or more users comprising non-administrator and administrator users.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The parental control mechanism of claim 16, wherein the restricting network access comprises allowing network access directed to network resources that are necessary for correcting the activities of the one or more users.
  - 18. The parental control mechanism of claim 16, wherein the restricting network access comprises redirecting network access to network resources that are necessary for correcting the activities of the one or more users.
  - 19. The parental control mechanism of claim 16, performing further steps comprising displaying an in-band user notification associated with the restricted network access.
  - 20. The parental control mechanism of claim 16, performing further steps comprising displaying an out-of-band user notification associated with the restricted network access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Field, Scott A., Norlander, Rebecca A.

Application Number

US11/601,155
Publication Number

US 20080120690A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 2221/2149 Restricted operating enviro...

Client enforced network tunnel vision

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Client enforced network tunnel vision

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links