US20060010492A9 - Method and apparatus for monitoring computer network security enforcement - Google Patents

Method and apparatus for monitoring computer network security enforcement Download PDF

Info

Publication number
US20060010492A9
US20060010492A9 US10/170,088 US17008802A US2006010492A9 US 20060010492 A9 US20060010492 A9 US 20060010492A9 US 17008802 A US17008802 A US 17008802A US 2006010492 A9 US2006010492 A9 US 2006010492A9
Authority
US
United States
Prior art keywords
security
network
provision
data
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US10/170,088
Other versions
US20030229808A1 (en
US8001594B2 (en
Inventor
Robert Heintz
Jeffrey Christy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Channel Ip BV
Original Assignee
Axcelerant Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Axcelerant Inc filed Critical Axcelerant Inc
Priority to US10/170,088 priority Critical patent/US8001594B2/en
Assigned to AXCELERANT, INC. reassignment AXCELERANT, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEINTZ, ROBERT, CHRISTY, JEFFREY A.
Publication of US20030229808A1 publication Critical patent/US20030229808A1/en
Publication of US20060010492A9 publication Critical patent/US20060010492A9/en
Assigned to GOREMOTE INTERNET COMMUNICATIONS, INC. (F/K/A GRIC COMMUNICATIONS, INC.) reassignment GOREMOTE INTERNET COMMUNICATIONS, INC. (F/K/A GRIC COMMUNICATIONS, INC.) MERGER (SEE DOCUMENT FOR DETAILS). Assignors: AXCELERANT, INC.
Assigned to GOREMOTE INTERNET COMMUNICATIONS, INC. (A WHOLLY OWNED SUBSIDIARY OF IPASS INC.) reassignment GOREMOTE INTERNET COMMUNICATIONS, INC. (A WHOLLY OWNED SUBSIDIARY OF IPASS INC.) MERGER (SEE DOCUMENT FOR DETAILS). Assignors: GOREMOTE INTERNET COMMUNICATIONS, INC. (F/K/A GRIC COMMUNICATIONS, INC.)
Application granted granted Critical
Publication of US8001594B2 publication Critical patent/US8001594B2/en
Assigned to IPASS INC. reassignment IPASS INC. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: GOREMOTE INTERNET COMMUNICATIONS, INC.
Assigned to FORTRESS CREDIT CORP. reassignment FORTRESS CREDIT CORP. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IPASS INC.
Assigned to IPASS IP LLC reassignment IPASS IP LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IPASS INC.
Assigned to FORTRESS CREDIT CORP., DBD CREDIT FUNDING LLC, FIP UST LP reassignment FORTRESS CREDIT CORP. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IPASS INC., IPASS IP LLC
Assigned to POST ROAD ADMINISTRATIVE LLC reassignment POST ROAD ADMINISTRATIVE LLC SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IPASS IP LLC
Assigned to IPASS INC. reassignment IPASS INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: FORTRESS CREDIT CORP.
Assigned to IPASS IP LLC reassignment IPASS IP LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: POST ROAD ADMINISTRATIVE LLC
Assigned to IPASS IP LLC, IPASS INC. reassignment IPASS IP LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: DBD CREDIT FUNDING, LLC, FIP UST LP
Assigned to HIGH TRAIL INVESTMENTS SA LLC, AS COLLATERAL AGENT reassignment HIGH TRAIL INVESTMENTS SA LLC, AS COLLATERAL AGENT INTELLECTUAL PROPERTY SECURITY AGREEMENT Assignors: IPASS IP LLC
Assigned to CHANNEL VENTURES GROUP, LLC reassignment CHANNEL VENTURES GROUP, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ARTILIUM GROUP LTD., DEVICESCAPE HOLDINGS, INC., IPASS IP LLC, IPASS, INC., PARETEUM ASIA PTE. LTD., PARETEUM CORPORATION, PARETEUM EUROPE B.V., PARETEUM N.V., PARETEUM NORTH AMERICA CORPORATION
Assigned to CHANNEL IP B.V. reassignment CHANNEL IP B.V. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHANNEL VENTURES GROUP, LLC
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Definitions

