Patent Grant
9996343
This invention relates generally to the software versioning field, and more specifically to a new and useful system and method for determining tool version capabilities field.
The availability of open source and proprietary hardware and software tools has resulted in the rapid development of new and varying products. Hardware and software tools such as computing system firmware, operating systems, software development kits, hardware components, and other tools can be used, modified, and/or repurposed to accelerate the product development process. Recently, a popular tool or device component has been the Android operating system. However, the Android operating system has not only been used in developing new phones but also tablets, computers, smart devices, and other devices using some form or version of the Android operating system. As it is applied to different systems and applications though, working with the devices becomes increasingly difficult—the system becomes increasingly fragmented. One report cited that over 11,000 distinct Android devices were in use in 2013, which grew to over 18,000 in 2014. Each of these devices may have specific hardware limitations, network carrier limitations, product system limitations (e.g., who sells and maintains the product), and other complications, which complicate the network of responsibility in maintaining the device. Such fragmentation presents numerous challenges. In particular, the security of Android devices becomes difficult to manage due to the various relationships and responsibilities of the involved parties. Such problems are also prevalent for other widely used tools and device components. Thus, there is a need in the software versioning field to create a new and useful system and method for determining tool version capabilities. This invention provides such a new and useful system and method.
The following description of preferred embodiments of the invention is not intended to limit the invention to these preferred embodiments, but rather to enable any person skilled in the art to make and use this invention.
1. System for Determining Tool Version Capabilities
As shown in
In a preferred implementation, the system is used to determine recommended stable versions of an operating system for a particular device. For example, the Android operating system is a highly fragmented ecosystem with a wide variety of device, carrier, and country component variations. Upgrading a system to the most secure and stable version of the operating system is not as simple as using the highest version number of the operating system. There are hardware restrictions, carrier restrictions, country restrictions, and other restrictions. The fragmentation issue is so complicated that it can be intractable for outside parties to attempt to uniformly improve security of the Android ecosystem through existing version information. However, using a distributed sampling of operating system version and device information, the system can achieve probabilistic recommendations of component versions. For example, the system can be used to identify recommended vulnerability and security patches that are compatible with a particular device instance. While the Android operating system is one such tool, the problem can be evident in other widely used and/or modified tools such as open source software projects, hardware platforms, and other tools used in building products. In another example, an open hardware component may allow for different hardware modules developed from various entities to be used in combination. Module compatibility and firmware updates across multiple modules can similarly benefit from the system.
The component compatibility service 110 of the preferred embodiment functions to act as a centralized service for collecting and managing component version information. The component capability service 110 includes or is communicatively coupled to a device profile repository 120. The component capability service no can additionally function to process service queries concerning tool compatibility. The component compatibility service 110 is preferably a remote cloud-hosted service. A cloud-hosted service can be any suitable network accessible server, computer cluster, or distributed computing environment. The component compatibility service no can additionally be a sub-component of or cooperatively integrated with a second network accessible service used for a secondary purpose such as a vulnerability assessment service, a two-factor authentication service, a system update service, an analytics service, or any suitable network accessible service. The component compatibility service no can be a public service, wherein outside entities may be capable of accessing and using the system. The component compatibility service 110 may alternatively be an internal or on-premise solution that operates within a closed ecosystem such as a service run on some IT solution of an Enterprise entity.
The component compatibility service 110 is preferably applied to tracking component versions across multiple devices. Component versions can include the version or type identifiers of one or more software or hardware modules which can include version identifiers for operating systems, device models, applications, device wide services, software packages or libraries, firmware, plugins, vulnerability or security patches, hardware add-on/accessory, and/or other suitable device tools. The component compatibility service 110 preferably uses the variety of device instance configurations and optionally additional device instance context information such as language settings, communication/data providers (e.g., telecommunication carriers).
The component compatibility service 110 can include at least two interfaces. A first interface is a collection interface 112, which functions as an input channel for receiving component version updates. The component version updates are preferably received from a plurality of different device instances. The system uses a large collection of component version updates from a diverse collection of devices. The collection interface can be used to collect device version profiles updates from application collection module instances installed on client devices. The application collection module can be a standalone application, a software development kit used by third party applications, a plug-in added by a user, a web application, or any suitable component operable on the device. There can additionally be a plurality of different types of application collection modules used to collect information. An application collection module instance reads or determines information for the device version profile transmission and then transmits the device version profile to the cloud-hosted service. The transmission can be over HTTP but any suitable protocol or communication channel can be used. A transmitted device version profile may be communicated as a single data object, but a set of component version and other information may be communicated at different times such that a full device version profile is constructed or updated within the component compatibility service 110 over time period.
