System, method, apparatus, and computer program product for facilitating digital communications

US 7,725,589 B2
Filed: 04/18/2008
Issued: 05/25/2010
Est. Priority Date: 08/16/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, performed by at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computerhaving a plurality of client policies stored thereon, at least one of the plurality of client policies including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer, the method comprising:

receiving a request from a user of the remote computer for access to the secured computer;

determining an identity of the user;

selecting, based on the identity of the user, one of the at least one of the plurality of client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer;

verifying that the remote computer conforms with the selected client policy; and

connecting the client to the secured computer if the remote computer conforms with the selected client policy.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method and apparatus prevents unsecured access to a computer over a network by a client running on a remote computer. In one aspect of the present invention, a client policy is stored on the remote computer. The client policy includes a configuration of the remote computer that reduces the likelihood of a security breach of the computer as a result of the remote computer accessing the computer. A request is received from a user for access to the computer. It is verified that the remote computer conforms with the client policy, and the client is connected to said computer.

Citations

28 Claims

1. A computer-implemented method, performed by at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computerhaving a plurality of client policies stored thereon, at least one of the plurality of client policies including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer, the method comprising:
- receiving a request from a user of the remote computer for access to the secured computer;
  
  determining an identity of the user;
  
  selecting, based on the identity of the user, one of the at least one of the plurality of client policies including a configuration of the remote computer that reduces the likelihood of a security breach of the secured computer;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method recited in claim 1, wherein verifying comprises verifying that none of a list of forbidden applications are running on the remote computer.
  - 3. The method recited in claim 2, wherein the list of forbidden applications comprises a virus, a spyware application, an instant messaging application, an unlicensed application, and/or a file-sharing application.
  - 4. The method recited in claim 1, wherein verifying comprises verifying that all of a list of required applications are running on the remote computer.
  - 5. The method recited in claim 4, wherein the list of required applications comprises a firewall application, an anti-virus application, and/or an anti-spyware application.
  - 6. The method recited in claim 1, further comprising:
    - periodically determining that the remote computer conforms with the selected client policy; and
      
      taking a policy-based action if the remote computer does not conform to the selected client policy, the policy-based action comprising correcting a non-conforming condition and/or notifying the user of the non-conforming condition.
  - 7. The method recited in claim 6, further comprising:
    - disconnecting the client from the secured computer and/or the network if the non-conforming condition cannot be corrected.
  - 8. The method recited in claim 1, further comprising:
    - transmitting a list of policy violations to an access control gateway.

9. A computer-implemented method, performed by at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the method comprising:
- transmitting at least one client policy to the remote computer, the at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving identity information indicating an identity of a user of the remote computer;
  
  receiving policy violation information from the remote computer, the policy violation information indicating a policy violation based on the identity of the user; and
  
  modifying access rights of the user based on the received policy violation information.
- View Dependent Claims (10)
- - 10. The method recited in claim 9, wherein modifying access rights comprises denying the remote computer access to the secured computer.

11. A computer-readable storage medium encoded with a plurality of instructions that, when executed by a computer perform a method of preventing unsecured access to a secured computer over a network by a client running on a remote computerhaving at least one client policy stored thereon, the at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer, the method comprising:
- receiving a request from a user of the remote computer for access to the secured computer;
  
  receiving identity information indicating an identity of the user;
  
  determining whether the remote computer conforms with the at least one client policy, the determination being based, at least in part, on the identity information; and
  
  connecting the client to the secured computerif the remote computer conforms with the at least one client policy.

12. A computer-readable storage medium encoded with a plurality of instructions that, when executed by a computer perform a method of preventing unsecured access to a secured computer over a network by a client running on a remote computer, the method comprising:
- transmitting at least one client policy to the remote computer, the at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving identity information indicating an identity of a user of the remote computer;
  
  receiving policy violation information from said remote computer, the policy violation information indicating a policy violation based on the identity of the user; and
  
  modifying access rights of the user of the remote computer based on the received policy violation information, wherein modifying access rights comprises preventing the remote computer from accessing the secured computer over the network until the policy violation is removed.

13. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer having a plurality of client policies stored thereon, at least one of said plurality of client policies including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer, the apparatus comprising:
- at least one processor programmed to;
  
  receive a request from a user of the remote computer for access to the secured computer, the request including identity information indicating an identity of the user;
  
  select one of said plurality of client policies based on the identity information;
  
  verify that the remote computer conforms with the selected client policy; and
  
  connect the client to the secured computer if the remote computer conforms with the required client policy.

14. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the apparatus comprising:
- at least one processor programmed to;
  
  transmit at least one client policy to the remote computer, the at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receive identity information indicating an identity of a user of the remote computer;
  
  receive priority violation information from the remote computer, the policy violation information indicating a policy violation based on the identity of the user; and
  
  modify access rights of the user of the remote computer based on the received policy violation information.