  • the present invention relates generally to computer network security software. More specifically, it relates to distributed software and network components for monitoring user actions effecting measures taken for computer network security enforcement.
  • a firewall program typically runs on a server that checks data coming in and out of a company's internal network.
  • companies are concerned with external entities entering their private network and corrupting or exposing sensitive data.
  • programs and tools There are a large number of programs and tools a company can employ to secure its network.
  • a specific category or type of network is a virtual private network or VPN.
  • a VPN is made up of computer workstations that are physically located outside a company's network. The most common example is a workstation located at an employee's home office. This workstation, for example a PC or Mac, may be the property of the employee and is being used for work and to access company resources in addition to normal home use. However, because it is being used for work and is using a public network, such as the Internet, to access company resources, the company requires that the computer execute network security enforcement software. It is crucial that this enforcement software, whether it is a single program or a bundle of programs, operate when expected and not be modified, adjusted, by-passed or shut down.
  • the user may not be aware of the network security software installed on the computer by the company, for example with company laptops and desktop computers. As such, in some instances, a user may not be aware that he or she is violating a company security policy or somehow effecting the operation of a security program. Such inadvertent or unintentional violations can be as dangerous as intentional or malicious violations.
  • a method of determining whether a security provision in a computer network has been violated is described. It is determined whether a network component has violated, modified or circumvented a security enforcement provision of the computer network. If the detection is affirmative, the network component, such as an end user system, operates at a level that is appropriate to the severity or level of the violation, modification, or circumvention as determined by the computer network operator.
  • a method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network includes detecting whether the network component has violated, modified or circumvented the security enforcement provision of the computer network. It is then determined whether an enforcement provision monitoring module has been violated, modified or circumvented. If either detection is affirmative, the network component is acted upon in a manner appropriate given the level or severity of the violation or modification as determined by a network operator. The method also includes comparing a profile record containing information on the network component to a rule set defining a security policy and notifying an operator of the computer network if either detection is affirmative.
  • a system for monitoring abidance by a network security provision present in a network includes an agent module residing on an end user system which collects data on the system and transmits it to a security server.
  • the security server under control of a security service provider, contains multiple components for receiving and inspecting data.
  • a security database containing end user system data and security rule data, wherein the security server and the security database are in direct communication.
  • a notification module capable of notifying a third party of a security violation. The notification can also include restricting access of the end user system to other components in the network.
  • FIG. 1 is an illustration of the various network components and resources for monitoring a workstation in a network in accordance with one embodiment of the present invention.
  • FIGS. 2A and 2B are flow diagrams of an installation process for the monitoring client module on an end-user system in accordance with one embodiment of the present invention.
  • FIGS. 3A and 3B are flow diagrams of a process of creating an entry for a new end user on the server in accordance with one embodiment of the present invention.
  • FIGS. 4A and 4B are flow diagrams of a process of collecting and reporting end user system information on the client module in accordance with one embodiment of the present invention.
  • FIG. 5 is a flow diagram of a process of a collector module on the server receiving data from the client agent in accordance with one embodiment of the present invention.
  • FIGS. 6A and 6B are flow diagrams of a process of the policy inspector determining rule set violations by the end-user system in accordance with one embodiment of the present invention.
  • FIGS. 7A and 7B are flow diagrams of a “watch dog” process in the server that monitors the database for scheduled updates by agents in accordance with one embodiment of the present invention.
  • FIG. 8 is a flow diagram of a process of the notifier handling and transmitting violation notifications to customers in accordance with one embodiment of the present invention.
  • FIG. 9 is a flow diagram of a process in which end-user disconnection requests by the notifier are handled in accordance with one embodiment of the present invention.
  • FIG. 10 is a block/flow diagram showing the various functional components of the security monitoring system of the present invention.
  • a method of monitoring workstations in a network for example, a virtual private network (VPN), for security violations is described in the various figures.
  • An entity may have a computer network security policy for its workstations that includes security software programs A, B and C and company security rules X and Y.
  • the entity can adequately safeguard its network, such as a VPN, if employees abide by this computer network security policy.
  • Programs A, B and C must be operational and unmodified and the user must be aware of and abide by security rules X and Y for the security policy to be effective.
  • the present invention allows the company to monitor whether the programs and rules, that is, the company's security policy is in effect.
  • the invention monitors and can notify appropriate parties in the entity of any policy violation and take certain automatic actions, such as denying any further access if appropriate.
  • the invention will notify the entity when the monitoring software itself is modified or shut down.
  • FIG. 1 is an illustration of the various network components and resources for monitoring a workstation in a network in accordance with one embodiment of the present invention.
  • a client or workstation 102 contains data belonging to an employer and is connected to the internet 104 through an end user LAN 103 .
  • a LAN is not necessary, for example if being used from a home office.
  • Workstation 102 can be at an employee's house or be a laptop computer used by an employee while traveling.
  • Agent software 106 resides on workstation 102 , installed typically by the employee or employer. Agent 106 causes client 102 to send certain data, described below, to a server 108 under the control of a third-party service provider.
  • MSU 105 managed service unit
  • CPE customer premise equipment
  • MSU 105 or any other type of network perimeter security device or provision such as a software firewall
  • the present invention ensures that such a device or provision is installed and operational. Proper installation and non-tampering are treated as rules that must be followed or that are considered to be part of a network security program. If the network perimeter security device or firewall is not installed and operational, this is indicated in a report, described below, and appropriate action is taken.
  • Server 108 has numerous components or modules, including, but not limited to: collector 110 , policy inspector 112 , notifier 114 and access control 116 . Also under the control of the service provider is a data repository 118 holding various types of data including, but not limited to, agent data collection sets or report data 120 , exception log 122 , rule sets 124 , exception notification groups 126 , customer information 128 and activity history data 130 .
  • the third-party service provider provides security monitoring and management services to customers (e.g., an employer) having workstations on a public network or using a public network to implement a VPN.
  • Notifier component 114 causes server 108 to send a notification to an employer having an interest in the security enforcement of workstation 102 .
  • a notification can be sent via email or other means to employer server 132 or premises.
  • a proactive monitor 134 also resides on service provider server 108 and is able to detect when an agent does not send collected data at a scheduled time which is considered a security violation.
  • there is also a connection to a customer corporate network which has a firewall 136 , a VPN head-end 138 and a customer's network, such as an Ethernet network 140 .
  • FIGS. 2A and 2B are flow diagrams of an installation process for a monitoring module on an end-user system in accordance with one embodiment of the present invention.
  • the client module is downloaded from a service provider website.
  • the module can also be placed directly onto the end-user system from a CD-ROM or other source by the employer without the employee's knowledge.
  • an installer program in the client module is executed. Again, this can be executed by the employer or directly by the employee.
  • the install program receives data from the person installing the module such as company name, end-user name, and end-user order number. In a preferred embodiment, this information plus other information is sent as a package of data to service provider server 108 via the Internet at step 208 .
  • this information plus other information is sent as a package of data to service provider server 108 via the Internet at step 208 .
  • the service provider server creates a database entry described in FIG. 3 .
  • the installer program waits for a host ID from the server which uniquely identifies the end-user system.
  • the client checks whether a host ID was received. If one was not received, the installer prints an error on the client and the process is aborted at step 216 .
  • the installer program patches the host ID and the necessary binary files into the client and at step 220 places the files and binaries into the appropriate location in the end-user system.
  • no data is stored on the end-user system outside the client module.
  • the host ID and other data is rewritten into the client module. This enables the monitor module to be invoked when the end-user system boots up.
  • the installer program updates the system settings such as operating system registers and system boot up and the installer then launches the monitor module.
  • FIGS. 3A and 3B are flow diagrams of a process of creating an entry for a new end user on the server in accordance with one embodiment of the present invention.
  • the service provider server receives the data package or packet from the new installer program described above.
  • the server obtains the end user order number from the packet at step 304 .
  • the server validates the end-user, company, and email address obtained from a user data repository that maintains data on all end users and companies. In a preferred embodiment, this data is contained in an operational support system (OSS), a core system that tracks all new installations and customers.
  • OSS operational support system
  • the server determines whether the end user and company are valid.
  • a class name designation for the end user is retrieved by the server from the user/company data repository 128 at step 308 .
  • the class name identifies one or more rule sets to be applied to the end user, described below.
  • an end user may be part of an Accounting Group or an Engineering Group which has its own set of rules.
  • the end user class name identifies the rule sets.
  • the server generates a host ID. In a preferred embodiment the host ID is 32 bits long.
  • the server also creates a host entry in the service provider database.
  • the server checks for a class rule set for the host entry. If one does not exist the server allocates a default rule set to the host entry at step 314 .
  • the server allocates the class rule set to the host entry at step 316 and at step 318 the server sends the host ID to the installer program.
  • the workstation's IP address can be used to apply different rule sets depending on the IP address space allocated for that workstation.
  • FIGS. 4A and 4B are flow diagrams of a process of collecting and reporting end user system information on the client module in accordance with one embodiment of the present invention.
  • the module or agent on the client is initialized by system start up.
  • the agent collects static data or data that only needs to be collected once after the computer is booted up, such as uptime.
  • the agent daemonizes or becomes a background process.
  • the agent collects report information that is particular to a period of time while the computer is running and can change from one time frame to the next.
  • the agent initializes a Secure Socket Layer (SSL) connection to the collector. The agent then receives the next update time for the next report from the collector at step 412 of FIG.
  • SSL Secure Socket Layer
  • this also acts as a confirmation that the previous report was received.
  • the agent sends the data package containing the static and report information to the collector.
  • the server determines whether the end-user system was shutdown during the agent sleep time (time between sending reports) at step 416 . If the system was not shut down during the agent sleep the agent awakens at the designated time at step 418 and control returns to step 408 where the agent collects report information. If the system was shut down, at step 420 the agent collects static and other report information as described in step 404 and 408 above and sends the data to the server after opening an SSL connection.
  • FIG. 5 is a flow diagram of a process of a collector module on the server receiving data from the client agent in accordance with one embodiment of the present invention. It describes steps from FIGS. 4A and 4B , however, from the perspective of the security service provider, that is, from the server perspective.
  • a collector on the server is invoked or called by the agent or monitoring module on the client.
  • the collector negotiates an SSL connection with the agent. The collector then sends the next update time to the agent at step 506 and then receives the data packet from the agent at step 508 . After validating the packet, the collector generates a unique report ID number for the data package and posts the report information and the report ID number to the database at step 510 .
  • the collector invokes the policy inspector and transmits the report ID.
  • the collector closes the SSL session with the end user system.
  • FIGS. 6A and 6B are flow diagrams of a process of the policy inspector determining rule set violations by the end user system in accordance with one embodiment of the present invention.
  • the policy inspector After being invoked by the collector and receiving and validating a report ID, the policy inspector retrieves an end user host ID from the database using the report ID at step 602 .
  • the policy inspector accesses one or more rule sets assigned to the end user host ID.
  • the policy inspector evaluates the last agent reset. The inspector determines the reason the agent module was last reset such as termination, reset by user or any other reason. The goal being to determine if anything unusual was done to reset the agent.
  • the inspector determines whether the agent has been continually running since the end user system was booted up.
  • a security violation has occurred.
  • the policy inspector applies a group rule set at step 612 .
  • a group rule set applies to all end users in a particular group, such as a division in a company or an entire company.
  • step 616 the policy inspector records the violation at step 616 .
  • step 618 the policy inspector applies a host rule set which contains security rules that are more specific and may be “customized” to the particular end user. If a violation is detected at step 618 the policy inspector records the violation at step 620 .
  • step 622 the policy inspector determines whether there were any violations based on either the group rule set or the host rule set. If there are none, the process is complete. If there are violations, the policy inspector logs the violations and invokes the notifier at step 624 and the process is complete.
  • FIGS. 7A and 7B are flow diagrams of a “watch dogs” process in the server that monitors the database for scheduled updates by agents in accordance with one embodiment of the present invention.
  • a watch monitor scans the database for the next expected report from any of the agents currently running.
  • the watch monitor determines whether there are any late reports from any of the agents. If there are no late reports, the watch monitor schedules its own sleep duration as the amount of time before the next report is due from any of the agents plus an additional length of time, such as five seconds in a preferred embodiment at step 706 .
  • the watch monitor wakes up at its scheduled time and returns to step 702 .
  • the watch monitor retrieves the last report ID for that particular agent or end user.
  • the watch monitor appends the notice of the security violation, i.e., the late report, to the last report from that agent.
  • the IP address of the end user is obtained from the last report and is used to ping the end user for the agent, namely workstation 102 .
  • the watch monitor determines whether the IP address responds to the ping. If it does, the client is still running and the late report is therefore confirmed as a late report from an active agent. This violation is then recorded by the watch monitor in the database at step 718 and the notifier is invoked or spawned. The watch monitor then schedules its sleep duration as described above and the scan process is repeated.
  • the watch monitor records the non-response in the database.
  • the watch monitor logs the IP address in a ping monitoring system in the server which monitors the IP address continuously by performing pings.
  • the watch monitor schedules its sleep duration as described above and returns to the beginning of the scanning process when it wakes up.
  • FIG. 8 is a flow diagram of a process of the notifier handling and transmitting violation notifications to customers in accordance with one embodiment of the present invention.
  • the notifier is spawned by the watch monitor or the policy inspector as described above.
  • the notifier receives and verifies the particular report ID given by the monitor or the inspector. From the report ID, the notifier retrieves the host ID and host information at step 806 .
  • the notifier retrieves the security violation event information, such as severity of the violation, violation description, end user order number, time, company and IP address.
  • the notifier obtains customer notification information from a notification information table in the database. This table contains details on how to contact the appropriate people at the service provider and customer company when a security violation occurs.
  • the notifier logs the security violation event in a violation event table in the database.
  • the notifier causes the actual notification of the appropriate people at the customer company of the violation based on information in the notification table.
  • the notification can be done by email, page or by creating a trouble ticket, described below. At this stage the process is complete.
  • FIG. 9 is a flow diagram of a process in which end-user disconnection requests by the notifier are handled in accordance with one embodiment of the present invention.
  • an access control module is spawned by the notifier. This is done when the notifier determines that the security violation requires that the end user system be disconnected from the network. When this action should be done is determined by the customer and can vary. In some cases it is done at the first sign of any type of security violation while in other cases it is done as a last resort when a violation is egregious.
  • the access control module receives end user information from an application program interface (API) such as information on the security violation, the end user order number, end user name and company name.
  • API application program interface
  • the access control module retrieves end user system configuration information from the database. From this information, the module can determine the type of VPN or network the user is on, the address of the remote user, and a security profile indicator or SPI to access the VPN head-end or other appropriate network component. At step 908 the access control module disables the end user VPN service or disconnects the end user from the company network and the process is complete.
  • the notifier can alert a second group of employees or single employee if the first notification of a security violation did not get a response. This is referred to as escalation.
  • a trouble ticket can be created. If the notifier determines that the trouble ticket is unacknowledged after a certain time frame, a second notification group is notified. The same concept applies to email or pages that have not been responded to. If the trouble ticket is acknowledged, the database is updated accordingly by the escalator component of the notifier. If the trouble ticket is not acknowledged within a certain time frame (i.e., a timeout value has been reached), the escalator component escalates the event level in the database and performs the next level of notification.
  • Event acknowledgements can also be received and recorded by an acknowledger component of the notifier.
  • a system function monitors and captures any replies to email notifications. For example, the subject line or header of an email response is read to determine which report ID or security violation the email is in response to. The acknowledger then retrieves the security violation report from the database and determines whether the report has been previously acknowledged. If it has, the report status is changed to acknowledged. If not, the acknowledger updates the response time to reflect the email notification.
  • a response to a security violation can be through entering an acknowledgement through a website or specific web page.
  • the acknowledger determines the report ID from the website records in the database and accesses the appropriate report ID. If the report has been previously acknowledged, the status of the report and other information are changed to reflect this. If the report has not been acknowledged, the acknowledger either updates the response time to reflect the web notification or it does not alter the record.
  • FIG. 10 is a block/flow diagram showing the various functional components of the security monitoring system of the present invention.
  • a box 1002 represents data collection and box 1004 is for server session control, both under an agent component 1006 .
  • Agent data collector 1006 collects numerous items of data as shown in box 1002 . It collects a unique host id for workstation 102 such as a disk serial number, drive ID and the like, that uniquely identifies the workstation. Also gathered is data about network interfaces, MAC addresses, IP addresses, routing tables, user accounts, network services, such as ports opened, network environment, CPU time, agent uptime and agent confirmation data. This data is collected initially when the workstation is first booted up or turned on and then performed at certain time intervals which may be random or predetermined. If the agent is not invoked on time, the security service provider can detect this by using the CPU uptime and agent uptime data items in box 1002 .
  • Server session control 1004 opens or creates a secure socket layer or SSL/TCP channel over a public network, such as the Internet, between the end user system and server 108 under control of the third-party service provider. Server session control 1004 also packages the data and transmits the data to collector module on server 108 . Server session control 1004 receives the next update time, that is, the next time data collection is to take place on workstation 102 . This update time is used as a confirmation that the collector received the previous data packets.
  • Collector 110 has two functional components as shown in FIG. 10 : session control listener 1008 and preprocessor 1010 .
  • Listener 1008 receives the collected data from the agent and after receiving all the data, listener 1008 closes the SSL/TCP session.
  • Pre-processor 1010 receives the data from session control listener 1008 and creates a record or report having a unique report_id.
  • the report created has fields or columns closely resembling the data fields gathered by agent data collection module 1002 .
  • Preprocessor 1010 posts the report, or record, to data repository 118 and is stored in data collection set area 120 of FIG. 1 .
  • This record contains the basic agent monitoring data used to track security policy enforcement.
  • the data can be stored in various formats, for example, a relational database.
  • the preprocessor 1010 signals or spawns the policy inspector.
  • the policy inspector 112 has three functional components: process data module 1012 , validate host data module 1014 and new user setup component 1016 . If a host_id is new, control goes to new user setup component 1016 which invokes notifier 114 of FIG. 1 and the validate host data component 1014 examines the host information as contained in the record pulled from the data repository 118 .
  • Notifier 114 has a process exception logs component 1018 that verifies notification groups and performs notifications. As described, a particular company can have numerous rule sets for a particular workstation. Validate host data module 1014 retrieves all of them and performs a comparison of each rule set with the data in the record.
  • Access control component 116 can be one “member” in a notification group and is used to typically shutdown or deny access to the workstation. In a preferred embodiment access control 116 has a process access control component 1020 containing logic for verifying a requested action and performing the access control event.
  • Each rule set has an identifier and belongs to a particular category such as process identifier, network-based, user accounts and so on.
  • a rule is generally divided up into three parts: Allow, Deny and Require. Under Allow are all items or functions that are allowed by the workstation, such as processes A through D and G.
  • the Deny section of a rule set lists all the programs or processes that are to be denied execution on the workstation.
  • the Require section lists all the programs that are required by the security policy for the workstation, such as a firewall program. If a rule set does not match a particular process that is running, an exception is logged. For example, if process A is running but there is no rule set for process A or, more specifically, the Deny section of any rule set includes process A, an exception is logged.
  • the agent code described can be resident on a firewall or on a workstation.
  • the agent software can function from a firewall that services numerous PCs such as in a home network or on a firewall that services only the workstation.
  • the agent functions in the same manner and contacts the collector of the third-party service provider.
  • the functions of the service provider can be performed at the customer site.

