Quarantine tool

US 8,874,706 B2
Filed: 07/30/2010
Issued: 10/28/2014
Est. Priority Date: 03/02/2010
Status: Active Grant

First Claim

Patent Images

1. A system for quarantining an out of compliance client device from other client devices on an operating network, the system comprising;

a memory device;

a communication device; and

a first processing device operatively coupled to the memory device and the communication device, wherein the first processing device is configured to execute computer-readable program code associated with a quarantine tool to access the out of compliance client device via the operating network,wherein the quarantine tool comprises computer readable program code configured when performed by said first processing device to cause said first processing device to;

receive identification information for the out of compliance client device from a scanner application, wherein the scanner application scans an operating network for the Out of compliance client device from a plurality of client devices;

locate the out of compliance client device using the identification information from the scanner application;

attempt to log into the out of compliance client device;

tag the out of compliance client device as being a rogue device and cue the out of compliance client device for manual removal from the operating network when the attempt to log into the out of compliance client device fails;

modify the out of compliance client device when the attempt to log into the out of compliance client device succeeds, wherein modifying the out of compliance client device comprises adding or changing a class ID associated with a network interface of the out of compliance device, wherein the class ID is added or changed to an isolated network class ID associated with an isolated network, wherein class IDs are identifiers associated with a pool of IP addresses for client devices and are related to networks that the client devices are allowed to access;

cause the out of compliance client device to logout of the operating network and request to log into the isolated network using the isolated network class ID by restarting the network interface; and

wherein the isolated network class ID allows the network interface to broadcast a request for configuration information associated with the isolated network and wherein a DHCP recognizes the isolated network class ID in the broadcast, identifies a matching access code for the isolated network, and provides an IP address for the isolated network with the matching access code, which allows the out of compliance device to log into the isolated network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are apparatuses, methods, and computer program products for quarantining an out of compliance client device from other client devices on a network. Quarantining the out of compliance client device prevents the out of compliance device from corrupting other client devices on the network. For example, in operation, embodiments of the present invention involve: (1) receiving identification and location information for an out of compliance client device; (2) running a tool that utilizes the identification and location information to access the out of compliance device; (3) using the tool to modify the out of compliance device such that the out of compliance client device broadcasts a request for configuration information to which a network server is programmed to respond with configuration information associated with an isolated network; and (4) using the tool to cause the out of compliance client device to logout of the network. When the device logs back into the network, the network server responds by directing the device to the isolated network.

12 Citations

41 Claims

1. A system for quarantining an out of compliance client device from other client devices on an operating network, the system comprising;
- a memory device;
  
  a communication device; and
  
  a first processing device operatively coupled to the memory device and the communication device, wherein the first processing device is configured to execute computer-readable program code associated with a quarantine tool to access the out of compliance client device via the operating network,wherein the quarantine tool comprises computer readable program code configured when performed by said first processing device to cause said first processing device to;
  
  receive identification information for the out of compliance client device from a scanner application, wherein the scanner application scans an operating network for the Out of compliance client device from a plurality of client devices;
  
  locate the out of compliance client device using the identification information from the scanner application;
  
  attempt to log into the out of compliance client device;
  
  tag the out of compliance client device as being a rogue device and cue the out of compliance client device for manual removal from the operating network when the attempt to log into the out of compliance client device fails;
  
  modify the out of compliance client device when the attempt to log into the out of compliance client device succeeds, wherein modifying the out of compliance client device comprises adding or changing a class ID associated with a network interface of the out of compliance device, wherein the class ID is added or changed to an isolated network class ID associated with an isolated network, wherein class IDs are identifiers associated with a pool of IP addresses for client devices and are related to networks that the client devices are allowed to access;
  
  cause the out of compliance client device to logout of the operating network and request to log into the isolated network using the isolated network class ID by restarting the network interface; and
  