The second interface of the component compatibility service no is a query interface 114. The query interface functions to allow the data in the device profile repository 120 to be collectively processed to determine solutions concerning tool compatibility. The query interface 114 can be the same interface as the collection interface 112 (e.g., the request includes a device version profile update and the response includes information relating to the compatibility of that device instance). The query interface 114 can alternatively be separate and used by outside parties to programmatically interact with the component compatibility service no. For example, the query interface 114 can be used to selectively impact operation of an application. In another variation, the query interface 114 is an internal interface and is not exposed externally. The internal query interface can be used to selectively impact operation of secondary objectives of the component compatibility service no such as during a vulnerability assessment of a device or when providing system updates.
The device profile repository 120 of the preferred embodiment functions to store component version information records of various device instances. An individual record corresponds to a single device instance. A device instance preferably directly relates to one physical device. For example, the phone used by a particular user may have one corresponding device profile that characterizes the version state and optionally device configuration of that phone. More preferably a device instance is associated with a time attribute. A device version profile may be associated with one time that when the information was collected. A device version profile can alternatively have a timeline history of evolution for that particular device version profile. For example, a device version profile may show that a particular device instance is regularly updated to a stable version or conversely that the device instance is infrequently updated despite available or recommended updates.
A single device version profile can include component information for multiple components. A device version profile may alternatively include component version information for only a single component or tool. Additional contextual or configuration information may supplement the device version information. In one limited example, an operating system version identifier may be mapped to a device model number in the device version information. In one variation, the operating system is of primary interest in the system but the primary component of interest could alternatively be any software project, hardware firmware, physical hardware architecture, and/or other suitable tools. In one example, the system can be applied to tracking component compatibility with the Android operating system.
The device profile repository 120 can be a database(s) of the collected tool version updates. The device profile repository 120 can additionally be reformatted or architected to pre-format component version patterns according to anticipated queries. For example, one preferred use case is to provide a recommended operating system version based on a device, carrier, country, and other device information. The repository can structure the database structure to improve the efficiency of determining the recommended version of the operating system.
The system can additionally include a device collection module 130 which functions to retrieve, generate, or collect a device version profile on a device instance. A device collection module 130 is operative on at least one device. The device collection module 130 can be a standalone client application, a software development kit used by third party applications, a plug-in added by a user, a web application, or any suitable component operable on the device. When integrated into an application with a secondary objective, the application can be a device vulnerability assessment application, a two-factor authentication application, a system update application, an analytics service of an application, or any suitable component of an application. The device collection module 130 collects a device version profile from the device. In one preferred implementation, the component of interest is the device operating system. The operating system version number is retrieved. Additionally, information can also be retrieved such as the device model, associated parties, supplemental information (e.g., usage information, installed applications, etc.), and other information impacting the version of the component.
2. Method for Determining Tool Version Capabilities
As shown in
The method is preferably implemented through a cloud-hosted service such as the one described above. A plurality of devices using a collection module can connect to the hosted service to facilitate collection of component version information. The component version information is preferably organized into a device version profile. The system is preferably implemented by a service substantially similar to the one described above, but any suitable service can implement the system. In one variation, the method is used in cooperation with a vulnerability assessment system or method as described in U.S. patent application Ser. No. 13/601,409, filed 31 Aug. 2012, which is hereby incorporated in its entirety by this reference. The method may alternatively or additionally be used with any other supplemental services such as an authentication service, password management, app/component store, anti-virus or security software, and/or any suitable service.
Block S110, which includes collecting device version profiles from a plurality of sources, functions to receive and store component version information from multiple devices and users. The collected device version profiles are preferably used to form a large corpus of version information for one or more components. A large number of component version information records are collected from a plurality of different device instances. The component version information can be organized, formed, or otherwise converted into a device version profile as shown in
Collecting device version profiles can include periodically collecting device profile information, which may include updating existing device version profiles or collecting device version profiles of new device sources. Since the component and device variations can be a constantly evolving environment (within a single device instance and for new device instances), the collection of data can be a continuous, periodic, or ongoing process. A record of a device version profile can additionally be updated during block S110 if a device was updated or changed. The device version profile is preferably received at an internet connected cloud-hosted service through a collection interface. The device version profile can alternatively be sent over any suitable communication channel. The device version profile is preferably transmitted from the device instance the information references. The device can be a personal computing device such as a smart phone, a tablet, a desktop computer, a wearable computing device, a TV connected computing device, or any suitable computing device.
