Opaque quarantine and device discovery

US 8,621,574 B2
Filed: 06/02/2009
Issued: 12/31/2013
Est. Priority Date: 06/02/2009
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

a processor and computer storage;

an access control component to control access to system services and data using a number of access states including a blocked state, an allowed state, a device discovery state, and a quarantined state by;

receiving a service request including device parameters from a device requesting the system services and data;

associating a synchronization time with the service request;

blocking the device from the system services and data using the blocked state if a trust level is less than a requisite trust level required by the computing system;

allowing the device to access and use the system services and data using the allowed state if the trust level is greater than or equal to the requisite trust level;

artificially quarantining the device using the device discovery state if recently introduced to the computing system including temporarily delaying access and use of the system services and data while determining the trust level of the device;

quarantining the device to prevent access and use of the system services and data using the quarantined state if the trust level of the device is unknown, the quarantining including providing quarantine data to the device without providing the requested services and data to the device; and

,storing the access state of the device in the computer storage.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein provide communication control features and functionality, but are not so limited. In an embodiment, a computing environment includes an access control component that can use a number of access states to control access to computing data and/or services. In one embodiment, a server computer can control access to data and/or services using a number of access states including, but not limited to: an allowed state, a blocked state, a device discovery state, and/or a quarantined state. Other embodiments are available.

18 Citations

18 Claims

1. A computing system comprising:
- a processor and computer storage;
  
  an access control component to control access to system services and data using a number of access states including a blocked state, an allowed state, a device discovery state, and a quarantined state by;
  
  receiving a service request including device parameters from a device requesting the system services and data;
  
  associating a synchronization time with the service request;
  
  blocking the device from the system services and data using the blocked state if a trust level is less than a requisite trust level required by the computing system;
  
  allowing the device to access and use the system services and data using the allowed state if the trust level is greater than or equal to the requisite trust level;
  
  artificially quarantining the device using the device discovery state if recently introduced to the computing system including temporarily delaying access and use of the system services and data while determining the trust level of the device;
  
  quarantining the device to prevent access and use of the system services and data using the quarantined state if the trust level of the device is unknown, the quarantining including providing quarantine data to the device without providing the requested services and data to the device; and
  
  ,storing the access state of the device in the computer storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein quarantining the device includes identifying device trust features.
  - 3. The system of claim 1, wherein artificially quarantining the device includes implementing a device discovery mode during the device discovery state to identify device trust features.
  - 4. The system of claim 1, wherein the access control component controls the access and use further by transitioning from one assigned access state to a different access state.
  - 5. The system of claim 1, wherein the access control component controls the access and use further by transitioning from one of the device discovery state and the quarantined state to one of the allowed state and the blocked state.
  - 6. The system of claim 1, wherein access state control is based in part on one of a model and device type of the device.
  - 7. The system of claim 1, further configured to generate and communicate an electronic communication to a user of the device of the quarantine state and a denied access to synchronization services.
  - 8. The system of claim 1, further configured to generate and communicate an electronic communication to an administrator to take action in determining whether to transition from the quarantined state to one of the blocked state and the allowed state.
  - 9. The system of claim 1, wherein the access control component transmits a no item change acknowledgment as part quarantining the device even if changed items associated with a synchronization request exist.
  - 10. The system of claim 1, wherein the access control component is further configured to automatically discover a trust level of the device.
  - 11. The system of claim 1, wherein the access control component is further configured to block the device if the device has been in the quarantine state and lacks the requisite trust level.
  - 12. The system of claim 1, wherein the access control component is further configured to allow access to allowed services and data and limit access to quarantined services and data.

13. A method of controlling synchronization operations associated with synchronization services within a computing environment comprising:
- controlling access to the synchronization services based in part on mobile client request parameters received from a number of mobile clients by using a number of access states including a blocked state, an allowed state, a device discovery state, and a quarantined state, the controlling access including;
  
  assigning the blocked state to each untrustworthy mobile client to block access to the computing environment;
  
  assigning the allowed state to each trustworthy mobile client to allow access to the computing environment including using the synchronization services;
  
  assigning the device discovery state to each new mobile client to the computing environment, including controlling an amount of time from which to transition from the device discovery state to another access state; and
  
  ,assigning the quarantined state to each unknown mobile client to delay normal synchronization operations of each unknown mobile client while communicating modified synchronization data customized to a communication request of each unknown mobile client; and
  
  ,storing each access state for each mobile client in computer storage.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising maintaining a synchronization protocol while returning the modified synchronization data.
  - 15. The method of claim 13, further comprising transitioning from the quarantined state to one of the allowed state and the blocked state after determining a trust level for the unknown mobile client.

16. Computer storage device which stores instructions that control access to synchronization data by:
- receiving synchronization requests including user access and device parameters from requesting computing devices requesting synchronization data;
  
  assigning a synchronization creation time to each synchronization request;
  
  using a number of access control states including a blocked state, an allowed state, a device discovery state, and a quarantined state;
  
  blocking an unapproved computing device from accessing the requested synchronization data and using the blocked state to identify that the unapproved computing device is blocked and unapproved;
  
  allowing an approved computing device to access the requested synchronization data and using the allowed state to identify that the approved computing device is allowed and approved;
  
  using the device discovery state to artificially quarantine a recently introduced computing device that includes temporarily delaying access and use of services and data while determining a trust level of the recently introduced computing device;
  
  quarantining an unidentified computing device having an undetermined trust level to prevent access of the synchronization data including using the quarantined state to identify that a trust level for the unidentified computing device is being determined, the quarantining including returning empty data to the unidentified computing device corresponding to the requested synchronization data to maintain a synchronization protocol; and
  
  ,storing each state of each computing device and a reason for each state.
- View Dependent Claims (17, 18)
- - 17. The computer storage device of claim 16, further comprising communicating a quarantined message to a computing device user to inform of the quarantined state.
  - 18. The computer storage device of claim 16, wherein the received device parameters include a model, device identification (ID), and International Mobile Equipment Identity (IMEI).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Esteve Balducci, Juan V., Atwood, John, Kong, Zhike, Zhang, Ying, Plakhotnyuk, Sergey B.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US12/476,966
Publication Number

US 20100306827A1
Time in Patent Office

1,673 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06F 21/62 Protecting access to data v...

H04L 63/105 Multiple levels of security

Opaque quarantine and device discovery

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Opaque quarantine and device discovery

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links