Secure Software Deployments

US 20090007096A1
Filed: 06/28/2007
Published: 01/01/2009
Est. Priority Date: 06/28/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

preparing a software package for installation on a host device of a networked environment;

publishing the software package to an installation portion of the networked environment;

storing the software package in the installation portion;

preparing a policy and deployment information associated with the software package;

publishing the policy and deployment information to the installation portion;

storing the policy and deployment information in the installation portion;

communicating the policy and deployment information during a periodic synchronization between the host device and the installation portion;

determining that the host device is intended to receive the software package based on the policy and deployment information communicated during the periodic synchronization; and

installing the software package on the host device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for secure software deployments are described. In one implementation, a software package is published to an installation portion of a networked environment and stored. Similarly, an applicability rule (or policy) associated with the software package is published to the installation portion and stored. During a periodic synchronization between a host device and the installation portion, the applicability rule is communicated, and a determination is made whether the host device is intended to receive the software package based on the applicability rule communicated during the periodic synchronization. If the applicability rule is satisfied, the software package is installed on the host device. In a further implementation, the software package may be installed on the host device via a communication channel that is normally designated for non-routine communications, such as security packet updates and other administrative functions.

Citations

20 Claims

1. A method, comprising:
- preparing a software package for installation on a host device of a networked environment;
  
  publishing the software package to an installation portion of the networked environment;
  
  storing the software package in the installation portion;
  
  preparing a policy and deployment information associated with the software package;
  
  publishing the policy and deployment information to the installation portion;
  
  storing the policy and deployment information in the installation portion;
  
  communicating the policy and deployment information during a periodic synchronization between the host device and the installation portion;
  
  determining that the host device is intended to receive the software package based on the policy and deployment information communicated during the periodic synchronization; and
  
  installing the software package on the host device.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9)
- - 2. The method of claim 1, wherein publishing the software package to an installation portion includes publishing the software package to an update server of the installation portion.
  - 3. The method of claim 2, wherein publishing the policy and deployment information to the installation portion includes publishing the policy and deployment information to an authentication server of the installation portion, the authentication server being distinct from the update server.
  - 4. The method of claim 1, wherein at least one of publishing the software package and publishing the policy and configuration information includes acknowledging a license agreement.
  - 5. The method of claim 1, wherein determining that the host device is intended to receive the software package based on the policy and deployment information includes determining that the host device is targeted to receive the software package and that the software package is not currently installed on the host device.
  - 6. The method of claim 1, wherein determining that the host device is intended to receive the software package based on the policy and deployment information includes determining that one or more policy values exist within a registry component on the host device.
  - 8. The method of claim 1, further comprising communicating the software package from the installation portion to the host device.
  - 9. The method of claim 8, wherein the host device is policy-restricted from routine communications with other components of the networked environment, and wherein communicating the software package includes communicating the software package over a communication channel that is designated for non-routine communications.

7. The method of claim 7, wherein installing the software package on the host device includes installing the software package via a communication channel that is designated for non-routine communications.

10. A method, comprising:
- a publication portion that includes;
  
  publishing a software package to an installation portion of a networked environment; and
  
  publishing an applicability rule to the installation portion separately from the publication of the software package;
  
  a targeting portion that includes;
  
  storing the software package; and
  
  storing the applicability rule; and
  
  an installation portion that includes;
  
  performing a synchronization of one or more host devices with the installation portion, including communicating the applicability rule;
  
  determining whether one or more of the host devices satisfies the applicability rule, and presently does not have installed, the software package; and
  
  if the determination is satisfied for at least some of the host devices, installing the software package on the at least some of the host devices.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein at least one of publishing the software package and publishing the applicability rule includes acknowledging a license agreement.
  - 12. The method of claim 10, wherein determining whether one or more of the host devices satisfies the applicability rule includes determining whether one or more policy values exist within a registry component on the one or more of the host devices.
  - 13. The method of claim 10, wherein determining whether one or more of the host devices satisfies the applicability rule includes determining whether a certain name/value pair exists in a local policy on the one or more of the host devices.
  - 14. The method of claim 10, wherein the publication portion further comprises identifying at least one of a hot-fix and a pre-requisite package;
    - and publishing the at least one of the hot-fix and the pre-requisite package to the installation portion for installation on the one or more host devices.
  - 15. The method of claim 14, wherein installing the software package on the at least some of the host devices includes installing the at least one of the hot-fix and the pre-requisite package.
  - 16. The method of claim 10, wherein installing the software package on the at least some of the host devices includes installing the software package over a communication channel that is designated for non-routine communications.

17. One or more computer-readable media storing computer-executable instructions that, when executed, perform a method comprising:
- publishing a software package to an installation portion of the networked environment;
  
  publishing a policy to the installation portion, the publishing of the policy being decoupled from the publishing of the software package;
  
  storing the software package and the policy in the installation portion;
  
  communicating the policy during a periodic synchronization between the installation portion and at least one host device;
  
  determining whether the at least one host device satisfies the policy communicated during the periodic synchronization; and
  
  if the policy is satisfied, installing the software package on the at least one host device.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer-readable media of claim 17, wherein determining whether the at least one host device satisfies the policy includes determining that the at least one host device is targeted to receive the software package and that the software package is not currently installed on the at least one host device.
  - 19. The one or more computer-readable media of claim 17, wherein determining whether the at least one host device satisfies the policy includes determining that one or more policy values exist within a registry component on the at least one host device.
  - 20. The one or more computer-readable media of claim 17, wherein the at least one host device is policy-restricted from routine communications with other components of the networked environment, and wherein installing the software package includes communicating the software package over a communication channel that is designated for security packet updates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Reddy, Saveen V., Soderberg, Joel M., Chavez, Anthony S.

Application Number

US11/770,536
Publication Number

US 20090007096A1
Time in Patent Office

Days
Field of Search
US Class Current

717/176
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

H04L 63/20 for managing network securi...

Secure Software Deployments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Software Deployments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links