The device version profile can include the version number of at least one component/tool identifier, the device model, associated parties, carrier information, device user configuration (e.g., language settings), and other information impacting the version of the tool. The component in a preferred implementation is an operating system. There are various factors that can impact the most current version of an operating system that can run on a particular device. The device version profile of an operating system of a mobile device can include the current operating system version, the device model and/or hardware configuration, and the carrier/network provider. It can additionally collect information such as country or language requirements. In some devices, such information may not be available, applicable, or accessible so a partial set of available information can alternatively be collected. Additionally, capabilities of the component can be characterized or transmitted as a profile of the current tool version. For example, the current design of the tools and available functions and features can provide a fingerprint or signature indicative of the device version profile. As another addition, the device version profile can include supplementary version information of related tools or components. For example, firmware versions, application versions, plug-in versions, hardware versions, or other related components used within the device could additionally be transmitted. The supplementary version information can be used to provide compatibility information. While determining the most current version of a component can be a challenging problem, determining the most current version of a compatible component can additionally be challenging. Such compatibility issues can have multiple dependencies. The component version information stored within the device version repository can additionally be seeded, supplemented or supplied with ground-truth data or previously collected data, which can involve augmenting the device profile repository with component version annotation. The component version annotation can include black listing or weighting preference of particular component versions as shown in
In one implementation, providing an application module used by the source devices can facilitate transmitting the device version profile from a device to a central system (e.g., the cloud-hosted service). The application module can be a standalone application, a software development kit or library used by third party applications, a plug-in added by a user, a web application, or any suitable component operable on the device. There can additionally be a plurality of different types of application modules used to collect information. The application module preferably reads or determines information for the tool version transmission. The application module will read the information and then transmit the device version profile to the cloud-hosted service. Reading the information may include accessing exposed or hidden API's to read version identification information for a particular device. In some variations, the version identification information may not be exposed for direct access. The application module may run various tests to determine a version identifier or set of identifiers. As one particular example, some features may be offered by a second version of a component that isn't offered by an initial version of the same component. The application module may test for the presence of those new features and if detected conclude the component is the second version.
The application module is preferably used by a large number of users. The transmission can be a complimentary communication of another service—the purpose of the application may not be directly for collection version information. For example, the information can be collected and used alongside a vulnerability assessment, a two-factor authentication application, a system update application, an analytics service of an application, or any suitable component of an application.
Block S120, which includes classifying the device version profiles into a device profile repository, functions to store and organize data around the version information. Preferably, the state of individual device instances is recorded in a database system or an alternative data storage solution. In one variation, the state of the devices is persistently stored such that specific device information for a particular device at particular time can be used in data analysis. Alternatively, the information may be organized into an aggregated analysis of a set of devices, wherein information for a particular device is obfuscated as an aggregate data point. An aggregated data approach may record values to generate the probability of a given component within a device population and/or the conditional probability for particular component. The collected information device version profiles are preferably stored at or at least accessible by the cloud-hosted service. The device version profile preferably is stored as a record including version number of a component, the device model, associated parties, supplemental information, and other information impacting the version of the tool. Additionally, the device source can be recorded. The source of the information can be used in weighting the information and evaluating the collected data as a whole in Block S140. Additionally, the time of collection is tracked. The device version profile can be similarly weighted based on age of the data point.
Classifying device version profiles can include processing and creating device version profiles. In one implementation, a device version profile data object may include an instance identifier that is unique to the particular device instance, a time stamp of when the information was collected (or last updated), a first component version identifier (e.g., a primary component of interest such as an operating system), an optional set of additional component version identifiers, and a set of device context information. In one variation, there will be only one class or type of component of interest. In another variation, multiple types of components will be of interest, and version identifiers will be collected for these component types as well. In another variation, other types of components can be used to provide context of the primary component—in which case, component version identifiers for these components are collected for context. The context information can include a device model identifier, carrier information, country/location information, user configuration information, and/or any suitable information related to the environment of device. The information in the device version information can be used to make objective data driven analysis such as this percentage of devices of this model use this operating system. Some information may alternatively be used to drive subjective analysis such as users that commonly use their devices in secure manner use this operating system or users with behavior leading to device vulnerabilities use this set of components. The device version profile may additionally include a history of device profile snapshots. For example, the set of component versions for a device at different intervals may be stored such that the history of how the device configuration has evolved can be monitored. In an alternative implementation, each snapshot can be stored as a unique device instance.
Block S130, which includes receiving a component version query request, functions to initialize identification of tool capabilities. The query request can be an internal query of the system, such as when used in combination with providing a vulnerability resolution product. In another variation, the query request can be made by an authenticated account through a query API of the system as shown in
The component version query request preferably includes a set of component version information to define constraints of the query. More preferably, the component version query is an at least a partial device version profile. Block S140 can apply the information included in the device version profile query to identify a compatible or recommended component based on multiple properties of the profile. For example, the recommended operating system may be identified based on the device model, the carrier information, and the set of other component version numbers. Alternatively, the component version information can include a single component version identifier such as a device model identifier. In yet another variation, the request may be an unconstrained request wherein the result may include the recommended component (e.g., most secure, most stable, most popular). In yet another variation, the constraint may be that of multiple version identifiers or device version profiles. For example, an IT department that has deployed IT managed phones to numerous employees may have those phones be in various version states (different OS's and device models). If the IT department was wanting to install a particular application or service across these devices, the IT department could submit a query with a range of component versions and the result could include the recommended component version that would work across all their deployed devices.
