Systems and methods for implementing computer security
First Claim
1. A computing device, comprising:
- one or more processing units;
memory; and
a first security control module, wherein the first security control module is stored in the memory and executed by one or more of the processing units to monitor and control security of a first operating system and security of one or more first applications executing within the first operating system, the first security control module including instructions for;
transmitting to a remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to the first operating system and applies to the one or more first applications;
receiving from the remote security server a cryptographic key uniquely associated with the first security control module;
periodically using the cryptographic key to securely retrieve from the remote security server a respective set of commands, wherein the respective set of commands is selected by the remote security server according to;
(i) the identified security policy, (ii) a current state of the first operating system, and (iii) a current state of the one or more first applications; and
executing each command in the respective set of commands, wherein each command (i) modifies execution of an executable program or process, (ii) collects information about the first operating system, about the security control module, or about the one or more first applications, or (iii) performs an action that modifies data associated with the first operating system, data associated with the security control module, or data associated with the one or more first applications.
4 Assignments
0 Petitions
Accused Products
Abstract
A computing device includes a security control module to monitor and control security of the operating system and security of one or more applications executing within the operating system. The security control module transmits to a remote security server a policy identifier, which identifies a security policy that applies to the operating system and to the applications. The security control module receives from the remote security server a unique cryptographic key. The security control module periodically retrieves from the security server a set of commands selected by the remote security server according to the security policy and current conditions. The security control module executes each command. Each command either modifies execution of an executable program or process, collects information, or performs an action that modifies data associated with the operating system, data associated with the security control module, or data associated with the one or more applications.
-
Citations
30 Claims
-
1. A computing device, comprising:
-
one or more processing units; memory; and a first security control module, wherein the first security control module is stored in the memory and executed by one or more of the processing units to monitor and control security of a first operating system and security of one or more first applications executing within the first operating system, the first security control module including instructions for; transmitting to a remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to the first operating system and applies to the one or more first applications; receiving from the remote security server a cryptographic key uniquely associated with the first security control module; periodically using the cryptographic key to securely retrieve from the remote security server a respective set of commands, wherein the respective set of commands is selected by the remote security server according to;
(i) the identified security policy, (ii) a current state of the first operating system, and (iii) a current state of the one or more first applications; andexecuting each command in the respective set of commands, wherein each command (i) modifies execution of an executable program or process, (ii) collects information about the first operating system, about the security control module, or about the one or more first applications, or (iii) performs an action that modifies data associated with the first operating system, data associated with the security control module, or data associated with the one or more first applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A security server, comprising:
-
one or more processing units; memory; a token generation module, wherein the token generation module is stored in the memory and executed by one or more of the processing units, the token generation module including instructions for; receiving a request from a security control module running within a first an operating system on a remote computing device distinct from the security server, wherein the request includes a policy identifier that identifies a security policy; generating a unique agent identity token, which includes a cryptographic key; and transmitting the agent identity token to the security control module; and an integrity validation module, wherein the integrity validation module is stored in the memory and executed by one or more of the processing units, the integrity validation module including instructions for; selecting a first set of commands according to;
(i) the identified security policy, (ii) a current state of the operating system, (iii) a current state of the security control module, and (iv) a current state of one or more applications running in the operating system on the remote computing device;placing the first set of commands in a command queue for retrieval and execution by the security control module on the remote computing device; securely receiving from the security control module data collected at the remote computing device by executing one or more of the commands in the first set of commands; using the data collected at the remote computing device to evaluate integrity of protected systems corresponding to the data collected; and selecting a second set of commands according to the identified security policy and results of the integrity evaluation, and placing the second set of commands in the command queue for retrieval and execution by the security control module on the remote computing device. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A non-transitory computer readable storage medium storing one or more programs configured for execution by a computing device having one or more processors and memory, the one or more programs comprising a security control module to monitor and control security of an operating system and security of one or more applications executing within the operating system, the security control module including instructions for:
-
transmitting to a remote security server a policy identifier, wherein the policy identifier identifies a security policy that applies to the operating system and applies to the one or more applications; receiving from the remote security server a cryptographic key uniquely associated with the security control module; periodically using the cryptographic key to securely retrieve from the remote security server a respective set of commands, wherein the respective set of commands is selected by the remote security server according to;
(i) the identified security policy, (ii) a current state of the first operating system, and (iii) a current state of the one or more applications; andexecuting each command in the respective set of commands, wherein each command (i) modifies execution of an executable program or process, (ii) collects information about the operating system or about the one or more applications, or (iii) performs an action that modifies data associated with the operating system or data associated with the one or more applications.
-
Specification