GLOBALLY DISTRIBUTED INFRASTRUCTURE FOR SECURE CONTENT MANAGEMENT

US 20090178131A1
Filed: 06/29/2008
Published: 07/09/2009
Est. Priority Date: 01/08/2008
Status: Abandoned Application

First Claim

Patent Images

1. An infrastructure for providing a security protection service to an IT device, comprising:

a plurality of POPs, each POP including a suite of security products, each product in the suite arranged for providing one or more security functionalities, one of the security products comprising a forward proxy server for forwarding traffic from the IT device to resource servers on the Internet;

a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers disposed in the hub, and further providing identity management to authenticate and authorize a user of the IT device for the security protection service; and

a management operations center operatively coupled to the hub for implementing centralized management for the infrastructure, the centralized management including monitoring and auditing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

Citations

20 Claims

1. An infrastructure for providing a security protection service to an IT device, comprising:
- a plurality of POPs, each POP including a suite of security products, each product in the suite arranged for providing one or more security functionalities, one of the security products comprising a forward proxy server for forwarding traffic from the IT device to resource servers on the Internet;
  
  a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers disposed in the hub, and further providing identity management to authenticate and authorize a user of the IT device for the security protection service; and
  
  a management operations center operatively coupled to the hub for implementing centralized management for the infrastructure, the centralized management including monitoring and auditing.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The infrastructure of claim 1 further including at least one of edge firewall, host security gateway product, NIDs security product, NAP security product, SEM product, SIM product, UTM product, operational health monitoring product, configuration management product, anti-virus product, anti-spyware product, anti-malware product, information leakage prevention, or anti-spam product among the security products in the suite.
  - 3. The infrastructure of claim 2 further including an administrator console functionality in one or more of the POPs.
  - 4. The infrastructure of claim 3 in which the security products in the suite are operated in response to security policies.
  - 5. The infrastructure of claim 4 in which the securities policies are disposed in a database located in either a POP or the hub.
  - 6. The infrastructure of claim 5 in which the user accesses the security protection service using a connection to the Internet.

7. A method for providing a security protection service for IT devices, the method comprising the steps of:
- utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet;
  
  authenticating and authorizing users of the IT devices for the security protection service; and
  
  securing user interactions to the resource servers using one or more security products located in the POP.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7 including a further step of monitoring clicks performed by the user on web content hosted by the resource servers
  - 9. The method of claim 8 including a further step of generating a profile of the user based on the monitoring.
  - 10. The method of claim 8 including a further step of providing content or processes to the user based on the profile.
  - 11. The method of claim 10 in which the content or processes are personalized to the user.
  - 12. The method of claim 11 in which the content or processes comprise one of advertising, search results, or web-based experience.
  - 13. The method of claim 12 in which the search results are cleaned by the security protection service.
  - 14. The method of claim 13 in which the security protection service is subscription based.

15. A method for providing a security protection service for IT devices, the method comprising the steps of:
- utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet;
  
  authenticating and authorizing users of the IT devices for the security protection service;
  
  redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience may be implemented; and
  
  managing the forward proxy servers in the POPs using an enterprise management subsystem located in a hub that is coupled to one or more POPs
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 in which the securing is performed according to predefined security policies, at least a subset of such security policies being part of security policies pertaining to an enterprise.
  - 17. The method of claim 15 including a further step of managing the security protection service through one or more centralized management centers, at least one of the centralized management centers being operatively coupled to the hub.
  - 18. The method of claim 17 including a further step of performing network optimization in a POP, the network optimization including one of caching, HTTP compression, or QoS enforcement.
  - 19. The method of claim 15 including a further step of redirecting a user to a co-located POP, a POP being co-located when network latency is minimized compared with non-co-located POPs and localization of a user experience may be implemented.
  - 20. The method of claim 19 in which the localization is performed with at least one of language, time zone, currency, or character set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ananiev, Oleg, Wohlfert, John F., Hudis, Efim, Nice, Nir, Edery, Yigal

Application Number

US12/164,078
Publication Number

US 20090178131A1
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/629   to features or functions of...

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

G06Q 30/0204   Market segmentation

G06Q 30/0215   Including financial accounts

H04L 63/0281   Proxies

H04L 63/14   for detecting or protecting...

H04L 63/20   for managing network securi...

GLOBALLY DISTRIBUTED INFRASTRUCTURE FOR SECURE CONTENT MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GLOBALLY DISTRIBUTED INFRASTRUCTURE FOR SECURE CONTENT MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links