Apparatus and method to automatically collect data regarding assets of a business entity

US 20030200294A1
Filed: 04/18/2002
Published: 10/23/2003
Est. Priority Date: 04/18/2002
Status: Active Grant

First Claim

Patent Images

1. A process for using a computer to automatically discovery the existence and type of assets in an organization, comprising the steps of:

using one or more network fingerprints to determine the existence of one or more networks and gather information about any discovered networks to determine the type and attributes thereof including the valid addresses on each discovered network, and make an entry in element and data tables recording the attributes of each discovered network;

using the valid addresses of each discovered network and one or more network interface card fingerprints, discovering all the network interface cards that exist on each discovered network and the attributes of each and making an entry in said element and data tables for each found network interface card;

for each network interface card found, using one or more fingerprints for the operating systems the process is capable of detecting, determining the operating system that is controlling each computer coupled to one of the found networks by one of the found network interface cards and making an entry for each found operating system in said element and data tables; and

for each found operating system, using one or more fingerprints for one or more elements of interest to, for each fingerprint, gather attribute data about the element corresponding to the fingerprint being used via said operating system and, using rules in or pointed to by said fingerprint, analyze the attribute data gathered about the element corresponding to the fingerprint to calculate the probability of the elements existence, and make an entry in the element and data tables regarding each found element.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system to automatically gather attribute data about elements such as networks, network interface cards, operating systems, device types, installed software, processes in execution, financial data, etc. in an organization or a designated subset of the organization. Fingerprint files are used, each fingerprint file corresponding to an element of a specific type and each containing a list of attributes that will be found if that element exists in the system. Each fingerprint contains or points to one or more collection instructions which control a data collector process to attempt to gather attribute data. Each fingerprint contains or points to rules that are used to analyze the attribute data gathered to calculate the probability that the element exists. The rules can be fired sequentially, in if-then-else fashion or can be incorporated in a script in loops and with mathematical manipulations, tests and branching for more sophisticated analysis. Fingerprints can be turned on and off by configuration data and can be used in a logical order to do discovery without any prior knowledge of the systems being analyzed. A refresh schedule and collection calendar control how often the fingerprints are used in some embodiments, and collected data is stored with time stamps to enable analysis of changes in the data over time.

Citations

21 Claims

1. A process for using a computer to automatically discovery the existence and type of assets in an organization, comprising the steps of:
- using one or more network fingerprints to determine the existence of one or more networks and gather information about any discovered networks to determine the type and attributes thereof including the valid addresses on each discovered network, and make an entry in element and data tables recording the attributes of each discovered network;
  
  using the valid addresses of each discovered network and one or more network interface card fingerprints, discovering all the network interface cards that exist on each discovered network and the attributes of each and making an entry in said element and data tables for each found network interface card;
  
  for each network interface card found, using one or more fingerprints for the operating systems the process is capable of detecting, determining the operating system that is controlling each computer coupled to one of the found networks by one of the found network interface cards and making an entry for each found operating system in said element and data tables; and
  
  for each found operating system, using one or more fingerprints for one or more elements of interest to, for each fingerprint, gather attribute data about the element corresponding to the fingerprint being used via said operating system and, using rules in or pointed to by said fingerprint, analyze the attribute data gathered about the element corresponding to the fingerprint to calculate the probability of the elements existence, and make an entry in the element and data tables regarding each found element.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The process of claim 1 further comprising the steps of organizing said data entries in said data table so that the specific network cards found on each network can be identified and the specific operating system running the computer that is coupled to a found network by each found network interface card can be determined and so that the elements found via inquiries to each found operating system can be determined.
  - 3. The process of claim 1 further comprising the step of determining from configuration data whether each fingerprint is to be used prior to using it such that selected fingerprints can be turned off.
  - 4. The process of claim 1 further comprising the step of determining dependencies between fingerprints such that if a fingerprint is selected for use which cannot have its attribute data collected until the attribute data of another fingerprint is collected, and, if a dependency is found and the attribute data upon which the currently selected fingerprint is dependent has not yet been collected, halting processing of the currently selected fingerprint at least until the attribute data upon which the currently selected fingerprint is dependent has been collected.
  - 5. The process of claim 1 further comprising the step of determining dependencies between fingerprints such that if a fingerprint is selected for use which cannot have its attribute data collected until the attribute data of another fingerprint is collected, and, if a dependency is found and the attribute data upon which the currently selected fingerprint is dependent has not yet been collected, halting processing of the currently selected fingerprint until the next time said currently selected fingerprint is scheduled by a refresh table to be used to collect attribute data, and, at that time, using the currently selected fingerprint to collect and analyze attribute data if the attribute data upon which the currently selected fingerprint is dependent has been collected.
  - 6. The process of claim 1 further comprising the step of determining dependencies between fingerprints such that if a fingerprint is selected for use which cannot have its attribute data collected until the attribute data of another fingerprint is collected, and, if a dependency is found and the attribute data upon which the currently selected fingerprint is dependent has not yet been collected, halting processing of the currently selected fingerprint until the attribute data of the element upon which the currently selected fingerprint is dependent is collected and then automatically gathering the attribute data of the fingerprint upon which processing was halted because of the unfulfilled dependency.