Abstract

Methods and systems are disclosed for monitoring activity of a user on a network component, such as an end user computer, in a virtual private network for adherence to a security enforcement provision or policy utilized in the virtual private network. A method of determining whether a security provision in a computer network has been violated is described. It is determined whether the network component has violated, modified or circumvented a security enforcement provision of the computer network. If the detection is affirmative, the network component, such as an end user system, is modified in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision. If instructed to do so, a third party operating the virtual private network is notified of the violation and access to the network by the network component is restricted or terminated. A security enforcement distributed system consists of an agent module on the end user computer and a collector module for receiving data from the agent on a security server computer coupled to a data repository. Also on the security serer are a policy inspector for checking compliance with a security provision and a notifier and access control module for informing the network operator of a violation and restricting access by the end user system to the security server.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates generally to computer network security software. More specifically, it relates to distributed software and network components for monitoring user actions effecting measures taken for computer network security enforcement.
  • 2. Discussion of Related Art
  • With the advent of the Internet and rapid growth of “telecommuting” and working while traveling, computer network and data security has become increasingly important. Consequences of violations of an entity's network security policies can be catastrophic. Huge amounts of data, including highly sensitive data, can be exposed to the public and especially individuals looking for loopholes in a company's network security.
  • It is common practice now for a company, entity or organization to have some type of network security enforcement if the company allows its employees to work from home, use laptops while traveling, working from satellite offices, or simply using a desktop computer on the company's premises. For example, a firewall program typically runs on a server that checks data coming in and out of a company's internal network. Typically, companies are concerned with external entities entering their private network and corrupting or exposing sensitive data. There are a large number of programs and tools a company can employ to secure its network.
  • A specific category or type of network is a virtual private network or VPN. A VPN is made up of computer workstations that are physically located outside a company's network. The most common example is a workstation located at an employee's home office. This workstation, for example a PC or Mac, may be the property of the employee and is being used for work and to access company resources in addition to normal home use. However, because it is being used for work and is using a public network, such as the Internet, to access company resources, the company requires that the computer execute network security enforcement software. It is crucial that this enforcement software, whether it is a single program or a bundle of programs, operate when expected and not be modified, adjusted, by-passed or shut down. In many cases the user may not be aware of the network security software installed on the computer by the company, for example with company laptops and desktop computers. As such, in some instances, a user may not be aware that he or she is violating a company security policy or somehow effecting the operation of a security program. Such inadvertent or unintentional violations can be as dangerous as intentional or malicious violations.
  • As mentioned, the number of security enforcement programs available for workstations on a VPN and other types of networks has grown considerably. As a result, monitoring whether security programs on a particular workstation are operating and actually enforcing security policies have become an important aspect of a company's network security scheme. Some workstations can have numerous separate programs for enforcing security and all need to be functioning when the computer is in use. A company needs to know whether any of the security enforcement programs have been shut off, modified or simply not functioning properly. However, there are no effective tools to allow a company to effectively manage and monitor its VPN or computer network security enforcement policy, typically implemented through specific network security software programs. In addition, other computer network security devices, such as by Info Express and Sygate, are not functional if not connected to a network or VPN Thus, they cannot ensure that security provisions are abided by when they are not connected to a VPN.
  • Therefore, what is needed is a method and system for allowing an entity to effectively monitor and manage its computer network security policy. In addition, such a method and system should alert the entity when a network security policy has been violated and take certain actions when violations occur.
  • SUMMARY OF THE PREFERRED EMBODIMENTS
  • To achieve the foregoing, methods and systems are disclosed for monitoring the activity of a user on a network component in a virtual private network for abidance by a security enforcement provision utilized in virtual private network. In one aspect of the present invention, a method of determining whether a security provision in a computer network has been violated is described. It is determined whether a network component has violated, modified or circumvented a security enforcement provision of the computer network. If the detection is affirmative, the network component, such as an end user system, operates at a level that is appropriate to the severity or level of the violation, modification, or circumvention as determined by the computer network operator.
  • In another aspect of the present invention, a method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network includes detecting whether the network component has violated, modified or circumvented the security enforcement provision of the computer network. It is then determined whether an enforcement provision monitoring module has been violated, modified or circumvented. If either detection is affirmative, the network component is acted upon in a manner appropriate given the level or severity of the violation or modification as determined by a network operator. The method also includes comparing a profile record containing information on the network component to a rule set defining a security policy and notifying an operator of the computer network if either detection is affirmative.
  • In another aspect of the present invention, a system for monitoring abidance by a network security provision present in a network is described. The system includes an agent module residing on an end user system which collects data on the system and transmits it to a security server. The security server, under control of a security service provider, contains multiple components for receiving and inspecting data. Also under control of a security service provider is a security database containing end user system data and security rule data, wherein the security server and the security database are in direct communication. Also contained on the security server is a notification module capable of notifying a third party of a security violation. The notification can also include restricting access of the end user system to other components in the network.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is an illustration of the various network components and resources for monitoring a workstation in a network in accordance with one embodiment of the present invention.
  • FIGS. 2A and 2B are flow diagrams of an installation process for the monitoring client module on an end-user system in accordance with one embodiment of the present invention.
  • FIGS. 3A and 3B are flow diagrams of a process of creating an entry for a new end user on the server in accordance with one embodiment of the present invention.
  • FIGS. 4A and 4B are flow diagrams of a process of collecting and reporting end user system information on the client module in accordance with one embodiment of the present invention.
  • FIG. 5 is a flow diagram of a process of a collector module on the server receiving data from the client agent in accordance with one embodiment of the present invention.
  • FIGS. 6A and 6B are flow diagrams of a process of the policy inspector determining rule set violations by the end-user system in accordance with one embodiment of the present invention.
  • FIGS. 7A and 7B are flow diagrams of a “watch dog” process in the server that monitors the database for scheduled updates by agents in accordance with one embodiment of the present invention.
  • FIG. 8 is a flow diagram of a process of the notifier handling and transmitting violation notifications to customers in accordance with one embodiment of the present invention.
  • FIG. 9 is a flow diagram of a process in which end-user disconnection requests by the notifier are handled in accordance with one embodiment of the present invention.
  • FIG. 10 is a block/flow diagram showing the various functional components of the security monitoring system of the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • Reference will now be made in detail to a preferred embodiment of the invention. An example of the preferred embodiment is illustrated in the accompanying drawings. While the invention will be described in conjunction with a preferred embodiment, it will be understood that it is not intended to limit the invention to one preferred embodiment. To the contrary, it is intended to cover alternatives, modifications, and equivalents as may be included within the spirit and scope of the invention as defined by the appended claims.
  • A method of monitoring workstations in a network, for example, a virtual private network (VPN), for security violations is described in the various figures. An entity may have a computer network security policy for its workstations that includes security software programs A, B and C and company security rules X and Y. The entity can adequately safeguard its network, such as a VPN, if employees abide by this computer network security policy. Programs A, B and C must be operational and unmodified and the user must be aware of and abide by security rules X and Y for the security policy to be effective. The present invention allows the company to monitor whether the programs and rules, that is, the company's security policy is in effect. The invention monitors and can notify appropriate parties in the entity of any policy violation and take certain automatic actions, such as denying any further access if appropriate. In addition, the invention will notify the entity when the monitoring software itself is modified or shut down.
  • FIG. 1 is an illustration of the various network components and resources for monitoring a workstation in a network in accordance with one embodiment of the present invention. A client or workstation 102 contains data belonging to an employer and is connected to the internet 104 through an end user LAN 103. A LAN is not necessary, for example if being used from a home office. Workstation 102 can be at an employee's house or be a laptop computer used by an employee while traveling. Agent software 106 resides on workstation 102, installed typically by the employee or employer. Agent 106 causes client 102 to send certain data, described below, to a server 108 under the control of a third-party service provider. Before that, data traffic goes through a managed service unit (MSU) 105 and some type of customer premise equipment (CPE) 107. With respect to MSU 105 or any other type of network perimeter security device or provision, such as a software firewall, the present invention ensures that such a device or provision is installed and operational. Proper installation and non-tampering are treated as rules that must be followed or that are considered to be part of a network security program. If the network perimeter security device or firewall is not installed and operational, this is indicated in a report, described below, and appropriate action is taken.
  • Server 108 has numerous components or modules, including, but not limited to: collector 110, policy inspector 112, notifier 114 and access control 116. Also under the control of the service provider is a data repository 118 holding various types of data including, but not limited to, agent data collection sets or report data 120, exception log 122, rule sets 124, exception notification groups 126, customer information 128 and activity history data 130. The third-party service provider provides security monitoring and management services to customers (e.g., an employer) having workstations on a public network or using a public network to implement a VPN. Notifier component 114 causes server 108 to send a notification to an employer having an interest in the security enforcement of workstation 102. A notification can be sent via email or other means to employer server 132 or premises. A proactive monitor 134 also resides on service provider server 108 and is able to detect when an agent does not send collected data at a scheduled time which is considered a security violation. In a preferred embodiment, there is also a connection to a customer corporate network which has a firewall 136, a VPN head-end 138 and a customer's network, such as an Ethernet network 140.
  • FIGS. 2A and 2B are flow diagrams of an installation process for a monitoring module on an end-user system in accordance with one embodiment of the present invention. At step 202 the client module is downloaded from a service provider website. The module can also be placed directly onto the end-user system from a CD-ROM or other source by the employer without the employee's knowledge. At step 204 an installer program in the client module is executed. Again, this can be executed by the employer or directly by the employee. At step 206 the install program receives data from the person installing the module such as company name, end-user name, and end-user order number. In a preferred embodiment, this information plus other information is sent as a package of data to service provider server 108 via the Internet at step 208. At step 210 of FIG. 2B the service provider server creates a database entry described in FIG. 3. At step 212 the installer program waits for a host ID from the server which uniquely identifies the end-user system. At step 214 the client checks whether a host ID was received. If one was not received, the installer prints an error on the client and the process is aborted at step 216.
  • If a host ID is received, at step 218 the installer program patches the host ID and the necessary binary files into the client and at step 220 places the files and binaries into the appropriate location in the end-user system. In a preferred embodiment, no data is stored on the end-user system outside the client module. The host ID and other data is rewritten into the client module. This enables the monitor module to be invoked when the end-user system boots up. Finally, at step 222 the installer program updates the system settings such as operating system registers and system boot up and the installer then launches the monitor module.
  • FIGS. 3A and 3B are flow diagrams of a process of creating an entry for a new end user on the server in accordance with one embodiment of the present invention. At step 302 the service provider server receives the data package or packet from the new installer program described above. The server obtains the end user order number from the packet at step 304. At step 306 the server validates the end-user, company, and email address obtained from a user data repository that maintains data on all end users and companies. In a preferred embodiment, this data is contained in an operational support system (OSS), a core system that tracks all new installations and customers. At step 308 the server determines whether the end user and company are valid. A class name designation for the end user is retrieved by the server from the user/company data repository 128 at step 308. The class name identifies one or more rule sets to be applied to the end user, described below. For example, an end user may be part of an Accounting Group or an Engineering Group which has its own set of rules. The end user class name identifies the rule sets. At step 310 the server generates a host ID. In a preferred embodiment the host ID is 32 bits long. The server also creates a host entry in the service provider database. At step 312 of FIG. 3B the server checks for a class rule set for the host entry. If one does not exist the server allocates a default rule set to the host entry at step 314. If one does exist, the server allocates the class rule set to the host entry at step 316 and at step 318 the server sends the host ID to the installer program. In a preferred embodiment, the workstation's IP address can be used to apply different rule sets depending on the IP address space allocated for that workstation.
  • FIGS. 4A and 4B are flow diagrams of a process of collecting and reporting end user system information on the client module in accordance with one embodiment of the present invention. At step 402 the module or agent on the client is initialized by system start up. At step 404 the agent collects static data or data that only needs to be collected once after the computer is booted up, such as uptime. At step 406 the agent daemonizes or becomes a background process. At step 408 the agent collects report information that is particular to a period of time while the computer is running and can change from one time frame to the next. At step 410 the agent initializes a Secure Socket Layer (SSL) connection to the collector. The agent then receives the next update time for the next report from the collector at step 412 of FIG. 4B. In a preferred embodiment, this also acts as a confirmation that the previous report was received. At step 414 the agent sends the data package containing the static and report information to the collector. The server then determines whether the end-user system was shutdown during the agent sleep time (time between sending reports) at step 416. If the system was not shut down during the agent sleep the agent awakens at the designated time at step 418 and control returns to step 408 where the agent collects report information. If the system was shut down, at step 420 the agent collects static and other report information as described in step 404 and 408 above and sends the data to the server after opening an SSL connection.
  • FIG. 5 is a flow diagram of a process of a collector module on the server receiving data from the client agent in accordance with one embodiment of the present invention. It describes steps from FIGS. 4A and 4B, however, from the perspective of the security service provider, that is, from the server perspective. At step 502 a collector on the server is invoked or called by the agent or monitoring module on the client. At step 504 the collector negotiates an SSL connection with the agent. The collector then sends the next update time to the agent at step 506 and then receives the data packet from the agent at step 508. After validating the packet, the collector generates a unique report ID number for the data package and posts the report information and the report ID number to the database at step 510. At step 512 the collector invokes the policy inspector and transmits the report ID. At step 514 the collector closes the SSL session with the end user system.
  • FIGS. 6A and 6B are flow diagrams of a process of the policy inspector determining rule set violations by the end user system in accordance with one embodiment of the present invention. After being invoked by the collector and receiving and validating a report ID, the policy inspector retrieves an end user host ID from the database using the report ID at step 602. At step 604 the policy inspector accesses one or more rule sets assigned to the end user host ID. At step 606 the policy inspector evaluates the last agent reset. The inspector determines the reason the agent module was last reset such as termination, reset by user or any other reason. The goal being to determine if anything unusual was done to reset the agent. At step 608 the inspector determines whether the agent has been continually running since the end user system was booted up. If the monitor module or agent has not been running continually since the client booted up, a security violation has occurred. Thus, at step 610, if the policy inspector has not been running continually the violation is recorded in the server. If the module has been running continually the policy inspector applies a group rule set at step 612. A group rule set applies to all end users in a particular group, such as a division in a company or an entire company.
  • It is then determined if a violation occurred based on the group rule set at step 614 of FIG. 6B. If there is a violation the policy inspector records the violation at step 616. Control then goes to step 618 where the policy inspector applies a host rule set which contains security rules that are more specific and may be “customized” to the particular end user. If a violation is detected at step 618 the policy inspector records the violation at step 620. Control then goes to step 622 where the policy inspector determines whether there were any violations based on either the group rule set or the host rule set. If there are none, the process is complete. If there are violations, the policy inspector logs the violations and invokes the notifier at step 624 and the process is complete.
  • FIGS. 7A and 7B are flow diagrams of a “watch dogs” process in the server that monitors the database for scheduled updates by agents in accordance with one embodiment of the present invention. At step 702 a watch monitor scans the database for the next expected report from any of the agents currently running. At step 704 the watch monitor determines whether there are any late reports from any of the agents. If there are no late reports, the watch monitor schedules its own sleep duration as the amount of time before the next report is due from any of the agents plus an additional length of time, such as five seconds in a preferred embodiment at step 706. At step 708 the watch monitor wakes up at its scheduled time and returns to step 702.
  • If there is a late report from a particular agent, at step 710 the watch monitor retrieves the last report ID for that particular agent or end user. At step 712 the watch monitor appends the notice of the security violation, i.e., the late report, to the last report from that agent. At step 714 the IP address of the end user is obtained from the last report and is used to ping the end user for the agent, namely workstation 102. At step 716 the watch monitor determines whether the IP address responds to the ping. If it does, the client is still running and the late report is therefore confirmed as a late report from an active agent. This violation is then recorded by the watch monitor in the database at step 718 and the notifier is invoked or spawned. The watch monitor then schedules its sleep duration as described above and the scan process is repeated.
  • If the IP address does not respond to the ping, at step 720 the watch monitor records the non-response in the database. The watch monitor then logs the IP address in a ping monitoring system in the server which monitors the IP address continuously by performing pings. At step 722 the watch monitor schedules its sleep duration as described above and returns to the beginning of the scanning process when it wakes up.
  • FIG. 8 is a flow diagram of a process of the notifier handling and transmitting violation notifications to customers in accordance with one embodiment of the present invention. At step 802 the notifier is spawned by the watch monitor or the policy inspector as described above. At step 804 the notifier receives and verifies the particular report ID given by the monitor or the inspector. From the report ID, the notifier retrieves the host ID and host information at step 806. At step 808 the notifier retrieves the security violation event information, such as severity of the violation, violation description, end user order number, time, company and IP address. At step 810 the notifier obtains customer notification information from a notification information table in the database. This table contains details on how to contact the appropriate people at the service provider and customer company when a security violation occurs. As will be described below, there can be different levels of notification. For example, if a first group of notification is made and not responded to, a second group of people to notify is contacted. This process is referred to as escalation. At step 812 the notifier logs the security violation event in a violation event table in the database. Finally, at step 814 the notifier causes the actual notification of the appropriate people at the customer company of the violation based on information in the notification table. In a preferred embodiment, the notification can be done by email, page or by creating a trouble ticket, described below. At this stage the process is complete.
  • FIG. 9 is a flow diagram of a process in which end-user disconnection requests by the notifier are handled in accordance with one embodiment of the present invention. At step 902 an access control module is spawned by the notifier. This is done when the notifier determines that the security violation requires that the end user system be disconnected from the network. When this action should be done is determined by the customer and can vary. In some cases it is done at the first sign of any type of security violation while in other cases it is done as a last resort when a violation is egregious. At step 904 the access control module receives end user information from an application program interface (API) such as information on the security violation, the end user order number, end user name and company name. At step 906 the access control module retrieves end user system configuration information from the database. From this information, the module can determine the type of VPN or network the user is on, the address of the remote user, and a security profile indicator or SPI to access the VPN head-end or other appropriate network component. At step 908 the access control module disables the end user VPN service or disconnects the end user from the company network and the process is complete.
  • As mentioned above, the notifier can alert a second group of employees or single employee if the first notification of a security violation did not get a response. This is referred to as escalation. For example, when a security violation occurs, a trouble ticket can be created. If the notifier determines that the trouble ticket is unacknowledged after a certain time frame, a second notification group is notified. The same concept applies to email or pages that have not been responded to. If the trouble ticket is acknowledged, the database is updated accordingly by the escalator component of the notifier. If the trouble ticket is not acknowledged within a certain time frame (i.e., a timeout value has been reached), the escalator component escalates the event level in the database and performs the next level of notification.
  • Event acknowledgements can also be received and recorded by an acknowledger component of the notifier. For responses to email notifications, a system function monitors and captures any replies to email notifications. For example, the subject line or header of an email response is read to determine which report ID or security violation the email is in response to. The acknowledger then retrieves the security violation report from the database and determines whether the report has been previously acknowledged. If it has, the report status is changed to acknowledged. If not, the acknowledger updates the response time to reflect the email notification.
  • Similarly, a response to a security violation can be through entering an acknowledgement through a website or specific web page. The acknowledger determines the report ID from the website records in the database and accesses the appropriate report ID. If the report has been previously acknowledged, the status of the report and other information are changed to reflect this. If the report has not been acknowledged, the acknowledger either updates the response time to reflect the web notification or it does not alter the record.
  • FIG. 10 is a block/flow diagram showing the various functional components of the security monitoring system of the present invention. A box 1002 represents data collection and box 1004 is for server session control, both under an agent component 1006. Agent data collector 1006 collects numerous items of data as shown in box 1002. It collects a unique host id for workstation 102 such as a disk serial number, drive ID and the like, that uniquely identifies the workstation. Also gathered is data about network interfaces, MAC addresses, IP addresses, routing tables, user accounts, network services, such as ports opened, network environment, CPU time, agent uptime and agent confirmation data. This data is collected initially when the workstation is first booted up or turned on and then performed at certain time intervals which may be random or predetermined. If the agent is not invoked on time, the security service provider can detect this by using the CPU uptime and agent uptime data items in box 1002.
  • Server session control 1004 opens or creates a secure socket layer or SSL/TCP channel over a public network, such as the Internet, between the end user system and server 108 under control of the third-party service provider. Server session control 1004 also packages the data and transmits the data to collector module on server 108. Server session control 1004 receives the next update time, that is, the next time data collection is to take place on workstation 102. This update time is used as a confirmation that the collector received the previous data packets.
  • Collector 110 has two functional components as shown in FIG. 10: session control listener 1008 and preprocessor 1010. Listener 1008 receives the collected data from the agent and after receiving all the data, listener 1008 closes the SSL/TCP session.
  • Pre-processor 1010 receives the data from session control listener 1008 and creates a record or report having a unique report_id. The report created has fields or columns closely resembling the data fields gathered by agent data collection module 1002. Preprocessor 1010 posts the report, or record, to data repository 118 and is stored in data collection set area 120 of FIG. 1. This record contains the basic agent monitoring data used to track security policy enforcement. The data can be stored in various formats, for example, a relational database. The preprocessor 1010 signals or spawns the policy inspector.
  • The policy inspector 112 has three functional components: process data module 1012, validate host data module 1014 and new user setup component 1016. If a host_id is new, control goes to new user setup component 1016 which invokes notifier 114 of FIG. 1 and the validate host data component 1014 examines the host information as contained in the record pulled from the data repository 118. Notifier 114 has a process exception logs component 1018 that verifies notification groups and performs notifications. As described, a particular company can have numerous rule sets for a particular workstation. Validate host data module 1014 retrieves all of them and performs a comparison of each rule set with the data in the record. Access control component 116 can be one “member” in a notification group and is used to typically shutdown or deny access to the workstation. In a preferred embodiment access control 116 has a process access control component 1020 containing logic for verifying a requested action and performing the access control event.
  • Each rule set has an identifier and belongs to a particular category such as process identifier, network-based, user accounts and so on. A rule is generally divided up into three parts: Allow, Deny and Require. Under Allow are all items or functions that are allowed by the workstation, such as processes A through D and G. The Deny section of a rule set lists all the programs or processes that are to be denied execution on the workstation. The Require section lists all the programs that are required by the security policy for the workstation, such as a firewall program. If a rule set does not match a particular process that is running, an exception is logged. For example, if process A is running but there is no rule set for process A or, more specifically, the Deny section of any rule set includes process A, an exception is logged.
  • The agent code described can be resident on a firewall or on a workstation. The agent software can function from a firewall that services numerous PCs such as in a home network or on a firewall that services only the workstation. In any scenario, the agent functions in the same manner and contacts the collector of the third-party service provider. The functions of the service provider can be performed at the customer site.
  • Although the foregoing invention has been described in some detail for purposes of clarity of understanding, it will be apparent that certain changes and modifications may be practiced within the scope of the appended claims. Furthermore, it should be noted that there are alternative ways of implementing both the process and apparatus of the present invention. For example, while a VPN is used to describe a preferred embodiment, the present invention is not restricted to VPNs and can be used with other types of computer networks. Accordingly, the present embodiments are to be considered as illustrative and not restrictive, and the invention is not to be limited to the details given herein, but may be modified within the scope and equivalents of the appended claims.

