Method for extranet security

US 8,769,128 B2
Filed: 08/08/2007
Issued: 07/01/2014
Est. Priority Date: 08/09/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A computing method, comprising:

running on a user computer a first operating environment having a first operating system for performing general-purpose operations and a second operating environment having a second operating system, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session;

monitoring the operation of the second operating environment running on the user computer with a central management subsystem, including verifying during the protected communication session that a configuration of the second operating environment matches an expected configuration and generating a monitoring result, the central management subsystem external to the server and to the user computer;

reporting the monitoring result to the server; and

controlling the communication session by the server based on trustworthiness of the second operating environment as indicated by the monitoring result reported by the central management system,wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing method includes running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with a server in a communication session and is isolated from the first operating environment such that the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment. The operation of the second operating environment running on the user computer is monitored by means of a central management subsystem, which is external to the server and to the user computer. The communication session is controlled based on the monitored operation.

Citations

32 Claims

1. A computing method, comprising:
- running on a user computer a first operating environment having a first operating system for performing general-purpose operations and a second operating environment having a second operating system, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session;
  
  monitoring the operation of the second operating environment running on the user computer with a central management subsystem, including verifying during the protected communication session that a configuration of the second operating environment matches an expected configuration and generating a monitoring result, the central management subsystem external to the server and to the user computer;
  
  reporting the monitoring result to the server; and
  
  controlling the communication session by the server based on trustworthiness of the second operating environment as indicated by the monitoring result reported by the central management system,wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The method according to claim 1, and comprising:
    - running multiple first and second operating environments on respective multiple user computers, so as to interact in respective communication sessions with one or more servers using the second operating environments and to perform general-purpose operations using the first operating environments;
      
      monitoring the operation of the second operating environments running on the user computers by the central management subsystem, wherein the central management subsystem is external to the user computers and to the servers; and
      