The query request, in one implementation, can be the same transmission used to provide a device version profile of a device instance as shown in
The query can additionally specify other parameters that alter the type of information requested. For instance, query may want a recommendation of the most “stable” version, “most cutting edge”, “fastest trending”, “most popular”, “most secure” or other qualifier for a component. The recommendation can additionally be set for particular platforms. For example, a query property can be set to “latest Android version” or “latest iOS version”. Further the parameters can define a set of options. For example, the query property can include a qualifying parameter that adjusts the version or time window of recommendations. For example, a qualified query parameter can be “Android last two major releases”. The query parameters can be automatically inferred based on a query of the device profile repository. Other qualifying parameters may adjust the scope of device profiles considered. For example, a query parameter may scope the query based on device model, operating system type, carrier, account name (e.g., within a corporate fleet of devices), country, or other suitable qualifying parameters. The query parameters can be automatically inferred based on a query of the device profile repository. Additional filters can be set such as restraining a search to a particular location or any suitable condition.
Block S140, which includes querying the device profile repository according to the component version query request, functions to process the component version information to determine information relevant to the query. In a first variation, the query is attempting to determine if one or more particular components are compatible with a particular device version profile. In another variation, the query is attempting to determine if any updates to current components are available and/or recommended. In another variation, the query is attempting to determine if any new components are recommended for a particular device configuration. The query is preferably specific to a particular device version instance (or a set of device instance properties) as shown in
Querying the device profile repository can include identifying capabilities of a device as defined by the device version profile information from the query. In particular variation, querying the device profile repository can include identifying emerging components within the device profile repository as shown in
Various types of capability queries can be made. Often, at least one field of the component version information will be of interest in the results. In a preferred variation, a recommended version number or identifier of a component is identified for the provided device version profile of the capability query. For example, a device will send the device model, the carrier information, and optionally operating system version information, and in response, a recommended version of the operating system is identified. The recommended version is often a version that is predicted to be most stable and/or secure. In this example, the recommended version can be identified by looking at other records of the same device model and carrier information. Then the operating system version used by the highest percentage of devices can be determined to be the recommended version. Those records can optionally be weighted based on the source or age of the records. For example, the highest raw percentage of users may use a first version of an OS, but a newer and more secure version may have been recently released. The identification process can be augmented so that trending or newer information would result in identification of the newer version despite not being the most popular. The OS version recommendation can additionally be augmented based on version rules such as the order in which a recommendation will trend over time, white-listed or black-listed version numbers, and other rules. Beta versions, developer releases, version number spoofing, and other scenarios can be overcome by the analysis and heuristics of the identification system. Alternative types of queries can include identifying devices that support a particular version number and identifying supplemental components that are compatible or recommended for a component.
As mentioned above, the method can include weighting device version profiles according to the source, which can include classifying version information records with user information. This variation can include classifying device sources. In one implementation, the device version profiles are collected by an application that has an account system. The history of the account records can be used in evaluating the trustworthiness of the device version profile record. A record can be given more weight, no weight, or negative weight. If the account is a paying account, then the account can be assumed to be more trustworthy due to the financial barrier. If the account frequently updates the tool/device, the user will often have usage habits indicating their system is well maintained. In some situations, the application is used for vulnerability assessment, two-factor authentication application, system updates, and thus more regular use of the application can be a signal the user is sensitive to using up to date versions. Similarly, usage patterns outside of the application can be a signal of the trustworthiness of the device version profile. The supplemental information can indicate if the account has device usage patterns. For example, the list of applications installed on the device or the change in location information can be signals of the risk of the device. On the contrary, accounts that are free accounts that infrequently update their device, that include supplemental information indicating suspect applications, or include other signals may be penalized. In some cases, the weighting can be used to penalize the use of that version. For example, a user that includes several applications only accessible to jailbroken devices may be penalized such that the corresponding tool version is avoided based on the corresponding record.
