Access Control Method And Apparatus

US 20100138908A1
Filed: 06/28/2005
Published: 06/03/2010
Est. Priority Date: 06/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to computing resources, comprising:

providing a first computing device with access to a database containing data indicative of a plurality of computing resources access to which is controlled by said first computing device and a minimum level of required security capability that a second computing device must possess to be provided with access to said respective computing resources;

assigning said second computing device a security capability;

providing said second computing device with data indicative of said security capability;

configuring said first computing device to respond to receiving said data indicative of said security capability and data indicative of a desired access from said second computing device by ascertaining the minimum level of required security capability corresponding to said desired access and by comparing said minimum level of required security capability with said security capability of said second computing device; and

providing said desired access if said security capability of said second computing device meets said minimum security capability for said desired access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of controlling access to computing resources, comprising providing a first computing device with access to a database containing data indicative of computing resources access to which is controlled by the first computing device and a minimum security capability that a second computing device must possess to access the respective resources, assigning the second computing device a security capability, providing the second computing device with data indicative of the security capability, configuring the first computing device to respond to data indicative of the security capability and data indicative of a desired access from the second computing device by ascertaining the minimum required security capability corresponding to the desired access and by comparing the minimum required security capability with the security capability of the second computing device, and providing the desired access if the security capability of the second computing device meets the minimum security capability for the desired access.

85 Citations

View as Search Results

19 Claims

1. A method of controlling access to computing resources, comprising:
- providing a first computing device with access to a database containing data indicative of a plurality of computing resources access to which is controlled by said first computing device and a minimum level of required security capability that a second computing device must possess to be provided with access to said respective computing resources;
  
  assigning said second computing device a security capability;
  
  providing said second computing device with data indicative of said security capability;
  
  configuring said first computing device to respond to receiving said data indicative of said security capability and data indicative of a desired access from said second computing device by ascertaining the minimum level of required security capability corresponding to said desired access and by comparing said minimum level of required security capability with said security capability of said second computing device; and
  
  providing said desired access if said security capability of said second computing device meets said minimum security capability for said desired access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 18)
- - 2. A method as claimed in claim 1, further comprising transmitting a message indicating a desired access from said second computing device to said first computing device, and subsequently transmitting said data indicative of said security capability data to said first computing device upon request of said first computing device.
  - 3. A method as claimed in claim 1, including assigning the security capability of said second computing device according to a metric for categorizing said second computing device depending on compliance of said second computing device with a set of security standards and security requirements.
  - 4. A method as claimed in claim 1, including storing said data indicative of said security capability in a digital certificate.
  - 5. A method as claimed in claim 4, including storing said digital certificate in a trusted platform module chip provided in said second computing device.
  - 6. A method as claimed in claim 1, including the first computing device sending a request to the second computing device for security audit data.
  - 7. A method as claimed in claim 6, including the second computing device generating said security audit data by conducting a security audit upon receiving said request.
  - 18. A computer readable medium provided with program data that, when executed on a computing device, implements a method as defined in claim 1.

8. A method of requesting access to a remote computing resource from a user computing device, comprising:
- providing said user computing device with data indicative of a security capability of said user computing device;
  
  transmitting to a remote computing device said security capability and data indicative of a desired access, so that said remote computing device can assess whether said security capability meets a minimum level of required security capability specified for said desired access; and
  
  receiving data indicative of allowance of said desired access if said security capability meets said minimum level of required security capability specified for said desired access.
- View Dependent Claims (9, 10, 19)
- - 9. A method as claimed in claim 8, including receiving electronically a request for security audit data pertaining to said user computing device from said remote computing device.
  - 10. A method as claimed in claim 9, including generating said security audit data by conducting a security audit upon receiving said request, and transmitting said security audit data to said remote computing device.
  - 19. A computer readable medium provided with program data that, when executed on a computing device, implements a method as defined in claim 8.

11. An access control system for controlling access to a computing resource from a user computing device, comprising:
- an access server;
  
  a database accessible by said access server containing data indicative of a plurality of types of computing resources access to which is controlled by said access server and of a minimum level of required security capability that said user computing device must possess to be granted said respective types of access to said access server;
  
  wherein said access server is configured to receive data indicative of said security capability and data indicative of a desired access from said user computing device, to ascertain from said database the minimum level of required security capability corresponding to said desired access, to compare said minimum level of required security capability with said security capability of said user computing device, and to provide said desired access if said security capability of said user computing device meets said minimum security capability for said desired access.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A system as claimed in claim 11, wherein said data indicative of a security capability of said user computing device is in the form of data indicative of a security capability classification.
  - 13. A system as claimed in claim 11, including memory provided in said user computing device containing said data indicative of said security capability of said user computing device.
  - 14. A system as claimed in claim 11, wherein said access server is configured to send a request to said user computing device for security audit data.
  - 15. A system as claimed in claim 14, wherein said request is adapted to prompt said user computing device to generating said security audit data by conducting a security audit upon receiving said request.

16. A user computing device for use in accessing a remote computing resource, comprising:
- a telecommunications module for communicating accessing said remote computing resource;
  
  a processor in data communication with said telecommunications module; and
  
  software executable on said processor;
  
  wherein said user computing device is controllable to transmit a request for access to said remote computing resource, to receive in response a request for security data pertaining to said user computing device software from or on behalf of said remote computing resource, and to respond to said request by returning said security data.
- View Dependent Claims (17)
- - 17. A user computing device as claimed in claim 16, wherein said user computing device is further adapted to respond to said request by conducting a security audit of said user computing device to generate security audit data and subsequently to return said security audit data either as said security data or as a component of said security data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Fernandes, Savio, Vennelakanti, Ravigopal

Granted Patent

US 8,474,031 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

Access Control Method And Apparatus

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Access Control Method And Apparatus

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others