Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device

US 7,024,548 B1
Filed: 03/10/2003
Issued: 04/04/2006
Est. Priority Date: 03/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for tracking modification to a configuration of a computerized device, the method comprising the steps of:

receiving a change request indicating a requested change to an existing configuration of the computerized device;

preparing a change notification message identifying the requested change to the existing configuration of the computerized device;

transmitting the change notification message to at least one change notification recipient; and

determining if a change acknowledgement is provided from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the requested change to the configuration of the computerized device to take place; and

if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device is capable of detecting that a configuration change to the computerized device may have taken place.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A change controller application, process and system tracks modification to a configuration of a computerized device by receiving a change request indicating a requested change to an existing configuration of the computerized device and preparing a change notification message identifying the requested change to the existing configuration of the computerized device. The change controller transmits the change notification message to at least one change notification recipient and determines if a change acknowledgement is provided in response. If a change acknowledgement is provided from a change notification recipient that indicates confirmation of receipt of the change notification message, the system allows the requested change to the configuration of the computerized device to take place. If the change acknowledgement is not provided from a change notification recipient, the system conditionally operates the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place.

Citations

23 Claims

1. A method for tracking modification to a configuration of a computerized device, the method comprising the steps of:
- receiving a change request indicating a requested change to an existing configuration of the computerized device;
  
  preparing a change notification message identifying the requested change to the existing configuration of the computerized device;
  
  transmitting the change notification message to at least one change notification recipient; and
  
  determining if a change acknowledgement is provided from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the requested change to the configuration of the computerized device to take place; and
  
  if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device is capable of detecting that a configuration change to the computerized device may have taken place.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the step of preparing the change notification message is performed in response to the step of receiving the change request and comprises the steps of:
    - generating a challenge request for the change notification message, the challenge request corresponding to an associated challenge response that, if received by the computerized device, can confirm receipt of the challenge request;
      
      producing change notification signature information based on new configuration information specified within the change request that is to modify the existing configuration of the computerized device, the change notification signature information including;
      
      i) a signature of the new configuration information within the change request;
      
      ii) an identity of a user and user device that provides the change request to the computerized device;
      
      iii) an identity of the computerized device that received the change request; and
      
      iii) a timestamp associated with the change request; and
      
      combining the challenge request and the change notification signature information within the change notification message in preparation for transmission to the at least one change notification recipient.
  - 3. The method of claim 2 wherein:
    - the requested change to the existing configuration of the computerized device indicated within the change request includes at least one of;
      
      a change to a configuration setting of the computerized device that controls operation of the computerized device;
      
      a replacement of software code in the computerized device; and
      
      a change to a hardware component of the computerized device.
  - 4. The method of claim 2 wherein:
    - the steps of transmitting the change notification message and determining if a change acknowledgement is provided from the at least one change notification recipient are performed in a first sequence for a first change notification recipient, and if the change acknowledgement is not provided from the first change notification recipient, the steps of transmitting the change notification message and determining if a change acknowledgement is provided are performed again in a second sequence for a second change notification recipient; and
      
      wherein the first change notification recipient is the monitoring device networked to the computerized device and the second change notification recipient is a user of a user device that provided the change request to the computerized device.
  - 5. The method of claim 2 wherein:
    - the steps of transmitting the change notification message and determining if a change acknowledgement is provided from the at least one change notification recipient are performed in a first sequence for a first change notification recipient, wherein the first change notification recipient is the monitoring device networked to the computerized device; and
      
      wherein, in the first sequence;
      
      the step of transmitting the change notification message transmits the change notification message containing the challenge request to the monitoring device networked to the computerized device; and
      
      the step of determining if a change acknowledgement is provided from the at least one change notification recipient comprises the steps of;
      
      determining if a change acknowledgement containing a valid challenge response, based on the challenge request, is received in a predetermined amount of time, the valid challenge response indicating that the monitoring device successfully received the change notification message identifying the requested change to the existing configuration of the computerized device, and if the change acknowledgement containing a valid challenge response is received in a predetermined amount of time, performing the steps of;
      
      allowing the change to the configuration of the computerized device to take place; and
      
      acknowledging receipt of the change acknowledgement containing the valid challenge response; and
      
