System and method of monitoring and controlling application files
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/00
G06F-015/177
G06F-009/44
G06F-009/445
출원번호
UP-0624635
(2007-01-18)
등록번호
US-7797270
(2010-10-04)
발명자
/ 주소
Kester, Harold M.
Hegli, Ronald B.
Dimm, John Ross
Anderson, Mark Richard
출원인 / 주소
Websense, Inc.
대리인 / 주소
Knobbe Martens Olson & Bear LLP
인용정보
피인용 횟수 :
22인용 특허 :
85
초록▼
A system and method for updating a system that controls applications requested for execution on a workstation. A workstation management module is configured to detect requested execution of an application. A workstation application server receives data associated with the application from the workst
A system and method for updating a system that controls applications requested for execution on a workstation. A workstation management module is configured to detect requested execution of an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized and provides the category to the application server module; which forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy to control access to the requested application on the workstation.
대표청구항▼
What is claimed is: 1. A method of controlling operation of an application on a workstation, the method comprising: detecting, with a processor, a launch of an application on the workstation; determining whether the application is categorized, wherein a categorized application is associated with on
What is claimed is: 1. A method of controlling operation of an application on a workstation, the method comprising: detecting, with a processor, a launch of an application on the workstation; determining whether the application is categorized, wherein a categorized application is associated with one or more policies; if the application is locally categorized, then applying the one or more policies that are associated with the application; if the application is not locally categorized, then uploading data indicative of the application to an application server module; and determining whether the application is identified in an application inventory database of categorized applications, wherein a categorized application is associated with one or more categories; and if the application is not identified in the application inventory database, then posting the data indicative of the application to an uncategorized application database, if the application is identified in the application inventory database, then applying one or more policies associated with the application. 2. The method of claim 1, wherein the one or more policies include allowing or disallowing the application to run based on the one or more categories associated with the application and a user of the workstation. 3. The method of claim 1 further comprising: uploading the uncategorized application database to an application database factory; determining whether each application has been previously categorized by the application database factory; for each application that was not previously categorized, categorizing each application and/or data associated with the application by associating one or more categories with each application. 4. The method of claim 3 further comprising: posting data indicative of each application along with its associated one or more categories into a database of categorized applications; and downloading the database of categorized applications for incorporation into the application inventory database. 5. The method of claim 3 further comprising: updating a request frequency in the application inventory database if the application is in the application inventory database; and uploading the application inventory database request frequency and the associated application to the application database factory. 6. The method of claim 3, wherein the one or more policies include allowing the application to run on the workstation based on the one or more categories associated with the application and a user of the workstation. 7. The method of claim 3, wherein the logging database further includes additional data associated with the application. 8. The method of claim 7, wherein the additional data includes a request frequency. 9. The method of claim 7, wherein the additional data includes a suite. 10. The method of claim 7, wherein the additional data includes a publisher. 11. The method of claim 7, wherein the additional data includes a source directory. 12. The method of claim 1 further comprising: analyzing the application and/or the additional data associated with the application for data characteristics that are indicative of the one or more categories; and associating one or more indicators with the application. 13. The method of claim 12, wherein the analyzing the application and/or additional data is performed on text strings that are associated with the application. 14. The method of claim 12, wherein the one or more indicators can include a category flag. 15. The method of claim 14, further comprising screening the application using the one or more indicators prior to uploading the uncategorized application database to the application database factory. 16. A method of controlling execution of programs on a workstation, the method comprising: detecting with a processor a launch of a program at the workstation; determining whether the program is identified in a table; if the program is identified, applying a first rule that is associated with the program; pre-filtering the program and/or data associated with the program for data characteristics that are indicative of one or more categories; associating a second rule with the program based on at least in part the one or more categories indicated by the data characteristics; if the program is not identified, posting data indicative of the program to a database. 17. A method of controlling programs on a workstation, the method comprising: detecting, with a processor a launch of an application on the workstation; generating a hash value for the launched application; determining whether the application is categorized by comparing the generated hash value to one or more hash values in a hash/policy table, the hash/policy table including one or more policies associated with the one or more hash values; if the generated hash value matches one or more of the hash values in the hash/policy table, then applying the one or more policies that are associated with the one or more hash values; if the generated hash value does not match one or more hash values in the hash/policy table, then posting information about the application to a logging database; uploading the logging database to an application server module; determining whether the application from the logging database is in an application inventory database; and if the application is not identified in the application inventory database, then posting information about the application to an uncategorized application database. 18. The method of claim 17 further comprising scanning the logging database to determine a frequency count for the application. 19. The method of claim 17 further comprising: uploading the uncategorized application database to an application database factory; determining whether the application has been previously categorized by the application database factory; and for each application that was not previously categorized, categorizing each application by selecting one or more categories associated with that application. 20. The method of claim 19, further comprising: posting data indicative of each application along with its selected one or more categories into a database of categorized applications; and downloading the database of categorized applications for incorporation into the application inventory database. 21. A method of controlling applications on a workstation, the method comprising: detecting, with a processor, a running application on a workstation; determining whether the running application is identified in a database; if the running application is not identified in the database, then storing data indicative of the running application to the database; associating one or more policies to the running application; and controlling the running application based on the one or more policies; pre-filtering the program and/or data associated with the program for data characteristics that are indicative of one or more categories; associating a rule with the program based on at least in part the one or more categories indicated by the data characteristics.
