Systems and methods for implementing application control security

US 8,707,444 B2
Filed: 10/07/2011
Issued: 04/22/2014
Est. Priority Date: 10/11/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) storing, on a first computerized device, at least an unencrypted first white-list and an encrypted second white-list;

(b) receiving at the first computerized device, and from a second device, all or part of a unique identifier of the second device;

wherein the unique identifier of the second device is in the form of an electromagnetic radiation signal; and

wherein the electromagnetic radiation signal has a signal strength;

(c) determining, by the first computerized device, whether the signal strength is above a predetermined threshold;

(d) when the signal strength is above the predetermined threshold, decrypting at the first computerized device the encrypted second white-list using all or part of the unique identifier of the second device, thereby creating a decrypted second white-list;

(e) determining by the first computerized device whether an executable program is referenced in the decrypted second white-list;

(f) based on the determining step (e), allowing or disallowing execution by the first computerized device of the executable program;

(g) receiving at the first computerized device an indication that the signal strength is no longer above the predetermined threshold; and

(h) in response to the receiving the indication step (g), deleting the decrypted second white-list from a cache of the first computerized device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for implementing application control security are disclosed. In one embodiment, a system includes a first device, a decrypted white-list, and an executable program. The first device may be in electrical communication with a memory containing an encrypted white-list. The encrypted white-list may be decrypted using an identifier of a second device. The executable program may be referenced in the decrypted white-list.

Citations

17 Claims

1. A method comprising:
- (a) storing, on a first computerized device, at least an unencrypted first white-list and an encrypted second white-list;
  
  (b) receiving at the first computerized device, and from a second device, all or part of a unique identifier of the second device;
  
  wherein the unique identifier of the second device is in the form of an electromagnetic radiation signal; and
  
  wherein the electromagnetic radiation signal has a signal strength;
  
  (c) determining, by the first computerized device, whether the signal strength is above a predetermined threshold;
  
  (d) when the signal strength is above the predetermined threshold, decrypting at the first computerized device the encrypted second white-list using all or part of the unique identifier of the second device, thereby creating a decrypted second white-list;
  
  (e) determining by the first computerized device whether an executable program is referenced in the decrypted second white-list;
  
  (f) based on the determining step (e), allowing or disallowing execution by the first computerized device of the executable program;
  
  (g) receiving at the first computerized device an indication that the signal strength is no longer above the predetermined threshold; and
  
  (h) in response to the receiving the indication step (g), deleting the decrypted second white-list from a cache of the first computerized device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16)
- - 2. The method of claim 1, wherein the first computerized device and the second device have access to a network, the method further comprising:
    - transmitting a request onto the network, and performing the receiving step (h) in response to the transmitting step.
  - 3. The method of claim 2, wherein the request is an address resolution protocol.
  - 4. The method of claim 1, comprising:
    - disallowing, prior to the receiving step (b), execution of the executable program on the first computerized device.
  - 5. The method of claim 1, comprising:
    - creating an unencrypted second white-list;
      
      receiving all or part of the unique identifier of the second device;
      
      encrypting the =encrypted second white-list via all or part of the unique identifier of the second device, thereby creating the encrypted second white-list.
  - 6. The method of claim 1, comprising:
    - transmitting, prior to the receiving step (b), the unique identifier of the second device to the first computerized device.
  - 7. The method of claim 1, wherein the unique identifier of the second device is derived from a biometric reader.
  - 8. The method of claim 1:
    - wherein a partitioned white-list comprises the unencrypted first white-list and the encrypted second white-lists;
      
      wherein the partitioned white-list is partitioned into at least a first partition and a second partition;
      
      wherein the first partition comprises the unencrypted first white-list; and
      
      wherein the second partition comprises the encrypted second white-list.
  - 15. The method of claim 1, wherein the first computerized device and the second device are both mobile devices.
  - 16. The method of claim 1, wherein the unique identifier of the second device comprises RFID.

9. A system comprising:
- (a) a first computerized device adapted to store at least an unencrypted first white-list and an encrypted second white-list;
  
  (b) a second device adapted to transmit a unique identifier of the second device in the form of an electromagnetic radiation signal having signal strength;
  
  wherein the first computerized device is adapted to;
  
  (i) receive all or part of the unique identifier of the second device and,(ii) when the signal strength is above a predetermined threshold, decrypt the encrypted second white-list into a decrypted second white-list using all or part of the unique identifier of the second device;
  
  wherein the first computerized device is adapted to determine whether an executable program is referenced in the decrypted second white-list and based thereon, allow or disallow execution of the executable program;
  
  wherein the first computerized device is adapted to delete the decrypted second white-list from a cache of the first computerized device when the signal strength is no longer, above the predetermined threshold.
- View Dependent Claims (10, 11, 12, 13, 14, 17)
- - 10. The system of claim 9, wherein the first computerized device comprises a partitioned white-list;
    - wherein the partitioned white-list comprises;
      
      (i) a first partition, wherein the first partition comprises the unencrypted first white-list; and
      
      (ii) a second partition, wherein the second partition comprises the encrypted second white-list.
  - 11. The system of claim 9, comprising:
    - a third device adapted to transmit a unique identifier of the third device; and
      
      wherein the first computerized device is adapted to receive all or part of the unique identifier of the third device and decrypt the encrypted second white-list using a composite identifier comprising all or part of the unique identifier of the second device and all or part of the unique identifier of the third device.
  - 12. The system of claim 9, wherein the first computerized device and the second device are both mobile devices.
  - 13. The system of claim 9, wherein the executable program is a second executable program,Wherein a first executable program is referenced in the unencrypted first white-list;
    - wherein the second executable program is referenced in the encrypted second white-list.
  - 14. The system of claim 11, wherein the third device is a mobile device.
  - 17. The system of claim 9, wherein the unique identifier of the second device comprises RFID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
Lumension Security, Inc. (Ivanti Software, Inc.)
Inventors
Kelly, Ciaran, Molloy, Iarla
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/269,040
Publication Number

US 20120090033A1
Time in Patent Office

928 Days
Field of Search

726/26, 726/5, 726/35, 713/168, 713/187, 713/189
US Class Current

726/26
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/51   at application loading time...

G06F 21/6218   to a system of files or obj...

G06F 2221/2153   Using hardware token as a s...

H04L 63/0428   wherein the data content is...

Systems and methods for implementing application control security

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing application control security

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links