COMPUTER SECURITY LOCK DOWN METHODS

US 20100242088A1
Filed: 03/17/2009
Published: 09/23/2010
Est. Priority Date: 03/17/2009
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied in a computer readable medium that, when executing on one or more computers, assesses a security compliance state of a client computing facility by performing the steps of:

accessing security compliance information derived from a security policy resident at a server location;

determining a security compliance state by comparing the security compliance information with the client computing facility'"'"'s configuration information; and

when the security compliance state indicates that the client computing facility is in an out of compliance condition, blocking the client computing facility from communicating information to external storage devices in communication with the client computing facility.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention extend the enforcement of computer security policies by blocking device access as well as network access. In some embodiments, communications with external devices are blocked upon discovery that some aspect of the client computing facility is out of compliance vis-à-vis a security policy.

75 Citations

View as Search Results

24 Claims

1. A computer program product embodied in a computer readable medium that, when executing on one or more computers, assesses a security compliance state of a client computing facility by performing the steps of:
- accessing security compliance information derived from a security policy resident at a server location;
  
  determining a security compliance state by comparing the security compliance information with the client computing facility'"'"'s configuration information; and
  
  when the security compliance state indicates that the client computing facility is in an out of compliance condition, blocking the client computing facility from communicating information to external storage devices in communication with the client computing facility.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computer program product of claim 1, wherein the step of blocking the client computing facility from communicating information to external storage devices involves blocking communication to all external ports of the client computing facility.
  - 3. The computer program product of claim 2, wherein at least one of the external ports is a USB port.
  - 4. The computer program product of claim 2, wherein at least one of the external ports is a serial port.
  - 5. The computer program product of claim 2, wherein at least one of the external ports is a parallel port.
  - 6. The computer program product of claim 2, wherein at least one of the external ports is a Bluetooth communication port.
  - 7. The computer program product of claim 2, wherein at least one of the external ports is a disk drive port.
  - 8. The computer program product of claim 1, wherein the external storage device is a removable memory device.
  - 9. The computer program product of claim 1, wherein the non-compliant security state involves an unapproved configuration.
  - 10. The computer program product of claim 1, wherein the non-compliant security state involves a lack of a proper disk scan for malware.
  - 11. The computer program product of claim 1, wherein the non-compliant security state involves a lack of an updated operating system.
  - 12. The computer program product of claim 1, wherein the non-compliant security state involves a lack of an updated virus definition.
  - 13. The computer program product of claim 1, wherein the non-compliant security state involves a lack of an updated virus policy.
  - 14. The computer program product of claim 1, wherein the non-compliant security state involves a lack of an installed operating system patch.
  - 15. The computer program product of claim 1, wherein the non-compliant security state involves a lack of an installed application patch.
  - 16. The computer program product of claim 1, further comprising:
    - in response to the determination that the security compliance state is not in compliance, blocking the client computing facility from communicating information to any device connected to a network communication port.

17. A computer program product embodied in a computer readable medium that, when executing on one or more computers, assesses a security compliance state of a client computing facility by performing the steps of:
- accessing security compliance information derived from a security policy resident at a server location;
  
  comparing the security compliance information with the client computing facility'"'"'s configuration information; and
  
  in response to determining that the security compliance state is not in compliance with the security policy, blocking the client computing facility from receiving any information from external storage devices in communication with the client computing facility.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein the intended purpose of blocking the information is to protect the client computing facility from external threats when the client computing facility is out of security compliance.
  - 19. The computer program product of claim 17, wherein the external storage device is a device that communicates with the client computing facility through a local wireless protocol.
  - 20. The computer program product of claim 19, wherein the local wireless protocol is Bluetooth.

21. A computer program product embodied in a computer readable medium that, when executing on one or more computers, protects a client computing facility from external threats by performing the steps of:
- blocking communications from local external devices upon the discovery that a security software operating on the client computing facility is out of compliance.
- View Dependent Claims (22)
- - 22. The computer program product of claim 21, wherein the compliance of the client computing facility is monitored in comparison with a server-based policy.

23. A computer program product embodied in a computer readable medium that, when executing on one or more computers, prevents confidential data leakage from a client computing facility by performing the steps of:
- in response to detecting unauthorized confidential information on the client computing facility, blocking communication to all local external devices.
- View Dependent Claims (24)
- - 24. The computer program product of claim 23, wherein the step of blocking communication to all local external devices involves blocking communication to all local external device ports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Thomas, Andrew J.

Granted Patent

US 9,015,789 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

COMPUTER SECURITY LOCK DOWN METHODS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER SECURITY LOCK DOWN METHODS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links