System and Method for Restricting Access to an Enterprise Network

US 20090183233A1
Filed: 03/19/2009
Published: 07/16/2009
Est. Priority Date: 07/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for restricting access to an enterprise network, comprising:

providing a security verification station located in a secured reception area of a facility associated with an enterprise;

determining, at the security verification station, whether a computer that may be connected to an enterprise network associated with the enterprise on a temporary basis has one or more malicious code items, the computer accompanying a visitor to the facility associated with the enterprise; and

providing an indication to a human if it is determined that the computer has one or more malicious code items.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the invention is a method for restricting access to an enterprise network that includes determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items where the computer accompanies a visitor to a facility associated with the enterprise network. An indication is provided to a human if it is determined that the computer has one or more malicious code items.

33 Citations

View as Search Results

42 Claims

1. A method for restricting access to an enterprise network, comprising:
- providing a security verification station located in a secured reception area of a facility associated with an enterprise;
  
  determining, at the security verification station, whether a computer that may be connected to an enterprise network associated with the enterprise on a temporary basis has one or more malicious code items, the computer accompanying a visitor to the facility associated with the enterprise; and
  
  providing an indication to a human if it is determined that the computer has one or more malicious code items.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein determining whether the computer has one or more malicious code items comprises performing a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 3. The method of claim 1, further comprising:
    - determining whether code associated with one or more programs running on the computer is of a preferred version; and
      
      applying a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 4. The method of claim 3, further comprising:
    - receiving version information associated with the code from the computer; and
      
      comparing the version information to information associated with the preferred version.
  - 5. The method of claim 4, wherein the code comprises an antivirus software application.
  - 6. The method of claim 1, further comprising establishing a communication path between the computer and the security verification station associated with the enterprise network.
  - 7. The method of claim 6, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 8. The method of claim 6, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 9. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises coupling a port of the security verification station to a port of the computer.
  - 10. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises establishing a wireless communication path between the computer and the security verification station.
  - 11. The method of claim 1, further comprising:
    - associating an identifier with the computer, the identifier indicating whether or not the determining step identified one or more malicious code items;
      
      communicating the identifier from the security verification station to the enterprise network over a communication path; and
      
      storing the identifier in a database associated with the enterprise network.
  - 12. The method of claim 1, further comprising providing a digital certificate to the computer, the digital certificate indicating whether or not the determining step identified one or more malicious code items.
  - 13. The method of claim 1, further comprising indicating to a user that the computer is corrupted if the determining step identified one or more malicious code items.
  - 14. The method of claim 1, further comprising printing a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
  - 15. The method of claim 1, further comprising printing a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
  - 16. The method of claim 15, further comprising adhering the label to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 17. The method of claim 1, further comprising placing a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 18. The method of claim 1, further comprising applying a remedial measure to the computer if the determining step identified one or more malicious code items.
  - 19. The method of claim 18, wherein applying the remedial measure comprises removing a file associated with a malicious code from the computer.
  - 20. The method of claim 18, further comprising receiving payment information from a user associated with the computer before applying the remedial measure.
  - 21. The method of claim 1, further comprising performing a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

22. A system for restricting access to an enterprise network, comprising:
- an enterprise network associated with an enterprise; and
  
  a security verification station located in a secured reception area of a facility associated with the enterprise, the security verification station at least partially isolated from the enterprise network and operable to;
  
  determine whether a computer that may be connected to the enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to the facility associated with the enterprise; and
  
  provide an indication to a human if it is determined that the computer has one or more malicious code items.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The system of claim 22, wherein the security verification station is operable to perform a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 24. The system of claim 22, wherein the security verification station is operable to:
    - determine whether code associated with one or more programs running on the computer is a preferred version; and
      
      apply a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 25. The system of claim 24, wherein the security verification station is further operable to:
    - receive version information associated with the code from the computer; and
      
      compare the version information to information associated with the preferred version.
  - 26. The system of claim 25, wherein the code comprises an antivirus software application.
  - 27. The system of claim 22, wherein the security verification station is operable to establish a communication path between the computer and a security verification station associated with the enterprise network.
  - 28. The system of claim 27, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 29. The system of claim 27, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 30. The system of claim 27, wherein a port of the security verification station is operable to couple to a port of the computer to establish a communication path between the computer and the security verification station.
  - 31. The system of claim 27, wherein the security verification station is operable to establish a wireless communication path between the computer and the security verification station.
  - 32. The system of claim 22, wherein the security verification station is further operable to:
    - associate an identifier with the computer, the identifier indicating whether or not the security verification station determined that the computer has one or more malicious code items;
      
      communicate the identifier from the security verification station to the enterprise network over a communication path; and
      
      store the identifier in a database associated with the enterprise network.
  - 33. The system of claim 22, wherein the security verification station is further operable to provide a digital certificate to the computer, the digital certificate indicating whether or not the security verification station determined that the computer has one or more malicious code items.
  - 34. The system of claim 22, wherein the security verification station is further operable to indicate to a user that the computer is corrupted if the security verification station determined that the computer has one or more malicious codes.
  - 35. The system of claim 22, wherein the security verification station is further operable to print a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
  - 36. The system of claim 22, wherein the security verification station is further operable to print a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
  - 37. The system of claim 36, wherein the label is adapted to be adhered to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 38. The system of claim 22, wherein the security verification station is further operable to place a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 39. The system of claim 22, wherein the security verification station is further operable to apply a remedial measure to the computer if the security verification station determined that the computer has one or more malicious code items.
  - 40. The system of claim 39, wherein, when applying the remedial measure, the security verification station is further operable to remove a file associated with a malicious code from the computer.
  - 41. The system of claim 39, wherein the security verification station is further operable to receive payment information from a user associated with the computer before applying the remedial measure.
  - 42. The system of claim 22, wherein the security verification station is further operable to perform a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Trueba, Luis Ruben Zapien

Granted Patent

US 8,434,152 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

System and Method for Restricting Access to an Enterprise Network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Restricting Access to an Enterprise Network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links