Reactive anti-tampering system for protected services in an enterprise computing system
First Claim
Patent Images
1. A method implemented on a client device having at least one processor, comprising:
- receiving a request to monitor for occurrence of a tamper event affecting a protected service executing on the client device, the protected service including an instance of a program that provides a function critical for operation of the client device, the request distributed by a system administrator, the request comprising a remedial action for remedying the tamper event and a provider that provides data from the protected service, the client device part of an enterprise computing system having multiple client devices;
utilizing a management infrastructure to monitor the protected service for an occurrence of a tamper event through data received from the provider and to initiate a remedial action in response to detecting occurrence of the tamper event, wherein the provider communicates directly with the protected service;
receiving data from the provider that indicates that the tamper event has occurred at the protected service; and
applying the remedial action to the protected service,wherein the tamper event, the protected service and the remedial action are specified through executable instructions.
2 Assignments
0 Petitions
Accused Products
Abstract
An enterprise computing system may utilize a management infrastructure that interacts with protected services in the system. The management infrastructure accepts requests through an anti-tamper procedure that specifies a tamper event, a crucial service to be protected, and a remedial action that may be applied when the tamper event occurs on the protected service. The anti-tamper procedure may be created by a system administrator and distributed to one or more client devices in the system. The management infrastructure monitors a protected service in accordance with the operations and actions specified in the anti-tamper procedure thereby ensuring that the integrity of the system is preserved.
21 Citations
19 Claims
-
1. A method implemented on a client device having at least one processor, comprising:
-
receiving a request to monitor for occurrence of a tamper event affecting a protected service executing on the client device, the protected service including an instance of a program that provides a function critical for operation of the client device, the request distributed by a system administrator, the request comprising a remedial action for remedying the tamper event and a provider that provides data from the protected service, the client device part of an enterprise computing system having multiple client devices; utilizing a management infrastructure to monitor the protected service for an occurrence of a tamper event through data received from the provider and to initiate a remedial action in response to detecting occurrence of the tamper event, wherein the provider communicates directly with the protected service; receiving data from the provider that indicates that the tamper event has occurred at the protected service; and applying the remedial action to the protected service, wherein the tamper event, the protected service and the remedial action are specified through executable instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium storing thereon processor-executable instructions, that when executed perform actions, the actions comprising:
-
receiving a request to monitor a protected service, the protected service providing a critical function, the request distributed by a system administrator, the request comprising a remedial action for remedying an event and a provider that provides data from the protected service; utilizing a management infrastructure to monitor the protected service for an occurrence of an event through data received from the provider and to initiate a remedial action in response to detecting occurrence of the event, wherein the provider communicates directly with the protected service; receiving data from the provider that indicates that the event has occurred at the protected service; and applying the remedial action to the protected service, wherein the event, the protected service and the remedial action are specified through executable instructions. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
at least one processor and a memory; the memory including; a management infrastructure, having a programming interface that interacts with a protected service, the protected service comprising an instance of a program that provides a function critical for operation of the client device; a script file having a first set of executable instructions that requests the management infrastructure to monitor the protected service for occurrence of an event, a second set of executable instructions that specify a remedial action that the management infrastructure performs on a protected service, and a provider that obtains data from the protected service; and a plurality of providers, each provider coupled to the management infrastructure and a protected service, the provider configured to receive instructions from the management infrastructure and to provide data in response to instructions, wherein the management infrastructure monitors the protected service through data obtained from at least one select provider. - View Dependent Claims (17, 18, 19)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsZeitlin, Eli, Borshack, Ronen, Umansky, Alex
-
Primary Examiner(s)Khatri, Anil
-
Application NumberUS13/283,635Publication NumberTime in Patent Office963 DaysField of Search717124-129, 717/176, 717170-175, 709203-204US Class Current717/174CPC Class CodesG06F 21/554 involving event detection a...