7. A process for discovering the existence of elements in an organization without having any prior knowledge about the structure of the organization, said elements each being defined by a fingerprint that defines the attributes the element will have and includes a pointer to a set of collection instructions to collect attribute data that define an instance of the element , comprising the steps of:
- 1) starting with a network fingerprint for a possible network that might exist in the organization, executing a collection instruction contained in or pointed to by said network fingerprint to attempt to collect network attribute data for the type of network defined by said network fingerprint;
  
  2) using one or more rules pointed to by the network fingerprint rule selected in step 1 to process any attribute data collected using said network fingerprint collection instructions, and calculating the probability that each type of network element exists, and making an entry in element and data structures at least for each network type element that is found to exist and storing the collected attribute data of any network element found to exist including the range of its valid addresses;
  
  3) repeating this process of steps 1 and 2 for each other network fingerprint available 4) next, using a fingerprint for a network interface card element, executing a collection instruction(s) for each valid address on a first one of the networks found in steps 1 through 3 to attempt to collect network interface card (hereafter NIC) attribute data for the type of network interface card defined by said network interface card fingerprint at each valid address of a first network, said collection instruction being contained in the fingerprint or pointed to thereby;
  
  5) for each NIC that responded and from which attribute data was collected, using one or more fingerprint rules in said network interface card fingerprint to process the collected attribute data to calculate the probability that a network interface card of the type defined by said NIC fingerprint exists at each valid address of the network probed in step 4 from which a response was received and making a NIC instance entry in the element and data tables for each NIC found by steps 4 and 5 ; and
  
  recording the attribute data of each said NIC in the instance record thereof;
  
  6) repeating steps 4 and 5 for every other network interface card fingerprint available at every valid network address of the same network probed in step 4, and then repeat steps 4, 5 and 6 for each other network found in steps 1 through 3;
  
  7) for each NIC found in steps 4 through 6, select an operating system fingerprint from the operating system fingerprints and execute a collection instruction contained in said fingerprint or pointed to thereby to attempt to determine what type of operating system is being executed by the computer to which said NIC is coupled;
  
  8) repeating step 7 for every other type of operating system fingerprint for each NIC for which the operating system of the NIC'"'"'s host computer is unknown until all operating systems are known or no further knowledge about the type of operating system can be gained;
  
  9) for each different type of operating system found, use the appropriate fingerprints for each different type of element of interest about the computer or files or applications programs thereon and execute collection instructions to invoke the proper function calls of the operating system to collect the attribute data of the elements of interest;
  
  10) then, for each set of gathered attribute data for a particular element of interest gathered from a particular computer, apply the appropriate fingerprint rule or rules for elements of that type on a computer of the type of said particular computer executing the type operating system said particular computer is executing to calculate the probability of existence of an element of that type on said particular computer from which the attribute data was collected, and make an instance entry for an element of that type including its attribute data in a data table showing the proper relationship to the network, NIC and operating system instance entries for the computer on which the element was found.
- View Dependent Claims (8, 9, 10)
- - 8. The process of claim 7 further comprising the steps of:
    - repeating steps 1 through 10 at intervals specified by a refresh schedule or collection calendar or by user action causing the process to be repeated; and
      
      as each instance of an object is found, recording said instance in said data table with a timestamp indicating when said instance was found or recorded so that changes in the attributes or existence of nonexistence of elements over time can be observed.
  - 9. The process of claim 7 further comprising the steps of:
    - determining if any dependencies exist before executing the collection instruction of a fingerprint; and
      
      , if so, waiting until the condition precedent has occurred, before executing the collection instruction of the dependent footprint.
  - 10. The process of claim 7 further comprising the steps of:
    - determining if any dependencies exist before executing the collection instruction of a first fingerprint, and, if so, automatically executing the collection instructions of the condition precedent fingerprint or fingerprints upon which execution of the collection instruction of said first fingerprint is dependent; and
      
      upon completion of the execution of the collection instructions of the condition precedent fingerprint or fingerprints, automatically executing the collection instruction of said first fingerprint.

