PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE
First Claim
1. In a policy-based network management and communication infrastructure, a computer-implemented method of providing one-to-one communication between networked computational devices comprising the steps of:
- at least one computational device automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices;
a first computational device automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and
said first and second computational devices communicating with each other via said discovered routing path.
2 Assignments
0 Petitions
Accused Products
Abstract
A policy-driven communication and management infrastructure may include components such as Agent, Server and Console, policy messages, and Relays to deliver security and system management to networked devices. An Agent resides on a Client, acting as a universal policy engine for delivering multiple management services. Relays, Clients additionally configured to each behave as though they were a root Server, Relaying information to and from other Clients, permit Clients to interact with the root Server through the Relay, enabling information exchange between Client and Server. Such information exchange allows Clients to gather information, such as new policy messages, from the Server, to pass status messages to the Server and to register their network address so that they can be readily located. Automatic Relay selection enables Clients and Relays to select their own parent Relays, thus allowing Clients and Relays to discover new routing paths through the network without administrator input.
143 Citations
56 Claims
-
1. In a policy-based network management and communication infrastructure, a computer-implemented method of providing one-to-one communication between networked computational devices comprising the steps of:
-
at least one computational device automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices; a first computational device automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and said first and second computational devices communicating with each other via said discovered routing path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A platform for providing one-to-one communication between networked computational devices in a policy-based network management and communication infrastructure, comprising:
-
at least one computational device programmed for automatically discovering at least one parent computational device and registering at least its location with said discovered parent computational device to form a discovered hierarchy of computational devices; a first computational device programmed for automatically discovering at least one routing path through said discovered hierarchy to a second computational device; and said first and second computational devices programmed for establishing communication with the other of said first and second computational devices via said discovered routing path. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
41. The platform of claim 41, said computational device programmed for routing a broadcast packet from said Console to a predetermined computer in said network in order to wake-up said computer comprising at least one of the following:
-
said Console programmed for using Client MAC (media access control) addresses provided at registration to identify Clients occupying the same subnet as said target Client; said Console programmed for sending at least one message down through said hierarchy to contact at least one Relay that is able to contact said target'"'"'s subnet; said at least one contacted Relay programmed for broadcasting messages to peers of said target, requesting that said target be woken up; at least one of said peers programmed for listening for messages sent out by said Relays and detecting said request messages and said sending wake-up message to said target; each of said Peers programmed for listening for duplicate traffic and suspending broadcast upon detection of said duplicate traffic. - View Dependent Claims (42)
-
-
51. In a platform providing one-to-one communication between networked computational devices, a method for at least one computational device to automatically discover at least one parent computational device comprising the steps of:
-
a Client determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected; responsive to detection of a Relay, said Client attempting registration with said detected Relay; responsive to successful registration with said detected Relay, said Client using said Relay as a parent device; responsive to unsuccessful registration with said detected Relay, said Client continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value; responsive to no Relay being detected, said Client attempting to register with a Failover Relay; responsive to unsuccessful registration with said Failover Relay, said Client attempting to Register with a Server; and responsive to unsuccessful registration with said Server, said Client attempting detection of a Relay again after elapse of a predetermined MinRetry period.
-
-
52. A computer program product method for at least one computational device to automatically discover at least one parent computational device in a platform for providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
-
a Client determining if a Relay is in said Client'"'"'s subnet by pinging Relays having a TTL (time-to-live) of 1 and, responsive to no detection of a Relay, incrementing the TTL value and pinging until at least on Relay is detected; responsive to detection of a Relay, said Client attempting registration with said detected Relay; responsive to successful registration with said detected Relay, said Client using said Relay as a parent device; responsive to unsuccessful registration with said detected Relay, said Client continuing to increment TTL and pinging until a Relay is detected and registration is successful or until TTL is incremented to a predetermined value; responsive to no Relay being detected, said Client attempting to register with a Failover Relay; responsive to unsuccessful registration with said Failover Relay, said Client attempting to Register with a Server; and responsive to unsuccessful registration with said Server, said Client attempting detection of a Relay again after elapse of a predetermined MinRetry period.
-
-
53. In a platform providing one-to-one communication between networked computational devices, a method for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks comprising the steps of:
-
a Server signing and sending content down said hierarchy to a predetermined Client; a predetermined Client encrypting and sending content up said hierarchy to a Server; a predetermined Client signing and sending content to a Server; and a Server encrypting and sending content down said hierarchy to said predetermined Client; a first predetermined Client and a second predetermined Client exchanging content that has been one or both of signed and encrypted.
-
-
54. A computer program product for credentialing a Client using a symmetric key pair in order to protect said Client and its parents from snooping attacks in a platform providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
-
a Server signing and sending content down said hierarchy to a predetermined Client; a predetermined Client encrypting and sending content up said hierarchy to a Server; a predetermined Client signing and sending content to a Server; and a Server encrypting and sending content down said hierarchy to said predetermined Client; a first predetermined Client and a second predetermined Client exchanging content that has been one or both of signed and encrypted.
-
-
55. In a platform providing one-to-one communication between networked computational devices, a method for either of first and second computational devices establishing communication with the other via a discovered routing path comprises the steps of;
-
deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client; said Client identifying said arbitrary piece of content according to file size and hash; said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and said Relay mirroring said requested piece of content back down through said hierarchy to said Client.
-
-
56. A computer program product for first and second computational devices establishing communication with each other via a discovered routing path in a platform providing one-to-one communication between networked computational devices, comprising a tangible computer-readable storage medium having embodied thereon computer-readable instructions for:
-
deploying at least one Fixlet message to at least one Client that instructs said at least one Client to trust an arbitrary piece of content to run, so that responsibility for knowing that the content is safe to run is delegated to a trusted piece of software on said at least one Client; said Client identifying said arbitrary piece of content according to file size and hash; said Client requesting a Relay to provide said identified piece of content by providing said file size and said hash; and said Relay mirroring said requested piece of content back down through said hierarchy to said Client.
-
Specification