System and method for restricting access to an enterprise network

US 8,434,152 B2
Filed: 03/19/2009
Issued: 04/30/2013
Est. Priority Date: 07/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for restricting access to an enterprise network, comprising:

connecting, by a security verification station, to a computer before the computer is able to access the enterprise network, the security verification station comprising a stand-alone device, separate from the computer, that is isolated from the enterprise network;

determining, by the security verification station, whether the computer has one or more malicious code items;

providing, by the security verification station, an indication if it is determined that the computer has one or more malicious code items; and

printing a label to identify the computer as having either passed or failed an inspection for malicious code items.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect of the invention is a method for restricting access to an enterprise network that includes determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items where the computer accompanies a visitor to a facility associated with the enterprise network. An indication is provided to a human if it is determined that the computer has one or more malicious code items.

27 Citations

View as Search Results

33 Claims

1. A method for restricting access to an enterprise network, comprising:
- connecting, by a security verification station, to a computer before the computer is able to access the enterprise network, the security verification station comprising a stand-alone device, separate from the computer, that is isolated from the enterprise network;
  
  determining, by the security verification station, whether the computer has one or more malicious code items;
  
  providing, by the security verification station, an indication if it is determined that the computer has one or more malicious code items; and
  
  printing a label to identify the computer as having either passed or failed an inspection for malicious code items.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein determining whether the computer has one or more malicious code items comprises performing a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 3. The method of claim 1, further comprising:
    - determining whether code associated with one or more programs running on the computer is of a preferred version; and
      
      applying a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 4. The method of claim 3, further comprising:
    - receiving version information associated with the code from the computer; and
      
      comparing the version information to information associated with the preferred version.
  - 5. The method of claim 4, wherein the code comprises an antivirus software application.
  - 6. The method of claim 1, wherein the security verification station comprises a kiosk located in a facility associated with the enterprise network.
  - 7. The method of claim 1, further comprising establishing a communication path between the computer and the security verification station by coupling a port of the security verification station to a port of the computer.
  - 8. The method of claim 1, further comprising establishing a communication path between the computer and the security verification station by establishing a wireless communication path between the computer and the security verification station.
  - 9. The method of claim 1, further comprising providing a digital certificate to the computer, the digital certificate indicating whether or not the determining step identified one or more malicious code items.
  - 10. The method of claim 1, further comprising indicating to a user that the computer is corrupted if the determining step identified one or more malicious code items.
  - 11. The method of claim 1, further comprising adhering the label to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 12. The method of claim 1, further comprising locking a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 13. The method of claim 1, further comprising applying a remedial measure to the computer if the determining step identified one or more malicious code items.
  - 14. The method of claim 13, wherein applying the remedial measure comprises removing a file associated with a malicious code from the computer.
  - 15. The method of claim 13, further comprising receiving payment information from a user associated with the computer before applying the remedial measure.
  - 16. The method of claim 1, further comprising performing a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

17. A security verification station for restricting access to an enterprise network, comprising:
- a processor; and
  
  a computer-readable medium storing instructions that, when executed, cause the processor to perform at least the following steps before a computer brought to a secured reception area of a facility associated with the enterprise network is able to connect to the enterprise network;
  
  establish a communication path with the computer;
  
  determine whether the computer has one or more malicious code items;
  
  provide an indication to a human if it is determined that the computer has one or more malicious code items; and
  
  print a label to identify the computer as having either passed or failed an inspection for malicious code items,wherein the security verification station is located in the secured reception area; and
  
  wherein the security verification station comprises a stand-alone device, separate from the computer, that is isolated from the enterprise network.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 18. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to perform a scan of one or more files or systems on the computer to identify a virus, worm, or other malicious code item.
  - 19. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to:
    - determine whether code associated with one or more programs running on the computer is a preferred version; and
      
      apply a patch to the code if it is determined that the code is not the preferred version, the patch applied to replace a portion of the code.
  - 20. The security verification station of claim 19, wherein the instructions, when executed, further cause the processor to:
    - receive version information associated with the code from the computer; and
      
      compare the version information to information associated with the preferred version.
  - 21. The security verification station of claim 20, wherein the code comprises an antivirus software application.
  - 22. The security verification station of claim 17, wherein the instructions, when executed, cause the processor to establish a local communication path between the computer and the security verification station.
  - 23. The security verification station of claim 22, wherein the security verification station comprises a kiosk located in the facility associated with the enterprise network.
  - 24. The security verification station of claim 22, further comprising a port operable to couple to a port of the computer to establish the communication path between the computer and the security verification station.
  - 25. The security verification station of claim 22, wherein the instructions, when executed, cause the processor to establish a wireless communication path between the computer and the security verification station.
  - 26. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to provide a digital certificate to the computer, the digital certificate indicating whether or not the security verification station determined that the computer has one or more malicious code items.
  - 27. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to indicate to a user that the computer is corrupted if the security verification station determined that the computer has one or more malicious codes.
  - 28. The security verification station of claim 17, wherein the label is adapted to be adhered to a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 29. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to place a lock on a port of the computer to make it more difficult to access the enterprise network using the computer.
  - 30. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to apply a remedial measure to the computer if the security verification station determined that the computer has one or more malicious code items.
  - 31. The security verification station of claim 30, wherein, when applying the remedial measure, the instructions, when executed, further cause the processor to remove a file associated with a malicious code from the computer.
  - 32. The security verification station of claim 30, wherein the instructions, when executed, further cause the processor to receive payment information from a user associated with the computer before applying the remedial measure.
  - 33. The security verification station of claim 17, wherein the instructions, when executed, further cause the processor to perform a security practices assessment to determine whether the computer is vulnerable to one or more malicious code items.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Trueba, Luis Ruben Zapien
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US12/407,305
Publication Number

US 20090183233A1
Time in Patent Office

1,503 Days
Field of Search

726/3, 726 23- 25, 709/227, 705/35, 717/171
US Class Current

726/24
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

System and method for restricting access to an enterprise network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for restricting access to an enterprise network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links