Brandt Marcia Lynn ; Brown Kenneth Edgar ; Dykes Pernell James ; Lindberg Erik Duane ; Olson Diane Elaine ; Selden Jeffrey Edward ; Snyder Devon Daniel ; Walts James Orrin, Computer apparatus and method for providing a common user interface for software applications accessed via the world-wid.
Shieh Johnny Meng-Han ; Maddalozzo ; Jr. John ; McBrearty Gerald Francis, Filtered utilization of internet data transfers to reduce delay and increase user control.
Benantar Messaoud ; Blakley ; III George Robert ; Nadalin Anthony Joseph, Information handling system, method, and article of manufacture for efficient object security processing by grouping obj.
Bond,Paul W.; Casper,Daniel F.; Chencinski,Edward; Hoke,Joseph M.; Livolsi,Robert R., Initialization of a bidirectional, self-timed parallel interface with automatic testing of AC differential wire pairs.
Radia Sanjay R. ; Lim Swee Boon ; Tsirigotis Panagiotis ; Wong Thomas K. ; Goedman Robert J. ; Patrick Michael W., Method and apparatus for dynamic packet filter assignment.
Poliquin Lynn R. (Goffstown NH) Arrowsmith Russell (Merrimack NH) Lewis Lundy (Mason NH) Tracy William (Chelmsford MA), Method and apparatus for policy-based alarm notification in a distributed network management environment.
Baugher Mark J. (Austin TX) Chang Philip Y. (Austin TX) Morris Gregory L. (Round Rock TX) Stephens Alan P. (Austin TX), Method and apparatus for reserving system resources to assure quality of service.
Skopp Peter ; Vitale Benjamin F. ; Marur Vinod R. ; Tse Clifford S.C. ; Dulai Dharmender S., Method and apparatus to determine user identity and limit access to a communications network.
Theimer Marvin M. (Mountain View CA) Spreitzer Michael J. (Tracy CA) Weiser Mark D. (Palo Alto CA) Goldstein Richard J. (San Francisco CA) Elrod Scott A. (Redwood City CA) Swinehart Daniel C. (Palo A, Method for granting a user request having locational and contextual attributes consistent with user policies for devices.
Theimer Marvin M. (Mountain View CA) Spreitzer Michael J. (Tracy CA) Weiser Mark D. (Palo Alto CA) Goldstein Richard J. (San Francisco CA) Terry Douglas B. (San Carlos CA) Schilit William N. (Palo Al, Selective delivery of electronic messages in a multiple computer system based on context and environment of a user.
Donald George Paul Waters GB; Jeremy Pavier GB; Graham David Turner GB; Richard Dewitt Cox ; Andrew Timothy Hunter ; Jeffrey Kevin Rand ; Nicolas Duncan Barker Smith GB, Service creation apparatus for a communications network.
Joseph L. Stern, System and method for accessing, manipulating and viewing internet and non-internet related information and for controlling networked devices.
Stern,Joseph L., System and method for controlling networked devices and accessing, manipulating and viewing internet and non-internet related information through multiple sessions.
Finney Michael S. ; Snider Michael L. ; Wright Randall S. ; Paynter James W. ; Bard Robin R., System and method for distributing electronic messages in accordance with rules.
Bryant David M. (Cardiff CA) Corbeil Ryn C. (Bridgewater NJ) Malcolm Michael A. (Waterloo CA CAX) Thompson Donald R. (San Diego CA), System and method for name-lookup in a local area network data communication system.
Holden James M. ; Levin Stephen E. ; Nickel James O. ; Wrench Edwin H., System and method for providing multi-level security in computer devices utilized with non-secure networks.
Baker Brenda Sue (Berkeley Heights NJ) Grosse Eric (Berkeley Heights NJ), System and method for restricting user access rights on the internet based on rating information stored in a relational.
Akiyoshi Takashi (Osaka JPX) Matsuse Tetsuo (Ikoma-gun JPX), System for automatically generating and saving control information in a server if requested by a client at system initia.
Schmidt Jonathan ; Donzis Lewis ; Donzis Henry ; Murphy John ; Baron Peter ; Savage Herb, System for controlling users access to a distributive network in accordance with constraints present in common access.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., System for on-line service in which gateway computer uses service map which includes loading condition of servers broad.
Horvitz, Eric J.; Kadie, Carl M.; Ozer, Stuart; Wong, Curtis G., Training, inference and user interface for guiding the caching of media content on local stores.
Nicholls, Jonathan; Hunter, Edward; Moussavian, Negeen; Moussavian, Amir; Lewis, Mark, Information throttle that enforces policies for workplace use of electronic devices.
Brodie, Carolyn; Brown, Nigel; Karat, John; Karat, Clare Marie; Malkin, Peter, Privacy ontology for identifying and classifying personally identifiable information and a related GUI.
Kester, Harold M.; Kester Jones, legal representative, Nicole; Dimm, John Ross; Anderson, Mark Richard; Papa, Joseph, System and method of monitoring and controlling application files.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.