      if a change acknowledgement containing a valid challenge response is not received in a predetermined amount of time, performing the steps of transmitting the change notification message and determining if a change acknowledgement is provided in a second sequence for a second change notification recipient, wherein the second change notification recipient is a user of the user device that provided the change request to the computerized device.
  - 6. The method of claim 5 wherein in the second sequence:
    - the step of transmitting the change notification message to the second change notification recipient comprises the steps of;
      
      transmitting the change notification message for visual display of at least a portion of the change notification message to the user of the user device that provided the change request to the computerized device; and
      
      the step of determining if a change acknowledgement is provided from the at least one change notification recipient comprises the steps of;
      
      determining if a change acknowledgement containing a valid challenge response, based on the challenge request, is received from the user of the user device, the valid challenge response indicating that user of the user device successfully communicated the requested change to the existing configuration of the computerized device to the monitoring device, and if a change acknowledgement containing a valid challenge response is received from the user of the user device, performing the step of;
      
      allowing the change to the configuration of the computerized device to take place; and
      
      if a change acknowledgement containing a valid challenge response is not received from the user of the user device that provided the change request, performing the step of;
      
      conditionally operating the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place.
  - 7. The method of claim 6 wherein the step of conditionally operating the device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place comprises the step of:
    - performing a mandatory shutdown sequence of the computerized device during which the monitoring device attempts to contact the computerized device to verify operation of the computerized device but cannot do so thus allowing the monitoring device to detect the mandatory shutdown sequence of the computerized device.
  - 8. The method of claim 6 wherein the step of conditionally operating the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place comprises the steps of:
    - querying the user of the user device that provided the change request to the computerized device to determine if the user desires to approve the requested change to the existing configuration of the computerized device even though a valid challenge response was not received by the computerized device, and if the user of the user device desires to approve the request change to the existing configuration of the computerized device, performing a mandatory shutdown sequence of the computerized device during which the monitoring device attempts to contact the computerized device to verify operation of the computerized device but cannot do so thus allowing the monitoring device to detect the mandatory shutdown sequence of the computerized device.

9. A computerized device comprising:
- a memory;
  
  a processor;
  
  a communications interface;
  
  an interconnection mechanism coupling the memory, the processor and the communications interface;
  
  wherein the memory is encoded with logic instructions that comprise a change controller application that, when performed by the processor, forms a change controller process capable of tracking modification to a configuration of the computerized device, the change controller process, when performed by the processor, performing the steps of;
  
  receiving, via the communications interface, a change request indicating a requested change to an existing configuration of the computerized device;
  
  preparing, in the memory, a change notification message identifying the requested change to the existing configuration of the computerized device;
  
  transmitting, from the communications interface, the change notification message to at least one change notification recipient; and
  
  determining if a change acknowledgement is provided, to the communications interface, from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the request change to the configuration of the computerized device to take place; and
  
  if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device is capable of detecting that a configuration change to the computerized device may have taken place.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computerized device of claim 9:
    - wherein the change controller process performs the step of preparing the change notification message in response to the step of receiving the change request; and
      
      wherein when the change controller process performs the step of preparing a change notification message, the change controller process performs the steps of;
      
      generating a challenge request for the change notification message, the challenge request corresponding to an associated challenge response that, if received by the computerized device, can confirm receipt of the challenge request; and
      
      producing change notification signature information based on new configuration information specified within the change request that is to modify the existing configuration of the computerized device, the change notification signature information including;
      
      i) a signature of the new configuration information within the change request;
      
      ii) an identity of a user and user device that provides the change request to the device;
      
      iii) an identity of the computerized device that received the change request; and
      
      iii) a timestamp associated with the change request; and
      
      combining the challenge request and the change notification signature information within the change notification message in the memory in preparation for transmission via the communications interface to the at least one change notification recipient.
  - 11. The computerized device of claim 10 wherein:
    - the requested change to the existing configuration of the computerized device indicated within the change request received via the communications interface includes at least one of;
      
      a change to a configuration setting of the computerized device that controls operation of the computerized device;
      
      a replacement of software code in the computerized device; and
      
      a change to a hardware component of the computerized device.
  - 12. The computerized device method of claim 10 wherein:
    - the change controller process performs the steps of transmitting the change notification message and determining if a change acknowledgement is provided from the at least one change notification recipient in a first sequence for a first change notification recipient, and if the change acknowledgement is not provided from the first change notification recipient, the change controller process performs the steps of transmitting the change notification message and determining if a change acknowledgement is provided again in a second sequence for a second change notification recipient; and
      
