System and method of monitoring and controlling application files

US 7,185,015 B2
Filed: 03/14/2003
Issued: 02/27/2007
Est. Priority Date: 03/14/2003
Status: Active Grant

First Claim

Patent Images

1. A system for collecting program data for use in updating a monitoring system which controls programs operating on a workstation, comprising:

a workstation having a first database of information identifying categorized programs with one or more categories and one or more policies, the workstation being configured for a user to request execution of a program;

an application server module having a second database of information identifying categorized programs with one or more categories and one or more policies;

a workstation management module coupled to the workstation and configured to;

detect the program execution request;

determine whether the requested program is identified in the first database;

if the requested program is not identified in the first database, send identification information for the requested program to the application server module; and

if the requested program is identified in the first database, apply one or more policies that are associated with the requested program;

wherein the application server module is configured to;

receive the identification information for the requested program from the workstation management module if the requested program was not identified in the first database at the workstation;

determine whether the requested program is identified in the second database;

if the requested program is not identified in the second server, send information identifying the requested program to a categorization server configured to categorize the requested program; and

if the requested program is identified in the second server, provide any policies associated with the one or more categories that are associated with the requested program to the workstation management module.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for updating a system that controls applications requested for execution on a workstation. A workstation management module is configured to detect requested execution of an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized and provides the category to the application server module; which forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy to control access to the requested application on the workstation.

185 Citations

36 Claims

1. A system for collecting program data for use in updating a monitoring system which controls programs operating on a workstation, comprising:
- a workstation having a first database of information identifying categorized programs with one or more categories and one or more policies, the workstation being configured for a user to request execution of a program;
  
  an application server module having a second database of information identifying categorized programs with one or more categories and one or more policies;
  
  a workstation management module coupled to the workstation and configured to;
  
  detect the program execution request;
  
  determine whether the requested program is identified in the first database;
  
  if the requested program is not identified in the first database, send identification information for the requested program to the application server module; and
  
  if the requested program is identified in the first database, apply one or more policies that are associated with the requested program;
  
  wherein the application server module is configured to;
  
  receive the identification information for the requested program from the workstation management module if the requested program was not identified in the first database at the workstation;
  
  determine whether the requested program is identified in the second database;
  
  if the requested program is not identified in the second server, send information identifying the requested program to a categorization server configured to categorize the requested program; and
  
  if the requested program is identified in the second server, provide any policies associated with the one or more categories that are associated with the requested program to the workstation management module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The system of claim 1 wherein the categorization server is configured to:
    - receive the information identifying the requested program from the application server module;
      
      determine whether the requested program was previously categorized by the categorization server;
      
      if the requested program was not previously categorized by the categorization server, determine the one or more categories to associate with the requested program and provide the one or more categories to the application server module; and
      
      if the requested program was previously categorized by the categorization server, provide the one or more categories that were previously associated with the requested program to the application server module.
  - 3. The system of claim 2, wherein the first database of categorized programs includes hash values.
  - 4. The system of claim 3, wherein the requested program is in the first database of categorized programs and is associated with the one or more policies.
  - 5. The system of claim 2, wherein the application server module is further configured to analyze program data associated with the requested program for a data characteristic that is indicative of the one or more categories, and to associate one or more indicators with the requested program.
  - 6. The system of claim 5, wherein analyzing the program data is performed on text strings that are associated with the requested program.
  - 7. The system of claim 5, wherein the one or more indicators includes a category flag.
  - 8. The system of claim 7, wherein the application server module uses the one or more indicators to screen the requested program prior to sending the identification information for the requested program to the categorization server.
  - 9. The system of claim 2, wherein the workstation management module comprises an application digest generator configured to determine program data to associate with the requested program.
  - 10. The system of claim 9, wherein the program data includes a suite.
  - 11. The system of claim 9, wherein the program data includes a publisher.
  - 12. The system of claim 9, wherein the program data includes a source directory.
  - 13. The system of claim 9, wherein the application server module comprises:
    - a classification user interface configured to provide an interface for a network administrator to select the one or more policies that are applied to the one or more categories associated with the requested program;
      
      an uncategorized application database configured to store the identification information for the requested program and associated data if the requested program was not previously categorized; and
      