Claims (17)

1. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network; and
if the detection is positive, acting on the network component in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision.
2. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network;
detecting whether an enforcement provision monitoring module has been one of violated, modified or circumvented; and
if either detection is positive, acting on the network component in a manner in which the computer network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision.
3. A method as recited in claim 2 further comprising storing security enforcement data within the enforcement provision monitoring module whereby operating system and related files of the network component do not contain security enforcement related data.
4. A method as recited in claim 2 further comprising relegating the enforcement provision monitoring module to a background process on the network component.
5. A method as recited in claim 2 further comprising initializing a secure connection between the enforcement provision monitoring module and a security server computer over a public network.
6. A method as recited in claim 5 further comprising closing the secure connection after a profile record has been transmitted.
7. A method as recited in claim 5 further comprising invoking a collector module on the security server computer to collect data from the enforcement provision monitoring module.
8. A method as recited in claim 5 further comprising instructing the enforcement provision monitoring module when to send a next profile record to the security server computer.
9. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the computer network by comparing a profile record of the network component to a rule set defining a security policy;
detecting whether an enforcement provision monitoring module on the network component has been one of violated, modified or circumvented;
if either detection is positive, acting on the network component in a manner in which the network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision; and
notifying an operator of the computer network of the positive detection.
10. A method as recited in claim 9 further comprising:
receiving from the network component the profile record at a security data repository under control of a security monitoring service provider;
validating a user associated with the network component;
checking for a class rule set associated with the network component; and
generating a host identifier transmitted to the network component.
11. A method as recited in claim 9 further comprising:
determining whether the enforcement provision monitoring module has been executing continually since boot up of the network component;
retrieving one or more rule sets corresponding to the profile record; and
applying the one or more rule sets to the profile record.
12. A method as recited in claim 9 further comprising detecting whether a network perimeter security device has been violated, modified, or circumvented.
13. A method as recited in claim 12 wherein the network perimeter security device is a managed service unit or a software firewall.
14. A method of monitoring abidance of a network component by a security enforcement provision utilized in a computer network, the method comprising:
gathering network component data related to the network component and storing the data in a profile record;
detecting whether the network component has one of violated, modified or circumvented the security enforcement provision of the network by comparing the profile record to a rule set defining a security policy;
detecting whether an enforcement provision monitoring module has been one of violated, modified or circumvented;
if either detection is positive, acting on the component in a manner in which the network operates at a level appropriate to the degree of the violation, modification, or circumvention of the security enforcement provision; and
notifying an operator of the network of the positive detection.
15. A system for monitoring abidance by a network security provision present in a network, the system comprising:
an agent module residing on an end user system;
a security server containing a plurality of components for collecting and inspecting data;
a security database containing end user system data and security rule data, wherein the security server and the security database are in communication; and
a notification module on the security server capable of notifying a third party of a security violation.
16. A system for monitoring abidance by a network security provision present in a network, the system comprising:
an agent module residing on an end user system;
a security server containing a plurality of components for collecting and inspecting data;
a security database containing end user system data and security rule data, wherein the security server and the security database are in communication; and
a virtual private network through which data is transmitted between the end user system and the security server.
17. A system for monitoring security activity in a computer network comprising:
an agent module having a data collection component and a server session control component;
a collector module having a session control listener and a preprocessor;
a policy inspector having a host information validation module and a new user set up module;
a notifier module having an exception log processor; and
an access control module for processing access control requests.
US10/170,088 2001-07-30 2002-06-10 Monitoring computer network security enforcement Expired - Fee Related US8001594B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/170,088 US8001594B2 (en) 2001-07-30 2002-06-10 Monitoring computer network security enforcement

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US30903301P 2001-07-30 2001-07-30
US10/170,088 US8001594B2 (en) 2001-07-30 2002-06-10 Monitoring computer network security enforcement

Publications (3)

Publication Number Publication Date
US20030229808A1 US20030229808A1 (en) 2003-12-11
US20060010492A9 true US20060010492A9 (en) 2006-01-12
US8001594B2 US8001594B2 (en) 2011-08-16

Family

ID=29710998

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/170,088 Expired - Fee Related US8001594B2 (en) 2001-07-30 2002-06-10 Monitoring computer network security enforcement

Country Status (1)

Country Link
US (1) US8001594B2 (en)

