NETWORK CONNECTION CONTROL PROGRAM, NETWORK CONNECTION CONTROL METHOD, AND NETWORK CONNECTION CONTROL SYSTEM

US 20090055896A1
Filed: 02/06/2006
Published: 02/26/2009
Est. Priority Date: 03/03/2005
Status: Abandoned Application

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention prevents a computer, which is infected by an unauthorized program such as a virus or spyware when the computer is brought out, from being connected with a secure network such as an intracompany LAN. When a user terminal is started, a connection with the intracompany LAN is attempted. Then, a network connection is temporarily stopped and an environment is compared with the one where the user terminal operated at a previous time. When there is no difference between both of the environments, the connection with the intracompany LAN is restored. However, when it is determined that the user terminal is connected with a network other than the intracompany LAN when the user terminal was operated at a previous time, an inspection for a virus or the like is executed by a USB memory where the latest anti-virus software is stored. After it is confirmed that the user terminal is safe, the connection with the intracompany LAN is restored.

Citations

30 Claims

1-15. -15. (canceled)

16. A network connection control program stored in a memory of a computer and executable on a processor of the computer for preventing a computer where an unauthorized program is stored from being connected with a secure network, the network connection control program comprising:
- software for stopping a processing for connecting with the network executed by the network connection program stored in the computer;
  
  software for reading first environmental information which concerns a connection environment to the secure network, and which is stored in the computer;
  
  software for reading second environmental information which concerns a connection environment to the network where the computer operated at a previous time, and which is stored in the computer;
  
  software for comparing the first environmental information with the second environmental information, and determining that the environment where the computer operated at a previous time was a connection environment other than the secure network when the first environmental information does not match with the second environment;
  
  software for starting an inspection program which inspects whether or not an unauthorized program is stored in the computer, and which is read from the computer or an external storage device connected with the computer when it is determined that the environment where the computer operated at a previous time was the connection environment other than the secure network; and
  
  software for starting processing for connecting with the network executed by the network connection program when the unauthorized program is not detected in the computer by the inspection program.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The program according to claim 16, further comprising:
    - software for executing at least one of;
      
      a) processing for starting a restoring program for restoring the unauthorized program, and b) processing for establishing the communication with a monitor terminal connected with the secure network and sending an alert message to the monitor terminal, when the unauthorized program is detected in the computer by the inspection program.
  - 18. The program according to claim 16, further comprising:
    - software for connecting with the network where only a communication with a monitor terminal connected with the secure network is permitted, and determining that the network is not the secure network when it is not possible to communicate with the monitor terminal; and
      
      software for starting the processing for connecting with the network executed by the network connection program when it is determined that the network is not the secure network.
  - 19. The program according to claim 16, further comprising:
    - software for connecting with the network to collect third environmental information on a connection environment to the network, and acquiring the third environmental information;
      
      software for comparing the second environmental information with the third environmental information, and determining that the computer can be connected with the network when the second environmental information matches with the third environmental information; and
      
      software for starting the processing for connecting with the network executed by the network connection program when it is determined that the computer can be connected with the network.
  - 20. The program according to claim 16, wherein, software for starting the inspection program comprises:
    - software for reading an update time or version information of the inspection program from the computer or the external storage device connected with the computer is acquired, and the step of executing the processing for connecting with the network is not executed when a predetermined requirement in order to certify the update time or the version information as the latest program by the inspection program is not satisfied.

21. A network connection control method for preventing a computer where an unauthorized program is stored from being connected with a secure network, comprising:
- stopping, by a computer where a processing for connecting with a network is started, the processing for connecting with the network executed by a network connection program stored in the computer;
  
  reading, by the computer, first environmental information concerning a connection environment to the secure network, the first environmental information stored in the computer;
  
  reading, by the computer, second environmental information which concerns a connection environment to the network where the computer operated at a previous time, and which is stored in the computer;
  
  comparing, by the computer, the first environmental information with the second environmental information, and determining that the environment where the computer operated at a previous time was a connection environment other than the secure network when the first environmental information does not match with the second environment;
  
  starting, by the computer, an inspection program which inspects whether or not an unauthorized program is stored in the computer, and which is read from the computer or the external storage device connected with the computer when it is determined that the environment where the computer operated at a previous time was the connection environment other than the secure network; and
  
  starting, by the computer, the processing for connecting with the network executed by the network connection program when the unauthorized program is not detected in the computer by the inspection program.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method according to claim 21, further comprising the step of:
    - executing, by the computer, at least one of;
      