      an upload/download manager module configured to send the stored identification information and associated data to the categorization server and to receive the one or more categories from the categorization server.
  - 14. The system of claim 13, wherein the uncategorized application database includes a request frequency that is associated with the requested program and indicates the frequency of requests for the requested program in the uncategorized application database.
  - 15. The system of claim 14, wherein the upload/download manager module is configured to send the request frequency from the uncategorized application database to the categorization server.
  - 16. The system of claim 15, wherein the categorized application database includes a request frequency that is associated with the requested program and indicates the frequency of requests for the requested program in the uncategorized application database.
  - 17. The system of claim 16, wherein the one or more policies include allowing the requested program to run on the workstation based on the one or more policies associated with the requested program and the user.
  - 18. The system of claim 13, wherein the one or more policies include not allowing the requested program to run on the workstation based on the one or more policies associated with the requested program and the user.
  - 19. The system of claim 2, wherein the categorization server comprises:
    - an upload/download module configured to receive the identification information for the requested program and data associated with the requested program from the application server module, determine whether the requested program has been previously categorized by the categorization server, and provide the one or more categories to the application server module;
      
      an application analyst'"'"'s classification module configured to categorize the requested program if not previously categorized by the categorization server; and
      
      a master application database configured to store the identification information for the requested program and the one or more categories.
  - 20. The system of claim 19, wherein the upload/download module is configured to receive a request frequency from the application server module to prioritize processing of the program in the categorization server.
  - 21. The system of claim 19, further comprising:
    - a second workstation; and
      
      a second application server module coupled to the second workstation and the categorization server.
  - 22. The system of claim 19, wherein the upload/download module is further configured to merge and sort the requested program and a second program received from the second workstation.

23. A method of updating a system which controls operation of programs on a workstation, the method comprising:
- receiving a request for execution of an application;
  
  determining whether the application is categorized in a first database, wherein a categorized application is associated with one or more policies;
  
  if the application is categorized, then applying the one or more policies that are associated with the application;
  
  if the application is not categorized, then posting the application to a logging database;
  
  uploading the logging database to an application server module;
  
  determining whether the posted application is in a second database of categorized applications associated with the application server module, wherein a categorized application is associated with one or more categories;
  
  if the posted application is not in the second database of categorized applications, then posting the application to a database of uncategorized applications; and
  
  if the posted application is in the second database of categorized applications, then providing one or more policies associated with the posted application to the application server module.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 24. The method of claim 23, further comprising:
    - uploading the uncategorized application database to a categorization server configured to categorize the posted application;
      
      determining whether each application has been previously categorized by the categorization server;
      
      for each application that was not previously categorized, categorizing each application and/or data associated with the application to select one or more categories to associated with each application;
      
      posting each application along with its selected one or more categories into a database of categorized applications; and
      
      downloading the database of categorized applications for incorporation into the application inventory database.
  - 25. The method of claim 24, further comprising:
    - updating a request frequency in the application inventory database if the application is in the application inventory database; and
      
      uploading the application inventory database request frequency and the associated application to the application database factory.
  - 26. The method of claim 24, wherein the one or more policies include allowing or disallowing the application to run based on the one or more categories associated with the application and the user.
  - 27. The method of claim 24, wherein the one or more policies include allowing the application to run on the workstation based on the one or more categories associated with the application and the user.
  - 28. The method of claim 24, wherein the logging database further includes additional data associated with the application.
  - 29. The method of claim 28, wherein the additional data includes a request frequency.
  - 30. The method of claim 28, wherein the additional data includes a suite.
  - 31. The method of claim 28, wherein the additional data includes a publisher.
  - 32. The method of claim 28, wherein the additional data includes a source directory.
  - 33. The method of claim 23, further comprising:
    - analyzing the application and/or the additional data associated with the application for data characteristics that are indicative of the one or more categories; and
      
      associating one or more indicators with the application.
  - 34. The method of claim 33, wherein the analyzing the program data is performed on text strings that are associated with the application and/or the additional data associated with the application.
  - 35. The method of claim 33, wherein the one or more indicators can include a category flag.
  - 36. The method of claim 35, further comprising screening the application using the one or more indicators prior to uploading the uncategorized application database to the application database factory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Dimm, John Ross, Kester, Harold M., Anderson, Mark Richard, Hegli, Ronald B.
Primary Examiner(s)
Corrielus; Jean M.
Assistant Examiner(s)
Ly; Anh

Application Number

US10/390,547
Publication Number

US 20040181788A1
Time in Patent Office

1,446 Days
Field of Search

707/1, 707/6, 707/9, 707/10, 707/100, 707/102, 707/104, 713/186, 713/176, 717/168, 717/174
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06Q 20/203   Inventory monitoring

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

Y10S 707/99931   Database or file accessing

Y10S 707/99943   Generating database or data...

Y10S 707/99945   Object-oriented database st...

System and method of monitoring and controlling application files

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

185 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of monitoring and controlling application files

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

185 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links