      controlling the respective communication sessions based on the monitored operation.
  - 3. The method according to claim 1, wherein monitoring the operation of the second operating environment comprises assessing a trustworthiness of the second operating environment and reporting the assessed trustworthiness to the server in order to control the communication session.
  - 4. The method according to claim 3, wherein reporting the assessed trustworthiness comprises reporting the assessed trustworthiness from the central management subsystem to a connector unit, which is connected to the server and communicates with the central management subsystem.
  - 5. The method according to claim 4, wherein assessing the trustworthiness comprises computing a trust rank quantifying the trustworthiness of the second operating environment by the central management subsystem, and sending the trust rank from the central management subsystem to the connector unit, and wherein controlling the communication session comprises applying a policy applicable to the session by the connector unit responsively to the trust rank.
  - 6. The method according to claim 4, wherein assessing the trustworthiness and controlling the communication session comprise computing a trust rank quantifying the trustworthiness of the second operating environment and applying a policy applicable to the session responsively to the trust rank by the central management subsystem.
  - 7. The method according to claim 6, wherein applying the policy comprises receiving the policy by the central management subsystem from the server via the connector unit.
  - 8. The method according to claim 3, wherein reporting the assessed trustworthiness comprises sending the assessed trustworthiness from the central management subsystem to the user computer, and from the user computer to the server.
  - 9. The method according to claim 3, wherein assessing the trustworthiness comprises detecting variations in the operation of the second operating environment.
  - 10. The method according to claim 1, and comprising providing Trusted Network Information (TNI) for conducting the communication session from the central management subsystem to the user computer, and wherein running the second operating environment comprises conducting the communication session by the user computer using the received TNI.
  - 11. The method according to claim 10, wherein the TNI comprises at least one information type selected from a group of types consisting of an Internet Protocol (IP) address, routing information, domain resolution information and a security certificate.
  - 12. The method according to claim 1, wherein running the second operating environment comprises notifying the central management subsystem by the user computer before initiation of the communication session with the server, and wherein controlling the communication session comprises notifying the server by the central management subsystem of the session initiation and of communication attributes to be used by the user computer in the session initiation, so as to cause the server to allow the session initiation based on the notified communication attributes.
  - 13. The method according to claim 12, wherein controlling the communication session further comprises provisioning a packet filter attached to the server with the communication attributes provided by the central management subsystem, so as to cause the packet filter to allow the session initiation having the communication attributes.
  - 14. The method according to claim 12, wherein the communication attributes comprise at least one attribute selected from a group of attributes consisting of an IP address, a port number and a security certificate to be used by the user computer in the session initiation.
  - 15. The method according to claim 1, wherein running the first and second operating environments comprises allocating resources of the user computer to the first and second operating environments the user computer by a virtualization unit in the user computer.
  - 16. The method according to claim 1, wherein running the second operating environment comprises enforcing a policy of the server by the user computer.
  - 17. The method according to claim 16, wherein enforcing the policy comprises selectively processing information provided by the server from within the second operating environment.
  - 18. The method according to claim 17, wherein the information provided by the server comprises documents.
  - 19. The method according to claim 16, wherein enforcing the policy comprises logging an event related to the second operating environment and forwarding the logged event to the server.
  - 20. The method according to claim 16, wherein enforcing the policy comprises, upon identifying that an action performed by a user of the user computer is predefined as a non-repudiation action, causing the user to perform re-authentication and forwarding a log of the re-authentication to the server.
  - 21. The method according to claim 1, and comprising receiving by the central management subsystem a notification from, the server upon a change in communication settings of the server, and updating the user computer with the change.
  - 22. The method according to claim 1, wherein monitoring the operation of the second operating environment comprises receiving a notification from the user computer upon a change in communication settings of the user computer, and wherein reporting the monitoring result comprises updating the server with the change.
  - 23. The method according to claim 1, wherein running the first and second operating environments comprises identifying a data packet indicating that a user of the user computer requests to initiate the communication session with the server from within the first operating environment, and switching to initiating the communication session from within the second operating environment.
  - 24. The method according to claim 23, wherein running the first and second operating environments comprises running a packet filtering process that processes the data packet in accordance with a rule, and wherein identifying the data packet comprises forwarding the data packet to the second operating environment when the rule identifies the data packet as related to communication with the server.
  - 25. The method according to claim 23, wherein switching to the second operating environment comprises terminating initiation of the communication session in the first operating environment by sending an imitated reply packet to the first operating environment in response to the data packet.
  - 26. The method according to claim 1, wherein running the second operating environment comprises downloading an image code of the second operating environment from the central management subsystem to the user computer during the communication session.
  - 27. The method according to claim 1, and comprising providing a configuration interface in the central management subsystem for configuring the second operating environment of the user computer.
  - 28. The method according to claim 1, wherein monitoring the operation comprises producing attestation information regarding the second operating environment by the central management subsystem based on the monitored operation of the second operating environment, and wherein reporting the monitoring result providing the attestation information to the server.
  - 29. The method according to claim 1, wherein monitoring the operation comprises producing authentication information regarding the user computer by the central management subsystem based on the monitored operation of the second operating environment, and wherein reporting the monitoring result comprises providing the authentication information to the server.
  - 30. The method according to claim 1, wherein monitoring the operation comprises producing authentication information regarding a user of the user computer by the central management subsystem based on the monitored operation of the second operating environment, and wherein reporting the monitoring result comprises providing the authentication information to the server.
  - 31. The method according to claim 1, wherein monitoring the operation of the second operating environment comprises assessing a trustworthiness of information conveyed in the second operating environment, and wherein reporting the monitoring result comprises reporting the assessed trustworthiness to the server in order to control the communication session.

32. A method for communication with a server, comprising;
- running on a user computer a first operating environment having a first operating system for performing general-purpose operations;
  
  running on the user computer a second operating environment having a second operating system, which is configured expressly for interacting with the server in a protected communication session and is isolated from the first operating environment, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session; and
  
  providing information by the second operating environment to a central management subsystem external to the user computer so as to enable the central management subsystem tomonitor the operation of the second operating environment including verify during the protected communication session that a configuration of the second operating environment matches an expected configuration, produce a monitoring result based on the monitoring, report the monitoring result to the server and cause the server to control the communication session based on trustworthiness of the second operating environment as indicated by the monitoring result,wherein said central management subsystem to communicate with said user computer via a first secure connection and with said server via a second secure connection and wherein said protected communication session of said user computer with said server is done via a third secured connection, wherein said first, second and third secure connections are separate from each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation, Neocleus Israel Limited (Intel Corporation)
Original Assignee
Intel Corporation
Inventors
Bogner, Etay
Primary Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US11/836,028
Publication Number

US 20080040470A1
Time in Patent Office

2,519 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

H04L 63/0263 Rule management

Method for extranet security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method for extranet security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links