11. A process for discovering the existence of elements in an organization'"'"'s networks or designated subset of networks, said elements each being defined by a fingerprint that defines the attributes the element will have and includes a pointer to a set of collection instructions to collect attribute data that define an instance of the element, comprising the steps of:
- 1) making a manual entry for each network instance in an organization in a data table including some or all of the attribute data of the network;
  
  2) using the valid addresses of each network and one or more network interface card fingerprints which are indicated as active by configuration data, discovering all the network interface cards that exist on each network and the attributes of each and making an entry in a data table for each found network interface card which indicates its attributes such as its type, to which network it is coupled and which address on said network has been assigned to it;
  
  3) for each network interface card found, using one or more fingerprints which are indicated as active in by configuration data for the operating systems the process is capable of detecting, determining the operating system that is controlling each device coupled to one of the found networks by one of the found network interface cards and making an entry for each found operating system in a data table in such a way as to indicate on which network and which device, as identified by the attributes of the device'"'"'s network interface card, the operating system is executing; and
  
  4) for each found operating system, using one or more fingerprints indicated as active by configuration data and which correspond to one or more elements of interest to gather information via said operating system about the existence and attributes of said one or more elements of interest, and making an entry in a data table regarding each found element in such a way to indicate on which device each said element exists.
- View Dependent Claims (12)
- - 12. The process of claim 11 further comprising the steps of, after performing steps 1 through 4 a first time to discover all assets in the system, checking refresh schedule and collection calendar data for each fingerprint indicated as active by said configuration data and when said refresh data indicates it is time to gather the attribute data about each element corresponding to an active fingerprint, using each said fingerprint to gather and analyze attribute data about the corresponding element and making an entry in said data table along with a timestamp.

13. An article of manufacture comprising:
- a computer useable medium having computer readable program code embodied therein for automatically using fingerprint files in a logical sequence to control the automated collection of attribute data about elements of an organization without having any pre-knowledge about the existence or structure of the computer networks in an organization and analyze said attribute data to determine the probability of existence or nonexistence of various elements and record the attributes thereof, the computer readable program code comprising;
  
  a computer readable program code segment to control a computer to use one or more network fingerprints to determine the existence of one or more networks and gather information about any discovered networks to determine the type and attributes thereof including the valid addresses on each discovered network, and to make an entry in a data table recording the attributes of each discovered network;
  
  a computer readable program code segment to control a computer to use the valid addresses of each discovered network and one or more network interface card fingerprints, and discover all the network interface cards that exist on each discovered network and the attributes of each and making an entry in said data table for each found network interface card indicating upon which network it was found and the attributes thereof such as its assigned network address;
  
  a computer readable program code segment to control a computer to, for each network interface card found, use one or more fingerprints for the operating systems the article of manufacture is capable of detecting, and determine the operating system that is controlling each device coupled to one of the found networks by one of the found network interface cards and make an entry for each found operating system in said data table; and
  
  a computer readable program code segment for controlling a computer to, for each found operating system, use one or more fingerprints for one or more elements of interest the attribute data of which is capable of being gathered by invocation of function calls or the giving of commands to the operating system controlling the computer upon which the element of interest resides, to, for each said fingerprint, gather attribute data about the element corresponding to the fingerprint via said operating system, and analyze said attribute data using one or more rules in or pointed to by the fingerprint used to gather the attribute data to calculate the probability of existence of the element and make an entry in said data table regarding each found element.
- View Dependent Claims (14, 15, 16)
- - 14. The article of manufacture of claim 13 further comprising a code segment that controls a computer to check configuration data to determine if a fingerprint is active before using the fingerprint.
  - 15. The article of manufacture of claim 13 further comprising a code segment that controls a computer to check a refresh schedule and collection calendar and use said fingerprints to gather and analyze attribute data at the frequency specified in said refresh schedule and collection calendar for each said fingerprint.
  - 16. The article of manufacture of claim 14 further comprising a code segment that controls a computer to check a refresh schedule and collection calendar and use said fingerprints that said configuration data indicates are active to gather and analyze attribute data at the frequency specified in said refresh schedule and collection calendar for each said fingerprint.

17. An article of manufacture comprising:
- a computer useable medium having computer readable program code embodied therein for automatically using fingerprint files in a logical sequence to control the automated collection of attribute data about elements of an organization without having any prior knowledge about the existence or structure of the computer networks in an organization and analyze said attribute data to determine the probability of existence or nonexistence of various elements and record the attributes thereof, the computer readable program code comprising;
  
  1) a computer readable program code segment for controlling a computer to select a network fingerprint for a possible network that might exist in the organization, and execute a collection instruction contained in or pointed to by said network fingerprint to attempt to collect network attribute data for the type of network defined by said network fingerprint;
  
  2) a computer readable program code segment for controlling a computer to use one or more rules pointed to by the network fingerprint rule selected by code segment 1 to process any attribute data collected using said network fingerprint collection instructions, and calculate the probability that each type of network element exists, and make an entry in the element and data structures at least for each network type element that is found to exist and store the collected attribute data of any network element found to exist including the range of its valid addresses in a data table;
  