Block S150, which includes responding to the request with a result of the query, functions to act appropriately to resolve the capability request using the identified analysis. In a first implementation, a response is transmitted to the source of the compatibility request. In a first variation, the query requests the recommended version of the tool (e.g., current stable version), and the response is the version number or other suitable identifier. In another variation, the identified capabilities are used to fetch or generate a recommended, suggested, or possible system update to update one or more components. The update can be a vulnerability or security update. The response can be a link to the necessary updates, or alternatively, initiate a data transfer of the update. In another variation, the response includes a set of information satisfying the query. For example, a query may request device compatibility with a particular version of a component, and the response can include a set of device identifiers that are capable of running with that version of the tool. In one implementation, the cloud-hosted service is configured for outside parties to request the information. An API or alternative query interface can be used. The responses are delivered to the requesting entity, which could include client applications and/or third party application services. For example, an application developer can use the tool to selectively recommend a user update an operating system. In an alternative implementation, the query and response are used internally to the cloud-hosted service. For example, a vulnerability assessment service can use the tool compatibility service to determine the recommended or executed security updates on a particular device.
In one alternative implementation, the method is applied to a platform version control system wherein the method is used to indicate if a device or component is in compliance with component version conditions. This variation functions to allow checks to be performed on individual devices to see if they are in compliance. The platform version control system is preferably used in a system wherein there is a set of different devices accessing or otherwise making use of the system. An administrator of the system can set one or more component version conditions. One-time or periodic checks may be made on the set of devices to determine if one or more components satisfy the component version condition. In one implementation, a user interface allows an administrator to set the allowed component versions. The components of interest can be any suitable type of component. In one example, an administrator can set the operating system version conditions. Operating system version conditions may be specified by selecting options such as “latest iOS version” or “latest Android version”. These absolute component version conditions may result in a device not passing because it has not been upgraded or because it is ineligible for the latest version. Operating system version conditions may alternatively include options such as “last two major releases for Android”, “latest version of Android for this device”, or “latest version of Android for this device and not less than Honeycomb”. The component version conditions can alternatively be set through an API or any suitable condition. This implementation preferably similarly depends on collecting component version information. When a device attempts to use the platform (or at any suitable time such as registration), an at least a partial device version profile is collected from the device. A query is made on the device profile repository using the the device version profile of the particular device. Results of this query can be compared to the component version conditions and then the device can be determined to be in compliance or not incompliance. If in compliance the device is preferably allowed to use the platform. If not in compliance, the device is preferably prevented from accessing the platform. Alternatively, access to the platform may be limited. Additionally, the device may be required to perform an update of the component. In the case of the device not being compatible with allowed component version, a notification that informs the user to update his or her device.
In another usecase, the method may be applied to generating automatic update notifications. These update notifications are preferably dependent on the particular device and a comparison to the device profile repository. For example, an employee's Moto X on T-Mobile accessing a corporate network can be detected as not being fully up to date since seen 10 other similar devices were observed with a higher component version.
Additionally, the method may include monitoring the device instance associated with the device version profile of the query request as shown in
The system and method of the preferred embodiment and variations thereof can be embodied and/or implemented at least in part as a machine configured to receive a computer-readable medium storing computer-readable instructions. The instructions are preferably executed by computer-executable components preferably integrated with the tool compatibility service and device profile repository. The computer-readable medium can be stored on any suitable computer-readable media such as RAMs, ROMs, flash memory, EEPROMs, optical devices (CD or DVD), hard drives, floppy drives, or any suitable device. The computer-executable component is preferably a general or application specific processor, but any suitable dedicated hardware or hardware/firmware combination device can alternatively or additionally execute the instructions.
As a person skilled in the art will recognize from the previous detailed description and from the figures and claims, modifications and changes can be made to the preferred embodiments of the invention without departing from the scope of this invention defined in the following claims.
