Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture

US 20080307488A1
Filed: 10/30/2007
Published: 12/11/2008
Est. Priority Date: 10/16/2002
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a device to operate within an enterprise system having an enterprise policy, comprising:

installing an agent on the device;

analyzing the device, using the agent, to determine profile information of the device;

sending the determined profile information to a type 2 super peer;

verifying, within the type 2 super peer, whether the profile information conforms to the enterprise policy;

generating an agent trust credential within the type 2 super peer, if the profile information conforms to the enterprise policy, for the agent based upon the profile information;

issuing, if the profile information conforms to the enterprise policy, the agent trust credential to the agent;

verifying authenticity of the device based upon the agent trust credential;

communicating with the device if the device is authenticated; and

preventing communication with the device if the device is not authenticated.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods authenticate a device to operate within an enterprise system with an enterprise policy. An agent, installed on the device, analyzes the device to determine profile information of the device. The determined profile information is sent to a type 2 super peer that verifies whether the profile information conforms to the enterprise policy. If the profile information conforms to the enterprise policy, an agent trust credential is generated, within the type 2 super peer, for the agent, based upon the profile information, and issued to the agent. Authenticity of the device is verified based upon the agent trust credential. If the device is authenticated, communications with the device are permitted. If the device is not authenticated, communications with the device is prevented. In another embodiment, a method restores a device to conform to a system policy. A snapshot of critical components of the device is taken while the device is in compliance with the system policy. The critical components are monitored to identify critical components that differ from the critical components of the snapshot. If differing critical components are detected, the device is restored to conform with system policy by replacing differing critical components based upon the snapshot.

175 Citations

View as Search Results

20 Claims

1. A method for authenticating a device to operate within an enterprise system having an enterprise policy, comprising:
- installing an agent on the device;
  
  analyzing the device, using the agent, to determine profile information of the device;
  
  sending the determined profile information to a type 2 super peer;
  
  verifying, within the type 2 super peer, whether the profile information conforms to the enterprise policy;
  
  generating an agent trust credential within the type 2 super peer, if the profile information conforms to the enterprise policy, for the agent based upon the profile information;
  
  issuing, if the profile information conforms to the enterprise policy, the agent trust credential to the agent;
  
  verifying authenticity of the device based upon the agent trust credential;
  
  communicating with the device if the device is authenticated; and
  
  preventing communication with the device if the device is not authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the step of verifying occurs periodically.
  - 3. The method of claim 1, wherein the step of verifying occurs immediately the device attempts to connect to the enterprise system.
  - 4. The method of claim 1, the step of analyzing further comprising obtaining biometric data from a user of the device by utilizing a biometric scanner.
  - 5. The method of claim 4, wherein the biometric scanner is one of the group including a fingerprint scanner, an iris scanner and a voice recognition system.
  - 6. The method of claim 4, further comprising periodically operating the biometric scanner to verify the user of the device has not changed.
  - 7. The method of claim 1, wherein the agent trust credential comprises a PKI certificate and a certificate extension.
  - 8. The method of claim 1, wherein the agent trust credential comprises a public key and a digital signature of the type 2 super peer.
  - 9. The method of claim 8, wherein the step of verifying comprises decoding the digital signature using the public key.
  - 10. The method of claim 1, wherein the agent trust credential comprises hard and soft credentials.
  - 11. The method of claim 10, wherein the hard and soft credentials are utilized to determine a level of trust for the device, the level of trust determining the level of communication between the enterprise system and the device.

12. A realm controller with high reliability and high availability, comprising:
- a first computer system;
  
  a second computer system in communication with the first computer system; and
  
  a SSI clustering package running on each of the first and second computer systems;
  
  wherein realm controller operation continues without interruption if a hardware failure occurs on any one of the first and second computers.
- View Dependent Claims (13, 14)
- - 13. The realm controller of claim 12, wherein the first and second computer systems are connected together by a cross-over Ethernet cable, the first and second computer system each having two or more network interface cards (NICs).
  - 14. The realm controller of claim 12, further comprising:
    - at least one additional computer system, the computer system in communication with the first and the second computer systems;
      
      an Ethernet switch to facilitate communication between the first, second and additional computer systems; and
      
      a network-attached storage (NAS) device for storing common data.

15. A method for protecting a networked computer system from abnormal activity, comprising:
- installing one or more agents within each computing device of the networked computer system;
  
  monitoring the network and its devices, using the agents, to determine a normal behavior of the network;
  
  monitoring the network and its devices, using the agents, to determine abnormal behavior of the network;
  
  isolating affected devices upon detection of abnormal behavior.
- View Dependent Claims (16)
- - 16. The method of claim 15, further comprising blocking the abnormal behavior.

17. A method for isolating a device from communicating with a network when the device profile deviates from a defined system policy, comprising:
- installing an active agent on the device;
  
  operating the active agent to periodically profile the device;
  
  determining whether the device profile conforms to the system policy;
  
  preventing the device, using the active agent, from communicating with the network if the profile does not comply; and
  
  allowing the device, using the active agent, to communicate with the network of the profile does comply.

18. A method for restoring a device to conform to a system policy, comprising;
- taking a snapshot of critical components of the device while the device is in compliance with the system policy;
  
  monitoring the critical components to identify critical components that differ from the critical components of the snapshot; and
  
  restoring the device to conform with system policy, if differing critical components are detected, by replacing differing critical components based upon the snapshot.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the critical components are files.
  - 20. The method of claim 18, the step of restoring further comprising notifying the user of a non-compliance to system policy if differing critical components are identified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Burstiq, Inc.
Original Assignee
Innerwall, Inc.
Inventors
Hammond, Frank J. II, Ricotta, Frank J. JR., Carlander, Steven James, Dykstra, Hans Michael, Williams Gerber, Sarah, Williams, Blake Andrew

Granted Patent

US 8,239,917 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/0659   by isolating or reconfiguri...

H04L 41/0816   the condition being an adap...

H04L 41/0836   to enhance reliability, e.g...

H04L 41/5009   Determining service level p...

H04L 43/00   Arrangements for monitoring...

H04L 43/16   Threshold monitoring

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 63/1491   using deception as counterm...

H04L 63/20   for managing network securi...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1093   Some peer nodes performing ...

H04L 67/303   Terminal profiles

Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

175 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

175 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others