Assessing risk based on offline activity history
First Claim
Patent Images
1. A method for accessing a protected network comprising:
- logging one or more events into an event log in electronic storage, wherein the one or more events occur while a network capable device is disconnected from the protected network, wherein an amount of information logged about an event is based at least in part on a type of the event and wherein the type of events logged is configurable;
aggregating a log of a quantity of websites visited;
computing, using at least one computer processor, hashes of visited URLs and comparing the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and
providing at least one of the event log and the comparison against hashes of URLs of predetermined malicious websites to one or more other devices associated with the protected network in connection with a request for the network capable device to access the protected network.
3 Assignments
0 Petitions
Accused Products
Abstract
Controlling access to a protected network is disclosed. In some embodiments, one or more events that occur will a host is disconnected from the protected network are logged. The log is provided to one or more devices associated with the protected network when the host requests access to the protected network after a period in which it was not connected. In some embodiments, a network access control or other device or process uses the log to determine whether and/or an extent to which the host should be permitted to connect to the network.
-
Citations
37 Claims
-
1. A method for accessing a protected network comprising:
-
logging one or more events into an event log in electronic storage, wherein the one or more events occur while a network capable device is disconnected from the protected network, wherein an amount of information logged about an event is based at least in part on a type of the event and wherein the type of events logged is configurable; aggregating a log of a quantity of websites visited; computing, using at least one computer processor, hashes of visited URLs and comparing the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and providing at least one of the event log and the comparison against hashes of URLs of predetermined malicious websites to one or more other devices associated with the protected network in connection with a request for the network capable device to access the protected network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for controlling access to a protected network comprising:
- receiving from a network client device requesting access to the protected network an electronic activity log of activities of the network client device during a period in which the network client device was not connected to the protected network, wherein an amount of information about an activity in the activity log is based at least in part on a type of the activity and wherein the type of activities logged is configurable;
receiving an aggregated log of a quantity of websites visited; receiving a computation of hashes of visited URLs; comparing the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and determining based at least in part on the activity log and the comparison against hashes of URLs of predetermined websites what access to grant the network client device. - View Dependent Claims (10, 11, 12, 13)
- receiving from a network client device requesting access to the protected network an electronic activity log of activities of the network client device during a period in which the network client device was not connected to the protected network, wherein an amount of information about an activity in the activity log is based at least in part on a type of the activity and wherein the type of activities logged is configurable;
-
14. A system for accessing a protected network comprising:
-
a processor configured to log one or more events that occur while a network capable device is disconnected from the protected network into an event log, wherein an amount of information logged about an event is based at least in part on a type of the event and wherein the type of events logged is configurable; aggregate a log of a quantity of websites visited; compute hashes of visited URLs and compare the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and a communication interface configured to provide the event log and the comparison against hashes of URLs of predetermined malicious websites to one or more other devices associated with the protected network in connection with a request for the network capable device to access the protected network. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A system for controlling access to a protected network comprising:
-
a communication interface configured to receive from a client requesting access to the protected network a log of activities of the client during a period in which the client was not connected to the protected network, wherein an amount of information about an activity in the activity log is based at least in part on a type of the activity and wherein the type of activities logged is configurable; a processor configured to; aggregate a log of a quantity of websites visited; compute hashes of visited URLs and compare the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and determine based at least in part on the activity log and the comparison against hashes of URLs of predetermined malicious websites what access to grant the client. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A computer program product for accessing a protected network, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
logging one or more events that occur while a network capable device is disconnected from the protected network into an event log, wherein an amount of information logged about an event is based at least in part on a type of the event and wherein the type of events logged is configurable; aggregating a log of a quantity of websites visited; computing hashes of visited URLs and comparing the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and providing the event log and the comparison against hashes of URLs of predetermined malicious websites to one or more other devices associated with the protected network in connection with a request for the network capable device to access the protected network. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program product for controlling access to a protected network, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving from a client requesting access to the protected network a log of activities of the client during a period in which the client was not connected to the protected network, wherein an amount of information about an activity in the activity log is based at least in part on a type of the activity and wherein the type of activities logged is configurable; aggregating a log of a quantity of websites visited; computing hashes of visited URLs and comparing the computed hashes of visited URLs against hashes of URLs of predetermined malicious websites; and determining based at least in part on the activity log and the comparison against hashes of URLs of predetermined malicious websites what access to grant the client. - View Dependent Claims (34, 35, 36, 37)
-
Specification