What technology area does this patent fall under?

Primary CPC classification G06F11/3495. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and systems for controlling access to computing resources based on known security vulnerabilities

US9608997B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9608997-B2
Application number	US-201514618685-A
Country	US
Kind code	B2
Filing date	Feb 10, 2015
Priority date	Dec 21, 2005
Publication date	Mar 28, 2017
Grant date	Mar 28, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for controlling the operation of an endpoint, comprising: providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies; maintaining the plurality of policies in a data store on the computing system; identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to monitor; configuring one or more software services provided by an operating system on the endpoint to monitor the plurality of operating conditions; receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint gathered by the one or more software services; determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and initiating, remotely by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by a processor on the endpoint, such that the computing system remotely ensures endpoint compliance with the plurality of compliance policies stored in the data store of the computing system. 2. The method of claim 1 , wherein the action comprises controlling access of the endpoint to computing resources. 3. The method of claim 1 , wherein the user interface comprises a web page. 4. The method of claim 1 , further comprising requesting, at the computing system, the status information on a periodic basis. 5. The method of claim 1 , wherein the endpoint comprises a mobile device. 6. The method of claim 1 , further comprising configuring one or more application running on the endpoint on the endpoint to monitor at least a subset of the plurality of operating conditions. 7. The method of claim 1 , wherein the conditions comprise at least one hardware condition. 8. The method of claim 1 , wherein the conditions comprise at least one software condition. 9. The method of claim 1 , wherein the computing system comprises a plurality of servers. 10. The method of claim 1 , wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action. 11. A non-transitory computer readable medium containing computer instructions for controlling the operation of an endpoint, comprising: providing a user interface, at a computing system remote from the end point, configured to allow configuration of a plurality of policies; maintaining the plurality of policies in a data store on the computing system; identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to monitor; configuring one or more software services provided by an operating system on the endpoint to monitor the plurality of operating conditions; receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint gathered by the one or more software services; determining, by the computing system, a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store; and initiating, remotely by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by a processor on the endpoint, such that the computing system remotely ensures endpoint compliance with the plurality of compliance policies stored in the data store of the computing system. 12. The computer readable medium of claim 11 , wherein the action comprises controlling access of the endpoint to computing resources. 13. The computer readable medium of claim 11 , wherein the user interface comprises a web page. 14. The computer readable medium of claim 11 , further comprising requesting, at the computing system, the status information on a periodic basis. 15. The computer readable medium of claim 11 , wherein the endpoint comprises a mobile device. 16. The computer readable medium of claim 11 , further comprising configuring one or more application running on the endpoint on the endpoint to monitor at least a subset of the plurality of operating conditions. 17. The computer readable medium of claim 11 , wherein the conditions comprise at least one hardware condition. 18. The computer readable medium of claim 11 , wherein the conditions comprise at least one software condition. 19. The computer readable medium of claim 11 , wherein the computing system comprises a plurality of servers. 20. The computer readable medium of claim 11 , wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action. 21. A system for controlling the operation of an endpoint, comprising: a user interface, provided by a computing system remote from the end point, configured to allow configuration of a plurality of policies; a data store, at the computing system, that contains the plurality of policies; one or more software services provided by an operating system on the endpoint configured to monitor a plurality of operating conditions identified in the plurality of policies; and one or more hardware processors at the computing system configured to: receive, across a network, status information about the plurality of operating conditions on the endpoint gathered by the one or more software services, determine a compliance state of the endpoint based on the status information and a plurality of compliance policies in the data store, and initiate, remotely by the computing system, based on the compliance state, an action identified in at least one rule in the data store, wherein the action is carried out by the hardware processor on the endpoint, such that the computing system remotely ensures endpoint compliance with the plurality of compliance policies stored in the data store of the computing system. 22. The system of claim 21 , wherein the action comprises controlling access of the endpoint to computing resources. 23. The system of claim 21 , wherein the user interface comprises a web page. 24. The system of claim 21 , wherein the one or more processors are further configured to request the status information from the endpoint on a periodic basis. 25. The system of claim 21 , wherein the endpoint comprises a mobile device. 26. The system of claim 21 , further comprising one or more application running on the endpoint configured to monitor a plurality of operating conditions identified in the plurality of policies. 27. The system of claim 21 , wherein the conditions comprise at least one hardware condition. 28. The system of claim 21 , wherein the conditions comprise at least one software condition. 29. The system of claim 21 , wherein the computing system comprises a plurality of servers. 30. The system of claim 21 , wherein the plurality of policies includes at least one policy that includes the at least one rule that identifies the action.

Assignees

Inventors

Classifications

H04L63/1416
Event detection, e.g. attack signature detection · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
G06F21/55
Detecting local intrusion or implementing counter-measures · CPC title
G06F11/3495Primary
for systems · CPC title
G06F21/577
Assessing vulnerabilities and evaluating computer system security · CPC title

Patent family

Related publications grouped by family.

View patent family 38175342

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9608997B2 cover?: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions i…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification G06F11/3495. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).