Application Trust Listing Service
Abstract
Provided are techniques for controlling access to computing resources comprising generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint matches the second fingerprint; and, in response to determining that the first and second fingerprints match, executing the executable file on the computing system; and, in response to determining that the first and second fingerprints do not match, preventing the executable file from executing on the computing system.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method for controlling access to computing resources, comprising:
generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system; generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint matches the second fingerprint; and in response to determining that the first and second fingerprints match, executing the executable file on the computing system.
2 . The method of claim 1 , further comprising, in response to determining that the first and second fingerprints do not match, preventing the executable file from executing on the computing system.
3 . The method of claim 1 , further comprising crowd sourcing the first fingerprint based upon a level of trust a trust list provider has with respect to the first executable file.
4 . The method of claim 1 , wherein the first fingerprint is generated and provided to a service that implements the method by a trust list provider based upon a level of trust the trust list provider has with respect to the first executable.
5 . The method of claim 4 , wherein the trust list provider is from a list consisting of:
security professionals; application developers; trust-listing experts administrators; and application vendors.
6 . The method of claim 4 , further comprising generating and storing information corresponding to reliability of the trust list provider.
7 . The method of claim 1 ,
wherein the generating of first fingerprint comprising combining a first file length corresponding to the first executable file and a plurality of algorithmic hashes of the first executable file; and the generating of second fingerprint comprising combining a second file length corresponding to the second executable file and the plurality of algorithmic hashes of the second executable file
8 . A apparatus for controlling access to computing resources, comprising:
a fingerprint data base service (DNS), the DNS comprising first logic, stored on a first computer-readable storage medium and executed on a first plurality of processors, for:
receiving a request to execute an executable file on a computing system;
generating a first fingerprint corresponding to the executable file;
determining whether or not the first fingerprint matches a second fingerprint; and
in response to determining that the first and second fingerprints match, transmitting a first signal indicating that the executable file may execute;
a zone management service (ZMS), the ZMS comprising second logic, stored on a second computer-readable storage medium and executed on a second plurality of processors, for:
receiving the first signal; and,
in response to receiving the first signal, initiating the executable file on the computing system.
9 . The apparatus of claim 8 ,
the first logic further comprising, in response to determining that the first and second fingerprints do not match, transmitting a signal indicating that the executable file should be prevented from executing on the computing system; and the second logic further comprising logic for:
receiving the second signal; and
in response to receiving the second signal, preventing the executable file from executing on the computing system.
10 . The apparatus of claim 1 , wherein the first fingerprint is crowd sourced based upon a level of trust a trust list provider has with respect to the first executable file.
11 . The apparatus of claim 8 , further comprising an endpoint management platform (EMP), the EMP comprising logic for receiving the second fingerprint from a trust list provider.
12 . The apparatus of claim 11 , wherein the trust list provider is from a list consisting of:
security professionals; application developers; trust-listing experts administrators; and application vendors.
13 . The apparatus of claim 11 , the EMP further comprising logic for receiving and storing information corresponding to reliability of the trust list provider.
14 . The apparatus of claim 8 ,
wherein the first fingerprint comprises a combination of a first file length corresponding to the first executable file and a plurality of algorithmic hashes of the first executable file; and the second fingerprint comprises a combination of a second file length corresponding to the second executable file and the plurality of algorithmic hashes of the second executable file.
15 . A computer programming product for controlling access to computing resources, comprising a non-transitory computer-readable storage medium having program code embodied therewith, the program code executable by a plurality of processors to perform a method comprising:
generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system; generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint latches the second fingerprint; and in response to determining that the first and second fingerprints match, executing the executable file on the computing system.
16 . The computer programming product of claim 15 , the method further comprising, in response to determining that the first and second fingerprints do not match, preventing the executable file from executable on the computer system.
17 . The computer programming product of claim 15 , the method further comprising crowd sourcing the first fingerprint based upon a level of trust a trust list provider has with respect to the first executable file.
18 . The computer programming product of claim 15 , wherein the first fingerprint is generated and provided to a service that implements the method by a trust list provider based upon a level of trust the trust list provide has with respect to the first executable.
19 . The method of claim 18 , the method further comprising generating and storing information corresponding to reliability of the trust list provider.
20 . The method of claim 15 ,
wherein the generating of first fingerprint comprising combining a first file length corresponding to the first executable file and a plurality of algorithmic hashes of the first executable file; and the generating of second fingerprint comprising combining a second file length corresponding to the second executable file and the plurality of algorithmic hashes of the second executable fileCited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.