System and method of monitoring and controlling application files

US 9,607,149 B2
Filed: 05/09/2016
Issued: 03/28/2017
Est. Priority Date: 03/14/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:

receiving, at the system and in response to a user requesting access to a spyware program, an identifier from a first computer of the system, the identifier being associated with the spyware program on the first computer;

associating, using an application server module of the system, one or more categories with the identifier based, at least in part, on a frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program;

determining whether the spyware program is associated with any other categories other than the associated one or more categories;

retrieving one or more policies to be applied to programs associated with the associated one or more categories and the other categories to which the spyware program is determined to be associated;

determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and

denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for updating a system that controls files executed on a workstation. The workstation includes a workstation management module configured to detect the launch of an application. A workstation application server receives data associated with the application from the workstation. This data can include a hash value. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized by the application database factory and provides the category to the application server module. Once the application server module has the category, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the launched application to control access to the application on the workstation.

2 Citations

20 Claims

1. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:
- receiving, at the system and in response to a user requesting access to a spyware program, an identifier from a first computer of the system, the identifier being associated with the spyware program on the first computer;
  
  associating, using an application server module of the system, one or more categories with the identifier based, at least in part, on a frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program;
  
  determining whether the spyware program is associated with any other categories other than the associated one or more categories;
  
  retrieving one or more policies to be applied to programs associated with the associated one or more categories and the other categories to which the spyware program is determined to be associated;
  
  determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and
  
  denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising sending at least the category associated with the identifier to a second computer for scanning the second computer for the spyware program associated with the identifier.
  - 3. The method of claim 2, further comprising providing instructions to the second computer to scan for the spyware program based at least in part on the associated category.
  - 4. The method of claim 3, further comprising displaying the results of the scan on the second computer.
  - 5. The method of claim 1, wherein associating the category with the identifier is performed at a remote computer from the first computer.
  - 6. The method of claim 2 further comprising:
    - identifying a second spyware program stored on a third computer;
      
      determining whether the second spyware program is associated with a category;
      
      if the second spyware program is not categorized, adding a second identifier indicative of the second spyware program to a database; and
      
      uploading the database including the second identifier to a remote computer.
  - 7. The method of claim 6, wherein the second spyware program on the third computer is in the database.

8. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:
- receiving a database of identifiers at a database factory, the database being determined at least in part by a comparison between an identifier associated with a spyware program and a database at a first computer;
  
  collecting information relating to the spyware program associated with the identifier, the collected information including a frequency of requests to execute the spyware program;
  
  associating the spyware program associated with the identifier with a category, the category based, at least in part, the frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program based at least in part on the collected information;
  
  determining whether the spyware program is associated with any other categories other than the associated category;
  
  retrieving one or more policies to be applied to programs associated with the associated category and the other categories to which the spyware program is determined to be associated;
  
  determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and
  
  denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising providing the identifier to a second computer for scanning the second computer for the categorized spyware program associated with the identifier.
  - 10. The method of claim 8, further comprising providing the category associated with the spyware program to the first computer.
  - 11. The method of claim 8, further comprising determining access privileges for the spyware program at the first computer based on the category associated with the spyware program.
  - 12. The method of claim 8, further comprising searching the Internet for at least a portion of the collected information.
  - 13. The method of claim 8, wherein the information relating to the spyware program is collected from the first computer.
  - 14. The method of claim 8, wherein the information relating to the spyware program is determined from the spyware program.

15. A system for sharing a spyware database between a plurality of computers across a network, the system comprising:
- a first computer having a first database and a spyware program, the first database including one or more identifiers associated with respective spyware programs and associated with one or more categories of types of applications, the first database not including an identifier associated with the spyware program; and
  
  a second computer having a second database, the second database including a first identifier associated with the spyware program on the first computer, the second computer-configured to collect information relating to the first identifier and determine a category to associate with the first identifier if the category was not previously associated with the first identifier in a database of categorized programs of the system, the category based at least in part on the collected information, the collected information including a frequency of requests to execute the spyware program, the second computer configured to provide the first computer with the identifier and the category; and
  
  wherein the first computer is configured to determine whether the spyware program is associated with any other categories other than the associated category, retrieve one or more policies to be applied to programs associated with the category and the other categories to which the spyware program is determined to be associated, determine whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies, and deny access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, further comprising a third computer receiving at least the first identifier and the category determined by the second computer and scanning for the spyware program associated with the received first identifier.
  - 17. The system of claim 15, wherein the first compute further comprises a policy associated with the category determined by the second computer, and wherein the first computer is configured to apply the policy associated with the category.
  - 18. The system of claim 15, wherein the first computer is configured to receive the category associated with the spyware program.
  - 19. The system of claim 16, wherein the third computer comprises a third database including identifiers associated with spyware programs and associated with categories, the third computer being configured to update the third database with the first identifier and the category received from the second computer.
  - 20. The system of claim 16, wherein the third computer is configured to apply a policy associated with the first identifier and the category received from the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Websense, Llc (Forcepoint LLC)
Inventors
Kester, Harold M., Hegli, Ronald B., Dimm, John Ross, Anderson, Mark Richard
Primary Examiner(s)
Zee, Edward

Application Number

US15/150,308
Publication Number

US 20160253499A1
Time in Patent Office

323 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06Q 20/203   Inventory monitoring

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

Y10S 707/99931   Database or file accessing

Y10S 707/99943   Generating database or data...

Y10S 707/99945   Object-oriented database st...

System and method of monitoring and controlling application files

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of monitoring and controlling application files

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links