This application is a continuation of U.S. patent application Ser. No. 14/743,783, filed on 18 Jun. 2015, which is a continuation of U.S. patent application Ser. No. 14/482,796, filed on 10 Sep. 2014, which claims the benefit of U.S. Provisional Application No. 61/876,109, filed on 10 Sep. 2013, all of which are incorporated in their entireties by this reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5838792 | Ganesan | Nov 1998 | A |
| 5870723 | Pare et al. | Feb 1999 | A |
| 6119096 | Mann et al. | Sep 2000 | A |
| 6209091 | Sudia et al. | Mar 2001 | B1 |
| 6311272 | Gressel | Oct 2001 | B1 |
| 6694025 | Epstein et al. | Feb 2004 | B1 |
| 6758394 | Maskatiya et al. | Jul 2004 | B2 |
| 6823359 | Heidingsfeld et al. | Nov 2004 | B1 |
| 6934858 | Woodhill | Aug 2005 | B2 |
| 6956950 | Kausik | Oct 2005 | B2 |
| 6996716 | Hsu | Feb 2006 | B1 |
| 7096354 | Wheeler et al. | Aug 2006 | B2 |
| 7331518 | Rable | Feb 2008 | B2 |
| 7340600 | Corella | Mar 2008 | B1 |
| 7386720 | Sandhu et al. | Jun 2008 | B2 |
| 7447784 | Eun | Nov 2008 | B2 |
| 7463637 | Bou-Diab et al. | Dec 2008 | B2 |
| 7496662 | Roesch et al. | Feb 2009 | B1 |
| 7526792 | Ross | Apr 2009 | B2 |
| 7562382 | Hinton et al. | Jul 2009 | B2 |
| 7574733 | Woodhill | Aug 2009 | B2 |
| 7711122 | Allen et al. | May 2010 | B2 |
| 7793110 | Durfee et al. | Sep 2010 | B2 |
| 7904608 | Price | Mar 2011 | B2 |
| 7953979 | Borneman et al. | May 2011 | B2 |
| 7982595 | Hanna et al. | Jul 2011 | B2 |
| 8028329 | Whitcomb | Sep 2011 | B2 |
| 8136148 | Chayanam et al. | Mar 2012 | B1 |
| 8161527 | Curren | Apr 2012 | B2 |
| 8200980 | Robinson et al. | Jun 2012 | B1 |
| 8245044 | Kang | Aug 2012 | B2 |
| 8332627 | Matthews et al. | Dec 2012 | B1 |
| 8335933 | Humphrey et al. | Dec 2012 | B2 |
| 8397301 | Hering et al. | Mar 2013 | B2 |
| 8402526 | Ahn | Mar 2013 | B2 |
| 8458798 | Williams et al. | Jun 2013 | B2 |
| 8495720 | Counterman | Jul 2013 | B2 |
| 8499339 | Chao et al. | Jul 2013 | B2 |
| 8510820 | Oberheide et al. | Aug 2013 | B2 |
| 8538028 | Yeap et al. | Sep 2013 | B2 |
| 8539567 | Logue et al. | Sep 2013 | B1 |
| 8549601 | Ganesan | Oct 2013 | B2 |
| 8595809 | Chayanam et al. | Nov 2013 | B2 |
| 8627438 | Bhimanaik | Jan 2014 | B1 |
| 8646060 | Ben Ayed | Feb 2014 | B1 |
| 8646086 | Chakra et al. | Feb 2014 | B2 |
| 8689287 | Bohmer et al. | Apr 2014 | B2 |
| 8700729 | Dua | Apr 2014 | B2 |
| 8732475 | Fahrny et al. | May 2014 | B2 |
| 8732839 | Hohl | May 2014 | B2 |
| 8745703 | Lambert et al. | Jun 2014 | B2 |
| 8763077 | Oberheide et al. | Jun 2014 | B2 |
| 8806609 | Gladstone et al. | Aug 2014 | B2 |
| 8850516 | Hrebicek et al. | Sep 2014 | B1 |
| 8891772 | D Souza et al. | Nov 2014 | B2 |
| 8893230 | Oberheide et al. | Nov 2014 | B2 |
| 8898762 | Kang | Nov 2014 | B2 |
| 9049011 | Agrawal | Jun 2015 | B1 |
| 9223961 | Sokolov | Dec 2015 | B1 |
| 9282085 | Oberheide et al. | Mar 2016 | B2 |
| 9391980 | Krahn et al. | Jul 2016 | B1 |
| 20020013898 | Sudia et al. | Jan 2002 | A1 |
| 20020123967 | Wang | Sep 2002 | A1 |
| 20020131404 | Mehta | Sep 2002 | A1 |
| 20020136410 | Hanna | Sep 2002 | A1 |
| 20030061506 | Cooper et al. | Mar 2003 | A1 |
| 20030115452 | Sandhu et al. | Jun 2003 | A1 |
| 20030120931 | Hopkins et al. | Jun 2003 | A1 |
| 20030126472 | Banzhof | Jul 2003 | A1 |
| 20030147536 | Andivahis et al. | Aug 2003 | A1 |
| 20040064706 | Lin et al. | Apr 2004 | A1 |
| 20040218763 | Rose et al. | Nov 2004 | A1 |
| 20050218215 | Lauden | Oct 2005 | A1 |
