Applying differing security policies for users who contribute differently to machine hygiene

US 8,239,953 B1
Filed: 03/26/2009
Issued: 08/07/2012
Est. Priority Date: 03/26/2009
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium storing executable computer program instructions for applying differing levels of security policy to interactions of users with a client according to hygiene of the users and the client, the computer program instructions comprising instructions for performing steps comprising:

retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client;

determining that a user is attempting to log onto the client;

retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user;

updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the clientdynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and

applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security module manages differences in hygiene by applying differing levels of security policy to interactions of users with clients according to separate hygiene of the users and the clients. The module monitors computer security practices of clients and users in an environment, and uses this to client a machine hygiene score for a given client and a user hygiene score for a given user. The scores represent an assessment of the trustworthiness of the client and of the user. The module dynamically combines the scores computed for an interaction between the given user and given client, and applies a level of security policy to the interaction accordingly, determining what activities can be performed on the client based on the level of policy applied.

63 Citations

View as Search Results

14 Claims

1. A non-transitory computer-readable storage medium storing executable computer program instructions for applying differing levels of security policy to interactions of users with a client according to hygiene of the users and the client, the computer program instructions comprising instructions for performing steps comprising:
- retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client;
  
  determining that a user is attempting to log onto the client;
  
  retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user;
  
  updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the clientdynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and
  
  applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-readable storage medium of claim 1, further comprising instructions for:
    - computing a user hygiene score for a second user and a third user, the user hygiene score for the second user lower than the user hygiene score for the third user;
      
      dynamically combining the user hygiene score for the second user with the machine hygiene score for the client to determine a combined score for an interaction in which the second user uses the client; and
      
      applying a level of security policy to the interaction between the second user and the client, wherein activities permitted for the second user on the client are more restricted than activities permitted for the third user on the client.
  - 3. The computer-readable storage medium of claim 1, further comprising instructions for:
    - monitoring computer security practices of the client, wherein results of the monitoring are used in computing the machine hygiene score; and
      
      monitoring the computer security practices of the user, wherein results of the monitoring are used in computing the user hygiene score.
  - 4. The computer-readable storage medium of claim 3, wherein one or more of the two monitoring, retrieving, and combining steps are performed on a reputation server, the reputation server configured to monitor computer security practices of a plurality of clients and a plurality of users, the monitoring used in computing hygiene scores for the clients and the users.
  - 5. The computer-readable storage medium of claim 1, further comprising instructions for calculating reputation scores for files accessed by the user or the client, a reputation score representing an assessment of whether a file is malicious, wherein the reputation scores are used in computing the user hygiene score.

6. A computer-implemented method of applying differing levels of security policy to interactions of users with clients according to hygiene of the users and the clients, the method comprising:
- retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client;
  
  determining that a user is attempting to log onto the client;
  
  retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user;
  
  updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the client;
  
  dynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and
  
  applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - computing a user hygiene score for a second user and a third user, the user hygiene score for the second user lower than the user hygiene score for the third user;
      
      dynamically combining the user hygiene score for the second user with the machine hygiene score for the client to determine a combined score for an interaction in which the second user uses the client; and
      
      applying a level of security policy to the interaction between the second user and the client, wherein activities permitted for the second user on the client are more restricted than activities permitted for the third user on the client.
  - 8. The method of claim 6, further comprising:
    - monitoring computer security practices of the client, wherein results of the monitoring are used in computing the machine hygiene score; and
      
      monitoring the computer security practices of the user, wherein results of the monitoring are used in computing the user hygiene score.
  - 9. The method of claim 8, wherein one or more of the two monitoring, computing, and combining steps are performed on a reputation server, the reputation server configured to monitor computer security practices of a plurality of clients and a plurality of users, the monitoring used in computing hygiene scores for the clients and the users.
  - 10. The method of claim 6, further comprises calculating reputation scores for files accessed by the user or the client, a reputation score representing an assessment of whether a file is malicious, wherein the reputation scores are used in computing the user hygiene score.

11. A computer system for applying differing levels of security policy to interactions of users with clients according to hygiene of the users and the clients, the system comprising:
- a computer-readable storage medium storing executable software modules, comprising;
  
  a scoring module for retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client;
  
  the scoring module for determining that a user is attempting to log onto the client, and for retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of the trustworthiness of the user;
  
  a score combining module for updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the client;
  
  the score combining module further for dynamically combining the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client;
  
  a security application module for applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client; and
  
  a processor configured to execute the software modules stored by the computer readable storage medium.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein:
    - the scoring module is further configured for computing a user hygiene score for a second user and a third user, the user hygiene score for the second user lower than the user hygiene score for the third user;
      
      the score combining module is further configured for dynamically combining the user hygiene score for the second user with the machine hygiene score for the client to determine a combined score for the interaction in which the second user uses the client; and
      
      the security application module is further configured for applying a level of security policy to the interaction between the second user and the client, wherein activities permitted for the second user on the client are more restricted than activities permitted for the third user on the client.
  - 13. The system of claim 11, further comprising:
    - a monitoring module for monitoring computer security practices of the client, wherein results of the monitoring are used in computing the machine hygiene score; and
      
      the monitoring module for monitoring the computer security practices of the user, wherein results of the monitoring are used in computing the user hygiene score.
  - 14. The system of claim 11, wherein the scoring module is further configured for calculating reputation scores for files accessed by the user or the client, a reputation score representing an assessment of whether a file is malicious, the reputation scores used in the computing of the user hygiene score and the machine hygiene score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Sobel, William E.
Primary Examiner(s)
Patel, Haresh N
Assistant Examiner(s)
Rashid, Harunur

Application Number

US12/412,232
Time in Patent Office

1,230 Days
Field of Search

726/1, 726/25, 726/27
US Class Current

726/25
CPC Class Codes

H04L 63/105 Multiple levels of security

Applying differing security policies for users who contribute differently to machine hygiene

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Applying differing security policies for users who contribute differently to machine hygiene

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links