ON DEVICE POLICY ENFORCEMENT TO SECURE OPEN PLATFORM VIA NETWORK AND OPEN NETWORK

US 20110197257A1
Filed: 02/07/2011
Published: 08/11/2011
Est. Priority Date: 02/05/2010
Status: Active Grant

First Claim

Patent Images

1. A method of using policy enforcement for securing open devices and networks, the method comprising:

accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity;

monitoring one or more of;

the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on a device;

based on at least one of the plurality of policies, comparing one or more of;

the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on the device against one or more of;

the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals allowed by the at least one of the plurality of policies;

based on the comparison, determining that the device is running at least one of the one or more of;

the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals disallowed by the at least one policy; and

in response, prohibiting access of the device to the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide methods and systems for using policy enforcement for securing open devices and networks. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity and monitoring programs and/or services running on a device. The method further includes based on at least one of the plurality of policies, comparing the programs and/or services running on the device against the programs and/or services allowed by the at least one of the plurality of policies, and based on the comparison, determining that the device is running at least one program and/or service disallowed by the at least one policy. Further, the method includes in response, prohibiting access of the device to the network.

92 Citations

View as Search Results

23 Claims

1. A method of using policy enforcement for securing open devices and networks, the method comprising:
- accessing, by a policy enforcer, a plurality of policies configured to enforce network integrity;
  
  monitoring one or more of;
  
  the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on a device;
  
  based on at least one of the plurality of policies, comparing one or more of;
  
  the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals running on the device against one or more of;
  
  the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals allowed by the at least one of the plurality of policies;
  
  based on the comparison, determining that the device is running at least one of the one or more of;
  
  the programs, the services, the O/S, the firmware, the drivers, the hardware, or the peripherals disallowed by the at least one policy; and
  
  in response, prohibiting access of the device to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - based on the comparison, determining that the device is running programs and/or services consistent with the programs and/or services allowed by the at least one of the plurality of policies; and
      
      in response, continuing to allow the device access to the network.
  - 3. The method of claim 1, further comprising monitoring the integrity of the policy enforcer, and wherein the device periodically syncs with a server or with a server from which the plurality of policies are obtained.
  - 4. The method of claim 3, further comprising determining if the policy enforcer has been compromised.
  - 5. The method of claim 4, further comprising:
    - determining that the policy enforcer has been compromised; and
      
      in response, prohibiting the device from accessing to the network.
  - 6. The method of claim 4, further comprising:
    - determining that the policy enforcer has not been compromised; and
      
      continuing to allow the device to access the network.
  - 7. The method of claim 4, wherein the policy enforcer is compromised based in part on one or more of the following situations:
    - hardware associated with the policy enforcer has been modified, software of the policy enforcer has been modified and/or deleted, files associated with the policy enforcer have been modified and/or deleted, and software and/or hardware has been added to the device to circumvent operation of the policy enforcer.
  - 8. The method of claim 1, wherein further in response to determining that the device is running programs and/or services disallowed by the at least one of the plurality of policies, implementing a mitigation process.
  - 9. The method of claim 8, wherein the mitigation process comprises:
    - determining whether invalid software and/or service are running on the device;
      
      in response to invalid software and/or services running on the device, gathering information about the software and/or service;
      
      implementing a corrective strategy; and
      
      propagating the corrective strategy to the network.
  - 10. The method of claim 8, wherein the mitigation process further comprises:
    - determining if invalid files and/or software are present on the device; and
      
      in response to invalid files and/or software being present, identifying and reporting information about the invalid files and/or software.
  - 11. The method of claim 8, wherein the mitigation process further comprises:
    - determining if required files and/or software has been removed or modified within the device; and
      
      in response to required files and/or software being removed or modified, identifying and reporting which required files and/or software have been removed and/or how the required files and/or software have been modified.
  - 12. The method of claim 8, wherein the mitigation process comprises:
    - checking the validity of the operating system (O/S) present on the system; and
      
      in response to the O/S being invalid, denying the device access to the network.

13. A method of enforcing policies for a device for accessing a network, the method comprising:
- detecting and reporting software running on the device and files stored on the device;
  
  checking, with a policy enforcer, the software running on the device against software allowed by the policy enforcer;
  
  determining that disallowed software is running on the device; and
  
  in response to the device running disallowed software, denying the device access to the network.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein denying the device of access to the network comprises one or more of the following:
    - denying the device an Internet protocol (IP) address, denying the device access to the network'"'"'s DNS server, and blocking the device'"'"'s MAC address.
  - 15. The method of claim 13, wherein the device comprises one or more of the following:
    - a wireless device, a personal digital assistant (PDA), a personal computer, and a cellular device.
  - 16. The method of claim 13, wherein the network is implemented by one or more of the following:
    - a cellular service provider, an Internet service provider (ISP), a digital media service provider, and a software service provider.

17. A system for policy enforcement for securing open devices and networks, the system comprising:
- a customer device configured to execute programs and access files;
  
  a policy enforcer in connection with the customer device, the policy enforcer including a policy database configured to access a plurality of policies configured to enforce network integrity, monitor the programs running on the customer device, based on at least one of the plurality of policies, compare the programs running on the customer device against the programs and/or services allowed by the at least one of the plurality of policies, based on the comparison, determine that the customer device is running at least one program disallowed by the at least one policy, and in response, prohibit access of the device to the network; and
  
  a network provider in connection with the policy enforcer, the network provider configured to receive the denial of access to the network request from the policy enforcer, and implement denial of access to the network to the customer device.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, further comprising the customer device including the policy enforcer.
  - 19. The system of claim 17, wherein the customer device is a closed device.
  - 20. The system of claim 17, wherein the customer device is an open device.
  - 21. The system of claim 17, wherein the network is an open network.
  - 22. The system of claim 17, wherein the network is a closed network

23. A machine-readable medium including sets of instructions stored thereon for using policy enforcement for securing open devices and networks which, when executed by a machine, causes the machine to:
- access, by a policy enforcer, a plurality of policies configured to enforce network integrity;
  
  monitor programs and/or services running on a device;
  
  based on at least one of the plurality of policies, compare the programs and/or services running on the device against the programs and/or services allowed by the at least one of the plurality of policies;
  
  based on the comparison, determine that the device is running at least one program and/or service disallowed by the at least one policy; and
  
  in response, prohibit access of the device to the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.

Granted Patent

US 9,467,858 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04W 12/08 Access security

ON DEVICE POLICY ENFORCEMENT TO SECURE OPEN PLATFORM VIA NETWORK AND OPEN NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

ON DEVICE POLICY ENFORCEMENT TO SECURE OPEN PLATFORM VIA NETWORK AND OPEN NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others