Systems and methods for modifying security based on reputation information
First Claim
Patent Images
1. A computer-implemented method to assign a security policy, comprising:
- detecting, by a processor, a plurality of components of a device;
determining, by the processor, an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category;
determining, by the processor, an overall reputation of the device based on the individual reputations, wherein determining an overall reputation comprises determining whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold;
upon satisfying at least one of the first or second threshold, adjusting, by the processor, the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components;
assigning, by the processor, a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information;
identifying, by the processor, a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information;
identifying, by the processor, a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information;
upon determining the restrictive security policy is assigned, restricting, by the processor, access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and
upon determining the non-restrictive security policy is assigned, allowing, by the processor, access to both the first and second components based on the non-restricted security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method to assign a security policy is described. A plurality of components of a device are detected. An individual reputation for each of the plurality of components is determined. An overall reputation is determined based on the individual reputations. A security policy is assigned based at least in part on the overall reputation. In some cases, access to at least one component on the device is restricted according to the security policy.
-
Citations
12 Claims
-
1. A computer-implemented method to assign a security policy, comprising:
-
detecting, by a processor, a plurality of components of a device; determining, by the processor, an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category; determining, by the processor, an overall reputation of the device based on the individual reputations, wherein determining an overall reputation comprises determining whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold; upon satisfying at least one of the first or second threshold, adjusting, by the processor, the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components; assigning, by the processor, a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information; identifying, by the processor, a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information; identifying, by the processor, a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information; upon determining the restrictive security policy is assigned, restricting, by the processor, access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and upon determining the non-restrictive security policy is assigned, allowing, by the processor, access to both the first and second components based on the non-restricted security policy. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device configured to assign a security policy, comprising:
-
a processor; and memory in electronic communication with the processor; and instructions stored in the memory, the instructions being executable by the processor to; detect a plurality of components of a device; determine an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category; determine an overall reputation of the device the individual reputations, wherein determining an overall reputation comprises instructions executable by the processor to determine whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold; upon satisfying at least one of the first or second threshold, adjust the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components; assign a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information; identify a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information; identify a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information; upon determining the restrictive security policy is assigned, restrict access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and upon determining the non-restrictive security policy is assigned, allow access to both the first and second components based on the non-restricted security policy. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-program product to assign a security policy, the computer-program product comprising a non-transitory computer-readable medium having instructions thereon, the instructions being executable by a processor to:
-
detect a plurality of components of a device; determine an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category; determine an overall reputation of the device the individual reputations, wherein determining an overall reputation comprises instructions executable by the processor to determine whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold; upon satisfying at least one of the first or second threshold, adjust the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components; assign a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information; identify a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information; identify a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information; upon determining the restrictive security policy is assigned, restrict access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and upon determining the non-restrictive security policy is assigned, allow access to both the first and second components based on the non-restricted security policy. - View Dependent Claims (12)
-
Specification