Consumer computer health validation

US 8,185,740 B2
Filed: 03/26/2007
Issued: 05/22/2012
Est. Priority Date: 03/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method of operating a client computer, comprising:

accessing a first web service;

providing a statement of health to the first web service;

receiving a health token from the first web service;

accessing a second web service;

in response to a challenge from the second web service, providing the health token to the second web service; and

configuring the client computer with information on web services authorized to receive health information about the client;

wherein providing a statement of health to the first web service comprises selectively providing the statement of health when the first web service is authorized to receive health information about the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Consumer computers that are not properly configured for safe access to a web service are protected from damage by controlling access to web services based on the health of the client computer. A client health web service receives health information from the client computer, determines the health status of the consumer computer, and issues a token to the consumer computer indicating its health status. The consumer computer can provide this token to other web services, which in turn may provide access to the consumer computer based on the health status indicated in the token. The client health web service may be operated as a web service specifically to determine the health of consumer computers or may have other functions, including providing access to the Internet. Also, the health information may be proxied to another device, such as a gateway device, that manages interactions with the client health web service.

Citations

19 Claims

1. A method of operating a client computer, comprising:
- accessing a first web service;
  
  providing a statement of health to the first web service;
  
  receiving a health token from the first web service;
  
  accessing a second web service;
  
  in response to a challenge from the second web service, providing the health token to the second web service; and
  
  configuring the client computer with information on web services authorized to receive health information about the client;
  
  wherein providing a statement of health to the first web service comprises selectively providing the statement of health when the first web service is authorized to receive health information about the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1,wherein providing the health token to the second web service comprises selectively providing the health token when the second web service is authorized to receive health information about the client.
  - 3. The method of claim 1, wherein providing a statement of health comprises providing information on at least one of a firewall configuration and antivirus software on the client computer.
  - 4. The method of claim 1, wherein receiving a health token from the first web service comprises receiving an X.509 certificate.
  - 5. The method of claim 1, wherein receiving a health token from the first web service comprises receiving a browser cookie.
  - 6. The method of claim 1, further comprising deleting the token from the client computer at an expiry time.

7. A method of operating a first web service, comprising:
- receiving a request for a service from a client computer;
  
  requesting from the client computer status information relating to the health of the client computer;
  
  accessing a second web service to determine a health status of the client computer based on the status information; and
  
  providing a health token to the client computer indicative of the health status of the client computer, wherein providing the health token comprises providing a health token indicating that the client computer does not comply with at least one of a required antivirus protection and a firewall configuration.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein the first web service and the second web service a coupled to the Internet and accessing the second web service comprises providing the status information to the second web service over the Internet.
  - 9. The method of claim 7, wherein providing the health token comprises providing a health token identifying the client computer.
  - 10. The method of claim 7, wherein providing the health token comprises providing a health token indicating that the client computer does not comply with at least one requirements.
  - 11. The method of claim 10, wherein providing a health token to the client computer comprises a token with information identifying the first web service.

12. A system for controlling access to the Internet by a client computer, comprising:
- a gateway device coupled to the client computer, the gateway device being adapted and configured to connect the client computer to the Internet, and the gateway device having gateway computer-readable media having computer-executable instructions for;
  
  receiving health information from the client computer;
  
  determining a validation status of the client computer based on the health information; and
  
  selectively controlling access by the client computer to the Internet based on the validation status, wherein the computer-executable instructions for selectively controlling access comprise computer-executable instructions for controlling bandwidth of a connection of the client computer to a device providing a web service on the Internet based on the validation status, the connection to the device having a first bandwidth when the validation status is validated, the connection to the device having a second bandwidth when the validation status is un-validated, and the first bandwidth being greater than the second bandwidth, wherein;
  
  the connection having the second bandwidth enables the client computer to obtain at least one instruction to remedy health of the client computer.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the gateway device comprises a modem.
  - 14. The system of claim 12, further comprising an authentication server coupled to the gateway device;
    - andwherein the computer-executable instructions for determining the validation status of the client computer comprise computer-executable instructions for providing the health status information to the authentication server.
  - 15. The system of claim 14, wherein the computer-executable instructions for determining the validation status of the client computer comprise computer-executable instructions for receiving from the authentication server a health token generated based on the health status information.
  - 16. The system of claim 15, wherein:
    - the health token comprises a limited health token when the health status information indicates that the client computer does not comply with at least one requirement; and
      
      when the gateway receives the limited health token, the gateway determines that the validation status is un-validated and communicates with an Internet provider so that the connection to the device has the second bandwidth.
  - 17. The system of claim 12, wherein the client computer comprises client computer-readable media having computer-executable instructions for:
    - collecting health information relating to the client; and
      
      providing the health information to the gateway device.
  - 18. The system of claim 17, wherein the computer-executable instructions for collecting health information comprise a plurality of health agent modules.
  - 19. The system of claim 18, wherein the client computer comprises a consumer computer in a home.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Choe, Calvin Choon-Hwan, Mayfield, Paul G.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US11/728,608
Publication Number

US 20080244724A1
Time in Patent Office

1,884 Days
Field of Search

709/225, 713/156, 713/175, 726/5, 726/14
US Class Current

713/175
CPC Class Codes

G06F 21/33   using certificates

G06F 21/50   Monitoring users, programs ...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

Consumer computer health validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Consumer computer health validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links