Method and system for generic real time management of devices on computers connected to a network

US 8,484,327 B2
Filed: 11/07/2007
Issued: 07/09/2013
Est. Priority Date: 11/07/2007
Status: Active Grant

First Claim

Patent Images

1. A method for device management in a computer system comprising:

detecting connection of a device to the computer system, which includes a software agent that is configured to track attempts to connect pluggable devices to the computer system and to receive a security policy that includes a plurality of device management rules, wherein the software agent is further configured to register an agent device connection listener in a form of an upper-level filter driver in a device class stack for a particular device class defined in a particular one of the rules, and wherein the particular one of the rules describes a device definition, a set of computers, and a set of users to which the particular rule applies;

identifying a specific device type of the device; and

determining a reaction to perform in response to the connection of the device to the computer system based, at least in part, on parameters related to the device and on the device management rules, wherein the reaction comprises blocking certain network connections based on identifying whether or not the connection is wireless.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for enterprise device management allows the administrator to set a policy of forbidden devices, monitor devices used in the organization, provide alerts and notification incase an unknown device is connected to a computer, and monitor or block connections of devices which do not comply with the said security policy. A method for device management in a computer system comprises detecting connection of a device to the computer system and determining a reaction to perform in response to the connection of the device to the computer system based on parameters related to the device and on device management rules.

211 Citations

25 Claims

1. A method for device management in a computer system comprising:
- detecting connection of a device to the computer system, which includes a software agent that is configured to track attempts to connect pluggable devices to the computer system and to receive a security policy that includes a plurality of device management rules, wherein the software agent is further configured to register an agent device connection listener in a form of an upper-level filter driver in a device class stack for a particular device class defined in a particular one of the rules, and wherein the particular one of the rules describes a device definition, a set of computers, and a set of users to which the particular rule applies;
  
  identifying a specific device type of the device; and
  
  determining a reaction to perform in response to the connection of the device to the computer system based, at least in part, on parameters related to the device and on the device management rules, wherein the reaction comprises blocking certain network connections based on identifying whether or not the connection is wireless.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each device management rule comprises:
    - a combination of device definitions that will trigger the rule, each device definition corresponding to a device and comprising a plurality of parameters associated with the device;
      
      information relating to the users and computer systems to which the rule will be applied; and
      
      a reaction to be performed when the rule is triggered.
  - 3. The method of claim 2, wherein a reaction to be performed comprises at least one of:
    - monitoring and reporting connection of the device or existing device connections, blocking initialization of a device upon its connection, preventing writing to the particular files by the device, and notifying a user connecting the device that the device connection is monitored or blocked.
  - 4. The method of claim 1, wherein the parameters related to the device definition comprise generic parameters associated with the device.
  - 5. The method of claim 4, wherein the generic parameters comprise at least one of:
    - a device class, a device name, a bus type the device connects to, a vendor of the device, a product ID of the device, and a device specific serial number.
  - 6. The method of claim 4, wherein the parameters related to the device further comprise device specific parameters related to the device and wherein a reaction to be performed comprises a device specific reaction.
  - 7. The method of claim 6, wherein the device is a removable storage device and the device specific parameters comprise at least one of:
    - a file system type of the device, a volume label of the device, a serial number of the device, and free storage space on the device.
  - 8. The method of claim 6, wherein the device is a network adapter and the device specific parameters comprise at least one of:
    - a type of network, a name of a network connection, bandwidth parameters and presence of other networks connected simultaneously.
  - 9. The method of claim 8, wherein the device specific reaction comprises restriction according to network protocol, or restriction according to specific access points.
  - 10. The method of claim 1, wherein the reaction comprises:
    - preventing access to certain files of the computer system by the device.

