US2009178131A1PendingUtilityA1

Globally distributed infrastructure for secure content management

53
Assignee: MICROSOFT CORPPriority: Jan 8, 2008Filed: Jun 29, 2008Published: Jul 9, 2009
Est. expiryJan 8, 2028(~1.5 yrs left)· nominal 20-yr term from priority
G06F 16/9535H04L 63/0281G06F 2221/2115G06F 2221/2141G06Q 30/0215H04L 63/20G06Q 30/0204G06F 2221/2151G06F 2221/2149G06F 21/55G06F 21/56G06F 21/629H04L 63/14
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.

Claims

exact text as granted — not AI-modified
1 . An infrastructure for providing a security protection service to an IT device, comprising:
 a plurality of POPs, each POP including a suite of security products, each product in the suite arranged for providing one or more security functionalities, one of the security products comprising a forward proxy server for forwarding traffic from the IT device to resource servers on the Internet;   a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers disposed in the hub, and further providing identity management to authenticate and authorize a user of the IT device for the security protection service; and   a management operations center operatively coupled to the hub for implementing centralized management for the infrastructure, the centralized management including monitoring and auditing.   
     
     
         2 . The infrastructure of  claim 1  further including at least one of edge firewall, host security gateway product, NIDs security product, NAP security product, SEM product, SIM product, UTM product, operational health monitoring product, configuration management product, anti-virus product, anti-spyware product, anti-malware product, information leakage prevention, or anti-spam product among the security products in the suite. 
     
     
         3 . The infrastructure of  claim 2  further including an administrator console functionality in one or more of the POPs. 
     
     
         4 . The infrastructure of  claim 3  in which the security products in the suite are operated in response to security policies. 
     
     
         5 . The infrastructure of  claim 4  in which the securities policies are disposed in a database located in either a POP or the hub. 
     
     
         6 . The infrastructure of  claim 5  in which the user accesses the security protection service using a connection to the Internet. 
     
     
         7 . A method for providing a security protection service for IT devices, the method comprising the steps of:
 utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet;   authenticating and authorizing users of the IT devices for the security protection service; and   securing user interactions to the resource servers using one or more security products located in the POP.   
     
     
         8 . The method of  claim 7  including a further step of monitoring clicks performed by the user on web content hosted by the resource servers 
     
     
         9 . The method of  claim 8  including a further step of generating a profile of the user based on the monitoring. 
     
     
         10 . The method of  claim 8  including a further step of providing content or processes to the user based on the profile. 
     
     
         11 . The method of  claim 10  in which the content or processes are personalized to the user. 
     
     
         12 . The method of  claim 11  in which the content or processes comprise one of advertising, search results, or web-based experience. 
     
     
         13 . The method of  claim 12  in which the search results are cleaned by the security protection service. 
     
     
         14 . The method of  claim 13  in which the security protection service is subscription based. 
     
     
         15 . A method for providing a security protection service for IT devices, the method comprising the steps of:
 utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet;   authenticating and authorizing users of the IT devices for the security protection service;   redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience may be implemented; and   managing the forward proxy servers in the POPs using an enterprise management subsystem located in a hub that is coupled to one or more POPs   
     
     
         16 . The method of  claim 15  in which the securing is performed according to predefined security policies, at least a subset of such security policies being part of security policies pertaining to an enterprise. 
     
     
         17 . The method of  claim 15  including a further step of managing the security protection service through one or more centralized management centers, at least one of the centralized management centers being operatively coupled to the hub. 
     
     
         18 . The method of  claim 17  including a further step of performing network optimization in a POP, the network optimization including one of caching, HTTP compression, or QoS enforcement. 
     
     
         19 . The method of  claim 15  including a further step of redirecting a user to a co-located POP, a POP being co-located when network latency is minimized compared with non-co-located POPs and localization of a user experience may be implemented. 
     
     
         20 . The method of  claim 19  in which the localization is performed with at least one of language, time zone, currency, or character set.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.