15. A computer system comprising:
- a remote computer comprising a client executing thereon anda storage device configured to store a plurality of client policies, the plurality of client policies comprising at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer; and
  
  an input/output device having at least one processor configured to;
  
  receive a request from a user of the remote computer for access to the secured computer, the request including identity information indicating an identity of the user; and
  
  select one of the plurality of client policies based on the identity information;
  
  verify that the remote computer conforms with the selected client policy; and
  
  connect the client to the secured computer if the remote computer conforms with the required client policy.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer system recited in claim 15, wherein verifying comprises verifying that none of a list of forbidden applications are running on the remote computer.
  - 17. The computer system recited in claim 16, wherein the list of forbidden applications includes a virus application, a spyware application, an instant messaging application, an unlicensed application, and/or a file-sharing application.
  - 18. The computer system recited in claim 15, wherein verifying comprises verifying that all of a list of required applications are running on the remote computer.
  - 19. The computer system recited in claim 18, wherein the list of required applications includes a firewall application, an anti-virus application, and/or an antispyware application.

20. An apparatus for preventing unsecured access to a secured computer over a network by a client running on a remote computer having a plurality of client policies stored thereon, the apparatus comprising:
- an input/output device including at least one processor programmed to;
  
  transmit at least one client policy to the remote computer, the at least one client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computerreceive a list of policy violations from the remote computer;
  
  receive a request from a user of the remote computer for access to the secured computer, the request including identity information indicating an identity of the user;
  
  select one of the plurality of client policies based on the identity information;
  
  verify that the remote computer conforms to the selected client policy; and
  
  modify access rights of the user of the remote computer for access to the secured computer.
- View Dependent Claims (21)
- - 21. The apparatus recited in claim 20, wherein modifying access rights comprises denying the remote computer access to the secured computer if the remote computer does not conform to the selected client policy.

22. A computer-implemented method, performed by at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the method comprising:
- storing a plurality of client policies, at least one of the plurality of client policies including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a specified user of the remote computer for access to the secured computer;
  
  determining an identity of the specified user;
  
  selecting, based on the identity of the specified user, one of the plurality of client policies, the selected client policy including a list of forbidden applications that cannot run on the remote computer if the specified user is using the remote computer and a list of required applications that must run on the remote computer if the specified user is using the remote computer;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.
- View Dependent Claims (23, 24)
- - 23. The method according to claim 22, wherein the list of prohibited applications includes a virus, a spyware application, an instant messaging application, an unlicensed application, and/or a file-sharing application.
  - 24. The method according to claim 22, wherein the list of required applications includes a firewall application, an anti-virus application, and/or an antispyware application.

25. A computer-implemented method, performed by at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the method comprising:
- storing a plurality of client policies, at least one of the plurality of client policies including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a user at the remote computer for access to the secured computer;
  
  determining a status of the remote computer;
  
  selecting, based on the status of the remote computer, one of the plurality of client policies;
  
  verifying that the remote computer conforms with the selected client policy; and
  
  connecting the client to the secured computer if the remote computer conforms with the selected client policy.

26. A computer-implemented method, performed on at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computer, the method comprising:
- transmitting a client policy to the remote computer, the client policy including a configuration of the remote computer that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving status information indicating a status of the remote computer;
  
  receiving policy violation information from the remote computer, the policy violation information indicating a policy violation based on the status of the remote computer; and
  
  modifying access rights of the remote computer to access a resource of the secured computer based on the policy violation information.

27. A computer-implemented method, performed on at least one processor, for preventing unsecured access to a secured computer over a network by a client running on a remote computer, comprising:
- storing a plurality of client policies, at least one of the plurality of client policies including information of a preferred connection method that reduces a likelihood of a security breach of the secured computer as a result of the remote computer accessing the secured computer;
  
  receiving a request from a user at the remote computer for access to the secured computer;
  
  determining a location of the remote computer;
  
  selecting, based on the location of the remote computer, one of the plurality of client policies, the selected client policy including the preferred connection method; and
  
  connecting the client to the secured computer in accordance with the selected client policy and the preferred connection method.
- View Dependent Claims (28)
- - 28. The method according to claim 27, further comprising:
    - determining an authentication method to be used to authenticate the user for connection to the secured computer, the authentication method being determined based, at least in part, on an identity of a user of the remote computer, the location of the remote computer, and/or the preferred connection method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Pappano, Joseph E., Bluestone, Derek, Adams, Clinton, Pressman, Howard M., Nicodemus, Blair Gaver
Primary Examiner(s)
Walsh; John B.

Application Number

US12/105,674
Publication Number

US 20080222696A1
Time in Patent Office

767 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

System, method, apparatus, and computer program product for facilitating digital communications

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, apparatus, and computer program product for facilitating digital communications

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links