  3) a computer readable program code segment for controlling a computer to repeat the processing of code segments 1 and 2 for each other network fingerprint available;
  
  4) a computer readable program code segment for controlling a computer to, after finding all or a designated subset of networks that exist in the organization, select a fingerprint for a network interface card element (hereafter NIC), and execute a collection instruction(s) for each valid address on a first one of the networks found by code segments 1 through 3 to attempt to collect network interface card attribute data for the type of network interface card defined by said network interface card fingerprint at each valid address of a first network, said collection instruction being contained in the fingerprint or pointed to thereby;
  
  5) computer readable program code segment for controlling a computer to, for each NIC that responded and from which attribute data was collected in response to processing carried out by code segment 4, use one or more fingerprint rules in said network interface card fingerprint to process the collected attribute data to calculate the probability that a network interface card of the type defined by said NIC fingerprint exists at each valid address of the network probed by code segment 4 from which a response was received and make a NIC instance entry in a data table for each NIC found by code segments 4 and 5, and record the attribute data of each said NIC in the instance record thereof in said data table;
  
  6) a computer readable program code segment for controlling a computer to repeat the processing of code segments 4 and 5 for every other network interface card fingerprint available at every valid network address of the same network probed by code segment 4, and then cause the repeating of the processing of code segments 4, 5 and 6 for each other network found by code segments 1 through 3;
  
  7) a computer readable program code segment for controlling a computer to, for each NIC found by code segments 4 through 6, select an operating system fingerprint from the operating system fingerprints available and execute a collection instruction contained in said fingerprint or pointed to thereby to attempt to determine what type of operating system is being executed by the computer to which said NIC is coupled;
  
  8) a computer readable program code segment for controlling a computer to cause the repeating of code segment 7 for every other type of operating system fingerprint available for each NIC for which the operating system of the NIC'"'"'s host device is unknown until all operating systems are known or no further knowledge about the type of operating system can be gained;
  
  9) a computer readable program code segment for controlling a computer to, for each different type of operating system found, use the appropriate fingerprints for each different type of element of interest about the device or files or applications programs thereon and execute collection instructions to invoke the proper function calls of the operating system or give the proper commands to the operating system to collect the attribute data of the elements of interest;
  
  10) a computer readable program code segment for controlling a computer to, for each set of gathered attribute data for a particular element of interest gathered from a particular device, apply the appropriate fingerprint rule or rules for elements of that type to calculate the probability of existence of an element of that type on said particular device from which the attribute data was collected, and make an instance entry for an element of that type including its attribute data in a data table showing the proper relationship to the network, NIC and operating system instance entries for the computer on which the element was found.
- View Dependent Claims (18, 19, 20)
- - 18. The article of manufacture of claim 17 further comprising a code segment that controls a computer to check configuration data to determine if a fingerprint is active before using the fingerprint.
  - 19. The article of manufacture of claim 17 further comprising a code segment that controls a computer to check a refresh schedule and collection calendar and use said fingerprints to gather and analyze attribute data at the frequency specified in said refresh schedule and collection calendar for each said fingerprint.
  - 20. The article of manufacture of claim 18 further comprising a code segment that controls a computer to check a refresh schedule and collection calendar and use said fingerprints that said configuration data indicates are active to gather and analyze attribute data at the frequency specified in said refresh schedule and collection calendar for each said fingerprint.

21. An apparatus for automatically discovering the elements which are present in a company having one or more wired or wireless networks, comprising:
- a computing device coupled to one or more networks of a company;
  
  a data structure containing data defining elements the system can recognize by the attributes each element has and data defining collections instructions on how to collect attribute data for each type of element the system can recognize and definitions of which protocols to use to collect said attribute data, and data defining at least one fingerprint rule for each element the system can recognize and that can be used to analyze collected attribute data and draw conclusions regarding the probability of existence or non existence of an element;
  
  one or more programs controlling said computer to implement said protocols and to use said collection instructions and protocols to collect said attribute data and to use said fingerprint rules to analyze said attribute data and at least make an entry in said data structure for each element found.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BDNA Corporation (Flexera Software LLC)
Original Assignee
BDNA Corporation (Flexera Software LLC)
Inventors
Delivanis, Constantin Stelio, Thorpe, John Robert, Marker, Charles Larry II, Black, Alistair D?apos;Lougar

Granted Patent

US 6,988,134 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 41/0213   Standardised network manage...

H04L 41/0233   Object-oriented techniques,...

H04L 41/0853   by actively collecting conf...

H04L 41/0866   Checking the configuration

H04L 41/12   Discovery or management of ...

H04L 41/20   Network management software...

Apparatus and method to automatically collect data regarding assets of a business entity

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method to automatically collect data regarding assets of a business entity

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links