Detection and Removal of Undesirable Items in a Data Processing Environment

US 20090006575A1
Filed: 06/29/2007
Published: 01/01/2009
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method for addressing a threat to the security of a user device that utilizes a network-accessible service, comprising:

assessing a likelihood that the user device is infected by the undesirable item;

receiving a request by the user device to access the network-accessible service; and

in response to the request, interacting with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item, wherein the user device is operated by at least one user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Functionality is described for addressing a threat to the security of a user device that utilizes a network-accessible service. The functionality operates by assessing the likelihood that the user device is infected by the undesirable item. When the user device makes a request to access the network-accessible service, the functionality can interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.

36 Citations

View as Search Results

20 Claims

1. A method for addressing a threat to the security of a user device that utilizes a network-accessible service, comprising:
- assessing a likelihood that the user device is infected by the undesirable item;
  
  receiving a request by the user device to access the network-accessible service; and
  
  in response to the request, interacting with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item, wherein the user device is operated by at least one user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the undesirable item is instruction-bearing content that can be commandeered to perform an action that is undesirable from the standpoint of a user.
  - 3. The method of claim 1, wherein the assessing comprises:
    - detecting a potential presence of the undesirable item within a particular time frame, the presence being associated with an identified network address; and
      
      determining whether the user device utilized the identified network address within the particular time frame.
  - 4. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device unrestricted access to the network-accessible service.
  - 5. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device restricted access to the network-accessible service.
  - 6. The method of claim 1, wherein the interacting with the user device comprises, for an identified likelihood that the user device is infected with the undesirable item, providing a security warning to the user device, wherein the security warning can be provided with or without a restriction of access to the network-accessible service.
  - 7. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, granting the user device access to the network-accessible service in response to said at least one user performing a security-related procedure that cannot be readily duplicated by the undesirable item.
  - 8. The method of claim 1, wherein the interacting with the user device comprises, for an identified level of likelihood that the user device is infected with the undesirable item, preventing the user device from accessing the entire network-accessible service.
  - 9. The method of claim 1, wherein said at least one user includes a first user who operates the user device, wherein the interacting with the user device comprises sending a notification message to another device operated the first user, or sending a notification message to another user who operates the user device, wherein identity of users is determined by making reference to user identification information.
  - 10. The method of claim 1, wherein the user device interacts with the network-accessible service via an intermediary module.
  - 11. The method of claim 10, wherein the intermediary module, in cooperation with an item management module, plays a role in the assessment of the likelihood that the user device is infected by the undesirable item.
  - 12. The method of claim 11, wherein the assessment of the likelihood comprises:
    - identifying, by the item management module, that a network address within a particular time frame is associated with a potential presence of the undesirable item; and
      
      determining, based on information provided by the intermediary module, that the user device is associated with the network address within the particular time frame.
  - 13. The method of claim 12, wherein the user device is one of a plurality of user devices that interact with the network-accessible service via the intermediary module, wherein the determining ascertains, based on information provided by the intermediary module, that there is a likelihood that the user device is infected with the undesirable item.
  - 14. The method of claim 10, wherein the intermediary module plays a role in the interaction with the user device following the assessment.
  - 15. The method of claim 14, wherein the intermediary module serves as a proxy in notifying the user device that there is a likelihood that the user device is infected with the undesirable item.
  - 16. The method of claim 14, wherein the user device is one of a plurality of a user devices that interact with the network-accessible service via the intermediary module, and wherein the intermediary module sends a notification that there is a likelihood that the user device is infected with the undesirable item to one of the plurality of user devices that is not likely to be infected by the undesirable item.

17. An item management module for addressing a threat to the security of a user device that utilizes network-accessible service, comprising:
- an item detection module configured to make an assessment of a likelihood that the user device is infected by the undesirable item; and
  
  a remedy module configured to;
  
  receive a request by the user device to access the network-accessible service; and
  
  in response to the request, interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.
- View Dependent Claims (18, 19)
- - 18. The item management module of claim 17, wherein the undesirable item is instruction-bearing content that can be commandeered to perform an action that is undesirable from the standpoint of the user.
  - 19. The item management module of claim 17, further comprising a store that maintains information regarding at least one network address associated with the potential presence of the undesirable item in conjunction with at least one time frame associated with the potential presence, wherein the item detection module is configured to use the information in making its assessment.

20. An intermediary appliance module for interfacing between a user device and a network-accessible service, comprising:
- a cooperative detection module configured to cooperate with an item management module to make an assessment of a likelihood that the user device is infected by the undesirable item; and
  
  a remedy module configured to cooperate with the item management module to interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Srivastava, Kumar S., Osipkov, Ivan, Hulten, Geoffrey J., Panasyuk, Anatoliy, Scarrow, John L., Gillum, Eliot C.

Granted Patent

US 7,870,609 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/207
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/104   Grouping of entities

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Detection and Removal of Undesirable Items in a Data Processing Environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and Removal of Undesirable Items in a Data Processing Environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links