System and method for restricting access to an enterprise network

US 7,509,676 B2
Filed: 07/30/2004
Issued: 03/24/2009
Est. Priority Date: 07/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for determining whether a computer has one or more malicious code items, comprising:

determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network;

providing an indication to a human if it is determined that the computer has one or more malicious code items;

printing a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the invention is a method for restricting access to an enterprise network that includes determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items where the computer accompanies a visitor to a facility associated with the enterprise network. An indication is provided to a human if it is determined that the computer has one or more malicious code items.

58 Citations

View as Search Results

74 Claims

1. A method for determining whether a computer has one or more malicious code items, comprising:
- determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network;
  
  providing an indication to a human if it is determined that the computer has one or more malicious code items;
  
  printing a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein determining whether the computer has one or more malicious code items comprises performing a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 3. The method of claim 1, further comprising:
    - determining whether code associated with one or more programs running on the computer is of a preferred version; and
      
      applying a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 4. The method of claim 3, further comprising:
    - receiving version information associated with the code from the computer; and
      
      comparing the version information to information associated with the preferred version.
  - 5. The method of claim 4, wherein the code comprises an antivirus software application.
  - 6. The method of claim 1, further comprising establishing a communication path between the computer and a security verification station associated with the enterprise network.
  - 7. The method of claim 6, wherein the security verification station is located in the facility associated with the enterprise network.
  - 8. The method of claim 6, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 9. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises coupling a port of the security verification station to a port of the computer.
  - 10. The method of claim 6, wherein establishing a communication path between the computer and the security verification station comprises establishing a wireless communication path between the computer and the security verification station.
  - 11. The method of claim 1, further comprising:
    - associating an identifier with the computer, the identifier indicating whether or not the determining step identified one or more malicious code items;
      
      communicating the identifier from the security verification station to the enterprise network over a communication path; and
      
      storing the identifier in a database associated with the enterprise network.
  - 12. The method of claim 1, further comprising providing a digital certificate to the computer, the digital certificate indicating whether or not the determining step identified one or more malicious code items.
  - 13. The method of claim 1, further comprising indicating to a user that the computer is corrupted if the determining step identified one or more malicious code items.
  - 14. The method of claim 1, further comprising applying a remedial measure to the computer if the determining step identified one or more malicious code items.
  - 15. The method of claim 14, wherein applying the remedial measure comprises removing a file associated with a malicious code from the computer.
  - 16. The method of claim 14, further comprising receiving payment information from a user associated with the computer before applying the remedial measure.
  - 17. The method of claim 1, further comprising performing a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

18. A method for determining whether a computer has one or more malicious code items, comprising:
- determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network;
  
  providing an indication to a human if it is determined that the computer has one or more malicious code items; and
  
  printing a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 19. The method of claim 18, wherein determining whether the computer has one or more malicious code items comprises performing a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 20. The method of claim 18, further comprising:
    - determining whether code associated with one or more programs running on the computer is of a preferred version; and
      
      applying a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 21. The method of claim 20, further comprising:
    - receiving version information associated with the code from the computer; and
      
      comparing the version information to information associated with the preferred version.
  - 22. The method of claim 21, wherein the code comprises an antivirus software application.
  - 23. The method of claim 18, further comprising establishing a communication path between the computer and a security verification station associated with the enterprise network.
  - 24. The method of claim 23, wherein the security verification station is located in the facility associated with the enterprise network.
  - 25. The method of claim 23, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 26. The method of claim 23, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 27. The method of claim 23, wherein establishing a communication path between the computer and the security verification station comprises coupling a port of the security verification station to a port of the computer.
  - 28. The method of claim 23, wherein establishing a communication path between the computer and the security verification station comprises establishing a wireless communication path between the computer and the security verification station.
  - 29. The method of claim 18, further comprising:
    - associating an identifier with the computer, the identifier indicating whether or not the determining step identified one or more malicious code items;
      
      communicating the identifier from the security verification station to the enterprise network over a communication path; and
      
      storing the identifier in a database associated with the enterprise network.
  - 30. The method of claim 18, further comprising providing a digital certificate to the computer, the digital certificate indicating whether or not the determining step identified one or more malicious code items.
  - 31. The method of claim 18, further comprising indicating to a user that the computer is corrupted if the determining step identified one or more malicious code items.
  - 32. The method of claim 18, further comprising adhering the label to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 33. The method of claim 18, further comprising placing a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 34. The method of claim 18, further comprising applying a remedial measure to the computer if the determining step identified one or more malicious code items.
  - 35. The method of claim 34, wherein applying the remedial measure comprises removing a file associated with a malicious code from the computer.
  - 36. The method of claim 34, further comprising receiving payment information from a user associated with the computer before applying the remedial measure.
  - 37. The method of claim 18, further comprising performing a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

