System and method for protecting cloud services from unauthorized access and malware attacks
First Claim
1. A method for processing queries from a user device by a server, comprising:
- receiving, by the server, one or more queries from a security software of the user device directed to one or more cloud services provided by the server, wherein the security software is configured to follow different procedures for contacting one or more different cloud services;
analyzing the one or more queries received from the security software to determine whether the security software followed a correct procedure for contacting the one or more services, including determining a time difference between two consecutive queries of a cloud service by the security software, and, when the time difference is shorter than a predefined time period, determining that the user device did not comply with the correct procedure;
based on the determination of whether the security software followed a correct or incorrect procedure for contacting the server, determining whether to update or not update a level of trust associated with the user device;
determining, based on the level of trust, how to process the one or more queries; and
providing different responses to the one or more queries from the security software based on the determination of how to process the one or more queries.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and computer program products for protecting cloud security services from unauthorized access and malware attacks. In one example, a cloud server receives one or more queries from security software of the user device. The server analyzes a system state and configuration of the user device to determine the level of trust associated with the user device. The server also analyzes the one or more queries received from the security software to determine whether to update the level of trust associated with the user device. The server determines, based on the level of trust, how to process the one or more queries. Finally, the server provides responses to the one or more queries from the security software based on the determination of how to process the one or more queries.
39 Citations
20 Claims
-
1. A method for processing queries from a user device by a server, comprising:
-
receiving, by the server, one or more queries from a security software of the user device directed to one or more cloud services provided by the server, wherein the security software is configured to follow different procedures for contacting one or more different cloud services; analyzing the one or more queries received from the security software to determine whether the security software followed a correct procedure for contacting the one or more services, including determining a time difference between two consecutive queries of a cloud service by the security software, and, when the time difference is shorter than a predefined time period, determining that the user device did not comply with the correct procedure; based on the determination of whether the security software followed a correct or incorrect procedure for contacting the server, determining whether to update or not update a level of trust associated with the user device; determining, based on the level of trust, how to process the one or more queries; and providing different responses to the one or more queries from the security software based on the determination of how to process the one or more queries. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for processing queries from a user device by a server, the system comprising:
a hardware processor configured to; receive one or more queries from a security software of the user device directed to one or more cloud services provided by the server, wherein the security software is configured to follow different procedures for contacting one or more different cloud services; analyze the one or more queries received from the security software to determine whether the security software followed a correct procedure for contacting the one or more services, including determining a time difference between two consecutive queries of a cloud service by the security software, and, when the time difference is shorter than a predefined time period, determining that the user device did not comply with the correct procedure; based on the determination of whether the security software followed a correct or incorrect procedure for contacting the server, determine whether to update or not update a level of trust associated with the user device; determine, based on the level of trust, how to process the one or more queries; and provide different responses to the one or more queries from the security software based on the determination of how to process the one or more queries. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A computer program product embodied in a non-transitory computer-readable storage medium, the computer program product comprising computer-executable instructions for processing queries from a user device by a server, including instructions for:
-
receiving, by the server, one or more queries from a security software of the user device directed to one or more cloud services provided by the server, wherein the security software is configured to follow different procedures for contacting one or more different cloud services; analyzing the one or more queries received from the security software to determine whether the security software followed a correct procedure for contacting the one or more services, including determining a time difference between two consecutive queries of a cloud service by the security software, and, when the time difference is shorter than a predefined time period determining that the user device did not comply with the correct procedure; based on the determination of whether the security software followed a correct or incorrect procedure for contacting the server, determining whether to update or not update a level of trust associated with the user device; determining, based on the level of trust, how to process the one or more queries; and providing different responses to the one or more queries from the security software based on the determination of how to process the one or more queries. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification