SECURITY CONTROL FOR AN ENTERPRISE NETWORK

US 20170041345A1
Filed: 08/05/2015
Published: 02/09/2017
Est. Priority Date: 08/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method for administering security for a network, comprising the steps of:

detecting, by one or more processors, that a computing device has connected to a network;

determining, by one or more processors, whether the computing device is valid, wherein determining whether the computing device is valid further comprises comparing a MAC address associated with the computing device with a database containing one or more MAC addresses associated with one or more valid devices;

based on determining that the computing device is valid, determining, by one or more processors, whether the computing device is being utilized for one or more suspicious activities;

based on determining that the computing device is being utilized for one or more suspicious activities;

determining, by one or more processors, a location of the computing device;

determining, by one or more processors, whether a user associated with the computing device can be identified; and

based on determining that the user associated with the computing device cannot be identified, disabling the computing device and transmitting an alert to security personnel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device detects that another computing device has connected to a network. The computing device determines whether the other computing device is valid and whether the computing device is being utilized for one or more suspicious activities. Based on determining that the other computing device is being utilized for one or more suspicious activities, the computing device determines a location of the other computing device, determines whether a user associated with the other computing device can be identified, and based on determining that the user associated with the other computing device cannot be identified, disables the other computing device, and transmits an alert to security personnel.

14 Citations

View as Search Results

20 Claims

1. A method for administering security for a network, comprising the steps of:
- detecting, by one or more processors, that a computing device has connected to a network;
  
  determining, by one or more processors, whether the computing device is valid, wherein determining whether the computing device is valid further comprises comparing a MAC address associated with the computing device with a database containing one or more MAC addresses associated with one or more valid devices;
  
  based on determining that the computing device is valid, determining, by one or more processors, whether the computing device is being utilized for one or more suspicious activities;
  
  based on determining that the computing device is being utilized for one or more suspicious activities;
  
  determining, by one or more processors, a location of the computing device;
  
  determining, by one or more processors, whether a user associated with the computing device can be identified; and
  
  based on determining that the user associated with the computing device cannot be identified, disabling the computing device and transmitting an alert to security personnel.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - based on determining that the computing device is not valid, determining, by one or more processors, a location of the computing device and transmitting an alert to security personnel.
  - 3. The method of claim 1, further comprising:
    - based on determining that the user associated with the computing device can be identified, transmitting an alert to security personnel.
  - 4. The method of claim 1, wherein the step of determining, by one or more processors, a location of the computing device further comprises determining one or more access points of the network accessed by the computing device and utilizing triangulation techniques.
  - 5. The method of claim 1, wherein the step of determining, by one or more processors, whether the computing device is being utilized for one or more suspicious activities further comprises determining whether an amount of confidential documents accessed by the computing device exceeds a threshold value.
  - 6. The method of claim 1, wherein the step of determining, by one or more processors, whether the computing device is being utilized for one or more suspicious activities further comprises:
    - comparing one or more resources accessed in a first time period to one or more resources accessed in a previous time period;
      
      determining a similarity factor based on comparing one or more resources accessed in a first time period to one or more resources accessed in a previous time period; and
      
      determining whether the similarity factor exceeds a threshold value.
  - 7. The method of claim 1, wherein the computing device contains a network protocol enabled that allows for the computing device to be disabled by way of the network.

8. A computer program product for administering security for a network, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on at least one of the one or more computer-readable storage devices, the program instructions comprising;
  
  program instructions to detect that a computing device has connected to a network;
  
  program instructions to determine whether the computing device is valid, wherein determining whether the computing device is valid further comprises program instructions to compare a MAC address associated with the computing device with a database containing one or more MAC addresses associated with one or more valid devices;
  
  based on determining that the computing device is valid, program instructions to determine whether the computing device is being utilized for one or more suspicious activities;
  
  based on determining that the computing device is being utilized for one or more suspicious activities;
  
  program instructions to determine a location of the computing device;
  
  program instructions to determine whether a user associated with the computing device can be identified; and
  
  based on determining that the user associated with the computing device cannot be identified, program instructions to disable the computing device and transmit an alert to security personnel.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, further comprising:
    - based on determining that the computing device is not valid, program instructions to determine a location of the computing device and transmitting an alert to security personnel.
  - 10. The computer program product of claim 8, further comprising:
    - based on determining that the user associated with the computing device can be identified, program instructions to transmit an alert to security personnel.
  - 11. The computer program product of claim 8, wherein the program instructions to determine a location of the computing device further comprises program instructions to determine one or more access points of the network accessed by the computing device and utilize triangulation techniques.
  - 12. The computer program product of claim 8, wherein the program instructions to determine whether the computing device is being utilized for one or more suspicious activities further comprises program instructions to determine whether an amount of confidential documents accessed by the computing device exceeds a threshold value.
  - 13. The computer program product of claim 8, wherein program instructions to determine whether the computing device is being utilized for one or more suspicious activities further comprises:
    - program instructions to compare one or more resources accessed in a first time period to one or more resources accessed in a previous time period;
      
      program instructions to determine a similarity factor based on the program instructions to compare one or more resources accessed in a first time period to one or more resources accessed in a previous time period; and
      
      program instructions to determine whether the similarity factor exceeds a threshold value.
  - 14. The computer program product of claim 8, wherein the computing device contains a network protocol enabled that allows for the computing device to be disabled by way of the network.

15. A computer system administering security for a network, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising;
  
  program instructions to detect that a computing device has connected to a network;
  
  program instructions to determine whether the computing device is valid, wherein determining whether the computing device is valid further comprises program instructions to compare a MAC address associated with the computing device with a database containing one or more MAC addresses associated with one or more valid devices;
  
  based on determining that the computing device is valid, program instructions to determine whether the computing device is being utilized for one or more suspicious activities;
  
  based on determining that the computing device is being utilized for one or more suspicious activities;
  
  program instructions to determine a location of the computing device;
  
  program instructions to determine whether a user associated with the computing device can be identified; and
  
  based on determining that the user associated with the computing device cannot be identified, program instructions to disable the computing device and transmit an alert to security personnel.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, further comprising:
    - based on determining that the computing device is not valid, program instructions to determine a location of the computing device and transmitting an alert to security personnel.
  - 17. The computer system of claim 15, further comprising:
    - based on determining that the user associated with the computing device can be identified, program instructions to transmit an alert to security personnel.
  - 18. The computer system of claim 15, wherein the program instructions to determine a location of the computing device further comprises program instructions to determine one or more access points of the network accessed by the computing device and utilize triangulation techniques.
  - 19. The computer system of claim 15, wherein the program instructions to determine whether the computing device is being utilized for one or more suspicious activities further comprises program instructions to determine whether an amount of confidential documents accessed by the computing device exceeds a threshold value.
  - 20. The computer system of claim 15, wherein program instructions to determine whether the computing device is being utilized for one or more suspicious activities further comprises:
    - program instructions to compare one or more resources accessed in a first time period to one or more resources accessed in a previous time period;
      
      program instructions to determine a similarity factor based on the program instructions to compare one or more resources accessed in a first time period to one or more resources accessed in a previous time period; and
      
      program instructions to determine whether the similarity factor exceeds a threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
OuYang, Tung, Mandalia, Baiju D.

Granted Patent

US 11,265,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 63/1408   by monitoring network traff...

H04W 12/06   Authentication

H04W 12/12   Detection or prevention of ...

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 12/71   Hardware identity

SECURITY CONTROL FOR AN ENTERPRISE NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY CONTROL FOR AN ENTERPRISE NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links