Compliance validator for restricted network access control

US 7,966,665 B1
Filed: 11/16/2007
Issued: 06/21/2011
Est. Priority Date: 11/16/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network, comprising the steps of:

creating a compliance validation configuration file for the computer system;

configuring a maintenance service utility to launch a compliance validation executable file at a specified time during operation of the computer system;

generating a digital hash for the compliance validation executable file and the compliance validation configuration file;

determining if the computer system or a computer system user is a member of a configured restricted group;

if the computer system or the computer system user is a member of a configured restricted group, determining if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site; and

enforcing compliance with access requirements if the directory site code does not correspond to a configured and allowed site;

determining if there are any updates at a central update location for either the compliance validation executable or configuration files that require installation, based on the digital hash of the compliance validation executable and configuration files;

automatically updating the compliance validation executable file and compliance validation configuration file, if any updates are available;

determining if a compliance validation executable update file has been removed from the central update location;

if the update file has been removed, removing the compliance validation executable file and the compliance validation configuration file from the computer system; and

encrypting a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network. A compliance validation configuration file is created for the computer system. A maintenance service utility is configured to launch a compliance validation executable file at a specified time during operation of the computer system. A digital hash is generated for the compliance validation executable file and for the compliance validation configuration file. A determination is made if the computer system or a computer system user is a member of a configured restricted group. If the computer system or the computer system user is a member of a configured restricted group, a determination is made if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site. If the directory site code does not correspond to a configured and allowed site, compliance with access requirements are enforced. Enforcement actions can include a forced logoff of the computer system user, and/or a forced shutdown of the computer system.

Citations

15 Claims

1. A method for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network, comprising the steps of:
- creating a compliance validation configuration file for the computer system;
  
  configuring a maintenance service utility to launch a compliance validation executable file at a specified time during operation of the computer system;
  
  generating a digital hash for the compliance validation executable file and the compliance validation configuration file;
  
  determining if the computer system or a computer system user is a member of a configured restricted group;
  
  if the computer system or the computer system user is a member of a configured restricted group, determining if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site; and
  
  enforcing compliance with access requirements if the directory site code does not correspond to a configured and allowed site;
  
  determining if there are any updates at a central update location for either the compliance validation executable or configuration files that require installation, based on the digital hash of the compliance validation executable and configuration files;
  
  automatically updating the compliance validation executable file and compliance validation configuration file, if any updates are available;
  
  determining if a compliance validation executable update file has been removed from the central update location;
  
  if the update file has been removed, removing the compliance validation executable file and the compliance validation configuration file from the computer system; and
  
  encrypting a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method for detecting and enforcing compliance with access requirements of claim 1 wherein the step of enforcing compliance comprises at least one of automatically logging the user off the computer system, and automatically shutting down the computer system.
  - 3. The method for detecting and enforcing compliance with access requirements of claim 1 wherein the step of enforcing compliance comprises displaying a message to the user that the computer system is not in compliance with access requirements for the restricted computer network.
  - 4. The method for detecting and enforcing compliance with access requirements of claim 1 further comprising automatically removing the compliance validation executable file and the compliance validation configuration file from the computer system, if either the computer system or the computer system user is not a member of a configured restricted group.
  - 5. The method for detecting and enforcing compliance with access requirements of claim 1 wherein the step of configuring the maintenance service utility to launch a compliance validation executable file comprises selecting an activation time for the maintenance service utility.

6. A system for detecting and enforcing compliance with access requirements for a computer in a restricted computer network, comprising:
- a local data store;
  
  a processor for executing a plurality of components including;
  
  a component for creating a compliance validation configuration file and storing the configuration file in the local data store;
  
  a component for configuring a maintenance service utility to launch a compliance validation executable file stored in the local data store at a specified time during operation of the computer;
  
  a component for generating a digital hash for the compliance validation executable file and the compliance validation configuration file;
  
  a component for determining if the computer or a computer user is a member of a configured restricted group;
  
