METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO COMPUTING RESOURCES BASED ON KNOWN SECURITY VULNERABILITIES

US 20130254833A1
Filed: 08/16/2012
Published: 09/26/2013
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1-30. -30. (canceled)

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

90 Citations

View as Search Results

63 Claims

1-30. -30. (canceled)

31. A method for controlling the operation of an endpoint, comprising:
- providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  maintaining the plurality of policies in a data store on the computing system;
  
  identifying, from the plurality of policies, a plurality of conditions on the endpoint to monitor;
  
  configuring one or more agents on the endpoint to monitor the plurality of conditions;
  
  receiving, across a network, at the computing system, status information about the plurality of conditions on the endpoint gathered by the one or more agents;
  
  determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and
  
  initiating, by the computing system, based on the compliance state, an action identified in at least one rule in the data store.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. The method of claim 31, wherein the action comprises controlling access of the endpoint to computing resources.
  - 33. The method of claim 31, wherein the user interface comprises a web page.
  - 34. The method of claim 31, further comprising requesting, at the computing system, the status information on a periodic basis.
  - 35. The method of claim 31, wherein the endpoint comprises a mobile device.
  - 36. The method of claim 31, wherein the plurality of agents comprise at least one service provided by the operating system of the endpoint.
  - 37. The method of claim 31, wherein the plurality of agents comprise at least one application running on the endpoint.
  - 38. The method of claim 31, wherein the conditions comprise at least one hardware condition.
  - 39. The method of claim 31, wherein the conditions comprise at least one software condition.
  - 40. The method of claim 31, wherein the computing system comprises a plurality of servers.
  - 41. The method of claim 31, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

42. A non-transitory computer readable medium containing computer instructions for controlling the operation of an endpoint, comprising:
- providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  maintaining the plurality of policies in a data store on the computing system;
  
  identifying, from the plurality of policies, a plurality of conditions on the endpoint to monitor;
  
  configuring one or more agents on the endpoint to monitor the plurality of conditions;
  
  receiving, across a network, at the computing system, status information about the plurality of conditions on the endpoint gathered by the one or more agents;
  
  determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and
  
  initiating, by the computing system, based on the compliance state, an action identified in at least one rule in the data store.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 43. The computer readable medium of claim 42, wherein the action comprises controlling access of the endpoint to computing resources.
  - 44. The computer readable medium of claim 42, wherein the user interface comprises a web page.
  - 45. The computer readable medium of claim 42, further comprising requesting, at the computing system, the status information on a periodic basis.
  - 46. The computer readable medium of claim 42, wherein the endpoint comprises a mobile device.
  - 47. The computer readable medium of claim 42, wherein the plurality of agents comprise at least one service provided by the operating system of the endpoint.
  - 48. The computer readable medium of claim 42, wherein the plurality of agents comprise at least one application running on the endpoint.
  - 49. The computer readable medium of claim 42, wherein the conditions comprise at least one hardware condition.
  - 50. The computer readable medium of claim 42, wherein the conditions comprise at least one software condition.
  - 51. The computer readable medium of claim 42, wherein the computing system comprises a plurality of servers.
  - 52. The computer readable medium of claim 42, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

53. A system for controlling the operation of an endpoint, comprising:
- a user interface, provided by a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  a data store, at the computing system, that contains the plurality of policies;
  
  one or more agents on the endpoint configured to monitor a plurality of conditions identified in the plurality of policies; and
  
  one or more processors at the computing system configured to;
  
  receive, across a network, status information about the plurality of conditions on the endpoint gathered by the one or more agents,determine a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store, andinitiate, based on the compliance state, an action identified in at least one rule in the data store.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 54. The system of claim 53, wherein the action comprises controlling access of the endpoint to computing resources.
  - 55. The system of claim 53, wherein the user interface comprises a web page.
  - 56. The system of claim 53, wherein the one or more processors are further configured to request the status information from the endpoint on a periodic basis.
  - 57. The system of claim 53, wherein the endpoint comprises a mobile device.
  - 58. The system of claim 53, wherein the plurality of agents comprise at least one service provided by the operating system of the endpoint.
  - 59. The system of claim 53, wherein the plurality of agents comprise at least one application running on the endpoint.
  - 60. The system of claim 53, wherein the conditions comprise at least one hardware condition.
  - 61. The system of claim 53, wherein the conditions comprise at least one software condition.
  - 62. The system of claim 53, wherein the computing system comprises a plurality of servers.
  - 63. The system of claim 53, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Taasera Licensing LLC (Quest Patent Research Corporation)
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Nicodemus, Blair, Stephens, Billy Edison

Granted Patent

US 8,955,038 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 11/3495   for systems

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO COMPUTING RESOURCES BASED ON KNOWN SECURITY VULNERABILITIES

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO COMPUTING RESOURCES BASED ON KNOWN SECURITY VULNERABILITIES

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links