SYSTEM SELF INTEGRITY AND HEALTH VALIDATION FOR POLICY ENFORCEMENT

US 20110197260A1
Filed: 02/07/2011
Published: 08/11/2011
Est. Priority Date: 02/05/2010
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing system self integrity validation policies, the method comprising:

accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity;

monitoring system performance to determine actions executed by the system;

based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one of the plurality of policies;

based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy; and

in response, prohibiting access of the system to services provided by a service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide methods and systems for enforcing system self integrity validation policies. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity, monitoring system performance to determine actions executed by the system, and based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one or the plurality of policies. The method further includes, based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy, and in response, prohibiting access of the system to services provided by a service provider.

Citations

20 Claims

1. A method of enforcing system self integrity validation policies, the method comprising:
- accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity;
  
  monitoring system performance to determine actions executed by the system;
  
  based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one of the plurality of policies;
  
  based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy; and
  
  in response, prohibiting access of the system to services provided by a service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - based on the comparison, determining that the system has performed consistently with the at least one of the plurality of policies; and
      
      in response, continuing to allow the system to access services provided by the service provider.
  - 3. The method of claim 1, further comprising monitoring the integrity of the policy enforcer.
  - 4. The method of claim 3, further comprising determining if the policy enforcer has been compromised.
  - 5. The method of claim 4, further comprising:
    - determining that the policy enforcer has been compromised; and
      
      in response, prohibiting access of the system to services provided by the service provider.
  - 6. The method of claim 4, further comprising:
    - determining that the policy enforcer has not been compromised; and
      
      continuing to allow the system to access services provided by the service provider.
  - 7. The method of claim 4, wherein the policy enforcer is compromised based in part on one or more of the following situations:
    - hardware associated with the policy enforcer has been modified, software of the policy enforcer has been modified and/or deleted, files associated with the policy enforcer have been modified and/or deleted, software and/or hardware has been added to the system to circumvent operation of the policy enforcer, programs, services, O/S, firmware, drivers, or the peripherals.
  - 8. The method of claim 1, wherein further in response to determining that the system has performed consistently with the at least one of the plurality of policies, implementing a mitigation process.
  - 9. The method of claim 8, wherein the mitigation process comprises:
    - determining if invalid hardware is present within the system;
      
      in response to invalid hardware being present, gathering information about the hardware;
      
      implementing a corrective strategy; and
      
      propagating the corrective strategy to the system.
  - 10. The method of claim 8, wherein the mitigation process further comprises:
    - determining if invalid files and/or software are present within the system; and
      
      in response to invalid files and/or software being present, identifying and reporting information about the invalid files and/or software.
  - 11. The method of claim 8, wherein the mitigation process further comprises:
    - determining if required files and/or software has been removed or modified within the system; and
      
      in response to required files and/or software being removed or modified, identifying and reporting which required files and/or software have been removed and/or how the required files and/or software have been modified.
  - 12. The method of claim 8, wherein the mitigation process comprises:
    - checking the validity of the operating system (O/S) present on the system; and
      
      in response to the O/S being invalid, denying service to the system.

13. A method of enforcing policies for a device, the method comprising:
- detecting and reporting software running on the device and files stored on the device;
  
  detecting and reporting copying, distributing, or modifying of the software and/or files on the device;
  
  checking, with a policy enforcer, protection policies associated with each of the copied, distributed, or modified software and/or files;
  
  determining that the protection policy has been breached; and
  
  in response to the protection policy being breached, denying service provided by a service provider to the device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising:
    - determining that the protection policy has not been breached; and
      
      continuing to detect and report software running on the device and the copying, distributing, and modifying of the software and/or files on the device.
  - 15. The method of claim 13, wherein the device comprises one or more of the following:
    - a wireless device, a personal digital assistant (PDA), a personal computer, and a mobile device.
  - 16. The method of claim 13, wherein the service provider comprises one or more of the following:
    - a cellular service provider, an Internet service provider (ISP), a digital media service provider, and a software service provider.
  - 17. The method of claim 13, wherein policies include one or more of the following:
    - digital media rights (DRM) enforcement, software license enforcement, corporate spyware enforcement, security setting enforcement, and file rights enforcement.

18. A system for enforcing system self integrity validation policies, the system comprising:
- a customer device configured to execute programs and access files;
  
  a policy enforcer in connection with the customer device, the policy enforcer including a policy database configured to detect and report software running on the customer device and files stored on the customer device, detect and report copying, distributing, or modifying of the software and/or files on the device, access protection policies from the policy database, check the protection policies associated with each of the copied, distributed, or modified software and/or files, determine that the protection policy has been breached, and in response to the protection policy being breached, request that service be denied to the customer device; and
  
  a service provider in connection with the policy enforcer, the service provider configured to receive the denial of service request from the policy enforcer, and implement denial of service to the customer device.
- View Dependent Claims (19)
- - 19. The system of claim 18, further comprising the customer device including the policy enforcer.

20. A machine-readable medium including sets of instructions stored thereon for enforcing system self integrity validation policies which, when executed by a machine, causes the machine to:
- access, by a policy enforcer, a plurality of policies configured to enforce system integrity;
  
  monitor system performance to determine actions executed by the system;
  
  based on at least one of the plurality of policies, compare the system performance with system performance required by the at least one or the plurality of policies;
  
  based on the comparison, determine that the system has performed in a manner contrary to the requirements of the at least one policy; and
  
  in response, prohibit access of the system to services provided by a service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.

Granted Patent

US 9,495,521 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 21/554 involving event detection a...

SYSTEM SELF INTEGRITY AND HEALTH VALIDATION FOR POLICY ENFORCEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM SELF INTEGRITY AND HEALTH VALIDATION FOR POLICY ENFORCEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links