| 20050221268 | Chaar et al. | Oct 2005 | A1 |
| 20050240522 | Kranzley et al. | Oct 2005 | A1 |
| 20050268107 | Harris et al. | Dec 2005 | A1 |
| 20060031938 | Choi | Feb 2006 | A1 |
| 20060059569 | Dasgupta et al. | Mar 2006 | A1 |
| 20060130139 | Sobel et al. | Jun 2006 | A1 |
| 20060165060 | Dua | Jul 2006 | A1 |
| 20060182276 | Sandhu et al. | Aug 2006 | A1 |
| 20060184788 | Sandhu et al. | Aug 2006 | A1 |
| 20060242692 | Thione et al. | Oct 2006 | A1 |
| 20070016948 | Dubrovsky et al. | Jan 2007 | A1 |
| 20070081667 | Hwang | Apr 2007 | A1 |
| 20070156659 | Lim | Jul 2007 | A1 |
| 20070186106 | Ting et al. | Aug 2007 | A1 |
| 20070199060 | Touboul | Aug 2007 | A1 |
| 20070228148 | Rable | Oct 2007 | A1 |
| 20070250914 | Fazal | Oct 2007 | A1 |
| 20070258594 | Sandhu et al. | Nov 2007 | A1 |
| 20070284429 | Beeman | Dec 2007 | A1 |
| 20070297607 | Ogura et al. | Dec 2007 | A1 |
| 20080049642 | Gudipudi et al. | Feb 2008 | A1 |
| 20080069347 | Brown et al. | Mar 2008 | A1 |
| 20080120411 | Eberle | May 2008 | A1 |
| 20080229104 | Ju et al. | Sep 2008 | A1 |
| 20080301669 | Rao | Dec 2008 | A1 |
| 20090055906 | Wendorff | Feb 2009 | A1 |
| 20090077060 | Sermersheim et al. | Mar 2009 | A1 |
| 20090167489 | Nan et al. | Jul 2009 | A1 |
| 20090187986 | Ozeki | Jul 2009 | A1 |
| 20090198997 | Yeap et al. | Aug 2009 | A1 |
| 20090210705 | Chen | Aug 2009 | A1 |
| 20090271863 | Govindavajhala et al. | Oct 2009 | A1 |
| 20090300596 | Tyhurst et al. | Dec 2009 | A1 |
| 20090300707 | Garimella et al. | Dec 2009 | A1 |
| 20100023781 | Nakamoto | Jan 2010 | A1 |
| 20100042954 | Rosenblatt et al. | Feb 2010 | A1 |
| 20100069104 | Neil et al. | Mar 2010 | A1 |
| 20100100725 | Ozzie et al. | Apr 2010 | A1 |
| 20100114740 | Dominguez et al. | May 2010 | A1 |
| 20100115578 | Nice et al. | May 2010 | A1 |
| 20100121767 | Coulter et al. | May 2010 | A1 |
| 20100125737 | Kang | May 2010 | A1 |
| 20100131755 | Zhu et al. | May 2010 | A1 |
| 20100180001 | Hardt | Jul 2010 | A1 |
| 20100202609 | Sandhu et al. | Aug 2010 | A1 |
| 20100216425 | Smith | Aug 2010 | A1 |
| 20100217986 | Schneider | Aug 2010 | A1 |
| 20100233996 | Herz et al. | Sep 2010 | A1 |
| 20100257610 | Hohl | Oct 2010 | A1 |
| 20100263021 | Arnott et al. | Oct 2010 | A1 |
| 20100274859 | Bucuk | Oct 2010 | A1 |
| 20100330969 | Kim et al. | Dec 2010 | A1 |
| 20110026716 | Tang et al. | Feb 2011 | A1 |
| 20110086616 | Brand et al. | Apr 2011 | A1 |
| 20110107389 | Chakarapani | May 2011 | A1 |
| 20110113484 | Zeuthen | May 2011 | A1 |
| 20110119765 | Hering et al. | May 2011 | A1 |
| 20110138469 | Ye et al. | Jun 2011 | A1 |
| 20110145900 | Chern | Jun 2011 | A1 |
| 20110197267 | Gravel et al. | Aug 2011 | A1 |
| 20110219449 | St. Neitzel et al. | Sep 2011 | A1 |
| 20110277025 | Counterman | Nov 2011 | A1 |
| 20110302410 | Clarke et al. | Dec 2011 | A1 |
| 20110302630 | Nair et al. | Dec 2011 | A1 |
| 20120063601 | Hart | Mar 2012 | A1 |
| 20120090028 | Lapsley et al. | Apr 2012 | A1 |
| 20120096274 | Campagna et al. | Apr 2012 | A1 |
| 20120198050 | Maki et al. | Aug 2012 | A1 |
| 20120198228 | Oberheide et al. | Aug 2012 | A1 |
| 20120216239 | Yadav et al. | Aug 2012 | A1 |
| 20120227098 | Obasanjo et al. | Sep 2012 | A1 |
| 20120290841 | Jentzsch | Nov 2012 | A1 |
| 20120300931 | Ollikainen et al. | Nov 2012 | A1 |
| 20130042002 | Cheeniyil et al. | Feb 2013 | A1 |
| 20130060708 | Oskolkov et al. | Mar 2013 | A1 |
| 20130081101 | Baer et al. | Mar 2013 | A1 |
