Method and system for dynamic adjustment of computer security based on network activity of users

US 7,865,726 B2
Filed: 06/03/2008
Issued: 01/04/2011
Est. Priority Date: 10/20/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for securing operations with respect to a set of computational resources in a data processing system, the method comprising:

employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;

employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user;

monitoring network activity with respect to the computational resources that are used by the second user; and

automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user, wherein the second user security level indicating value of the second user is determined based on the monitored network activity with respect to the computational resources that are used by the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, apparatus, or computer program product is presented for securing computational resources in a data processing system. A first user uses a first computational device, and a user security level is associated with the first user. Likewise, a second user uses a second computational device, and a user security level is associated with the second user. The computational resources on the first computational device are automatically reconfigured based on the second user security level of the second user. A computational security level may be assigned to a computational resource on the first computational device, and the computational security level is dynamically adjusted in response to detected network activity by the second computational device that is being used by the second user. Modified security-related parameters for reconfiguring computational resources on the first computational device are reconfigured based on the adjusted computational security level.

Citations

20 Claims

1. A computer-implemented method for securing operations with respect to a set of computational resources in a data processing system, the method comprising:
- employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user;
  
  monitoring network activity with respect to the computational resources that are used by the second user; and
  
  automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user, wherein the second user security level indicating value of the second user is determined based on the monitored network activity with respect to the computational resources that are used by the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising:
    - filtering the network activity with respect to computational resources that are used by the second user to identify problematic network activity with respect to the computational resources that are used by the second user; and
      
      logging the problematic network activity with respect to computational resources that are used by the second user.
  - 3. The method of claim 2 further comprising:
    - employing a first configurable policy that indicates rules and/or conditions for the filtering of the network activity.
  - 4. The method of claim 2 further comprising:
    - examining the logged problematic network activity of the second user; and
      
      determining the second user security level indicating value based on information from the examined logged problematic network activity.
  - 5. The method of claim 4 further comprising:
    - employing a second configurable policy that indicates rules and/or conditions for determining the second user security level indicating value.
  - 6. The method of claim 1 further comprising:
    - assigning a computational security level indicating value to a computational resource on the first computational device; and
      
      adjusting the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
  - 7. The method of claim 6 further comprising:
    - employing a third configurable policy that indicates rules and/or conditions for adjusting the computational security level indicating value for the computational resource on the first computational device.
  - 8. The method of claim 6 further comprising:
    - determining modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.
  - 9. The method of claim 8 further comprising:
    - employing a fourth configurable policy that indicates rules and/or conditions for determining modified security-related parameters for reconfiguring the computational resources on the first computational device.
  - 10. The method of claim 6 further comprising:
    - sending modified security-related parameters from a centralized security management application to a network security agent on the first computational device.
  - 11. The method of claim 1 further comprising:
    - notifying the first user of the reconfiguration of the first computational device.
  - 12. The method of claim 1 further comprising:
    - retrieving the second user security level indicating value from a source external to the data processing system.

13. A computer program product on a non-transitory computer-readable storage medium for securing operations with respect to a set of computational resources in a data processing system, the computer program product comprising:
- instructions to employ computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  instructions to employ computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user;
  
  instructions to monitor network activity with respect to computational resources that are used by the second user; and
  
  instructions to automatically reconfigure the computational resources on the first computational device based on the second user security level indicating value of the second user, wherein the second user security level indicating value of the second user is determined based on the monitored network activity with respect to the computational resources that are used by the second user.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 further comprising:
    - instructions to filter the network activity with respect to computational resources that are used by the second user to identify problematic network activity with respect to the computational resources that are used by the second user; and
      
      instructions to log the problematic network activity with respect to computational resources that are used by the second user.
  - 15. The computer program product of claim 14 further comprising:
    - instructions to examine the logged problematic network activity of the second user; and
      
      instructions to determine the second user security level indicating value based on information from the examined logged problematic network activity.
  - 16. The computer program product of claim 13 further comprising:
    - instructions to assign a computational security level indicating value to a computational resource on the first computational device; and
      
      instructions to adjust the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
  - 17. The computer program product of claim 16 further comprising:
    - instructions to determine modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.

18. An apparatus for securing operations with respect to a set of computational resources in a data processing system, the apparatus comprising:
- a data processor coupled to a memory and operable for executing instructions in the memory to perform steps of;
  
  employing computational resources on a first computational device that is being used by a first user, wherein a first user security level indicating value is associated with the first user;
  
  employing computational resources on a second computational device that is being used by a second user, wherein a second user security level indicating value is associated with the second user;
  
  automatically reconfiguring the computational resources on the first computational device based on the second user security level indicating value of the second user;
  
  assigning a computational security level indicating value to a computational resource on the first computational device; and
  
  adjusting the computational security level indicating value for the computational resource on the first computational device in response to detected network activity by the second computational device that is being used by the second user.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18 wherein the data processor is further operable for executing instructions in the memory to perform a step of:
    - filtering the network activity with respect to computational resources that are used by the second user using at least one network activity filtering policy to identify problematic network activity with respect to the computational resources that are used by the second user.
  - 20. The apparatus of claim 18 wherein the data processor is further operable for executing instructions in the memory to perform a step of:
    - determining modified security-related parameters for reconfiguring the computational resources on the first computational device based on the adjusted computational security level indicating value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Corley, Carole R., Ullman, Lorin E., Janakiraman, Janani
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US12/132,260
Publication Number

US 20080235771A1
Time in Patent Office

945 Days
Field of Search

713/166, 709/201, 709/208
US Class Current

713/166
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 2221/2149   Restricted operating enviro...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

Method and system for dynamic adjustment of computer security based on network activity of users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for dynamic adjustment of computer security based on network activity of users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links