Environment-Aware Security Tokens

US 20190327221A1
Filed: 11/05/2018
Published: 10/24/2019
Est. Priority Date: 08/11/2014
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method comprising:

receiving, at a processing device, information about one or more assets associated with a network of devices;

generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset, wherein the security token is configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset;

storing, in a storage device, information about the security token and information linking the security token to the corresponding asset; and

initiating integration of the security token with the corresponding asset.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

Citations

60 Claims

1. A computer implemented method comprising:
- receiving, at a processing device, information about one or more assets associated with a network of devices;
  
  generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset, wherein the security token is configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset;
  
  storing, in a storage device, information about the security token and information linking the security token to the corresponding asset; and
  
  initiating integration of the security token with the corresponding asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein detecting the occurrence of the unauthorized activity comprises determining a dissociation of the asset from the home network defined for the asset.
  - 3. The method of claim 1, wherein the assets associated with the network comprises one or more of:
    - a device connected to the network, a file stored on a storage device connected to the network, and a user-profile associated with the network.
  - 4. The method of claim 1, wherein the asset is an electronic file, and initiating the integration of the security token into the asset comprises initiating an encryption of the asset based on the security token.
  - 5. The method of claim 1, wherein the home network for the asset is defined based on one or more security policies associated with the asset.
  - 6. The method of claim 1, wherein the information includes one or more of:
    - a serial number of a device, a media access control (MAC) address, a file path, a registry key, a network identifier, an internet protocol (IP) address, a file-type identifier, a user-profile identifier, and one or more policies associated with the network.
  - 7. The method of claim 1, wherein the information about the one or more assets is received from an agent deployed on the network.
  - 8. The method of claim 7, wherein the agent is configured to scan the devices of the network to obtain the information.
  - 9. The method of claim 7, wherein the agent comprises an automated browser.
  - 10. The method of claim 1, wherein the security token comprises an object generated in accordance with Component Object Model (COM).
  - 11. The method of claim 1, wherein the security token is generated in accordance with one or more security policies associated with the corresponding asset.
  - 12. The method of claim 2, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not connected to the home network.
  - 13. The method of claim 2, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not stored on a device associated with the home network.
  - 14. The method of claim 2, wherein determining the dissociation of the corresponding asset from the home network comprises detecting an access attempt from a user-profile not associated with the home network.
  - 15. The method of claim 2, wherein the corresponding asset is an electronic file, and the security token is configured to restrict access to the electronic file by deleting content of the electronic file upon determining the dissociation from the home network.
  - 16. The method of claim 1, wherein the information about the security token and the information linking the security token to the corresponding identifier are stored in a database.
  - 17. The method of claim 1, wherein the corresponding asset is an electronic file, and initiating an integration of the security token into the electronic file comprises initiating a code injection to a header portion of the electronic file.
  - 18. The method of claim 1, wherein the corresponding asset is an electronic file, and initiating an integration of the security token with the electronic file comprises initiating an encapsulation of the security token with the electronic file.
  - 19. The method of claim 18, wherein an executable file is generated via the encapsulation.
  - 20. The method of claim 1, wherein the corresponding asset is an electronic document, and the security token is integrated into the document as a portion of a page description language of the document.
  - 21. The method of claim 1, further comprising:
    - receiving, from the corresponding asset, information related to an access point attempting to access the asset;
      
      determining, based on the stored information about the security token, whether the access point is associated with the security token; and
      
      providing permission information indicating a level of access permitted for the access point based on the determination.

22. A system comprising:
- memory; and
  
  one or more processors configured to;
  
  receive information about one or more assets associated with a network of devices,generate, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset, wherein the security token is configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset, store, in a storage device, information about the securitytoken and information linking the security token to the corresponding asset, andinitiate integration of the security token with the corresponding asset.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The system of claim 22, wherein detecting the occurrence of the unauthorized activity comprises determining a dissociation of the asset from the home network defined for the asset.
  - 24. The system of claim 22, wherein the assets associated with the network comprises one or more of:
    - a device connected to the network, a file stored on a storage device connected to the network, and a user-profile associated with the network.
  - 25. The system of claim 22, wherein the asset is an electronic file, and initiating the integration of the security token into the asset comprises initiating an encryption of the asset based on the security token.
  - 26. The system of claim 22, wherein the home network for the asset is defined based on one or more security policies associated with the asset.
  - 27. The system of claim 22, wherein the information includes one or more of:
    - a serial number of a device, a media access control (MAC) address, a file path, a registry key, a network identifier, an internet protocol (IP) address, a file-type identifier, a user-profile identifier, and one or more policies associated with the network.
  - 28. The system of claim 22, wherein the information about the one or more assets is received from an agent deployed on the network.
  - 29. The system of claim 28, wherein the agent is configured to scan the devices of the network to obtain the information.
  - 30. The system of claim 28, wherein the computing device is configured to deploy the agent on the network.
  - 31. The system of claim 22, wherein the security token comprises an object generated in accordance with Component Object Model (COM).
  - 32. The system of claim 22, wherein the computing device is configured to generate the security token in accordance with one or more security policies associated with the corresponding asset.
  - 33. The system of claim 23, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not connected to the home network.
  - 34. The system of claim 23, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not stored on a device associated with the home network.
  - 35. The system of claim 23, wherein determining the dissociation of the corresponding asset from the home network comprises detecting an access attempt from a user-profile not associated with the home network.
  - 36. The system of claim 23, wherein the corresponding asset is an electronic file, and the security token is configured to restrict access to the electronic file by deleting content of the electronic file upon determining the dissociation from the home network.
  - 37. The system of claim 22, wherein the information about the security token and the information linking the security token to the corresponding identifier are stored in a database.
  - 38. The system of claim 22, wherein the corresponding asset is an electronic file, and the computing device is configured to initiate an integration of the security token into the electronic file by initiating a code injection to a header portion of the electronic file.
  - 39. The system of claim 22, wherein the corresponding asset is an electronic file, and the computing device is configured to initiate an integration of the security token with the electronic file by initiating an encapsulation of the security token with the electronic file.
  - 40. The system of claim 39, wherein an executable file is generated via the encapsulation.
  - 41. The system of claim 22, wherein the corresponding asset is an electronic document, and the security token is integrated into the document as a portion of a page description language of the document.
  - 42. The system of claim 22, wherein the computing device is configured to:
    - receive, from the corresponding asset, information related to an access attempt pertaining to the asset;
      