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040193606A1 (en) * 2002-10-17 2004-09-30 Hitachi, Ltd. Policy setting support tool
US20050097199A1 (en) * 2003-10-10 2005-05-05 Keith Woodard Method and system for scanning network devices
US20050177746A1 (en) * 2003-12-22 2005-08-11 International Business Machines Corporation Method for providing network perimeter security assessment
US20060203736A1 (en) * 2005-03-10 2006-09-14 Stsn General Holdings Inc. Real-time mobile user network operations center
US20070177610A1 (en) * 2006-01-31 2007-08-02 Microsoft Corporation Preventing Quality Of Service Policy Abuse In A Network
US20080059123A1 (en) * 2006-08-29 2008-03-06 Microsoft Corporation Management of host compliance evaluation
US20080066145A1 (en) * 2006-09-08 2008-03-13 Ibahn General Holdings, Inc. Monitoring and reporting policy compliance of home networks
US20080077663A1 (en) * 2006-07-21 2008-03-27 Lehman Brothers Inc. Method and System For Identifying And Conducting Inventory Of Computer Assets On A Network
US20080109872A1 (en) * 2006-11-03 2008-05-08 Joanne Walker Systems and methods for computer implemented treatment of behavorial disorders
US20080168531A1 (en) * 2007-01-10 2008-07-10 International Business Machines Corporation Method, system and program product for alerting an information technology support organization of a security event
US20080235001A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing emulation decisions in response to software evaluations or the like
US20080235764A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Resource authorizations dependent on emulation environment isolation policies
US20080235711A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Coordinating instances of a thread or other service in emulation
US20080235000A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing security control practice omission decisions from service emulation indications
US20080234999A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing performance-dependent transfer or execution decisions from service emulation indications
US20080235756A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Resource authorizations dependent on emulation environment isolation policies
US20080235002A1 (en) * 2007-03-22 2008-09-25 Searete Llc Implementing performance-dependent transfer or execution decisions from service emulation indications
US7747730B1 (en) * 2002-06-28 2010-06-29 Netfuel, Inc. Managing computer network resources
US20110221657A1 (en) * 2010-02-28 2011-09-15 Osterhout Group, Inc. Optical stabilization of displayed content with a variable lens
US20120185913A1 (en) * 2008-06-19 2012-07-19 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US20140173723A1 (en) * 2012-12-17 2014-06-19 Hewlett-Packard Development Company, L.P. Reputation of network address
US9091851B2 (en) 2010-02-28 2015-07-28 Microsoft Technology Licensing, Llc Light control in head mounted displays
US9097891B2 (en) 2010-02-28 2015-08-04 Microsoft Technology Licensing, Llc See-through near-eye display glasses including an auto-brightness control for the display brightness based on the brightness in the environment
US9097890B2 (en) 2010-02-28 2015-08-04 Microsoft Technology Licensing, Llc Grating in a light transmissive illumination system for see-through near-eye display glasses
US9129295B2 (en) 2010-02-28 2015-09-08 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a fast response photochromic film system for quick transition from dark to clear
US9128281B2 (en) 2010-09-14 2015-09-08 Microsoft Technology Licensing, Llc Eyepiece with uniformly illuminated reflective display
US9134534B2 (en) 2010-02-28 2015-09-15 Microsoft Technology Licensing, Llc See-through near-eye display glasses including a modular image source
US9182596B2 (en) 2010-02-28 2015-11-10 Microsoft Technology Licensing, Llc See-through near-eye display glasses with the optical assembly including absorptive polarizers or anti-reflective coatings to reduce stray light
US9223134B2 (en) 2010-02-28 2015-12-29 Microsoft Technology Licensing, Llc Optical imperfections in a light transmissive illumination system for see-through near-eye display glasses
US9229227B2 (en) 2010-02-28 2016-01-05 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a light transmissive wedge shaped illumination system
US9285589B2 (en) 2010-02-28 2016-03-15 Microsoft Technology Licensing, Llc AR glasses with event and sensor triggered control of AR eyepiece applications
US9341843B2 (en) 2010-02-28 2016-05-17 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a small scale image source
US9366862B2 (en) 2010-02-28 2016-06-14 Microsoft Technology Licensing, Llc System and method for delivering content to a group of see-through near eye display eyepieces
US9489647B2 (en) 2008-06-19 2016-11-08 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with self-service portal for publishing resources
US9658868B2 (en) 2008-06-19 2017-05-23 Csc Agility Platform, Inc. Cloud computing gateway, cloud computing hypervisor, and methods for implementing same
US9759917B2 (en) 2010-02-28 2017-09-12 Microsoft Technology Licensing, Llc AR glasses with event and sensor triggered AR eyepiece interface to external devices
US9800615B2 (en) 2014-09-09 2017-10-24 Bank Of America Corporation Real-time security monitoring using cross-channel event processor
US10180572B2 (en) 2010-02-28 2019-01-15 Microsoft Technology Licensing, Llc AR glasses with event and user action control of external applications
US10411975B2 (en) 2013-03-15 2019-09-10 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with multi-tier deployment policy
US10539787B2 (en) 2010-02-28 2020-01-21 Microsoft Technology Licensing, Llc Head-worn adaptive display
US10860100B2 (en) 2010-02-28 2020-12-08 Microsoft Technology Licensing, Llc AR glasses with predictive control of external device based on event input

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7397768B1 (en) 2002-09-11 2008-07-08 Qlogic, Corporation Zone management in a multi-module fibre channel switch
EP1649668A1 (en) * 2003-07-11 2006-04-26 Computer Associates Think, Inc. Distributed policy enforcement using a distributed directory
US7430175B2 (en) * 2003-07-21 2008-09-30 Qlogic, Corporation Method and system for managing traffic in fibre channel systems
US7646767B2 (en) 2003-07-21 2010-01-12 Qlogic, Corporation Method and system for programmable data dependant network routing
US7792115B2 (en) 2003-07-21 2010-09-07 Qlogic, Corporation Method and system for routing and filtering network data packets in fibre channel systems
US7894348B2 (en) 2003-07-21 2011-02-22 Qlogic, Corporation Method and system for congestion control in a fibre channel switch
US7684401B2 (en) 2003-07-21 2010-03-23 Qlogic, Corporation Method and system for using extended fabric features with fibre channel switch elements
US7523484B2 (en) 2003-09-24 2009-04-21 Infoexpress, Inc. Systems and methods of controlling network access
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method
US7930377B2 (en) 2004-04-23 2011-04-19 Qlogic, Corporation Method and system for using boot servers in networks
US7490356B2 (en) * 2004-07-20 2009-02-10 Reflectent Software, Inc. End user risk management
US8295299B2 (en) 2004-10-01 2012-10-23 Qlogic, Corporation High speed fibre channel switch element
US8196199B2 (en) * 2004-10-19 2012-06-05 Airdefense, Inc. Personal wireless monitoring agent
US20060203815A1 (en) * 2005-03-10 2006-09-14 Alain Couillard Compliance verification and OSI layer 2 connection of device using said compliance verification
US7669242B2 (en) * 2005-06-30 2010-02-23 Intel Corporation Agent presence monitor configured to execute in a secure environment
US8839450B2 (en) 2007-08-02 2014-09-16 Intel Corporation Secure vault service for software components within an execution environment
US7953980B2 (en) * 2005-06-30 2011-05-31 Intel Corporation Signed manifest for run-time verification of software program identity and integrity
US20070006307A1 (en) * 2005-06-30 2007-01-04 Hahn Scott D Systems, apparatuses and methods for a host software presence check from an isolated partition
US7739724B2 (en) * 2005-06-30 2010-06-15 Intel Corporation Techniques for authenticated posture reporting and associated enforcement of network access
WO2007045150A1 (en) 2005-10-15 2007-04-26 Huawei Technologies Co., Ltd. A system for controlling the security of network and a method thereof
US8381297B2 (en) 2005-12-13 2013-02-19 Yoggie Security Systems Ltd. System and method for providing network security to mobile devices
US20080276302A1 (en) 2005-12-13 2008-11-06 Yoggie Security Systems Ltd. System and Method for Providing Data and Device Security Between External and Host Devices
US8869270B2 (en) 2008-03-26 2014-10-21 Cupp Computing As System and method for implementing content and network security inside a chip
US8281392B2 (en) 2006-08-11 2012-10-02 Airdefense, Inc. Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
US7802050B2 (en) * 2006-09-29 2010-09-21 Intel Corporation Monitoring a target agent execution pattern on a VT-enabled system
US7882318B2 (en) * 2006-09-29 2011-02-01 Intel Corporation Tamper protection of software agents operating in a vitual technology environment methods and apparatuses
US8584199B1 (en) * 2006-10-17 2013-11-12 A10 Networks, Inc. System and method to apply a packet routing policy to an application session
US8365272B2 (en) 2007-05-30 2013-01-29 Yoggie Security Systems Ltd. System and method for providing network and computer firewall protection with dynamic address isolation to a device
US8499331B1 (en) * 2007-06-27 2013-07-30 Emc Corporation Policy based network compliance
US8099718B2 (en) 2007-11-13 2012-01-17 Intel Corporation Method and system for whitelisting software components
US8631488B2 (en) * 2008-08-04 2014-01-14 Cupp Computing As Systems and methods for providing security services during power management mode
US8789202B2 (en) 2008-11-19 2014-07-22 Cupp Computing As Systems and methods for providing real time access monitoring of a removable media device
US8364601B2 (en) * 2008-12-31 2013-01-29 Intel Corporation Methods and systems to directly render an image and correlate corresponding user input in a secure memory domain
US20100235914A1 (en) * 2009-03-13 2010-09-16 Alcatel Lucent Intrusion detection for virtual layer-2 services
US8979538B2 (en) * 2009-06-26 2015-03-17 Microsoft Technology Licensing, Llc Using game play elements to motivate learning
WO2011027352A1 (en) * 2009-09-03 2011-03-10 Mcafee, Inc. Network access control
US8578504B2 (en) * 2009-10-07 2013-11-05 Ca, Inc. System and method for data leakage prevention
US8805839B2 (en) * 2010-04-07 2014-08-12 Microsoft Corporation Analysis of computer network activity by successively removing accepted types of access events
US9697500B2 (en) 2010-05-04 2017-07-04 Microsoft Technology Licensing, Llc Presentation of information describing user activities with regard to resources
US8819009B2 (en) 2011-05-12 2014-08-26 Microsoft Corporation Automatic social graph calculation
US9477574B2 (en) * 2011-05-12 2016-10-25 Microsoft Technology Licensing, Llc Collection of intranet activity data
US8973088B1 (en) * 2011-05-24 2015-03-03 Palo Alto Networks, Inc. Policy enforcement using host information profile
US8875223B1 (en) 2011-08-31 2014-10-28 Palo Alto Networks, Inc. Configuring and managing remote security devices
US9026784B2 (en) 2012-01-26 2015-05-05 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
US9973501B2 (en) 2012-10-09 2018-05-15 Cupp Computing As Transaction security systems and methods
US10171500B2 (en) * 2012-12-28 2019-01-01 Intel Corporation Systems, apparatuses, and methods for enforcing security on a platform
US11157976B2 (en) 2013-07-08 2021-10-26 Cupp Computing As Systems and methods for providing digital content marketplace security
WO2015123611A2 (en) 2014-02-13 2015-08-20 Cupp Computing As Systems and methods for providing network security using a secure digital device
US9609089B2 (en) 2014-07-16 2017-03-28 International Business Machines Corporation Identifying reset source and reason in a TCP session
US9560078B2 (en) * 2015-02-04 2017-01-31 Intel Corporation Technologies for scalable security architecture of virtualized networks
US10503545B2 (en) * 2017-04-12 2019-12-10 At&T Intellectual Property I, L.P. Universal security agent
US11038886B1 (en) * 2018-02-08 2021-06-15 Wells Fargo Bank, N.A. Compliance management system
US11438339B2 (en) * 2019-08-07 2022-09-06 Ventech Solutions, Inc. Method and system for synchronously generated security waiver interface
US11245703B2 (en) 2019-09-27 2022-02-08 Bank Of America Corporation Security tool for considering multiple security contexts

