POLICY-BASED COMPLIANCE MANAGEMENT AND REMEDIATION OF DEVICES IN AN ENTERPRISE SYSTEM

US 20160088021A1
Filed: 04/17/2015
Published: 03/24/2016
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a compliance policy for using a remote device with an enterprise computer system, wherein the remote device is registered to access the enterprise computer system;

detecting, based on the compliance policy, a non-compliance of the remote device;

assessing, by a computer system, based on the compliance policy, a level of non-compliance of the remote device;

establishing, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;

receiving a request to access a computing resource in the enterprise computer system;

providing access to the computing resource based on the level of non-compliance;

inhibiting access to the computing resource in the enterprise computer system based on the level of non-compliance and based on determining that the time period has expired; and

instructing the remote device to perform an action to remedy the non-compliance based on determining that the time period has expired.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.

107 Citations

20 Claims

1. A method comprising:
- identifying a compliance policy for using a remote device with an enterprise computer system, wherein the remote device is registered to access the enterprise computer system;
  
  detecting, based on the compliance policy, a non-compliance of the remote device;
  
  assessing, by a computer system, based on the compliance policy, a level of non-compliance of the remote device;
  
  establishing, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
  
  receiving a request to access a computing resource in the enterprise computer system;
  
  providing access to the computing resource based on the level of non-compliance;
  
  inhibiting access to the computing resource in the enterprise computer system based on the level of non-compliance and based on determining that the time period has expired; and
  
  instructing the remote device to perform an action to remedy the non-compliance based on determining that the time period has expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the compliance policy indicates the action to remedy the non-compliance and indicates a time period for performing the action.
  - 3. The method of claim 1, wherein the compliance policy indicates a condition for the non-compliance, and wherein the condition is based on a first user role, and wherein the compliance policy identifies the time period for remediation of the non-compliance and the action for remedying the non-compliance based on determining that the condition is satisfied.
  - 4. The method of claim 3, further comprising:
    - identifying a user role associated with an identity of a user of the remote device, the user role enabling the identity to access the enterprise computer system; and
      
      determining that the condition is satisfied based on the user role matching the first user role.
  - 5. The method of claim 3, further comprising:
    - determining one or more device attributes of the remote device and a geolocation of the remote device, wherein the condition is further based on a remote device attribute and a remote device geolocation; and
      
      determining that the condition is satisfied based on the remote device attribute matching a device attribute of the remote device and based on the geolocation of the remote device matching the remote device geolocation.
  - 6. The method of claim 1, wherein the non-compliance of the remote device includes altering a hardware configuration of the remote device.
  - 7. The method of claim 1, wherein the non-compliance of the remote device includes installing a blacklisted application on the remote device.
  - 8. The method of claim 1, wherein the non-compliance of the remote device includes use of the remote device in a manner that is non-compliant with a policy related to registration of the remote device to access the enterprise computer system.
  - 9. The method of claim 1, wherein the non-compliance of the remote device includes adjusting a security configuration of the remote device in a manner that is non-compliant with a security policy for accessing the enterprise computer system.
  - 10. The method of claim 1, further comprising:
    - wherein access to the computing resource is provided based on determining that the level of non-compliance satisfies a compliance threshold, and wherein access to the computing resource is inhibited based on determining that the level of non-compliance does not satisfy a compliance threshold.
  - 11. The method of claim 1, further comprising:
    - identifying a second compliance policy for using the remote device with the enterprise computer system, wherein the compliance policy is a first compliance policy that is different from the second compliance policy;
      
      detecting a second non-compliance of the remote device based on the second compliance policy; and
      
      wherein the time period is established based on selecting a time period from one of the first compliance policy or the second compliance policy.
  - 12. The method of claim 11, further comprising:
    - assessing, based on the second compliance policy, a second level of non-compliance of the remote device, wherein the level of non-compliance corresponds to a first level of non-compliance, and wherein the time period is selected based on comparing the first level of non-compliance or the second level of non-compliance.
  - 13. The method of claim 1, wherein the action includes preventing access to use of the remote device with the enterprise computer system.
  - 14. The method of claim 1, wherein the action includes altering registration of the remote device to access the enterprise computer system.
  - 15. A non-transitory computer-readable medium for protecting a computer from an electronic communication containing malicious code, comprising instructions stored thereon, that when executed on a processor, perform the steps of claim 1.