  wherein the isolated network class ID allows the network interface to broadcast a request for configuration information associated with the isolated network and wherein a DHCP recognizes the isolated network class ID in the broadcast, identifies a matching access code for the isolated network, and provides an IP address for the isolated network with the matching access code, which allows the out of compliance device to log into the isolated network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the network interface comprises a network interface card (NIC).
  - 3. The system of claim 1, wherein the quarantine tool comprises computer readable program code that when performed by said first processing device causes said first processing device to cause the out of compliance client device to broadcast the request for configuration information associated with an isolated network is further configured to cause the out of compliance client device to thereafter receive configuration information associated with the isolated network from a network server configured to respond to the broadcast request.
  - 4. The system of claim 1, further comprising a second processing device configured to execute computer-readable program code associated with a compliance tool to bring the out of compliance client device into compliance via the isolated network,wherein the compliance tool comprises computer readable program code configured when performed by said second processing device to cause said processing device to:
    - determine that an out of compliance client device is now a compliant client device;
      
      cause the compliant client device to broadcast a request for configuration information to connect to the operating network; and
      
      cause the compliant client device to logout of the isolated network.
  - 5. The system of claim 4, wherein the compliance tool comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - add the out of compliance client device to a log of out of compliance devices when the out of compliance client device cannot be made compliant.
  - 6. The system of claim 5, wherein the compliance tool comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - access the log of out of compliance client devices;
      
      retrieve identification information for each out of compliance client device listed in the log of out of compliance devices and that are quarantined from the operating network;
      
      utilize the identification information to access each out of compliance client device listed in the log of out of compliance devices;
      
      identify one or more client devices listed in the log of out of compliance devices that has been changed into the compliant client device;
      
      cause the compliant client device to broadcast a request for configuration information associated with the operating network; and
      
      log the compliant client device out of the isolated network.
  - 7. The system of claim 4, wherein the compliance tool is a compliance agent, wherein at least portions thereof are installed on the out of compliance client device.
  - 8. The system of claim 7, wherein the compliance agent comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - evaluate the out of compliance client device to determine if it has been brought into compliance.
  - 9. The system of claim 7, wherein the compliance agent comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - uninstall the compliance agent once the out of compliance client device has been made compliant.
  - 10. The system of claim 4, wherein the compliance agent comprises computer readable program code that when performed by said second processing device causes said second processing device to cause the compliant client device to broadcast the request for configuration information associated with the operating network is further configured to cause the compliant client device to thereafter receive configuration information associated with the operating network from a network server configured to respond to the broadcast request.
  - 11. The system of claim 4, wherein the compliance agent comprises computer readable program code that when performed by said second processing device causes said second processing device to cause a modification in the compliant client device by removing or changing a Class ID from or on the network interface of the compliant client device such that the compliant client device broadcasts a request for configuration information, wherein the broadcasted request either does not include the Class ID or includes the changed Class ID, and whereby the compliant client device thereafter receives an IP address from a pool of IP addresses associated with the operating network from a network server configured to respond to the broadcast request.
  - 12. The system of claim 4, wherein the compliance tool comprises computer readable program code that when performed by said second processing device causes said second processing device to cause said second processing device to cause the client device that has been brought into compliance to logout of the isolated network by restarting a network interface of the client device.
  - 13. The system of claim 4, wherein the compliance tool comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - receive notification that the out of compliance client device is out of compliance when the out of compliance client device accesses the isolated network.
  - 14. The system of claim 4, wherein the compliance tool comprises computer readable program code that when performed by said second processing device causes said second processing device to:
    - receive identification information and location information for the out of compliance client device, wherein the identification information is an IP address associated with the out of compliance device and the location information is a path to the out of compliance device to the isolated network; and
      
      wherein the second processing device configured to execute computer-readable program code to utilize a compliance tool comprises utilizing the identification information and the location information to access the out of compliance client device.
  - 15. The system of claim 4, wherein said first and second processing devices are embodied by the same processing device.
  - 16. The system of claim 7, further comprising a third processing device configured to execute computer-readable program code associated with the compliance agent that is at least partially installed on the out of compliance client device, wherein the third processing device is configured to execute the portions of the compliance agent that are installed on the out of compliance client device.