Citations (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4130874A (en) * 1977-06-13 1978-12-19 Westinghouse Electric Corp. Load management terminal having plural selectable address formats for a power line communication system
US4138718A (en) * 1977-11-14 1979-02-06 Allen-Bradley Company Numerical control system with downloading capability
US4335426A (en) * 1980-03-10 1982-06-15 International Business Machines Corporation Remote processor initialization in a multi-station peer-to-peer intercommunication system
US5111384A (en) * 1990-02-16 1992-05-05 Bull Hn Information Systems Inc. System for performing dump analysis
US5146568A (en) * 1988-09-06 1992-09-08 Digital Equipment Corporation Remote bootstrapping a node over communication link by initially requesting remote storage access program which emulates local disk to load other programs
US5165017A (en) * 1986-12-11 1992-11-17 Smith & Nephew Richards, Inc. Automatic gain control circuit in a feed forward configuration
US5247683A (en) * 1990-06-28 1993-09-21 International Business Machines Corporation System and method for installing software and updating configuration files
US5291543A (en) * 1990-12-05 1994-03-01 Subscriber Computing, Inc. Cellular telephone real time account administration system
US5321840A (en) * 1988-05-05 1994-06-14 Transaction Technology, Inc. Distributed-intelligence computer system including remotely reconfigurable, telephone-type user terminal
US5421009A (en) * 1993-12-22 1995-05-30 Hewlett-Packard Company Method of remotely installing software directly from a central computer
US5465206A (en) * 1993-11-01 1995-11-07 Visa International Electronic bill pay system
US5483445A (en) * 1992-10-22 1996-01-09 American Express Trs Automated billing consolidation system and method
US5491791A (en) * 1995-01-13 1996-02-13 International Business Machines Corporation System and method for remote workstation monitoring within a distributed computing environment
US5517555A (en) * 1991-12-12 1996-05-14 Cellular Technical Services Company, Inc. Real time information system for cellular telephones
US5517549A (en) * 1993-12-03 1996-05-14 Telefonaktiebolaget L M Ericcson Call logging in cellular subscriber stations
US5596643A (en) * 1994-09-30 1997-01-21 Electronic Payment Services, Inc. Network settlement performed on consolidated information
US5596723A (en) * 1994-06-23 1997-01-21 Dell Usa, Lp Method and apparatus for automatically detecting the available network services in a network system
US5603038A (en) * 1994-09-07 1997-02-11 International Business Machines Corporation Automatic restoration of user options after power loss
US5606497A (en) * 1994-03-30 1997-02-25 Cramer; Milton L. Method and apparatus for recording billable time and services
US5615351A (en) * 1995-07-07 1997-03-25 Bell Communications Research, Inc. Method and system for correlating usage data in a distributed architecture
US5633919A (en) * 1993-10-15 1997-05-27 Linkusa Corporation Real-time billing system for a call processing system
US5649187A (en) * 1989-04-28 1997-07-15 Softel, Inc. Method and apparatus for remotely controlling and monitoring the use of computer software
US5659601A (en) * 1995-05-09 1997-08-19 Motorola, Inc. Method of selecting a cost effective service plan
US5666107A (en) * 1995-09-20 1997-09-09 Motorola, Inc. Method and apparatus for efficient roaming among communication system
US5701417A (en) * 1991-03-27 1997-12-23 Microstar Laboratories Method and apparatus for providing initial instructions through a communications interface in a multiple computer system
US5727002A (en) * 1995-01-19 1998-03-10 Starburst Communications Corporation Methods for transmitting data
US5732127A (en) * 1995-12-21 1998-03-24 Erricson, Inc. Real-time network for distributed telecommunication accounting systems
US5768521A (en) * 1994-05-16 1998-06-16 Intel Corporation General purpose metering mechanism for distribution of electronic information
US5787347A (en) * 1995-12-11 1998-07-28 Gte Laboratories Incorporated Method and apparatus for selecting a cellular system for communication with a cellular telephone in a roaming area
US5793762A (en) * 1994-04-12 1998-08-11 U S West Technologies, Inc. System and method for providing packet data and voice services to mobile subscribers
US5794221A (en) * 1995-07-07 1998-08-11 Egendorf; Andrew Internet billing method
US5797097A (en) * 1995-11-02 1998-08-18 Bellsouth Corporation Method and apparatus for identifying the location of a roaming pager
US5826000A (en) * 1996-02-29 1998-10-20 Sun Microsystems, Inc. System and method for automatic configuration of home network computers
US5838907A (en) * 1996-02-20 1998-11-17 Compaq Computer Corporation Configuration manager for network devices and an associated method for providing configuration information thereto
US5842011A (en) * 1991-12-10 1998-11-24 Digital Equipment Corporation Generic remote boot for networked workstations by creating local bootable code image
US5852812A (en) * 1995-08-23 1998-12-22 Microsoft Corporation Billing system for a network
US5867494A (en) * 1996-11-18 1999-02-02 Mci Communication Corporation System, method and article of manufacture with integrated video conferencing billing in a communication system architecture
US5867661A (en) * 1996-02-15 1999-02-02 International Business Machines Corporation Method and apparatus of using virtual sockets for reducing data transmitted over a wireless communication link between a client web browser and a host web server using a standard TCP protocol
US5867495A (en) * 1996-11-18 1999-02-02 Mci Communications Corporations System, method and article of manufacture for communications utilizing calling, plans in a hybrid network
US5893077A (en) * 1995-08-23 1999-04-06 Microsoft Corporation Method and apparatus for generating and collecting a billing event object within an on-line network
US5898780A (en) * 1996-05-21 1999-04-27 Gric Communications, Inc. Method and apparatus for authorizing remote internet access
US5909544A (en) * 1995-08-23 1999-06-01 Novell Inc. Automated test harness
US5920821A (en) * 1995-12-04 1999-07-06 Bell Atlantic Network Services, Inc. Use of cellular digital packet data (CDPD) communications to convey system identification list data to roaming cellular subscriber stations
US5922050A (en) * 1996-07-02 1999-07-13 Sun Microsystems, Inc. Method and apparatus for controlling a device on a network
US5970126A (en) * 1996-08-09 1999-10-19 International Business Machines Corporation Communication method and system
US5980078A (en) * 1997-02-14 1999-11-09 Fisher-Rosemount Systems, Inc. Process control system including automatic sensing and automatic configuration of devices
US6006090A (en) * 1993-04-28 1999-12-21 Proxim, Inc. Providing roaming capability for mobile computers in a standard network
US6012088A (en) * 1996-12-10 2000-01-04 International Business Machines Corporation Automatic configuration for internet access device
US6014659A (en) * 1989-07-12 2000-01-11 Cabletron Systems, Inc. Compressed prefix matching database searching
US6047327A (en) * 1996-02-16 2000-04-04 Intel Corporation System for distributing electronic information to a targeted group of users
US6049826A (en) * 1998-02-04 2000-04-11 3Com Corporation Method and system for cable modem initialization using dynamic servers
US6069890A (en) * 1996-06-26 2000-05-30 Bell Atlantic Network Services, Inc. Internet telephone service
US6073172A (en) * 1997-07-14 2000-06-06 Freegate Corporation Initializing and reconfiguring a secure network interface
US6078582A (en) * 1996-12-18 2000-06-20 Bell Atlantic Network Services, Inc. Internet long distance telephone service
US6098098A (en) * 1997-11-14 2000-08-01 Enhanced Messaging Systems, Inc. System for managing the configuration of multiple computer devices
US6128729A (en) * 1997-12-16 2000-10-03 Hewlett-Packard Company Method and system for automatic configuration of network links to attached devices
US6137805A (en) * 1997-02-10 2000-10-24 International Business Machines Corporation Method and apparatus to remotely configure a data processing system
US6141684A (en) * 1997-09-12 2000-10-31 Nortel Networks Limited Multimedia public communication services distribution method and apparatus with distribution of configuration files
US6157648A (en) * 1997-03-06 2000-12-05 Bell Atlantic Network Services, Inc. Network session management
US6161133A (en) * 1998-10-19 2000-12-12 Lexton Systems, Inc. Method and apparatus for configuration of an internet appliance
US6178468B1 (en) * 1998-06-19 2001-01-23 Hewlett-Packard Company Real time supply PF plug-and-play installation resources
US6195694B1 (en) * 1997-03-13 2001-02-27 International Business Machines Corporation Server for reconfiguring control of a subset of devices on one or more kiosks
US6202157B1 (en) * 1997-12-08 2001-03-13 Entrust Technologies Limited Computer network security system and method having unilateral enforceable security policy provision
US6212558B1 (en) * 1997-04-25 2001-04-03 Anand K. Antur Method and apparatus for configuring and managing firewalls and security devices
US6229804B1 (en) * 1998-11-17 2001-05-08 3Com Corporation Gatekeeper election methods for internet telephony
US6243815B1 (en) * 1997-04-25 2001-06-05 Anand K. Antur Method and apparatus for reconfiguring and managing firewalls and security devices
US6286038B1 (en) * 1998-08-03 2001-09-04 Nortel Networks Limited Method and apparatus for remotely configuring a network device
US6295556B1 (en) * 1997-11-18 2001-09-25 Microsoft Corporation Method and system for configuring computers to connect to networks using network connection objects
US6301612B1 (en) * 1998-08-12 2001-10-09 Microsoft Corporation Establishing one computer as a replacement for another computer
US6301012B1 (en) * 1998-04-24 2001-10-09 Hewlett-Packard Company Automatic configuration of a network printer
US6314459B1 (en) * 1998-08-13 2001-11-06 U.S. Philips Corporation Home-network autoconfiguration
US6334147B1 (en) * 1998-11-30 2001-12-25 International Business Machines Corporation Data processing system and method for remotely accessing a client computer systems's individual initialization settings while the client is powered off
US20020002706A1 (en) * 2000-05-26 2002-01-03 Sprunk Eric J. Authentication and authorization epochs
US6345294B1 (en) * 1999-04-19 2002-02-05 Cisco Technology, Inc. Methods and apparatus for remote configuration of an appliance on a network
US6370141B1 (en) * 1998-04-29 2002-04-09 Cisco Technology, Inc. Method and apparatus for configuring an internet appliance
US6385648B1 (en) * 1998-11-02 2002-05-07 Nortel Networks Limited Method for initializing a box on a data communications network
US6408334B1 (en) * 1999-01-13 2002-06-18 Dell Usa, L.P. Communications system for multiple computer system management circuits
US20020078382A1 (en) * 2000-11-29 2002-06-20 Ali Sheikh Scalable system for monitoring network system and components and methodology therefore
US6412025B1 (en) * 1999-03-31 2002-06-25 International Business Machines Corporation Apparatus and method for automatic configuration of a personal computer system when reconnected to a network
US20020095591A1 (en) * 2001-01-12 2002-07-18 Daniell William T. System and method for protecting a security profile of a computer system
US20020099958A1 (en) * 2001-01-25 2002-07-25 Michael Hrabik Method and apparatus for verifying the integrity of computer networks and implementation of counter measures
US6434611B1 (en) * 1996-12-20 2002-08-13 Mci Communications Corporation System and method for message-based real-time reconfiguration of a network by broadcasting an activation signal to activate a new connection configuration
US20020112182A1 (en) * 2000-12-15 2002-08-15 Ching-Jye Chang Method and system for network management with adaptive monitoring and discovery of computer systems based on user login
US6449642B2 (en) * 1998-09-15 2002-09-10 Microsoft Corporation Method and system for integrating a client computer into a computer network
US20030014658A1 (en) * 2001-07-11 2003-01-16 Walker Philip M. System and method of verifying system attributes
US6530024B1 (en) * 1998-11-20 2003-03-04 Centrax Corporation Adaptive feedback security system and method
US6711693B1 (en) * 2000-08-31 2004-03-23 Hewlett-Packard Development Company, L.P. Method for synchronizing plurality of time of year clocks in partitioned plurality of processors where each partition having a microprocessor configured as a multiprocessor backplane manager
US6735701B1 (en) * 1998-06-25 2004-05-11 Macarthur Investments, Llc Network policy management and effectiveness system
US6854010B1 (en) * 2001-04-05 2005-02-08 Bluecube Software, Inc. Multi-location management system
US6874087B1 (en) * 1999-07-13 2005-03-29 International Business Machines Corporation Integrity checking an executable module and associated protected service provider module
US6990591B1 (en) * 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US7213068B1 (en) * 1999-11-12 2007-05-01 Lucent Technologies Inc. Policy management system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0886936A4 (en) 1996-01-23 1999-04-28 Firetalk Inc Internet telecommunications system
AU2202897A (en) 1996-03-06 1997-09-22 Joseph B. Thompson System for interconnecting standard telephony communications equipment to internet protocol networks
US6078579A (en) 1996-07-25 2000-06-20 Wjw Technologies Inc. Telephonic systems for communication over computer networks
CZ296822B6 (en) 1996-11-22 2006-06-14 Sprint Communications Company, L. P. Method of operating telecommunication system and telecommunication system per se
AU6666898A (en) 1997-02-02 1998-09-09 Fonefriend Systems, Inc. Internet switch box, system and method for internet telephony
JP3436471B2 (en) 1997-05-26 2003-08-11 沖電気工業株式会社 Telephone communication method and telephone communication system
JP2001517034A (en) 1997-09-16 2001-10-02 トランスネクサス エルエルシー Internet telephone call routing engine
WO2000052916A1 (en) 1999-03-05 2000-09-08 Gric Communications, Inc. Method and system for internet telephony using gateway
US6801523B1 (en) 1999-07-01 2004-10-05 Nortel Networks Limited Method and apparatus for performing internet protocol address resolutions in a telecommunications network
US6690651B1 (en) 1999-07-22 2004-02-10 Nortel Networks Limited Method and apparatus for automatic transfer of a call in a communications system in response to changes in quality of service

