Methods and systems for controlling access to computing resources based on known security vulnerabilities

DC CAFC

US 8,955,038 B2
Filed: 08/16/2012
Issued: 02/10/2015
Est. Priority Date: 12/21/2005
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for controlling the operation of an endpoint, comprising:

providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies;

maintaining the plurality of policies in a data store on the computing system;

identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to monitor;

configuring one or more software agents on the endpoint to monitor the plurality of operating conditions;

receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint gathered by the one or more software agents;

determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and

initiating, by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by a processor on the endpoint.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

325 Citations

33 Claims

1. A method for controlling the operation of an endpoint, comprising:
- providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  maintaining the plurality of policies in a data store on the computing system;
  
  identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to monitor;
  
  configuring one or more software agents on the endpoint to monitor the plurality of operating conditions;
  
  receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint gathered by the one or more software agents;
  
  determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and
  
  initiating, by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by a processor on the endpoint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the action comprises controlling access of the endpoint to computing resources.
  - 3. The method of claim 1, wherein the user interface comprises a web page.
  - 4. The method of claim 1, further comprising requesting, at the computing system, the status information on a periodic basis.
  - 5. The method of claim 1, wherein the endpoint comprises a mobile device.
  - 6. The method of claim 1, wherein the one or more software agents comprise at least one service provided by the operating system of the endpoint.
  - 7. The method of claim 1, wherein the one or more software agents comprise at least one application running on the endpoint.
  - 8. The method of claim 1, wherein the conditions comprise at least one hardware condition.
  - 9. The method of claim 1, wherein the conditions comprise at least one software condition.
  - 10. The method of claim 1, wherein the computing system comprises a plurality of servers.
  - 11. The method of claim 1, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

12. A non-transitory computer readable medium containing computer instructions for controlling the operation of an endpoint, comprising:
- providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  maintaining the plurality of policies in a data store on the computing system;
  
  identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to monitor;
  
  configuring one or more software agents on the endpoint to monitor the plurality of operating conditions;
  
  receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint gathered by the one or more software agents;
  
  determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and
  
  initiating, by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by a processor on the endpoint.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer readable medium of claim 12, wherein the action comprises controlling access of the endpoint to computing resources.
  - 14. The computer readable medium of claim 12, wherein the user interface comprises a web page.
  - 15. The computer readable medium of claim 12, further comprising requesting, at the computing system, the status information on a periodic basis.
  - 16. The computer readable medium of claim 12, wherein the endpoint comprises a mobile device.
  - 17. The computer readable medium of claim 12, wherein the one or more software agents comprise at least one service provided by the operating system of the endpoint.
  - 18. The computer readable medium of claim 12, wherein the one or more software agents comprise at least one application running on the endpoint.
  - 19. The computer readable medium of claim 12, wherein the conditions comprise at least one hardware condition.
  - 20. The computer readable medium of claim 12, wherein the conditions comprise at least one software condition.
  - 21. The computer readable medium of claim 12, wherein the computing system comprises a plurality of servers.
  - 22. The computer readable medium of claim 12, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

23. A system for controlling the operation of an endpoint, comprising:
- a user interface, provided by a computing system remote from the end point, configured to allow configuration of a plurality of policies;
  
  a data store, at the computing system, that contains the plurality of policies;
  
  one or more software agents on the endpoint configured to monitor a plurality of operating conditions identified in the plurality of policies; and
  
  one or more hardware processors at the computing system configured to;
  
  receive, across a network, status information about the plurality of operating conditions on the endpoint gathered by the one or more software agents,determine a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store, andinitiate, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by the hardware processor on the endpoint.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system of claim 23, wherein the action comprises controlling access of the endpoint to computing resources.
  - 25. The system of claim 23, wherein the user interface comprises a web page.
  - 26. The system of claim 23, wherein the one or more processors are further configured to request the status information from the endpoint on a periodic basis.
  - 27. The system of claim 23, wherein the endpoint comprises a mobile device.
  - 28. The system of claim 23, wherein the one or more software agents comprise at least one service provided by the operating system of the endpoint.
  - 29. The system of claim 23, wherein the one or more software agents comprise at least one application running on the endpoint.
  - 30. The system of claim 23, wherein the conditions comprise at least one hardware condition.
  - 31. The system of claim 23, wherein the conditions comprise at least one software condition.
  - 32. The system of claim 23, wherein the computing system comprises a plurality of servers.
  - 33. The system of claim 23, wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Taasera Licensing LLC (Quest Patent Research Corporation)
Original Assignee
Fiberlink Communications Corporation (International Business Machines Corporation)
Inventors
Nicodemus, Blair, Stephens, Billy Edison
Primary Examiner(s)
Jeudy, Josnel

Application Number

US13/587,505
Publication Number

US 20130254833A1
Time in Patent Office

908 Days
Field of Search

726 22- 30, 726/1, 726/7, 726/17, 726/21, 717172-173, 713/200, 713/201
US Class Current

726/1
CPC Class Codes

G06F 11/3495   for systems

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Methods and systems for controlling access to computing resources based on known security vulnerabilities

First Claim

8 Assignments

Litigations

2 Petitions

Accused Products

Abstract

325 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for controlling access to computing resources based on known security vulnerabilities

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

325 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links