16. A system comprising:
- one or more processors; and
  
  a memory storing instructions that, when executed by the one or more processors, cause the one or more processors to;
  
  identify a compliance policy for using a remote device with an enterprise computer system, wherein the remote device is registered to access the enterprise computer system;
  
  detect, based on the compliance policy, a non-compliance of the remote device;
  
  assess, by a computer system, based on the compliance policy, a level of non-compliance of the remote device;
  
  establish, based on the compliance policy and the level of non-compliance, a time period for remediation of the non-compliance;
  
  receive a request to access a computing resource in the enterprise computer system;
  
  provide access to the computing resource based on the level of non-compliance;
  
  inhibit access to the computing resource in the enterprise computer system based on the level of non-compliance and based on determining that the time period has expired; and
  
  instruct the remote device to perform an action to remedy the non-compliance based on determining that the time period has expired.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the instructions, when executed by the one or more processors, further cause the one or more processors to:
    - identify a second compliance policy for using the remote device with the enterprise computer system, wherein the compliance policy is a first compliance policy that is different from the second compliance policy;
      
      detect a second non-compliance of the remote device based on the second compliance policy; and
      
      assess, based on the second compliance policy, a second level of non-compliance of the remote device, wherein the level of non-compliance corresponds to a first level of non-compliance, andwherein the time period is established based on selecting a time period from one of the first compliance policy or the second compliance policy.

18. A method comprising:
- identifying a compliance policy for using a remote device with an enterprise computer system, wherein the remote device is registered to access the enterprise computer system;
  
  detecting, by a computer system, a non-compliance of the remote device based on the compliance policy;
  
  categorizing the non-compliance into a level of non-compliance based on the compliance policy and establishing a time period for remediation of the non-compliance;
  
  allowing access to a first computing resource in the enterprise computer system despite the level of non-compliance;
  
  inhibiting access to a second computing resource in the enterprise computer system based on the level of non-compliance;
  
  determining that the time period has passed;
  
  inhibiting access to the first computing resource in the enterprise computer system based on the level of non-compliance and based on determining that the time period has passed; and
  
  transmitting a message to the remote device based on determining that the time period has passed, wherein the message instructs the remote device to automatically remedy the non-compliance.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the time period is stored with the compliance policy and is established based on the level of non-compliance.
  - 20. The method of claim 18, wherein the compliance policy is a first compliance policy associated with a user role for accessing the enterprise computer system, and wherein the method further comprises:
    - identifying a second compliance policy for using the remote device to access the enterprise computer system;
      
      observing a second non-compliance of the remote device based on the second compliance policy; and
      
      selecting the time period from the first compliance policy for implementation over a time period of the second compliance policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mohamad Abdul, Mohamad Raja Gani, Jayanti Venkata, Bhagavati Kumar, Maheshwari, Harsh, Kandasamy, Parthipan

Granted Patent

US 9,749,311 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 8/60   Software deployment

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

G06F 8/71   Version control security ar...

G06F 9/452   Remote windowing, e.g. X-Wi...

H04L 41/082   the condition being updates...

H04L 41/0895   Configuration of virtualise...

H04L 41/20   Network management software...

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 41/5096   wherein the managed service...

H04L 47/125   by balancing the load, e.g....

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/10 : for controlling access to d...

H04L 63/101 : Access control lists [ACL]

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 63/105 : Multiple levels of security

H04L 63/20 : for managing network securi...

H04L 63/205 : involving negotiation or de...

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/12 : specially adapted for propr...

H04L 67/306 : User profiles

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

H04L 9/3268 : using certificate validatio...

H04W 12/06 : Authentication

H04W 12/33 : using wearable devices, e.g...

H04W 16/06 : Hybrid resource partitionin...

H04W 4/08 : User group management

H04W 4/50 : Service provisioning or rec...

H04W 4/60 : Subscription-based services...

H04W 4/70 : Services for machine-to-mac...

View All

POLICY-BASED COMPLIANCE MANAGEMENT AND REMEDIATION OF DEVICES IN AN ENTERPRISE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY-BASED COMPLIANCE MANAGEMENT AND REMEDIATION OF DEVICES IN AN ENTERPRISE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links