Secure method and system for using a public network or email to administer to software on a plurality of client computers
First Claim
1. A method for maintaining one or more client computers over a public network, the method comprising:
- maintaining one or more policies for a client computer;
receiving a first package from a client over the public network;
verifying that the first package was received from an authorized client and that the package has not been altered utilizing at least one key;
determining whether a policy has been set for the client;
if a policy has been established for the client, generating a second package, the second package containing one or more policies for the client; and
transferring the second package to the client computer using HTTP;
wherein the policies comprise virus signature files for virus scanning software, and an indication of types of files to scan, and are stored in an LDAP database;
wherein the virus signature files and the indication of types of files to scan are different for different client computers;
wherein a server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by a system administrator;
wherein the second work queue is a high priority work queue.
3 Assignments
0 Petitions
Accused Products
Abstract
A secure method and system for administering to software on a plurality of client computers is disclosed. One or more pre-set policies for one or more client computers may be stored on and transmitted in a secure manner from a central server that is under the control of a system administrator to the client computers over a public network or e-mail systems. The central server is preferably an HTTP server containing software for creating packages of information and for protecting the integrity of the packages during transmission over a virtual secured pipe. The packages may contain policy for the various clients that are to be maintained. The policy may comprise software configurations for software that resides on the clients, software to be installed on one or more clients, or any other information and data that is needed to maintain and manage the clients. Preferably each client also contains software for creating packages and for verifying that incoming packages were created and sent by an authorized and trusted server. Packages that are created by the clients may contain the current configurations for software residing on the client. The client software is preferably capable of transmitting and getting packages to and from the server over the secure pipe. The secure pipe may be established over a public network or e-mail system using HTTP, SMTP, MAPI, and WAP protocols. Thus, as long as the clients have e-mail, Internet access, or access to other public networks, they may be managed and maintained by a central server.
82 Citations
15 Claims
-
1. A method for maintaining one or more client computers over a public network, the method comprising:
-
maintaining one or more policies for a client computer;
receiving a first package from a client over the public network;
verifying that the first package was received from an authorized client and that the package has not been altered utilizing at least one key;
determining whether a policy has been set for the client;
if a policy has been established for the client, generating a second package, the second package containing one or more policies for the client; and
transferring the second package to the client computer using HTTP;
wherein the policies comprise virus signature files for virus scanning software, and an indication of types of files to scan, and are stored in an LDAP database;
wherein the virus signature files and the indication of types of files to scan are different for different client computers;
wherein a server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by a system administrator;
wherein the second work queue is a high priority work queue. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for maintaining one or more client computers over a public network, the method comprising:
-
maintaining an LDAP database of one or more policies for one or more clients;
determining whether a policy has been set for one or more clients;
if a policy has been established for the client, generating a secure package utilizing at least one key, the package containing one or more policies for the client; and
transmitting the secure package to the client computer over the public network using HTTP;
wherein the policies comprise virus signature files for virus scanning software, and an indication of types of files to scan;
wherein the virus signature files and the indication of types of files to scan are different for different client computers;
wherein a server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by a system administrator. wherein the second work queue is a high priority work queue. - View Dependent Claims (7, 8, 9)
-
-
10. A secure method for sending packages of information from a server to a plurality of client computers, the method comprising the steps of:
-
configuring a server to create a package of information;
providing the server with a private/public encryption key pair;
providing the clients with the server'"'"'s public encryption key;
digitally signing the package with the server'"'"'s private encryption key;
in response to a get command from the client, transferring the digitally signed package to the client over a public network using HTTP;
upon receipt of the package by the client, verifying the digital signature on the package using public encryption key for the server; and
if the signature verifies, examining the contents of the package;
wherein each package includes policies that comprise virus signature files for virus scanning software, and an indication of types of files to scan, and are stored in an LDAP database;
wherein the virus signature files and the indication of types of files to scan are different for different client computers, as determined by a system administrator;
wherein the server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by the system administrator;
wherein the second work queue is a high priority work queue.
-
-
11. A system for maintaining a network of computers comprising:
-
a plurality of client computers, the client computers containing software for verifying digital signatures;
a server for setting policy for the client computers, the server containing software for digitally signing packages;
an LDAP database, the database interfaced with the server, the database further containing information that may be inserted into one or more packages for one or more of the client computers and one or more communication links over a public network between the plurality of client computers and the server for sending a digitally signed package containing information for the client computers using HTTP;
wherein the packages include policies that comprise virus signature files for virus scanning software, and an indication of types of files to scan;
wherein the virus signature files and the indication of types of files to scan are different for different client computers, as determined by a system administrators wherein the server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by the system administrator;
wherein the second work queue is a high priority work queue.
-
-
12. A computer system for maintaining setting policy for a plurality of client computers comprising:
-
an LDAP database containing policies for one or more client computers;
a server, the server interfaced with the database and having software for creating and digitally signing policy containing packages;
a console under the control of a system administrator, the console interfaced with the server and containing software for communicating with the server and for sending policies to the databases for one or more client computers; and
software residing on the client computers, the software having a function for verifying the server'"'"'s digital signature and a function for sending packages containing information about a client'"'"'s configuration to the server;
wherein the policies comprise virus signature files for virus scanning software, and an indication of types of files to scan;
wherein the policies are delivered using HTTP;
wherein the virus signature files and the indication of types of files to scan arc different for different client computers, as determined by a system administrator;
wherein the server maintains a first work queue for processing information posted by the client computers to the server;
wherein the server maintains a second work queue for processing information posted by the system administrator;
wherein the second work queue is a high priority work queue. - View Dependent Claims (13, 14, 15)
-
Specification