SYSTEMS AND METHODS FOR IMPLEMENTING APPLICATION CONTROL SECURITY

US 20120090033A1
Filed: 10/07/2011
Published: 04/12/2012
Est. Priority Date: 10/11/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) receiving at a first device an identifier of a second device, wherein the first device is operable to read an encrypted white-list;

(b) receiving the encrypted white-list;

(c) producing a decrypted white-list, wherein the producing step comprises;

(i) decrypting the encrypted white-list using the identifier of the second device;

(d) determining whether an executable program is referenced in the decrypted white-list; and

(e) based on the determining step, allowing or disallowing execution of the executable program.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing application control security are disclosed. In one embodiment, a system includes a first device, a decrypted white-list, and an executable program. The first device may be in electrical communication with a memory containing an encrypted white-list. The encrypted white-list may be decrypted using an identifier of a second device. The executable program may be referenced in the decrypted white-list.

21 Citations

View as Search Results

20 Claims

1. A method comprising:
- (a) receiving at a first device an identifier of a second device, wherein the first device is operable to read an encrypted white-list;
  
  (b) receiving the encrypted white-list;
  
  (c) producing a decrypted white-list, wherein the producing step comprises;
  
  (i) decrypting the encrypted white-list using the identifier of the second device;
  
  (d) determining whether an executable program is referenced in the decrypted white-list; and
  
  (e) based on the determining step, allowing or disallowing execution of the executable program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first device and the second device have access to a network, the method further comprising:
    - transmitting a request onto the network, and performing the receiving step (a) in response to the transmitting step.
  - 3. The method of claim 2, wherein the request is an address resolution protocol.
  - 4. The method of claim 1, wherein the receiving step (a) comprises:
    - receiving the identifier in the form of an electromagnetic radiation signal, wherein the electromagnetic radiation signal has a signal strength.
  - 5. The method of claim 4, further comprising:
    - determining whether the signal strength is above a predetermined threshold.
  - 6. The method of claim 5, further comprising:
    - receiving an indication that the signal strength is no longer above the predetermined threshold; and
      
      based on the receiving the indication step, deleting the decrypted white-list.
  - 7. The method of claim 1, further comprising:
    - disallowing, prior to the receiving step (a), execution of the executable program on the first device.
  - 8. The method of claim 1, further comprising:
    - (a) creating a white-list associated with the second device;
      
      (b) receiving the identifier of the second device;
      
      (c) encrypting the white-list via the identifier of the second device; and
      
      (d) storing the encrypted white-list in the memory.
  - 9. The method of claim 1, further comprising:
    - transmitting, prior to the receiving step (a), an identifier of the first device to the second device.
  - 10. The method of claim 1, wherein the receiving step (a) comprises:
    - receiving the identifier in the form of an electrical signal.
  - 11. The method of claim 10, wherein the identifier is received from a biometric reader.
  - 12. The method of claim 1, further comprising:
    - (a) partitioning the encrypted white-list into at least two partitions; and
      
      (b) decrypting at least one partition of the encrypted white-list using the identifier of the second device.
  - 13. The method of claim 1, wherein the first device receives the encrypted white-list from a memory in electrical communication with the first device.
  - 14. The method of claim 13, wherein deleting the encrypted white-list comprises deleting the encrypted white-list from the memory.

15. A method comprising:
- (a) receiving at a first device an identifier of a second device and an identifier of a third device, wherein the first device is operable to read an encrypted white-list;
  
  (b) receiving the encrypted white-list;
  
  (c) creating a composite identifier using the identifier of the second device and the identifier of the third device;
  
  (d) producing a decrypted white-list, wherein the producing step comprises;
  
  (i) decrypting the encrypted white-list using the composite identifier;
  
  (e) determining whether an executable program is referenced in the decrypted white-list; and
  
  (f) based on the determining step, allowing or disallowing execution of the executable program.

16. A system comprising:
- (a) a first device, wherein the first device is in electrical communication with a memory containing an encrypted white-list, and wherein the encrypted white-list is decrypted using an identifier of a second device;
  
  (b) a decrypted white-list; and
  
  (c) an executable program, wherein the executable program is referenced in the decrypted white-list.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the identifier in the form of an electromagnetic radiation signal, and wherein the electromagnetic radiation signal has a signal strength.
  - 18. The system of claims 16, wherein the identifier in the form of an electrical signal.
  - 19. The system of claim 16, wherein the encrypted white-list has at least two partitions.
  - 20. The system of claim 16, wherein the encrypted white-list is decrypted using a composite identifier comprising the identifier of the second device and an identifier of a third device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Lumension Security, Inc. (Ivanti Software, Inc.)
Inventors
Kelly, Ciaran, Molloy, Iarla

Granted Patent

US 8,707,444 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/51   at application loading time...

G06F 21/6218   to a system of files or obj...

G06F 2221/2153   Using hardware token as a s...

H04L 63/0428   wherein the data content is...

SYSTEMS AND METHODS FOR IMPLEMENTING APPLICATION CONTROL SECURITY

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR IMPLEMENTING APPLICATION CONTROL SECURITY

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links