Patent Citations (94)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4130874A (en) * 1977-06-13 1978-12-19 Westinghouse Electric Corp. Load management terminal having plural selectable address formats for a power line communication system
US4138718A (en) * 1977-11-14 1979-02-06 Allen-Bradley Company Numerical control system with downloading capability
US4335426A (en) * 1980-03-10 1982-06-15 International Business Machines Corporation Remote processor initialization in a multi-station peer-to-peer intercommunication system
US5165017A (en) * 1986-12-11 1992-11-17 Smith & Nephew Richards, Inc. Automatic gain control circuit in a feed forward configuration
US5321840A (en) * 1988-05-05 1994-06-14 Transaction Technology, Inc. Distributed-intelligence computer system including remotely reconfigurable, telephone-type user terminal
US5146568A (en) * 1988-09-06 1992-09-08 Digital Equipment Corporation Remote bootstrapping a node over communication link by initially requesting remote storage access program which emulates local disk to load other programs
US5649187A (en) * 1989-04-28 1997-07-15 Softel, Inc. Method and apparatus for remotely controlling and monitoring the use of computer software
US6014659A (en) * 1989-07-12 2000-01-11 Cabletron Systems, Inc. Compressed prefix matching database searching
US5111384A (en) * 1990-02-16 1992-05-05 Bull Hn Information Systems Inc. System for performing dump analysis
US5247683A (en) * 1990-06-28 1993-09-21 International Business Machines Corporation System and method for installing software and updating configuration files
US5291543A (en) * 1990-12-05 1994-03-01 Subscriber Computing, Inc. Cellular telephone real time account administration system
US5701417A (en) * 1991-03-27 1997-12-23 Microstar Laboratories Method and apparatus for providing initial instructions through a communications interface in a multiple computer system
US5842011A (en) * 1991-12-10 1998-11-24 Digital Equipment Corporation Generic remote boot for networked workstations by creating local bootable code image
US5517555A (en) * 1991-12-12 1996-05-14 Cellular Technical Services Company, Inc. Real time information system for cellular telephones
US5483445A (en) * 1992-10-22 1996-01-09 American Express Trs Automated billing consolidation system and method
US6006090A (en) * 1993-04-28 1999-12-21 Proxim, Inc. Providing roaming capability for mobile computers in a standard network
US5633919A (en) * 1993-10-15 1997-05-27 Linkusa Corporation Real-time billing system for a call processing system
US5465206B1 (en) * 1993-11-01 1998-04-21 Visa Int Service Ass Electronic bill pay system
US5465206A (en) * 1993-11-01 1995-11-07 Visa International Electronic bill pay system
US5517549A (en) * 1993-12-03 1996-05-14 Telefonaktiebolaget L M Ericcson Call logging in cellular subscriber stations
US5421009A (en) * 1993-12-22 1995-05-30 Hewlett-Packard Company Method of remotely installing software directly from a central computer
US5606497A (en) * 1994-03-30 1997-02-25 Cramer; Milton L. Method and apparatus for recording billable time and services
US5793762A (en) * 1994-04-12 1998-08-11 U S West Technologies, Inc. System and method for providing packet data and voice services to mobile subscribers
US5768521A (en) * 1994-05-16 1998-06-16 Intel Corporation General purpose metering mechanism for distribution of electronic information
US5596723A (en) * 1994-06-23 1997-01-21 Dell Usa, Lp Method and apparatus for automatically detecting the available network services in a network system
US5603038A (en) * 1994-09-07 1997-02-11 International Business Machines Corporation Automatic restoration of user options after power loss
US5596643A (en) * 1994-09-30 1997-01-21 Electronic Payment Services, Inc. Network settlement performed on consolidated information
US5491791A (en) * 1995-01-13 1996-02-13 International Business Machines Corporation System and method for remote workstation monitoring within a distributed computing environment
US5727002A (en) * 1995-01-19 1998-03-10 Starburst Communications Corporation Methods for transmitting data
US5659601A (en) * 1995-05-09 1997-08-19 Motorola, Inc. Method of selecting a cost effective service plan
US5615351A (en) * 1995-07-07 1997-03-25 Bell Communications Research, Inc. Method and system for correlating usage data in a distributed architecture
US5794221A (en) * 1995-07-07 1998-08-11 Egendorf; Andrew Internet billing method
US5852812A (en) * 1995-08-23 1998-12-22 Microsoft Corporation Billing system for a network
US5909544A (en) * 1995-08-23 1999-06-01 Novell Inc. Automated test harness
US5893077A (en) * 1995-08-23 1999-04-06 Microsoft Corporation Method and apparatus for generating and collecting a billing event object within an on-line network
US5666107A (en) * 1995-09-20 1997-09-09 Motorola, Inc. Method and apparatus for efficient roaming among communication system
US5797097A (en) * 1995-11-02 1998-08-18 Bellsouth Corporation Method and apparatus for identifying the location of a roaming pager
US5920821A (en) * 1995-12-04 1999-07-06 Bell Atlantic Network Services, Inc. Use of cellular digital packet data (CDPD) communications to convey system identification list data to roaming cellular subscriber stations
US5787347A (en) * 1995-12-11 1998-07-28 Gte Laboratories Incorporated Method and apparatus for selecting a cellular system for communication with a cellular telephone in a roaming area
US5732127A (en) * 1995-12-21 1998-03-24 Erricson, Inc. Real-time network for distributed telecommunication accounting systems
US5867661A (en) * 1996-02-15 1999-02-02 International Business Machines Corporation Method and apparatus of using virtual sockets for reducing data transmitted over a wireless communication link between a client web browser and a host web server using a standard TCP protocol
US6047327A (en) * 1996-02-16 2000-04-04 Intel Corporation System for distributing electronic information to a targeted group of users
US5838907A (en) * 1996-02-20 1998-11-17 Compaq Computer Corporation Configuration manager for network devices and an associated method for providing configuration information thereto
US5826000A (en) * 1996-02-29 1998-10-20 Sun Microsystems, Inc. System and method for automatic configuration of home network computers
US5852722A (en) * 1996-02-29 1998-12-22 Sun Microsystems, Inc. System and method for automatic configuration of home network computers
US5898780A (en) * 1996-05-21 1999-04-27 Gric Communications, Inc. Method and apparatus for authorizing remote internet access
US6069890A (en) * 1996-06-26 2000-05-30 Bell Atlantic Network Services, Inc. Internet telephone service
US5922050A (en) * 1996-07-02 1999-07-13 Sun Microsystems, Inc. Method and apparatus for controlling a device on a network
US5970126A (en) * 1996-08-09 1999-10-19 International Business Machines Corporation Communication method and system
US5867494A (en) * 1996-11-18 1999-02-02 Mci Communication Corporation System, method and article of manufacture with integrated video conferencing billing in a communication system architecture
US5867495A (en) * 1996-11-18 1999-02-02 Mci Communications Corporations System, method and article of manufacture for communications utilizing calling, plans in a hybrid network
US6012088A (en) * 1996-12-10 2000-01-04 International Business Machines Corporation Automatic configuration for internet access device
US6078582A (en) * 1996-12-18 2000-06-20 Bell Atlantic Network Services, Inc. Internet long distance telephone service
US6434611B1 (en) * 1996-12-20 2002-08-13 Mci Communications Corporation System and method for message-based real-time reconfiguration of a network by broadcasting an activation signal to activate a new connection configuration
US6137805A (en) * 1997-02-10 2000-10-24 International Business Machines Corporation Method and apparatus to remotely configure a data processing system
US5980078A (en) * 1997-02-14 1999-11-09 Fisher-Rosemount Systems, Inc. Process control system including automatic sensing and automatic configuration of devices
US6157648A (en) * 1997-03-06 2000-12-05 Bell Atlantic Network Services, Inc. Network session management
US6195694B1 (en) * 1997-03-13 2001-02-27 International Business Machines Corporation Server for reconfiguring control of a subset of devices on one or more kiosks
US6243815B1 (en) * 1997-04-25 2001-06-05 Anand K. Antur Method and apparatus for reconfiguring and managing firewalls and security devices
US6212558B1 (en) * 1997-04-25 2001-04-03 Anand K. Antur Method and apparatus for configuring and managing firewalls and security devices
US6073172A (en) * 1997-07-14 2000-06-06 Freegate Corporation Initializing and reconfiguring a secure network interface
US6141684A (en) * 1997-09-12 2000-10-31 Nortel Networks Limited Multimedia public communication services distribution method and apparatus with distribution of configuration files
US6098098A (en) * 1997-11-14 2000-08-01 Enhanced Messaging Systems, Inc. System for managing the configuration of multiple computer devices
US6295556B1 (en) * 1997-11-18 2001-09-25 Microsoft Corporation Method and system for configuring computers to connect to networks using network connection objects
US6202157B1 (en) * 1997-12-08 2001-03-13 Entrust Technologies Limited Computer network security system and method having unilateral enforceable security policy provision
US6128729A (en) * 1997-12-16 2000-10-03 Hewlett-Packard Company Method and system for automatic configuration of network links to attached devices
US6049826A (en) * 1998-02-04 2000-04-11 3Com Corporation Method and system for cable modem initialization using dynamic servers
US6301012B1 (en) * 1998-04-24 2001-10-09 Hewlett-Packard Company Automatic configuration of a network printer
US6370141B1 (en) * 1998-04-29 2002-04-09 Cisco Technology, Inc. Method and apparatus for configuring an internet appliance
US6178468B1 (en) * 1998-06-19 2001-01-23 Hewlett-Packard Company Real time supply PF plug-and-play installation resources
US6735701B1 (en) * 1998-06-25 2004-05-11 Macarthur Investments, Llc Network policy management and effectiveness system
US6286038B1 (en) * 1998-08-03 2001-09-04 Nortel Networks Limited Method and apparatus for remotely configuring a network device
US6301612B1 (en) * 1998-08-12 2001-10-09 Microsoft Corporation Establishing one computer as a replacement for another computer
US6314459B1 (en) * 1998-08-13 2001-11-06 U.S. Philips Corporation Home-network autoconfiguration
US6449642B2 (en) * 1998-09-15 2002-09-10 Microsoft Corporation Method and system for integrating a client computer into a computer network
US6161133A (en) * 1998-10-19 2000-12-12 Lexton Systems, Inc. Method and apparatus for configuration of an internet appliance
US6385648B1 (en) * 1998-11-02 2002-05-07 Nortel Networks Limited Method for initializing a box on a data communications network
US6229804B1 (en) * 1998-11-17 2001-05-08 3Com Corporation Gatekeeper election methods for internet telephony
US6530024B1 (en) * 1998-11-20 2003-03-04 Centrax Corporation Adaptive feedback security system and method
US6334147B1 (en) * 1998-11-30 2001-12-25 International Business Machines Corporation Data processing system and method for remotely accessing a client computer systems's individual initialization settings while the client is powered off
US6408334B1 (en) * 1999-01-13 2002-06-18 Dell Usa, L.P. Communications system for multiple computer system management circuits
US6412025B1 (en) * 1999-03-31 2002-06-25 International Business Machines Corporation Apparatus and method for automatic configuration of a personal computer system when reconnected to a network
US6345294B1 (en) * 1999-04-19 2002-02-05 Cisco Technology, Inc. Methods and apparatus for remote configuration of an appliance on a network
US6874087B1 (en) * 1999-07-13 2005-03-29 International Business Machines Corporation Integrity checking an executable module and associated protected service provider module
US7213068B1 (en) * 1999-11-12 2007-05-01 Lucent Technologies Inc. Policy management system
US6990591B1 (en) * 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
US20020002706A1 (en) * 2000-05-26 2002-01-03 Sprunk Eric J. Authentication and authorization epochs
US6711693B1 (en) * 2000-08-31 2004-03-23 Hewlett-Packard Development Company, L.P. Method for synchronizing plurality of time of year clocks in partitioned plurality of processors where each partition having a microprocessor configured as a multiprocessor backplane manager
US20020078382A1 (en) * 2000-11-29 2002-06-20 Ali Sheikh Scalable system for monitoring network system and components and methodology therefore
US20020112182A1 (en) * 2000-12-15 2002-08-15 Ching-Jye Chang Method and system for network management with adaptive monitoring and discovery of computer systems based on user login
US20020095591A1 (en) * 2001-01-12 2002-07-18 Daniell William T. System and method for protecting a security profile of a computer system
US20020099958A1 (en) * 2001-01-25 2002-07-25 Michael Hrabik Method and apparatus for verifying the integrity of computer networks and implementation of counter measures
US6854010B1 (en) * 2001-04-05 2005-02-08 Bluecube Software, Inc. Multi-location management system
US20030014658A1 (en) * 2001-07-11 2003-01-16 Walker Philip M. System and method of verifying system attributes