| 20130097585 | Jentsch et al. | Apr 2013 | A1 |
| 20130110676 | Kobres | May 2013 | A1 |
| 20130117826 | Gordon et al. | May 2013 | A1 |
| 20130124292 | Juthani | May 2013 | A1 |
| 20130125226 | Shah et al. | May 2013 | A1 |
| 20130174246 | Schrecker et al. | Jul 2013 | A1 |
| 20130179681 | Benson et al. | Jul 2013 | A1 |
| 20130239167 | Sreenivas et al. | Sep 2013 | A1 |
| 20130239168 | Sreenivas et al. | Sep 2013 | A1 |
| 20130239177 | Sigurdson et al. | Sep 2013 | A1 |
| 20130246281 | Yamada et al. | Sep 2013 | A1 |
| 20130263211 | Neuman et al. | Oct 2013 | A1 |
| 20130310006 | Chen et al. | Nov 2013 | A1 |
| 20130326224 | Yavuz | Dec 2013 | A1 |
| 20130326493 | Poonamalli et al. | Dec 2013 | A1 |
| 20140019752 | Yin et al. | Jan 2014 | A1 |
| 20140047546 | Sidagni | Feb 2014 | A1 |
| 20140181517 | Alaranta et al. | Jun 2014 | A1 |
| 20140181520 | Wendling et al. | Jun 2014 | A1 |
| 20140188796 | Fushman et al. | Jul 2014 | A1 |
| 20140201841 | Deshpande et al. | Jul 2014 | A1 |
| 20140208405 | Hashai | Jul 2014 | A1 |
| 20140235230 | Raleigh | Aug 2014 | A1 |
| 20140237236 | Kalinichenko et al. | Aug 2014 | A1 |
| 20140244993 | Chew | Aug 2014 | A1 |
| 20140245278 | Zellen | Aug 2014 | A1 |
| 20140245396 | Oberheide et al. | Aug 2014 | A1 |
| 20140247140 | Proud | Sep 2014 | A1 |
| 20140351954 | Brownell et al. | Nov 2014 | A1 |
| 20140376543 | Malatack et al. | Dec 2014 | A1 |
| 20150012914 | Klein et al. | Jan 2015 | A1 |
| 20150026461 | Devi | Jan 2015 | A1 |
| 20150133094 | Lindeman | May 2015 | A1 |
| 20150237026 | Kumar | Aug 2015 | A1 |
| 20150242643 | Hankins et al. | Aug 2015 | A1 |
| 20160056962 | Mehtala | Feb 2016 | A1 |
| 20160164866 | Oberheide et al. | Jun 2016 | A1 |
| 20160180072 | Ligatti et al. | Jun 2016 | A1 |
| 20160286391 | Khan | Sep 2016 | A1 |
| 20160366589 | Jean | Dec 2016 | A1 |
| 20170039242 | Milton | Feb 2017 | A1 |
| 20170169066 | Mantri | Jun 2017 | A1 |
| Entry |
|---|
| Simske et al., “APEX: Automated Policy Enforcement eXchange”, Sep. 21-24, 2010, ACM, pp. 139-142. |
| Symantec, Administration Guide for Symantec TM Endpoint Protection and Symantec Network Access Control, Aug. 1, 2007. |
| Symantec, Administration guide for symantec Endpoint protection and symantec network access control, 2009, version 11.00.05.00.00. |
| Edge, Kenneth, et al. “The use of attack and protection trees to analyze security for an online banking system.” System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on. IEEE, 2007. |
| Neuenhofen, Kay, and Mathew Thompson. “A secure marketplace for mobile java agents.” Proceeding of the second international Conference on Autonomous agents. ACM, 1998. (pp. 212-218). |
| Aloul S Zahidi; et al. “Two factor authentication using mobile phones,” 2009 IEEE/ACS International Conference on Computer Systems and Applications, Rabat, 2009, pp. 641-644. |
| Bonneau Joseph; et al. “Passwords and the evolution of imperfect authentication.” Communications of the ACM 58.7 (2015): 78-87. |
| Kher Vishal; et al. “Securing distributed storage: challenges, techniques and systems.” Proceedings of the 2005 ACM workshop on Storage security and survivability. ACM, 2005, pp. 9-25. |
| Number | Date | Country | |
|---|---|---|---|
| 20160259640 A1 | Sep 2016 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61876109 | Sep 2013 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 14743783 | Jun 2015 | US |
| Child | 15152916 | US | |
| Parent | 14482796 | Sep 2014 | US |
| Child | 14743783 | US |
