×

System and method for remotely managing security and configuration of compute devices

  • US 9,215,250 B2
  • Filed: 08/20/2013
  • Issued: 12/15/2015
  • Est. Priority Date: 08/20/2013
  • Status: Active Grant
First Claim
Patent Images

1. A system for managing security of one or more computers, comprising:

  • a remote management system that manages security policies;

    secure subsystems incorporated in the one or more computers; and

    a communication channel between the remote management system and the secure subsystems,wherein the remote management system selectively sends certain of the security policies to the secure subsystems via the communication channel, andwherein the remote management system further maintains an encryption key repository, andwherein the remote management system selectively sends certain encryption keys from the repository to the secure subsystems via the communication channel, andwherein the secure subsystems are configured to enforce the security policies in the incorporated computers, andwherein the incorporated computers include an upstream port for communicating with a host processor of the incorporated computers and a downstream port for communicating with a device, and wherein the secure subsystems are interposed between the upstream port and the downstream port, such that the host processor and the device are incapable of communicating independently without the secure subsystem,wherein the device is a Universal Serial Bus (USB) device, andwherein the enforcement includes performing one or more of blocking communications between the host processor and the USB device and transparently encrypting and decrypting communications between the host processor and the USB device using the certain encryption keys, andwherein the secure subsystems in the incorporated computers are configured to raise alerts to the remote management system via the communication channel, andwherein the remote management system is configured to change the certain security policies sent to the secure subsystems in response to the alerts, andwherein the alerts are raised in connection with violations of the security policies, andwherein violations include a connection of an unauthorized device to the downstream port detected by the associated secure subsystem.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×