      a) processing for starting a restoring program for restoring the unauthorized program, and b) processing for establishing the communication with a monitor terminal connected with the secure network and sending an alert message to the monitor terminal, when the unauthorized program is detected in the computer by the inspection program.
  - 23. The method according to claim 21, further comprising the steps of:
    - connecting, by the computer, with the network where only a communication with the monitor terminal connected with the secure network is permitted, and determining that the network is not the secure network when it is not possible to communicate with the monitor terminal; and
      
      starting, by the computer, the processing for connecting with the network executed by the network connection program when it is determined that the network is not the secure network.
  - 24. The method according to claim 21, further comprising the steps of:
    - connecting, by the computer, with the network to collect third environmental information on a connection environment to the network, and acquiring the third environmental information;
      
      comparing, by the computer, the second environmental information with the third environmental information, and determining that the computer can be connected with the network when the second environmental information matches with the third environmental information; and
      
      starting, by the computer, the processing for connecting with the network executed by the network connection program when it is determined that the computer can be connected with the network.
  - 25. The method according to claim 21, wherein, the step of starting the inspection program comprises:
    - reading an update time or version information of the inspection program which is read from the computer or the external storage device connected with the computer, and the step of executing the processing for connecting with the network by the computer is not executed when a predetermined requirement in order to certify the update time or the version information as the latest program by the inspection program is not satisfied.

26. A network connection control system for preventing a computer where an unauthorized program is stored from being connected with a secure network, and the network connection control system comprising:
- a network connection for executing a processing for connecting with a network of the computer;
  
  a connection processing stopping mechanism for stopping the processing for connecting with the network executed by the network connection means when the computer is started;
  
  a first environmental information store for storing first environmental information on the connection environment to the secure network;
  
  a second environmental information store for storing second environmental information on a connection environment to the network where the computer operated at a previous time;
  
  an environmental information comparing mechanism for comparing the first environmental information with the second environmental information by reading the first environmental information from the first environmental information store, and by reading the second environmental information from the second environmental information store;
  
  a connection environment determining mechanism for determining that an environment where the computer operated at a previous time is connection environment other than the secure network when the first environmental information does not match with the second environment in the environmental information comparing mechanism; and
  
  an inspection program starting mechanism for starting an inspection program which inspects whether or not the unauthorized program is stored in the computer, and which is read from the computer or the external storage device connected with the computer when it is determined that the environment where the computer operated at a previous time was the connection environment other than the secure network in the connection environment determining mechanism;
  
  whereinthe processing for connecting with the network by the network connection mechanism is started when the unauthorized program is not detected in the computer by the inspection program which was started by the inspection program starting mechanism.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The system according to claim 26, whereinat least one of:
    - a) processing for starting a restoring program for restoring the unauthorized program, and b) processing for establishing the communication with a monitor terminal connected with the secure network and sending an alert message to the monitor terminal is executed, when the unauthorized program is detected in the computer by the inspection program which was started by the inspection program starting mechanism.
  - 28. The system according to claim 26, further comprising:
    - a secure network determining mechanism for connecting with the network where only a communication with the monitor terminal connected with the secure network is possible, and determining that the network is not the secure network when it is not possible to communicate with the monitor terminal;
      
      whereinthe processing for connecting with the network executed by the network connection mechanism is started when it is determined that the network is not the secure network by the secure network determining mechanism.
  - 29. The system according to claim 26, further comprising:
    - an environmental information acquiring mechanism for connecting with the network to collect third environmental information on a connection environment to the network, and acquiring the third environmental information; and
      
      a second connection environment determining mechanism for comparing the second environmental information with the third environmental information, and determining that the computer can be connected with the network when the second environmental information matches with the third environmental information;
      
      whereinthe processing for connecting with the network executed by the network connection mechanism is started when it is determined that the computer can be connected with the network by the second connection environment determining mechanism.
  - 30. The system according claim 26, wherein, the inspection program starting mechanism comprises:
    - a mechanism for reading an update time or version information of the inspection program which is read from the computer or the external storage device connected with the computer, and the processing for connecting with the network executed by the network connection mechanism is not executed when a predetermined requirement in order to certify the update time or the version information as the latest program by the inspection program is not satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intelligent Wave, Inc. (Dai Nippon Printing Company Limited)
Original Assignee
Intelligent Wave, Inc. (Dai Nippon Printing Company Limited)
Inventors
Kawano, Hiroaki, Aoki, Osamu

Application Number

US11/817,699
Publication Number

US 20090055896A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/575 Secure boot

G06F 21/577 Assessing vulnerabilities a...

NETWORK CONNECTION CONTROL PROGRAM, NETWORK CONNECTION CONTROL METHOD, AND NETWORK CONNECTION CONTROL SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK CONNECTION CONTROL PROGRAM, NETWORK CONNECTION CONTROL METHOD, AND NETWORK CONNECTION CONTROL SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links