What technology area does this patent fall under?

Primary CPC classification G06F11/3495. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and systems for controlling access to computing resources based on known security vulnerabilities

US9923918B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9923918-B2
Application number	US-201715470509-A
Country	US
Kind code	B2
Filing date	Mar 27, 2017
Priority date	Dec 21, 2005
Publication date	Mar 20, 2018
Grant date	Mar 20, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for controlling the operation of an endpoint, comprising: providing a user interface, at a computing system that is remote from the endpoint, configured to allow configuration of a plurality of policies; maintaining the plurality of policies in a data store on the computing system; identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to evaluate; configuring one or more software services provided by an operating system on the endpoint to monitor the plurality of operating conditions; receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint, gathered by the one or more software services on the endpoint, and user information that identifies a user of the endpoint; determining, by the computing system, a compliance state of the endpoint based on the user information and status information, and a plurality of compliance policies in the data store; authorizing access by the endpoint to a computing resource on the network, authorization being determined by the remote computing system in response to the compliance state; and continuing to monitor the compliance state by the endpoint and restricting access to the computing resource if the compliance state changes. 2. The method of claim 1 , wherein the user interface comprises a web page. 3. The method of claim 1 , further comprising requesting, at the computing system, the status information on a periodic basis. 4. The method of claim 1 , wherein the endpoint comprises a mobile device. 5. The method of claim 1 , further comprising configuring one or more applications running on the endpoint on the endpoint to monitor at least a subset of the plurality of operating conditions. 6. The method of claim 1 , wherein the conditions comprise at least one hardware condition. 7. The method of claim 1 , wherein the conditions comprise at least one software condition. 8. The method of claim 1 , wherein the computing system comprises a plurality of servers. 9. A non-transitory computer readable medium containing computer instructions for controlling the operation of an endpoint, comprising: providing a user interface, at a computing system that is remote from the endpoint, configured to allow configuration of a plurality of policies; maintaining the plurality of policies in a data store on the computing system; identifying, from the plurality of policies, a plurality of operating conditions on the endpoint to evaluate; configuring one or more software services provided by an operating system on the endpoint to monitor the plurality of operating conditions; receiving, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint, gathered by the one or more software services on the endpoint, and user information that identifies a user of the endpoint; determining, by the computing system, a compliance state of the endpoint based on the user information and status information, and a plurality of compliance policies in the data store; authorizing access by the endpoint to a computing resource on the network, authorization being determined by the remote computing system in response to the compliance state; and continuing to monitor the compliance state by the endpoint and restricting access to the computing resource if the compliance state changes. 10. The non-transitory computer readable medium of claim 9 , wherein the user interface comprises a web page. 11. The non-transitory computer readable medium of claim 9 , further comprising requesting, at the computing system, the status information on a periodic basis. 12. The non-transitory computer readable medium of claim 9 , wherein the endpoint comprises a mobile device. 13. The non-transitory computer readable medium of claim 9 , further comprising configuring one or more applications running on the endpoint on the endpoint to monitor at least a subset of the plurality of operating conditions. 14. The non-transitory computer readable medium of claim 9 , wherein the conditions comprise at least one hardware condition. 15. The non-transitory computer readable medium of claim 9 , wherein the conditions comprise at least one software condition. 16. The non-transitory computer readable medium of claim 9 , wherein the computing system comprises a plurality of servers. 17. A system for controlling the operation of an endpoint, comprising: a user interface, provided by a computing system remote from the end point, configured to allow configuration of a plurality of policies; a data store, at the computing system, that contains the plurality of policies; one or more software services provided by an operating system on the endpoint configured to evaluate a plurality of operating conditions identified in the plurality of policies; and one or more hardware processors at the computing system configured to: receive, across a network, at the computing system, status information about the plurality of operating conditions on the endpoint, gathered by the one or more software services on the endpoint, and user information that identifies a user of the endpoint, determine, by the computing system, a compliance state of the endpoint based on the user information and status information, and a plurality of compliance policies in the data store, and authorize access by the endpoint to a computing resource on the network, authorization being determined by the remote computing system in response to the compliance state. 18. The system of claim 17 , wherein the user interface comprises a web page. 19. The system of claim 17 , further comprising requesting, at the computing system, the status information on a periodic basis. 20. The system of claim 17 , wherein the endpoint comprises a mobile device. 21. The system of claim 17 , further comprising configuring one or more applications running on the endpoint on the endpoint to monitor at least a subset of the plurality of operating conditions. 22. The system of claim 17 , wherein the conditions comprise at least one hardware condition. 23. The system of claim 17 , wherein the conditions comprise at least one software condition. 24. The system of claim 17 , wherein the computing system comprises a plurality of servers.

Assignees

Inventors

Classifications

H04L63/105
Multiple levels of security · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
G06F11/3495Primary
for systems · CPC title
H04L63/1433Primary
Vulnerability analysis · CPC title
G06F21/577
Assessing vulnerabilities and evaluating computer system security · CPC title

Patent family

Related publications grouped by family.

View patent family 38175342

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9923918B2 cover?: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions i…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification G06F11/3495. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).