17. A method for quarantining an out of compliance client device from other client devices on an operating network, the method comprising:
- receiving, by a processor, identification information for the out of compliance client device from a scanner application, wherein the scanner application scans an operating network for the out of compliance client device from a plurality of client devices;
  
  locating, by the processor, the out of compliance client device using the identification information from the scanner application;
  
  attempting, by the processor, to log into the out of compliance client device;
  
  tagging, by the processor, the out of compliance client device as being a rogue device and cue the out of compliance client device for manual removal from the operating network when the attempt to log into the out of compliance client device fails;
  
  modifying, by the processor, the out of compliance client device when the attempt to log into the out of compliance client device succeeds, wherein modifying the out of compliance client device comprises adding or changing a class ID associated with a network interface of the out of compliance device, wherein the class ID is added or changed to an isolated network class ID associated with an isolated network, wherein class IDs are identifiers associated with a pool of IP addresses for client devices and are related to networks that the client devices are allowed to access;
  
  causing, by the processor, the out of compliance client device to logout of the operating network and request to log into the isolated network using the isolated network class ID by restarting the network interface; and
  
  wherein the isolated network class ID allows the network interface to broadcast a request for configuration information associated with the isolated network and wherein a DHCP recognizes the isolated network class ID in the broadcast, identifies a matching access code for the isolated network, and provides an IP address for the isolated network with the matching access code, which allows the out of compliance device to log into the isolated network.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 18. The method of claim 17, wherein the network interface comprises a network interface card (NIC).
  - 19. The method of claim 17, further comprisingcausing the out of compliance client device to receive configuration information associated with the isolated network from a network server configured to respond to the broadcast request, through the use of the processor.
  - 20. The method of claim 17, further comprising:
    - determining that an out of compliance client device is now a compliant client device, through the use of the processor;
      
      causing the compliant client device to broadcast a request for configuration information to connect to the operating network, through the use of the processor; and
      
      causing the compliant client device to logout of the isolated network, through the use of the processor.
  - 21. The method of claim 20, further comprising:
    - adding the out of compliance client device to a log of out of compliance devices when the out of compliance client device cannot be made compliant, through the use of the processor.
  - 22. The method of claim 21, further comprising:
    - accessing the log of out of compliance client devices, through the use of the processor;
      
      retrieving identification information for each out of compliance client device listed in the log of out of compliance devices and that are quarantined from the operating network, through the use of the processor;
      
      utilizing the identification information to access each out of compliance client device listed in the log of out of compliance devices, through the use of the processor;
      
      identifying one or more client devices listed in the log of out of compliance devices that has been changed into the compliant client device, through the use of the processor;
      
      causing the compliant client device to broadcast a request for configuration information associated with the operating network, through the use of the processor; and
      
      logging the compliant client device out of the isolated network, through the use of the processor.
  - 23. The method of claim 20, further comprising:
    - evaluating the out of compliance client device to determine if it has been brought into compliance, through the use of the processor.
  - 24. The method of claim 20, further comprising:
    - causing the compliant client device to receive configuration information associated with the operating network from a network server configured to respond to the broadcast request, through the use of the processor.
  - 25. The method of claim 20, further comprising:
    - causing a modification in the compliant client device by removing or changing a Class ID from or on the network interface of the compliant client device such that the compliant client device broadcasts a request for configuration information, through the use of a processor, wherein the broadcasted request either does not include the Class ID or includes the changed Class ID, and whereby the compliant client device thereafter receives an IP address from a pool of IP addresses associated with the operating network from a network server configured to respond to the broadcast request.
  - 26. The method of claim 20, wherein causing the client device that has been brought into compliance to logout of the isolated network comprises restarting a network interface of the client device.
  - 27. The method of claim 20, further comprising:
    - receiving notification that the out of compliance client device is out of compliance when the out of compliance client device accesses the isolated network, through the use of the processor.
  - 28. The method of claim 20, further comprising:
    - receiving identification information and location information for the out of compliance client device, wherein the identification information is an IP address associated with the out of compliance device and the location information is a path to the out of compliance device to the isolated network; and
      
      utilizing the identification information and the location information to access the out of compliance client device.
  - 29. The method of claim 17, wherein the steps performed by the processor are performed by more than one processor.

30. A computer program product for a system for quarantining an out of compliance client device from other client devices on a network, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
- an executable portion configured for receiving identification information for the out of compliance client device from a scanner application, wherein the scanner application scans an operating network for the out of compliance client device from a plurality of client devices;
  
  an executable portion configured for locating, by the processor the out of compliance client device using the identification information from the scanner application;
  
  an executable portion configured for attempting to log into the out of compliance client device;
  
  an executable portion configured for tagging the out of compliance client device as being a rogue device and cue the out of compliance client device for manual removal from the operating network when the attempt to log into the out of compliance client device fails;
  
  an executable portion configured for modifying the out of compliance client device when the attempt to log into the out of compliance client device succeeds, wherein modifying the out of compliance client device comprises adding or changing a class ID associated with a network interface of the out of compliance device, wherein the class ID is added or changed to an isolated network class ID associated with an isolated network, wherein class IDs are identifiers associated with a pool of IP addresses for client devices and are related to networks that the client devices are allowed to access;
  
  an executable portion configured for causing the out of compliance client device to logout of the operating network and request to log into the isolated network using the isolated network class ID by restarting the network interface; and
  
  wherein the isolated network class ID allows the network interface to broadcast a request for configuration information associated with the isolated network and wherein a DHCP recognizes the isolated network class ID in the broadcast, identifies a matching access code for the isolated network, and provides an IP address for the isolated network with the matching access code, which allows the out of compliance device to log into the isolated network.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 31. The computer program product of claim 30, wherein the network interface comprises a network interface card (NIC).
  - 32. The computer program product of claim 30, further comprisingan executable portion configured for causing the out of compliance client device to receive configuration information associated with the isolated network from a network server configured to respond to the broadcast request.
  - 33. The computer program product of claim 30, further comprising:
    - an executable portion configured for determining that an out of compliance client device is now a compliant client device;
      
      an executable portion configured for causing the compliant client device to broadcast a request for configuration information to connect to the operating network; and
      
      an executable portion configured for causing the compliant client device to logout of the isolated network.
  - 34. The computer program product of claim 30, further comprising:
    - an executable portion configured for adding the out of compliance client device to a log of out of compliance devices when the out of compliance client device cannot be made compliant.
  - 35. The computer program product of claim 34, further comprising:
    - an executable portion configured for accessing the log of out of compliance client devices;
      
      an executable portion configured for retrieving identification information for each out of compliance client device listed in the log of out of compliance devices and that are quarantined from the operating network;
      
      an executable portion configured for utilizing the identification information to access each out of compliance client device listed in the log of out of compliance devices;
      
      an executable portion configured for identifying one or more client devices listed in the log of out of compliance devices that has been changed into the compliant client device;
      
      an executable portion configured for causing the compliant client device to broadcast a request for configuration information associated with the operating network; and
      
      an executable portion configured for logging the compliant client device out of the isolated network.
  - 36. The computer program product of claim 33, further comprising:
    - an executable portion configured for evaluating the out of compliance client device to determine if it has been brought into compliance.
  - 37. The computer program product of claim 33, further comprising:
    - an executable portion configured for causing the compliant client device to receive configuration information associated with the operating network from a network server configured to respond to the broadcast request.
  - 38. The computer program product of claim 33, further comprising:
    - an executable portion configured for causing a modification in the compliant client device by removing or changing a Class ID from or on the network interface of the compliant client device such that the compliant client device broadcasts a request for configuration information, wherein the broadcasted request either does not include the Class ID or includes the changed Class ID, and whereby the compliant client device thereafter receives an IP address from a pool of IP addresses associated with the operating network from a network server configured to respond to the broadcast request.
  - 39. The computer program product of claim 33, wherein the executable portion configured for causing the client device that has been brought into compliance to logout of the isolated network by restarting a network interface of the client device.
  - 40. The computer program product of claim 33, further comprising:
    - an executable portion configured for receiving notification that the out of compliance client device is out of compliance when the out of compliance client device accesses the isolated network.
  - 41. The computer program product of claim 33, further comprising:
    - an executable portion configured for receiving identification information and location information for the out of compliance client device, wherein the identification information is an IP address associated with the out of compliance device and the location information is a path to the out of compliance device to the isolated network; and
      
      an executable portion configured for utilizing the identification information and the location information to access the out of compliance client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Treadwell, William Scott, Shnowske, Daniel P., Kaye, Kenneth
Primary Examiner(s)
JAKOVAC, RYAN J

Application Number

US12/847,396
Publication Number

US 20110219103A1
Time in Patent Office

1,551 Days
Field of Search

709/222
US Class Current

709/222
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

Quarantine tool

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Quarantine tool

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links