Computer system with update-based quarantine

US 20070198525A1
Filed: 02/13/2006
Published: 08/23/2007
Est. Priority Date: 02/13/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of operating a computer system having a client, a first service and a second service, the method comprising:

a) receiving with the first service a request for network access from the client;

b) in response to the request for network access, sending a request for status from the first service to the second service, the request for status identifying the client;

c) receiving at the first service information about the status of the client from the second service; and

d) making a determination relating to network access for the client, the determination being based at least in part on the received information about the status.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A managed network with a quarantine enforcement policy based on the status of installed updates for software on each client seeking access to the managed network. To determine whether a client requesting access has up-to-date software, an access server may communicate directly with an update server to determine the update status of the client requesting access. Information from the update server allows the update server to determine which update the client requesting access is missing. The access server may also receive an indication of the severity of the updates missing from the client requesting access. The access server may use the severity information to apply a quarantine enforcement policy, thereby avoiding the need for either the client or access server to be programmed to identify specific software updates that must be installed for a client to comply with a quarantine enforcement policy. To reduce network congestion and delays seeking access to the network, the quarantine enforcement policy includes a deadline by which updates must be installed. Establishing a deadline allows a grace period during which clients may download new updates and avoids network congestion from multiple clients downloading updates simultaneously.

Citations

20 Claims

1. A method of operating a computer system having a client, a first service and a second service, the method comprising:
- a) receiving with the first service a request for network access from the client;
  
  b) in response to the request for network access, sending a request for status from the first service to the second service, the request for status identifying the client;
  
  c) receiving at the first service information about the status of the client from the second service; and
  
  d) making a determination relating to network access for the client, the determination being based at least in part on the received information about the status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of operating a computer system of claim 1, wherein the second service executes on an update server and the method further comprises:
    - e) sending a software update from the update second server to the client.
  - 3. The method of claim 2, wherein sending a software update comprises sending the software update prior to receiving the request for network access.
  - 4. The method of claim 2, wherein the information about the status of the client comprises information about the software update status of the client and wherein sending the software update comprises sending the software update after making a determination relating to network access and wherein the method further comprises:
    - f) granting network access to the client after sending the software update.
  - 5. The method of claim 2, wherein receiving a request for network access comprises receiving an identifier of the update server.
  - 6. The method of claim 1, wherein receiving a request for network access comprises receiving an indication of the time at which the client last downloaded a catalogue of available software updates.
  - 7. The method of claim 1, further comprising generating a statement of health by taking actions comprising scanning the client to determine whether it includes software operating according to a predetermined policy.
  - 8. The method of claim 7, wherein receiving a request for network access comprises receiving the statement of health.

9. A method of operating a computer system having a client and a server, the method comprising:
- a) sending a request for network access from the client to the server;
  
  b) in response to the request for access, identifying a category of software update available but not installed on the client, the category of software update being one of an enumerated set of software update classifications; and
  
  c) making a determination relating to network access for the client based on the category of the software update.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the enumerated set comprises:
    - critical, important, moderate and low.
  - 11. The method of claim 9, wherein the computer system further comprises a second server and identifying the category of software update comprises receiving an indication of the category at the server from the second server.
  - 12. The method of claim 11, wherein making a determination is performed by the server.
  - 13. The method of claim 9, wherein:
    - i) the method further comprises executing an agent on the client to obtain an indication of operational status of the client; and
      
      ii) sending a request for network access comprises communicating the indication of operational status of the client to the server.
  - 14. The method of claim 13, wherein identifying a category of software update comprises receiving at the server information on software updates available to the client separate from the indication of operational status of the client.
  - 15. The method of claim 9, further comprising establishing a policy according to a method of establishing a policy comprising:
    - i) displaying a user interface including a list of severity ratings; and
      
      ii) receiving through the user interface user input specifying a severity rating in the list of the severity ratings; and
      
      wherein making a determination comprises determining that the category of the software update matches the severity rating specified in the user input.
  - 16. The method of claim 15, wherein the method of establishing a policy further comprises receiving through the user interface policy attributes concerning at least one of antivirus protection, a firewall and spyware protection.

17. A method of operating a computer system having a client, a first service and a second service, the method comprising:
- a) receiving with the first service a request for network access from the client, the request for network access including a first time value indicative of the time at which the client was updated;
  
  b) receiving with the first service information from the second service a second time value indicating when an update for the client was available; and
  
  c) making a determination relating to network access for the client based at least in part on the first time value and second time value.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein making a determination comprises comparing the difference between the first time and the second time to a predetermined policy.
  - 19. The method of claim 18, further comprising:
    - d) in response to the determination relating to network access, obtaining an update for the client; and
      
      e) repeating a), b) and c) following d).
  - 20. The method of claim 19, wherein receiving with the first service a request for network access from the client, comprises receiving a request for network access including a first time value indicative of the time at which the client obtained a catalogue of available updates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gao, Yang, Shepard, Marc, Choe, Calvin, Kachachi, Bashar, Sheth, Sachin, Lee, Michael, Chatterjee, Arindam, Jeffries, Charles, Leban, Bruce, Venkitaraman, Lakshmanan, Seal, Shankar, Stratton, Patrick, Shipman, Jeffrey

Application Number

US11/353,872
Publication Number

US 20070198525A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 8/60   Software deployment

Computer system with update-based quarantine

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system with update-based quarantine

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links