38. A system for determining whether a computer has one or more malicious code items, comprising:
- an enterprise network; and
  
  a security verification station associated with the enterprise network, the security verification station at least partially isolated from the enterprise network and operable to;
  
  determine whether a computer that may be connected to the enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network;
  
  provide an indication to a human if it is determined that the computer has one or more malicious code items; and
  
  print a label to adhere to the computer to identify the computer as having passed an inspection for malicious code items.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 39. The system of claim 38, wherein the security verification station is operable to perform a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 40. The system of claim 38, wherein the security verification station is operable to:
    - determine whether code associated with one or more programs running on the computer is a preferred version; and
      
      apply a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 41. The system of claim 40, wherein the security verification station is further operable to:
    - receive version information associated with the code from the computer; and
      
      compare the version information to information associated with the preferred version.
  - 42. The system of claim 41, wherein the code comprises an antivirus software application.
  - 43. The system of claim 38, wherein the security verification station is operable to establish a communication path between the computer and a security verification station associated with the enterprise network.
  - 44. The system of claim 43, wherein the security verification station is located in the facility associated with the enterprise network.
  - 45. The system of claim 43, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 46. The system of claim 43, wherein a port of the security verification station is operable to couple to a port of the computer to establish a communication path between the computer and the security verification station.
  - 47. The system of claim 43, wherein the security verification station is operable to establish a wireless communication path between the computer and the security verification station.
  - 48. The system of claim 38, wherein the security verification station is further operable to:
    - associate an identifier with the computer, the identifier indicating whether or not the security verification station determined that the computer has one or more malicious code items;
      
      communicate the identifier from the security verification station to the enterprise network over a communication path; and
      
      store the identifier in a database associated with the enterprise network.
  - 49. The system of claim 38, wherein the security verification station is further operable to provide a digital certificate to the computer, the digital certificate indicating whether or not the security verification station determined that the computer has one or more malicious code items.
  - 50. The system of claim 38, wherein the security verification station is further operable to indicate to a user that the computer is corrupted if the security verification station determined that the computer has one or more malicious codes.
  - 51. The system of claim 38, wherein the security verification station is further operable to apply a remedial measure to the computer if the security verification station determined that the computer has one or more malicious code items.
  - 52. The system of claim 51, wherein, when applying the remedial measure, the security verification station is further operable to remove a file associated with a malicious code from the computer.
  - 53. The system of claim 51, wherein the security verification station is further operable to receive payment information from a user associated with the computer before applying the remedial measure.
  - 54. The system of claim 38, wherein the security verification station is further operable to perform a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

55. A system for determining whether a computer has one or more malicious code items, comprising:
- an enterprise network; and
  
  a security verification station associated with the enterprise network, the security verification station at least partially isolated from the enterprise network and operable to;
  
  determine whether a computer that may be connected to the enterprise network on a temporary basis has one or more malicious code items, the computer accompanying a visitor to a facility associated with the enterprise network;
  
  provide an indication to a human if it is determined that the computer has one or more malicious code items; and
  
  print a label to adhere to the computer to identify the computer as having failed an inspection for malicious code items.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
- - 56. The system of claim 55, wherein the security verification station is operable to perform a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 57. The system of claim 55, wherein the security verification station is operable to:
    - determine whether code associated with one or more programs running on the computer is a preferred version; and
      
      apply a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 58. The system of claim 57, wherein the security verification station is further operable to:
    - receive version information associated with the code from the computer; and
      
      compare the version information to information associated with the preferred version.
  - 59. The system of claim 58, wherein the code comprises an antivirus software application.
  - 60. The system of claim 55, wherein the security verification station is operable to establish a communication path between the computer and a security verification station associated with the enterprise network.
  - 61. The system of claim 60, wherein the security verification station is located in the facility associated with the enterprise network.
  - 62. The system of claim 60, wherein the security verification station comprises a stand-alone device that is isolated from the enterprise network.
  - 63. The system of claim 60, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 64. The system of claim 60, wherein a port of the security verification station is operable to couple to a port of the computer to establish a communication path between the computer and the security verification station.
  - 65. The system of claim 60, wherein the security verification station is operable to establish a wireless communication path between the computer and the security verification station.
  - 66. The system of claim 55, wherein the security verification station is further operable to:
    - associate an identifier with the computer, the identifier indicating whether or not the security verification station determined that the computer has one or more malicious code items;
      
      communicate the identifier from the security verification station to the enterprise network over a communication path; and
      
      store the identifier in a database associated with the enterprise network.
  - 67. The system of claim 55, wherein the security verification station is further operable to provide a digital certificate to the computer, the digital certificate indicating whether or not the security verification station determined that the computer has one or more malicious code items.
  - 68. The system of claim 55, wherein the security verification station is further operable to indicate to a user that the computer is corrupted if the security verification station determined that the computer has one or more malicious codes.
  - 69. The system of claim 55, wherein the label is adapted to be adhered to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 70. The system of claim 55, wherein the security verification station is further operable to place a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 71. The system of claim 55, wherein the security verification station is further operable to apply a remedial measure to the computer if the security verification station determined that the computer has one or more malicious code items.
  - 72. The system of claim 71, wherein, when applying the remedial measure, the security verification station is further operable to remove a file associated with a malicious code from the computer.
  - 73. The system of claim 71, wherein the security verification station is further operable to receive payment information from a user associated with the computer before applying the remedial measure.
  - 74. The system of claim 55, wherein the security verification station is further operable to perform a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Trueba, Luis Ruben Zapien
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Simitoski; Michael J

Application Number

US10/909,258
Publication Number

US 20060026686A1
Time in Patent Office

1,698 Days
Field of Search

713/188, 726/22, 726/23, 726/24, 726/25, 709/225
US Class Current

726/22
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

System and method for restricting access to an enterprise network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for restricting access to an enterprise network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links