Compliance validator for restricted network access control

US 8,302,208 B1
Filed: 05/18/2011
Issued: 10/30/2012
Est. Priority Date: 11/16/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining if there are any updates at a central update location for either a compliance validation executable file or a compliance configuration file that require installation, based on a digital hash of the compliance validation executable file and the compliance validation configuration file;

automatically updating a compliance validation executable file and the compliance validation configuration file, if any updates are available;

determining if a compliance validation executable update file has been removed from the central update location;

if the update file has been removed, removing the compliance validation executable file and the compliance validation configuration file from a computer system; and

encrypting a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network. A compliance validation configuration file is created for the computer system. A maintenance service utility is configured to launch a compliance validation executable file at a specified time during operation of the computer system. A digital hash is generated for the compliance validation executable file and for the compliance validation configuration file. A determination is made if the computer system or a computer system user is a member of a configured restricted group. If the computer system or the computer system user is a member of a configured restricted group, a determination is made if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site. If the directory site code does not correspond to a configured and allowed site, compliance with access requirements are enforced. Enforcement actions can include a forced logoff of the computer system user, and/or a forced shutdown of the computer system.

35 Citations

View as Search Results

20 Claims

1. A method, comprising:
- determining if there are any updates at a central update location for either a compliance validation executable file or a compliance configuration file that require installation, based on a digital hash of the compliance validation executable file and the compliance validation configuration file;
  
  automatically updating a compliance validation executable file and the compliance validation configuration file, if any updates are available;
  
  determining if a compliance validation executable update file has been removed from the central update location;
  
  if the update file has been removed, removing the compliance validation executable file and the compliance validation configuration file from a computer system; and
  
  encrypting a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising configuring a maintenance service utility to launch the compliance validation executable file at a specified time during operation of the computer system.
  - 3. The method of claim 2, wherein the step of configuring the maintenance service utility to launch a compliance validation executable file comprises selecting an activation time for the maintenance service utility.
  - 4. The method of claim 1, comprising generating the digital hash for the compliance validation executable file and the compliance validation configuration file.
  - 5. The method of claim 1, comprising determining if the computer system or a computer system user is a member of a configured restricted group.
  - 6. The method of claim 5, comprising if the computer system or the computer system user is a member of the configured restricted group, determining if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site.
  - 7. The method of claim 6, comprising enforcing compliance with access requirements if the directory site code does not correspond to the configured and allowed site.
  - 8. The method of claim 6, wherein the enforcing comprises at least one of:
    - automatically logging the user off the computer system;
      
      automatically shutting down the computer system; and
      
      displaying a message to the user that the computer system is not in compliance with access requirements for the restricted computer network.
  - 9. The method of claim 5, comprising automatically removing the compliance validation executable file and the compliance validation configuration file from the computer system, if either the computer system or the computer system user is not a member of the configured restricted group.

10. A system, comprising:
- a processor that;
  
  determines if there are any updates at a central update location for either a compliance validation executable file or a compliance configuration file that require installation, based on a digital hash of the compliance validation executable file and the compliance validation configuration file;
  
  automatically updates a compliance validation executable file and the compliance validation configuration file, if any updates are available;
  
  determines if a compliance validation executable update file has been removed from the central update location;
  
  if the update file has been removed, removes the compliance validation executable file and the compliance validation configuration file from a computer system; and
  
  encrypts a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the processor configures a maintenance service utility to launch the compliance validation executable file at a specified time during operation of the computer system.
  - 12. The system of claim 11, wherein the processor selects an activation time for the maintenance service utility when the maintenance service utility is configured.
  - 13. The system of claim 10, wherein the processor generates the digital hash for the compliance validation executable file and the compliance validation configuration file.
  - 14. The system of claim 10, wherein the processor determines if the computer system or a computer system user is a member of a configured restricted group.
  - 15. The system of claim 14, wherein the processor determines if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site if the computer system or the computer system user is a member of the configured restricted group.
  - 16. The system of claim 15, wherein the processor enforces compliance with access requirements if the directory site code does not correspond to the configured and allowed site.
  - 17. The system of claim 16, wherein the enforces compliance comprises at least one of:
    - automatically logs the user off the computer system;
      
      automatically shuts down the computer system; and
      
      displays a message to the user that the computer system is not in compliance with access requirements for the restricted computer network.
  - 18. The system of claim 14, wherein the processor automatically removes the compliance validation executable file and the compliance validation configuration file from the computer system, if either the computer system or the computer system user is not a member of the configured restricted group.

19. A non-transitory computer program product comprising a computer readable medium having computer readable code embedded therein, the computer readable medium comprising:
- program instructions that determine if there are any updates at a central update location for either a compliance validation executable file or a compliance configuration file that require installation, based on a digital hash of the compliance validation executable file and the compliance validation configuration file;
  
  program instructions that automatically update a compliance validation executable file and the compliance validation configuration file, if any updates are available;
  
  program instructions that determine if a compliance validation executable update file has been removed from the central update location;
  
  if the update file has been removed, program instructions thatremove the compliance validation executable file and the compliance validation configuration file from a computer system; and
  
  program instructions that encrypt a path to the central update location to prevent tampering with at least one of the compliance validation executable update file and the compliance validation configuration file stored at the central update location.
- View Dependent Claims (20)
- - 20. The computer readable medium of claim 19 comprising program instructions that launch the compliance validation executable file at a specified time during operation of the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Open Invention Network LLC
Inventors
Feeser, Colin Lee, Ondrus, Anthony William, Canup, Mark Jackson
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US13/110,177
Time in Patent Office

531 Days
Field of Search

None
US Class Current

726/27
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 9/0643   Hash functions, e.g. MD5, S...

Compliance validator for restricted network access control

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Compliance validator for restricted network access control

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others