Applying differing security policies for users who contribute differently to machine hygiene
First Claim
1. A non-transitory computer-readable storage medium storing executable computer program instructions for applying differing levels of security policy to interactions of users with a client according to hygiene of the users and the client, the computer program instructions comprising instructions for performing steps comprising:
- retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client;
determining that a user is attempting to log onto the client;
retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user;
updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the clientdynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and
applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A security module manages differences in hygiene by applying differing levels of security policy to interactions of users with clients according to separate hygiene of the users and the clients. The module monitors computer security practices of clients and users in an environment, and uses this to client a machine hygiene score for a given client and a user hygiene score for a given user. The scores represent an assessment of the trustworthiness of the client and of the user. The module dynamically combines the scores computed for an interaction between the given user and given client, and applies a level of security policy to the interaction accordingly, determining what activities can be performed on the client based on the level of policy applied.
63 Citations
14 Claims
-
1. A non-transitory computer-readable storage medium storing executable computer program instructions for applying differing levels of security policy to interactions of users with a client according to hygiene of the users and the client, the computer program instructions comprising instructions for performing steps comprising:
-
retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client; determining that a user is attempting to log onto the client; retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user; updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the client dynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method of applying differing levels of security policy to interactions of users with clients according to hygiene of the users and the clients, the method comprising:
-
retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client; determining that a user is attempting to log onto the client; retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of trustworthiness of the user; updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the client; dynamically combining in real time the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; and applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer system for applying differing levels of security policy to interactions of users with clients according to hygiene of the users and the clients, the system comprising:
-
a computer-readable storage medium storing executable software modules, comprising; a scoring module for retrieving a machine hygiene score for the client, the machine hygiene score computed based on computer security practices of the client, the machine hygiene score representing an assessment of trustworthiness of the client; the scoring module for determining that a user is attempting to log onto the client, and for retrieving a user hygiene score for the user based on login account information for the user, the user hygiene score computed based on computer security practices of the user, the user hygiene score representing an assessment of the trustworthiness of the user; a score combining module for updating the user hygiene score and the machine hygiene score in real time based on current information determined by monitoring of the computer security practices of the user and the client; the score combining module further for dynamically combining the user hygiene score and the machine hygiene score to determine a combined score for an interaction in which the user uses the client; a security application module for applying a level of security policy to the interaction between the user and the client responsive to the combined score, wherein the security policy applied determines what activities the user can perform on the client; and a processor configured to execute the software modules stored by the computer readable storage medium. - View Dependent Claims (12, 13, 14)
-
Specification