Security policy update supporting at least one security service provider
First Claim
1. A method, implemented in a computing device, the method comprising:
- accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be used by the plurality of security engines in place of a current security policy;
each of the plurality of security engines processing at least a portion of the new security policy to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules; and
switching, after each of the plurality of security engines is ready to begin using the new security policy, each of the plurality of security engines to the new rules substantially concurrently.
2 Assignments
0 Petitions
Accused Products
Abstract
Security policy update supporting at least one security service provider includes each of one or more security service providers receiving a set of new rules to be enforced as part of a new security policy. Each security service provider processes the new rules in order to be ready to begin using the new rules, but continues to use the previous set of rules until instructed to begin using the new rules. When all of the one or more security service providers are ready to begin using the new rules, they are instructed to begin using the new rules at which point all of the security service providers begin using the set of new rules substantially concurrently.
95 Citations
53 Claims
-
1. A method, implemented in a computing device, the method comprising:
-
accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be used by the plurality of security engines in place of a current security policy;
each of the plurality of security engines processing at least a portion of the new security policy to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules; and
switching, after each of the plurality of security engines is ready to begin using the new security policy, each of the plurality of security engines to the new rules substantially concurrently. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. One or more computer readable media having one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to:
-
obtain a new security policy for a plurality of security engines of the device;
notify each of the plurality of security engines of one or more rules from the new security policy; and
wait until each of the plurality of security engines has indicated that it is ready to begin using the new security policy; and
after receipt of an indication that each of the plurality of security engines is ready to begin using the new security policy, instruct each of the plurality of security engines to begin using the new security policy. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A method comprising:
-
notifying each of a plurality of security service providers in a computing device of one or more new rules;
waiting until each of the plurality of security service providers has indicated that it is ready to begin using the one or more new rules it was notified of; and
indicating, to each of the plurality of security service providers after receipt of the indications that the plurality of security service providers are ready to begin using the one or more new rules they were notified of, that the security service provider is to begin using the one or more new rules it was notified of. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. One or more computer readable media having one or more instructions that, when executed by one or more processors, causes the one or more processors to:
-
receive an indication of a new security policy to be used;
generate a new set of rules having associated data based on the new security policy;
continue to use a previous set of rules and associated data until an indication to begin using the new set of rules and associated data is identified; and
using, upon identifying the indication, the new set of rules and associated data. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method, implemented in a security engine of a computing device, the method comprising:
-
receiving a new set of rules to be enforced;
using a previous set of rules until an indication to begin using the new set of rules is received; and
enforcing, in response to receipt of the indication, the new set of rules. - View Dependent Claims (41, 42, 43, 44, 45, 46)
-
-
47. A system comprising:
-
a policy reader to obtain a new security policy to be enforced on the system;
a plurality of security service providers;
a rule set generator to generate, for each of the plurality of security service providers, a new set of rules to implement the new security policy;
a manager to send, to all of the plurality of security service providers at substantially the same time, an indication to begin using the new set of rules; and
wherein each of the plurality of security service providers continues to enforce a previous set of rules until instructed to enforce the new set of rules. - View Dependent Claims (48, 49)
-
-
50. A system comprising:
-
means for accessing a new security policy to be implemented by a plurality of security engines in the system, wherein the new security policy is to be used by the plurality of security engines in place of a current security policy;
means for each of the plurality of security engines to continue to operate using the current security policy until an indication is received by each of the security engines to begin using the new security policy; and
means for having each of the plurality of security engines begin using the new security policy substantially concurrently. - View Dependent Claims (51, 52, 53)
-
Specification