System, Method, Apparatus, and Computer Program Product for Facilitating Digital Communications

US 20080222696A1
Filed: 04/18/2008
Published: 09/11/2008
Est. Priority Date: 08/16/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:

storing a plurality of client policies on the remote computer, at least one of the client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;

receiving a request from a user of the remote computer for access to the secured computer;

determining an identity of the user;

selecting, based on the identity of the user, the one of the plurality of client policies that will most reduce the likelihood of a security breach of the secured computer;

verifying that the remote computer conforms with the selected client policy; and

connecting the client to the secured computer if the remote computer conforms with the selected client policy.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method and apparatus prevents unsecured access to a computer over a network by a client running on a remote computer. In one aspect of the present invention, a client policy is stored on the remote computer. The client policy includes a configuration of the remote computer that reduces the likelihood of a security breach of the computer as a result of the remote computer accessing the computer. A request is received from a user for access to the computer. It is verified that the remote computer conforms with the client policy, and the client is connected to said computer.

85 Citations

View as Search Results

28 Claims

1. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- storing a plurality of client policies on the remote computer, at least one of the client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a user of the remote computer for access to the secured computer;
  
  determining an identity of the user;
  
  selecting, based on the identity of the user, the one of the plurality of client policies that will most reduce the likelihood of a security breach of the secured computer;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method recited in claim 1, wherein the verifying step includes verifying that none of a list of forbidden applications are running on the remote computer.
  - 3. The method recited in claim 2, wherein the list of forbidden applications includes at least one of a virus, a spyware application, an instant messaging application, an unlicensed application, and a file-sharing application.
  - 4. The method recited in claim 1, wherein the verifying step includes verifying that all of a list of required applications are running on the remote computer.
  - 5. The method recited in claim 4, wherein the list of required applications including at least one of a firewall application, an anti-virus application, and an anti-spyware application.
  - 6. The method recited in claim 1, further comprising periodically determining that the remote computer conforms with the selected client policy;
    - andtaking a policy-based action if the remote computer does not conform to the selected client policy, the policy-based action including at least one of correcting a non-conforming condition and notifying the user of the non-conforming condition.
  - 7. The method recited in claim 6, further comprising disconnecting the client from at least one of the secured computer and an Internet connection if the non-conforming condition cannot be corrected.
  - 8. The method recited in claim 1, further comprising transmitting a list of policy violations to an access control gateway.

9. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- transmitting a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving information of an identity of a user operating the remote computer;
  
  receiving information of a policy violation from the remote computer, the existence of the policy violation being based on the identity of the user; and
  
  modifying access rights of the user to operate the secured computer based on the policy violation.
- View Dependent Claims (10)
- - 10. The method recited in claim 9, wherein the modifying step includes denying the remote computer access to the secured computer.

11. A computer program product including a computer storage medium, the computer storage medium including at least one of volatile and non-volatile media, and a computer program code mechanism embedded in the computer storage medium for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the computer code mechanism comprising:
- a computer code device configured to store a client policy on the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  a computer code device configured to receive a request from a user of the remote computer for access to the secured computer;
  
  a computer code device configured receive information of an identity of the user;
  
  a computer code device configured to determine whether the remote computer conforms with the client policy, the determination being based on the identity of the user; and
  
  a computer code device configured to connect the client to the secured computer;
  
  wherein the remote computer accesses the secured computer over the network if the remote computer conforms with the client policy.

12. A computer program product including a computer storage medium, the computer storage medium including at least one of volatile and non-volatile media, and a computer program code mechanism embedded in the computer storage medium for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the computer code mechanism comprising:
- a computer code device configured to transmit a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  a computer code device configured to receive information of an identity of a user operating the remote computer;
  
  a computer code device configured to receive information of a policy violation from said remote computer, the existence of the policy violation being based on the identity of the user; and
  
  a computer code device configured to modify access rights of the user operating the remote computer,wherein the remote computer cannot access the secured computer over the network until the policy violation is removed.

13. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- means for storing a plurality of client policies on the remote computer, at least one of said client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  means for receiving a request from a user of the remote computer for access to the secured computer, the request including information of an identity of the user;
  
  means for identifying a required one of said plurality of client policies based on the identity of the user;
  
  means for verifying that the remote computer conforms with the required client policy; and
  
  means for connecting the client to the secured computer if the remote computer conforms with the required client policy.

14. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- means for transmitting a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  means for receiving information of an identity of a user operating the remote computer;
  
  means for receiving information of a policy violation from the remote computer, the existence of the policy violation being based on the identity of the user;
  
  means for modifying access rights of a user operating the remote computer based on the policy violation.

15. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- a storage mechanism configured to store a plurality of client policies on the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  an input/output device configured to receive a request from a user of the remote computer for access to the secured computer, the request including information of an identity of the user; and
  
  a processor configured to identify a required one of the client policies based on the identity of the user;
  
  a processor including a verification mechanism configured to verify that the remote computer conforms with the required client policy;
  
  wherein the input/output device is configured to connect the client to the secured computer if the remote computer conforms with the required client policy.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The apparatus recited in claim 15, wherein the verification mechanism is configured to verify that none of a list of forbidden applications are running on the remote computer.
  - 17. The apparatus recited in claim 16, wherein the list of forbidden applications includes at least one of a virus application, a spyware application, an instant messaging application, an unlicensed application, and a file-sharing application.
  - 18. The apparatus recited in claim 15, wherein the verification mechanism is configured to verify that all of a list of required applications are running on the remote computer.
  - 19. The apparatus recited in claim 18, wherein the list of required applications includes at least one of a firewall application, an anti-virus application, and an anti-spyware application.

20. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- an input/output device configured to transmit a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer, the input/output device configured to receive a list of policy violations from the remote computer;
  
  an input/output device configured to receive a request from a user of the remote computer for access to the secured computer, the request including information of an identity of the user; and
  
  a processor configured to identify a required one of the client policies based on the identity of the user;
  
  a processor including a verification mechanism configured to verify that the remote computer conforms to the required client policy; and
  
  a processor including an access control mechanism configured to modify access rights of a user operating the remote computer for access to the secured computer.
- View Dependent Claims (21)
- - 21. The method recited in claim 20, wherein the access control mechanism is configured to deny the remote computer access to the secured computer if the remote computer does not conform to the required client policy.

22. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- storing a plurality of client policies on the remote computer, at least one of the client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a specified user of the remote computer for access to the secured computer;
  
  determining an identity of the specified user;
  
  selecting, based on the identity of the specified user, the one of the plurality of client policies that will most reduce the likelihood of a security breach of the secured computer, the selected policy including a list of a list of forbidden applications that cannot run on the remote computer if the specified user is using the remote computer and a list of required applications that must run on the remote computer if the specified user is using the remote computer;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.
- View Dependent Claims (23, 24)
- - 23. The method according to claim 22, wherein the list of prohibited applications includes at least one of a virus, a spyware application, an instant messaging application, an unlicensed application, and a file-sharing application.
  - 24. The method according to claim 22, wherein the list of required applications includes at least one of a firewall application, an anti-virus application, and an anti-spyware application.

25. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- storing a plurality of client policies on the remote computer, at least one of the client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a user at the remote computer for access to the secured computer;
  
  determining a status of the remote computer;
  
  selecting, based on the status of the remote computer, the one of the plurality of client policies that will most reduce the likelihood of a security breach of the secured computer;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.

26. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- transmitting a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving information of a status of the remote computer;
  
  receiving information of a policy violation from the remote computer, the existence of the policy violation being based on the status of the remote computer; and
  
  modifying access rights of the remote computer to access a resource of the secured computer based on the policy violation.

27. A computer-implemented method for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- storing a plurality of client policies on the remote computer, at least one of the client policies including information of a preferred connection method that reduces the likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a user at the remote computer for access to the secured computer;
  
  determining a location of the remote computer;
  
  selecting, based on the status of the remote computer, the one of the plurality of client policies that will most reduce the likelihood of a security breach of the secured computer, the selected client policy including the preferred connection method; and
  
  connecting the client to the secured computer in accordance with the selected client policy and the preferred connection method.
- View Dependent Claims (28)
- - 28. The method according to claim 27, further comprising determining an appropriate authentication method to be used to authenticate the user for connection to the secured computer, the appropriate authentication method being based on one of an identity of the user, the location of the remote computer, and the preferred connection method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Bluestone, Derek, Adams, Clinton, Pressman, Howard M., Nicodemus, Blair Gaver, Pappano, Joseph E.

Granted Patent

US 7,725,589 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

System, Method, Apparatus, and Computer Program Product for Facilitating Digital Communications

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System, Method, Apparatus, and Computer Program Product for Facilitating Digital Communications

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links