      determine, based on the stored information about the security token, whether the access attempt is associated with the home network; and
      
      providing, based on the determination, permission information indicating a level of access granted for the access attempt.

43. One or more machine-readable storage devices storing instructions that are executable by one or more processing devices to perform operations comprising:
- receiving information about one or more assets associated with a network of devices;
  
  generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset, wherein the security token is configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset;
  
  storing, in a storage device, information about the security token and information linking the security token to the corresponding asset; and
  
  initiating integration of the security token with the corresponding asset.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 44. The one or more machine-readable storage devices of claim 43, wherein detecting the occurrence of the unauthorized activity comprises determining a dissociation of the asset from the home network defined for the asset.
  - 45. The one or more machine-readable storage devices of claim 43, wherein the assets associated with the network comprises one or more of:
    - a device connected to the network, a file stored on a storage device connected to the network, and a user-profile associated with the network.
  - 46. The one or more machine-readable storage devices of claim 43, wherein the asset is an electronic file, and initiating the integration of the security token into the asset comprises initiating an encryption of the asset based on the security token.
  - 47. The one or more machine-readable storage devices of claim 43, wherein the home network for the asset is defined based on one or more security policies associated with the asset.
  - 48. The one or more machine-readable storage devices of claim 43, wherein the information includes one or more of:
    - a serial number of a device, a media access control (MAC) address, a file path, a registry key, a network identifier, an interne protocol (IP) address, a file-type identifier, a user-profile identifier, and one or more policies associated with the network.
  - 49. The one or more machine-readable storage devices of claim 43, wherein the information about the one or more assets is received from an agent deployed on the network.
  - 50. The one or more machine-readable storage devices of claim 43, wherein the security token comprises an object generated in accordance with Component Object Model (COM).
  - 51. The one or more machine-readable storage devices of claim 43, wherein the security token is generated in accordance with one or more security policies associated with the corresponding asset.
  - 52. The one or more machine-readable storage devices of claim 44, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not connected to the home network.
  - 53. The one or more machine-readable storage devices of claim 44, wherein determining the dissociation of the corresponding asset from the home network comprises determining that the corresponding asset is not stored on a device associated with the home network.
  - 54. The one or more machine-readable storage devices of claim 44, wherein determining the dissociation of the corresponding asset from the home network comprises detecting an access attempt from a user-profile not associated with the home network.
  - 55. The one or more machine-readable storage devices of claim 44, wherein the corresponding asset is an electronic file, and the security token is configured to restrict access to the electronic file by deleting content of the electronic file upon determining the dissociation from the home network.
  - 56. The one or more machine-readable storage devices of claim 43, wherein the corresponding asset is an electronic file, and initiating an integration of the security token into the electronic file comprises initiating a code injection to a header portion of the electronic file.
  - 57. The one or more machine-readable storage devices of claim 43, wherein the corresponding asset is an electronic file, and initiating an integration of the security token with the electronic file comprises initiating an encapsulation of the security token with the electronic file.
  - 58. The one or more machine-readable storage devices of claim 57, wherein an executable file is generated via the encapsulation.
  - 59. The one or more machine-readable storage devices of claim 43, wherein the corresponding asset is an electronic document, and the security token is integrated into the document as a portion of a page description language of the document.
  - 60. The one or more machine-readable storage devices of claim 43, further comprising instructions for:
    - receiving, from the corresponding asset, information related to an access point attempting to access the asset;
      
      determining, based on the stored information about the security token, whether the access point is associated with the security token; and
      
      providing permission information indicating a level of access permitted for the access point based on the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Document Dynamics, LLC
Original Assignee
Document Dynamics, LLC
Inventors
Caffary, JR., Robert G.

Application Number

US16/180,688
Publication Number

US 20190327221A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Environment-Aware Security Tokens

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

60 Claims

Specification

Solutions

Use Cases

Quick Links

Environment-Aware Security Tokens

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

60 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links