  a component for determining if a directory site code for a subnet of the restricted computer network to which the computer is connected corresponds to a configured and allowed site, if the computer or the computer user is a member of a configured restricted group; and
  
  a component for enforcing compliance with access requirements if the directory site code does not correspond to a configured and allowed site;
  
  a component for determining if there are any updates at a central update location for either the compliance validation executable or configuration files that require installation, based on the digital hash of the compliance validation executable and configuration files;
  
  a component for automatically updating the compliance validation executable file and compliance validation configuration file, if any updates are available;
  
  a component for determining if a compliance validation executable update file has been removed from the central update location, and if the update file has been removed, removing the compliance validation executable file and the compliance validation configuration file from the computer;
  
  a component for encrypting a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location; and
  
  a component for automatically removing the compliance validation executable file and the compliance validation configuration file from the computer, if either the computer or the computer user is not a member of a configured restricted group.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system for detecting and enforcing compliance with access requirements of claim 6 wherein the component for enforcing compliance automatically logs the user off the computer.
  - 8. The system for detecting and enforcing compliance with access requirements of claim 6 wherein the component for enforcing compliance automatically shuts down the computer.
  - 9. The system for detecting and enforcing compliance with access requirements of claim 6 wherein the component for enforcing compliance displays a message to the user that the computer is not in compliance with access requirements for the restricted computer network.
  - 10. The system for detecting and enforcing compliance with access requirements of claim 6 wherein the component for configuring the maintenance service utility to launch a compliance validation executable file comprises a module for selecting an activation time for the maintenance service utility.

11. A non-transitory computer program product for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network when operated on a processor of the computer system, the program product comprising a computer readable medium having computer readable code embedded therein, the computer readable medium comprising:
- program instructions that create a compliance validation configuration file for the computer system;
  
  program instructions that configure a maintenance service utility to launch a compliance validation executable file at a specified time during operation of the computer system;
  
  program instructions that generate a digital hash for the compliance validation executable file and the compliance validation configuration file;
  
  program instructions that determine if the computer system or a computer system user is a member of a configured restricted group; and
  
  program instructions that determine if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site, if the computer system or the computer system user is a member of a configured restricted group; and
  
  program instructions that enforce compliance with access requirements if the directory site code does not correspond to a configured and allowed site;
  
  program instructions that determine if there are any updates at a central update location for either the compliance validation executable or configuration files that require installation, based on the digital hash of the compliance validation executable and configuration files;
  
  program instructions that automatically update the compliance validation executable file and compliance validation configuration file, if any updates are available;
  
  program instructions that determine if a compliance validation executable update file has been removed from the central update location; and
  
  program instructions that remove the compliance validation executable file and the compliance validation configuration file from the computer system, if the update file has been removed; and
  
  program instructions that encrypt a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer program product for detecting and enforcing compliance with access requirements of claim 11 wherein the program instructions that enforce compliance automatically log the user off or automatically shut down the computer system.
  - 13. The non-transitory computer program product for detecting and enforcing compliance with access requirements of claim 11 wherein the program instructions that enforce compliance display a message to the user that the computer system is not in compliance with access requirements for the restricted computer network.
  - 14. The non-transitory computer program product for detecting and enforcing compliance with access requirements of claim 11 further comprising program instructions that automatically remove the compliance validation executable file and the compliance validation configuration file from the computer system, if the computer system or the computer system user is not a member of a configured restricted group.
  - 15. The non-transitory computer program product for detecting and enforcing compliance with access requirements of claim 11 wherein the program instructions that automatically configure the maintenance service utility to launch a compliance validation executable file comprise program instructions for enabling selection of an activation time for the maintenance service utility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Invention Network LLC
Original Assignee
Open Invention Network LLC
Inventors
Feeser, Colin Lee, Canup, Mark Jackson, Ondrus, Anthony William
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US11/941,546
Time in Patent Office

1,313 Days
Field of Search

None
US Class Current

726/30
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 9/0643   Hash functions, e.g. MD5, S...

Compliance validator for restricted network access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Compliance validator for restricted network access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links