11. A system for device management in a computer system comprising:
- a processor operable to execute computer program instructions;
  
  a memory operable to store computer program instructions executable by the processor; and
  
  computer program instructions stored in the memory and executable to implement;
  
  a device connection listener for detecting connection of a device to the computer system; and
  
  a software agent for;
  
  receiving a security policy that includes a plurality of device management rules, wherein the software agent is further configured to register an agent device connection listener in a form of an upper-level filter driver in a device class stack for a particular device class defined in a particular one of the rules, and wherein the particular one of the rules describes a device definition, a set of computers, and a set of users to which the particular rule applies,determining a reaction to perform in response to the connection of the device to the computer system based, at least in part, on parameters related to the device and on the device management rules,blocking certain network connections based on identifying whether or not the connection is wireless, and wherein the software agent is configured to track attempts to connect pluggable devices to the computer system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein each device management rule comprises:
    - a combination of device definitions that will trigger the rule, each device definition corresponding to a device and comprising a plurality of parameters associated with the device;
      
      information relating to the users and computer systems to which the rule will be applied; and
      
      a reaction to be performed when the rule is triggered.
  - 13. The system of claim 12, wherein a reaction to be performed comprises at least one of:
    - monitoring and reporting connection of the device or existing device connections, blocking initialization of the device upon its connection, preventing writing to the particular files by the device, and notifying a user connecting the device that the device connection is monitored or blocked.
  - 14. The system of claim 11, wherein the parameters related to the device comprise generic parameters associated with the device.
  - 15. The system of claim 14, wherein the generic parameters comprise at least one of:
    - a device class, a device name, a bus type the device connects to, a vendor of the device, a product ID of the device, and a device specific serial number.
  - 16. The system of claim 14, wherein the parameters related to the device further comprise device specific parameters related to the device and wherein a reaction to be performed comprises a device specific reaction.
  - 17. The system of claim 16, wherein the device is a removable storage device, the device specific parameters comprise at least one of a file system type of the device, a volume label of the device, a serial number of the device, and free storage space on the device.
  - 18. The system of claim 16, wherein the device is a network adapter, the device specific parameters comprise at least one of a type of network, a name of a network connection, bandwidth parameters and presence of other networks connected simultaneously, and the device specific reaction comprises restriction according to network protocol, or restriction according to specific access points.

19. A computer program product embodied in a non-transitory computer readable storage medium for performing operations, comprising:
- detecting connection of a device to the computer system, which includes a software agent that is configured to track attempts to connect pluggable devices to the computer system and to receive a security policy that includes a plurality of device management rules, wherein the software agent is further configured to register an agent device connection listener in a form of an upper-level filter driver in a device class stack for a particular device class defined in a particular one of the rules, and wherein the particular one of the rules describes a device definition, a set of computers, and a set of users to which the particular rule applies;
  
  identifying a specific device type of the device; and
  
  determining a reaction to perform in response to the connection of the device to the computer system based, at least in part, on parameters related to the device and on the device management rules, wherein the reaction comprises blocking certain network connections based on identifying whether or not the connection is wireless.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computer program product of claim 19, wherein each device management rule comprises:
    - a combination of device definitions that will trigger the rule, each device definition corresponding to a device and comprising a plurality of parameters associated with the device;
      
      information relating to the users and computer systems to which the rule will be applied; and
      
      a reaction to be performed when the rule is triggered.
  - 21. The computer program product of claim 19, wherein the parameters related to the device comprise generic parameters associated with the device and the reaction to be performed comprises a generic reaction.
  - 22. The computer program product of claim 21, wherein the generic parameters comprise at least one of a device class, a device name, a bus type the device connects to, a vendor of the device, a product ID of the device, and a device specific serial number.
  - 23. The computer program product of claim 21, wherein the parameters related to the device further comprise device specific parameters related to the device and wherein a reaction to be performed comprises a device specific reaction.
  - 24. The computer program product of claim 23, wherein the device is a removable storage device, the device specific parameters comprise at least one of a file system type of the device, a volume label of the device, a serial number of the device, and free storage space on the device.
  - 25. The computer program product of claim 23, wherein the device is a network adapter, the device specific parameters comprise at least one of a type of network, a name of a network connection, bandwidth parameters and presence of other networks connected simultaneously, and the device specific reaction comprises restriction according to network protocol, or restriction according to specific access points.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Werner, Eran, Zucker, Elad, Matzkel, Ben
Primary Examiner(s)
Duong, Oanh

Application Number

US11/979,684
Publication Number

US 20090119743A1
Time in Patent Office

2,071 Days
Field of Search

709/203, 709223-225, 714/4, 726/11, 726/6, 726/27
US Class Current

709/223
CPC Class Codes

G06F 13/387   for adaptation of different...

G06F 21/55   Detecting local intrusion o...

H04L 63/20   for managing network securi...

Method and system for generic real time management of devices on computers connected to a network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

211 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for generic real time management of devices on computers connected to a network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

211 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links