System self integrity and health validation for policy enforcement
First Claim
1. A method of enforcing system self-integrity validation policies, the method comprising:
- installing a policy enforcer on a client device;
using the policy enforcer to examine the policy enforcer itself to determine whether the policy enforcer itself has been compromised;
in response to a determination that the policy enforcer has been compromised, prohibiting access of the client device to the services provided by the service provider;
installing, on the client device, a plurality of policies configured to enforce system integrity of the client device;
monitoring, using the policy enforcer, system performance of the client device to determine actual system performance of the client device;
based on a first policy in the plurality of policies, comparing the actual system performance of the client device with system performance required by the first policy, wherein the first policy restricts the use of operating systems (O/S) that circumvent digital rights management (DRM) protections;
determining, by the policy enforcer, that the actual system performance of the client device does not match the system performance required by the first policy;
identifying one or more software processes responsible for the actual system performance of the client device not matching the system performance required by the first policy including identifying that an O/S running on the client device is circumventing the DRM protections;
identifying first services from the service provider that are related to the one or more software processes including identifying services that provide DRM-protected files; and
denying the client device access to the first services from the service provider while continuing to allow the client device access to other services from the service provider, wherein the client device is denied access to the DRM-protected files provided by the identified services.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide methods and systems for enforcing system self integrity validation policies. The method includes accessing, by a policy enforcer, a plurality of policies configured to enforce system integrity, monitoring system performance to determine actions executed by the system, and based on at least one of the plurality of policies, comparing the system performance with system performance required by the at least one or the plurality of policies. The method further includes, based on the comparison, determining that the system has performed in a manner contrary to the requirements of the at least one policy, and in response, prohibiting access of the system to services provided by a service provider.
-
Citations
18 Claims
-
1. A method of enforcing system self-integrity validation policies, the method comprising:
-
installing a policy enforcer on a client device; using the policy enforcer to examine the policy enforcer itself to determine whether the policy enforcer itself has been compromised; in response to a determination that the policy enforcer has been compromised, prohibiting access of the client device to the services provided by the service provider; installing, on the client device, a plurality of policies configured to enforce system integrity of the client device; monitoring, using the policy enforcer, system performance of the client device to determine actual system performance of the client device; based on a first policy in the plurality of policies, comparing the actual system performance of the client device with system performance required by the first policy, wherein the first policy restricts the use of operating systems (O/S) that circumvent digital rights management (DRM) protections; determining, by the policy enforcer, that the actual system performance of the client device does not match the system performance required by the first policy; identifying one or more software processes responsible for the actual system performance of the client device not matching the system performance required by the first policy including identifying that an O/S running on the client device is circumventing the DRM protections; identifying first services from the service provider that are related to the one or more software processes including identifying services that provide DRM-protected files; and denying the client device access to the first services from the service provider while continuing to allow the client device access to other services from the service provider, wherein the client device is denied access to the DRM-protected files provided by the identified services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16, 17, 18)
-
-
10. A non-transitory computer-readable medium comprising instruction which, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
installing a policy enforcer on a client device; using the policy enforcer to examine the policy enforcer itself to determine whether the policy enforcer itself has been compromised; in response to a determination that the policy enforcer has been compromised, prohibiting access of the client device to the services provided by the service provider; installing, on the client device, a plurality of policies configured to enforce system integrity of the client device; monitoring, using the policy enforcer, system performance of the client device to determine actual system performance of the client device; based on a first policy in the plurality of policies, comparing the actual system performance of the client device with system performance required by the first policy, wherein the first policy restricts the use of operating systems (O/S) that circumvent digital rights management (DRM) protections; determining, by the policy enforcer, that the actual system performance of the client device does not match the system performance required by the first policy; identifying one or more software processes responsible for the actual system performance of the client device not matching the system performance required by the first policy including identifying that an O/S running on the client device is circumventing the DRM protections; identifying first services from the service provider that are related to the one or more software processes including identifying services that provide DRM-protected files; and denying the client device access to the first services from the service provider while continuing to allow the client device access to other services from the service provider, wherein the client device is denied access to the DRM-protected files provided by the identified services. - View Dependent Claims (11, 12, 13, 14)
-
Specification