Cited By (75)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100332630A1 (en) * 2002-06-28 2010-12-30 Netfuel,Inc Managing Computer Network Resources
US9663659B1 (en) 2002-06-28 2017-05-30 Netfuel Inc. Managing computer network resources
US7747730B1 (en) * 2002-06-28 2010-06-29 Netfuel, Inc. Managing computer network resources
US8131851B2 (en) 2002-06-28 2012-03-06 Netfuel Inc Managing computer network resources
US7380267B2 (en) * 2002-10-17 2008-05-27 Hitachi, Ltd. Policy setting support tool
US20040193606A1 (en) * 2002-10-17 2004-09-30 Hitachi, Ltd. Policy setting support tool
US20050097199A1 (en) * 2003-10-10 2005-05-05 Keith Woodard Method and system for scanning network devices
US8281019B1 (en) 2003-10-10 2012-10-02 Symantec Corporation Method and system for scanning network devices
US9071646B2 (en) 2003-12-22 2015-06-30 International Business Machines Corporation Method, apparatus and program storage device for providing network perimeter security assessment
US8561154B2 (en) * 2003-12-22 2013-10-15 International Business Machines Corporation Method for providing network perimeter security assessment
US9749350B2 (en) 2003-12-22 2017-08-29 International Business Machines Corporation Assessment of network perimeter security
US9503479B2 (en) 2003-12-22 2016-11-22 International Business Machines Corporation Assessment of network perimeter security
US20050177746A1 (en) * 2003-12-22 2005-08-11 International Business Machines Corporation Method for providing network perimeter security assessment
US20060203736A1 (en) * 2005-03-10 2006-09-14 Stsn General Holdings Inc. Real-time mobile user network operations center
US8116317B2 (en) * 2006-01-31 2012-02-14 Microsoft Corporation Preventing quality of service policy abuse in a network
US20070177610A1 (en) * 2006-01-31 2007-08-02 Microsoft Corporation Preventing Quality Of Service Policy Abuse In A Network
US9559957B2 (en) 2006-01-31 2017-01-31 Microsoft Technology Licensing, Llc Preventing quality of service policy abuse in a network
US20080077663A1 (en) * 2006-07-21 2008-03-27 Lehman Brothers Inc. Method and System For Identifying And Conducting Inventory Of Computer Assets On A Network
US20080059123A1 (en) * 2006-08-29 2008-03-06 Microsoft Corporation Management of host compliance evaluation
US20080066145A1 (en) * 2006-09-08 2008-03-13 Ibahn General Holdings, Inc. Monitoring and reporting policy compliance of home networks
US8522304B2 (en) 2006-09-08 2013-08-27 Ibahn General Holdings Corporation Monitoring and reporting policy compliance of home networks
US9325799B2 (en) 2006-11-03 2016-04-26 Joanne Walker Systems and methods for computer implemented treatment of behavioral disorders
US10089897B2 (en) 2006-11-03 2018-10-02 Joanne Walker Systems and methods for computer implemented treatment of behavioral disorders
US10706737B2 (en) 2006-11-03 2020-07-07 Joanne Walker Systems and methods for computer implemented treatment of behavioral disorders
US11410572B2 (en) 2006-11-03 2022-08-09 Joanne Walker Systems and methods for computer implemented treatment of behavioral disorders
US8201223B2 (en) * 2006-11-03 2012-06-12 Joanne Walker Systems and methods for computer implemented treatment of behavorial disorders
US20080109872A1 (en) * 2006-11-03 2008-05-08 Joanne Walker Systems and methods for computer implemented treatment of behavorial disorders
US7551073B2 (en) 2007-01-10 2009-06-23 International Business Machines Corporation Method, system and program product for alerting an information technology support organization of a security event
US20080168531A1 (en) * 2007-01-10 2008-07-10 International Business Machines Corporation Method, system and program product for alerting an information technology support organization of a security event
US20080235764A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Resource authorizations dependent on emulation environment isolation policies
US20080235002A1 (en) * 2007-03-22 2008-09-25 Searete Llc Implementing performance-dependent transfer or execution decisions from service emulation indications
US8438609B2 (en) 2007-03-22 2013-05-07 The Invention Science Fund I, Llc Resource authorizations dependent on emulation environment isolation policies
US20080235001A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing emulation decisions in response to software evaluations or the like
US8874425B2 (en) 2007-03-22 2014-10-28 The Invention Science Fund I, Llc Implementing performance-dependent transfer or execution decisions from service emulation indications
US8495708B2 (en) 2007-03-22 2013-07-23 The Invention Science Fund I, Llc Resource authorizations dependent on emulation environment isolation policies
US20080235711A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Coordinating instances of a thread or other service in emulation
US20080235000A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing security control practice omission decisions from service emulation indications
US9558019B2 (en) 2007-03-22 2017-01-31 Invention Science Fund I, Llc Coordinating instances of a thread or other service in emulation
US20080234999A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Implementing performance-dependent transfer or execution decisions from service emulation indications
US20080235756A1 (en) * 2007-03-22 2008-09-25 Searete Llc, A Limited Liability Corporation Of The State Of Delaware Resource authorizations dependent on emulation environment isolation policies
US9378108B2 (en) 2007-03-22 2016-06-28 Invention Science Fund I, Llc Implementing performance-dependent transfer or execution decisions from service emulation indications
US20120185913A1 (en) * 2008-06-19 2012-07-19 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US9973474B2 (en) 2008-06-19 2018-05-15 Csc Agility Platform, Inc. Cloud computing gateway, cloud computing hypervisor, and methods for implementing same
US10880189B2 (en) 2008-06-19 2020-12-29 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with self-service portal for publishing resources
US20190245888A1 (en) * 2008-06-19 2019-08-08 Csc Agility Platform, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US9069599B2 (en) * 2008-06-19 2015-06-30 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US20210014275A1 (en) * 2008-06-19 2021-01-14 Csc Agility Platform, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US9658868B2 (en) 2008-06-19 2017-05-23 Csc Agility Platform, Inc. Cloud computing gateway, cloud computing hypervisor, and methods for implementing same
US20160112453A1 (en) * 2008-06-19 2016-04-21 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US9489647B2 (en) 2008-06-19 2016-11-08 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with self-service portal for publishing resources
US9759917B2 (en) 2010-02-28 2017-09-12 Microsoft Technology Licensing, Llc AR glasses with event and sensor triggered AR eyepiece interface to external devices
US9329689B2 (en) 2010-02-28 2016-05-03 Microsoft Technology Licensing, Llc Method and apparatus for biometric data capture
US9341843B2 (en) 2010-02-28 2016-05-17 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a small scale image source
US9875406B2 (en) 2010-02-28 2018-01-23 Microsoft Technology Licensing, Llc Adjustable extension for temple arm
US9285589B2 (en) 2010-02-28 2016-03-15 Microsoft Technology Licensing, Llc AR glasses with event and sensor triggered control of AR eyepiece applications
US9097890B2 (en) 2010-02-28 2015-08-04 Microsoft Technology Licensing, Llc Grating in a light transmissive illumination system for see-through near-eye display glasses
US10860100B2 (en) 2010-02-28 2020-12-08 Microsoft Technology Licensing, Llc AR glasses with predictive control of external device based on event input
US9097891B2 (en) 2010-02-28 2015-08-04 Microsoft Technology Licensing, Llc See-through near-eye display glasses including an auto-brightness control for the display brightness based on the brightness in the environment
US9091851B2 (en) 2010-02-28 2015-07-28 Microsoft Technology Licensing, Llc Light control in head mounted displays
US20110221657A1 (en) * 2010-02-28 2011-09-15 Osterhout Group, Inc. Optical stabilization of displayed content with a variable lens
US9129295B2 (en) 2010-02-28 2015-09-08 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a fast response photochromic film system for quick transition from dark to clear
US9366862B2 (en) 2010-02-28 2016-06-14 Microsoft Technology Licensing, Llc System and method for delivering content to a group of see-through near eye display eyepieces
US8814691B2 (en) 2010-02-28 2014-08-26 Microsoft Corporation System and method for social networking gaming with an augmented reality
US9134534B2 (en) 2010-02-28 2015-09-15 Microsoft Technology Licensing, Llc See-through near-eye display glasses including a modular image source
US9229227B2 (en) 2010-02-28 2016-01-05 Microsoft Technology Licensing, Llc See-through near-eye display glasses with a light transmissive wedge shaped illumination system
US10180572B2 (en) 2010-02-28 2019-01-15 Microsoft Technology Licensing, Llc AR glasses with event and user action control of external applications
US10268888B2 (en) 2010-02-28 2019-04-23 Microsoft Technology Licensing, Llc Method and apparatus for biometric data capture
US9223134B2 (en) 2010-02-28 2015-12-29 Microsoft Technology Licensing, Llc Optical imperfections in a light transmissive illumination system for see-through near-eye display glasses
US9182596B2 (en) 2010-02-28 2015-11-10 Microsoft Technology Licensing, Llc See-through near-eye display glasses with the optical assembly including absorptive polarizers or anti-reflective coatings to reduce stray light
US10539787B2 (en) 2010-02-28 2020-01-21 Microsoft Technology Licensing, Llc Head-worn adaptive display
US9128281B2 (en) 2010-09-14 2015-09-08 Microsoft Technology Licensing, Llc Eyepiece with uniformly illuminated reflective display
US9106681B2 (en) * 2012-12-17 2015-08-11 Hewlett-Packard Development Company, L.P. Reputation of network address
US20140173723A1 (en) * 2012-12-17 2014-06-19 Hewlett-Packard Development Company, L.P. Reputation of network address
US10411975B2 (en) 2013-03-15 2019-09-10 Csc Agility Platform, Inc. System and method for a cloud computing abstraction with multi-tier deployment policy
US9800615B2 (en) 2014-09-09 2017-10-24 Bank Of America Corporation Real-time security monitoring using cross-channel event processor

Also Published As

Publication number Publication date
US20030229808A1 (en) 2003-12-11
US8001594B2 (en) 2011-08-16

Similar Documents

Publication Publication Date Title
US8001594B2 (en) Monitoring computer network security enforcement
US7159237B2 (en) Method and system for dynamic network intrusion monitoring, detection and response
JP4373779B2 (en) Stateful distributed event processing and adaptive maintenance
US6735702B1 (en) Method and system for diagnosing network intrusion
US8397296B2 (en) Server resource management, analysis, and intrusion negation
US7562388B2 (en) Method and system for implementing security devices in a network
US7657939B2 (en) Computer security intrusion detection system for remote, on-demand users
US7832006B2 (en) System and method for providing network security
US7472422B1 (en) Security management system including feedback and control
US20060037077A1 (en) Network intrusion detection system having application inspection and anomaly detection characteristics
US20030110392A1 (en) Detecting intrusions
US20070294209A1 (en) Communication network application activity monitoring and control
KR20070065306A (en) End user risk managemet
CN1415099A (en) System and method for blocking harmful information online, and computer readable medium therefor
US20030187998A1 (en) System and method for detecting resource usage overloads in a portal server
US20080127322A1 (en) Solicited remote control in an interactive management system
KR100401088B1 (en) Union security service system using internet
US20220027456A1 (en) Rasp-based implementation using a security manager
KR101233934B1 (en) Integrated Intelligent Security Management System and Method
Gehani et al. Fine-grained tracking of grid infections
KR100459846B1 (en) Method of and system for managing network resources and security control for network
US20060075025A1 (en) System and method for data tracking and management
KR100796814B1 (en) Pci-type security interface card and security management system
KR20000058818A (en) Emergency alarm system of internet server
TW202217617A (en) Cyber security protection system and related proactive suspicious domain alert system

Legal Events

Date Code Title Description
AS Assignment

Owner name: AXCELERANT, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HEINTZ, ROBERT;CHRISTY, JEFFREY A.;REEL/FRAME:013002/0753;SIGNING DATES FROM 20020602 TO 20020603

Owner name: AXCELERANT, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HEINTZ, ROBERT;CHRISTY, JEFFREY A.;SIGNING DATES FROM 20020602 TO 20020603;REEL/FRAME:013002/0753

AS Assignment

Owner name: GOREMOTE INTERNET COMMUNICATIONS, INC. (F/K/A GRIC

Free format text: MERGER;ASSIGNOR:AXCELERANT, INC.;REEL/FRAME:018784/0577

Effective date: 20030813

Owner name: GOREMOTE INTERNET COMMUNICATIONS, INC. (A WHOLLY O

Free format text: MERGER;ASSIGNOR:GOREMOTE INTERNET COMMUNICATIONS, INC. (F/K/A GRIC COMMUNICATIONS, INC.);REEL/FRAME:018784/0756

Effective date: 20060215

ZAAA Notice of allowance and fees due

Free format text: ORIGINAL CODE: NOA

ZAAB Notice of allowance mailed

Free format text: ORIGINAL CODE: MN/=.

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: IPASS INC., CALIFORNIA

Free format text: MERGER;ASSIGNOR:GOREMOTE INTERNET COMMUNICATIONS, INC.;REEL/FRAME:028612/0163

Effective date: 20120718

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: FORTRESS CREDIT CORP., NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:IPASS INC.;REEL/FRAME:046094/0323

Effective date: 20180614

AS Assignment

Owner name: IPASS IP LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IPASS INC.;REEL/FRAME:046148/0555

Effective date: 20180619

AS Assignment

Owner name: FIP UST LP, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:IPASS INC.;IPASS IP LLC;REEL/FRAME:046170/0457

Effective date: 20180621

Owner name: FORTRESS CREDIT CORP., NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:IPASS INC.;IPASS IP LLC;REEL/FRAME:046170/0457

Effective date: 20180621

Owner name: DBD CREDIT FUNDING LLC, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:IPASS INC.;IPASS IP LLC;REEL/FRAME:046170/0457

Effective date: 20180621

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

AS Assignment

Owner name: POST ROAD ADMINISTRATIVE LLC, CONNECTICUT

Free format text: SECURITY INTEREST;ASSIGNOR:IPASS IP LLC;REEL/FRAME:048462/0641

Effective date: 20190226

AS Assignment

Owner name: IPASS INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:FORTRESS CREDIT CORP.;REEL/FRAME:048503/0518

Effective date: 20190222

AS Assignment

Owner name: IPASS IP LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:POST ROAD ADMINISTRATIVE LLC;REEL/FRAME:052525/0357

Effective date: 20190926

AS Assignment

Owner name: IPASS IP LLC, CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNORS:FIP UST LP;DBD CREDIT FUNDING, LLC;REEL/FRAME:052564/0488

Effective date: 20190222

Owner name: IPASS INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNORS:FIP UST LP;DBD CREDIT FUNDING, LLC;REEL/FRAME:052564/0488

Effective date: 20190222

AS Assignment

Owner name: HIGH TRAIL INVESTMENTS SA LLC, AS COLLATERAL AGENT, NEW JERSEY

Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:IPASS IP LLC;REEL/FRAME:052888/0728

Effective date: 20200608

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: CHANNEL VENTURES GROUP, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PARETEUM CORPORATION;PARETEUM NORTH AMERICA CORPORATION;DEVICESCAPE HOLDINGS, INC.;AND OTHERS;REEL/FRAME:063988/0501

Effective date: 20220711

AS Assignment

Owner name: CHANNEL IP B.V., NETHERLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHANNEL VENTURES GROUP, LLC;REEL/FRAME:064180/0440

Effective date: 20230526

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20230816