      wherein the first change notification recipient is the monitoring device networked to the computerized device and the second change notification recipient is a user of a user device that provided the change request to the computerized device.
  - 13. The method of claim 10 wherein:
    - the change controller process performs the steps of transmitting the change notification message and determining if a change acknowledgement is provided from the at least one change notification recipient in a first sequence for a first change notification recipient, wherein the first change notification recipient is the monitoring device networked to the computerized device; and
      
      wherein, in the first sequence;
      
      the change controller process performs the step of transmitting the change notification message to transmit the change notification message containing the challenge request to the monitoring device networked to the computerized device; and
      
      when the change controller process performs the step of determining if a change acknowledgement is provided from the at least one change notification recipient, the change controller process performs the steps of;
      
      determining if a change acknowledgement containing a valid challenge response, based on the challenge request, is received in a predetermined amount of time, the valid challenge response indicating that the monitoring device successfully received the change notification message identifying the requested change to the existing configuration of the computerized device, and if the change acknowledgement containing a valid challenge response is received in a predetermined amount of time, the change controller process performs the steps of;
      
      allowing the change to the configuration of the computerized device to take place; and
      
      acknowledging receipt of the change acknowledgement containing the valid challenge response; and
      
      if a change acknowledgement containing a valid challenge response is not received in a predetermined amount of time, the change controller process performs the steps of transmitting the change notification message and determining if a change acknowledgement is provided in a second sequence for a second change notification recipient, wherein the second change notification recipient is a user of the user device that provided the change request to the computerized device.
  - 14. The computerized device of claim 13 wherein in the second sequence:
    - wherein when the change controller process performs the step of transmitting the change notification message to the second change notification recipient the change controller process performs the step of;
      
      transmitting the change notification message for visual display of at least a portion of the change notification message to the user of the user device that provided the change request to the computerized device; and
      
      wherein when the change controller process performs the step of determining if a change acknowledgement is provided from the at least one change notification recipient the change controller process performs the step of;
      
      determining if a change acknowledgement containing a valid challenge response, based on the challenge request, is received from the user of the user device, the valid challenge response indicating that the user of the user device successfully communicated the requested change to the existing configuration of the computerized device to the monitoring device, and if a change acknowledgement containing a valid challenge response is received from the user of the user device, the change controller process performs the step of;
      
      allowing the change to the configuration of the computerized device to take place; and
      
      if a change acknowledgement containing a valid challenge response is not received from the user of the user device that provided the change request, the change controller performs the step of;
      
      conditionally operating the computerized device so that a monitoring device networked to the computerized device via the communications interface perceives that a configuration change to the computerized device may have taken place.
  - 15. The computerized device of claim 14 wherein when the change controller process performs the step of conditionally operating the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place, the change controller process performs the step of:
    - performing a mandatory shutdown sequence of the computerized device during which the monitoring device attempts to contact the computerized device to verify operation of the computerized device but cannot do so thus allowing the monitoring device to detect the mandatory shutdown sequence of the computerized device.
  - 16. The computerized device of claim 14 wherein when the change controller process performs the step of conditionally operating the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place, the change controller process performs the step of:
    - querying the user of the user device that provided the change request to the computerized device to determine if the user desires to approve the requested change to the existing configuration of the computerized device even though a valid challenge response was not received by the change controller operating within the computerized device, and if the user of the user device desires to approve the request change to the existing configuration of the computerized device, performing a mandatory shutdown sequence of the computerized device during which the monitoring device attempts to contact the computerized device to verify operation of the computerized device but cannot do so thus allowing the monitoring device to detect the mandatory shutdown sequence of the computerized device.

17. A computerized device comprising:
- a memory;
  
  a processor;
  
  a communications interface;
  
  an interconnection mechanism coupling the memory, the processor in the communications interface;
  
  wherein the memory is encoded with logic instructions that comprise a change controller application that, when performed by the processor, forms a change controller process capable of providing a means for tracking modification to a configuration of the computerized device, such means comprising;
  
  means for receiving, via the communications interface, a change request indicating a requested change to an existing configuration of the computerized device;
  
  means for preparing, in the memory, a change notification message identifying the requested change to the existing configuration of the computerized device;
  
  means for transmitting, from the communications interface, the change notification message to at least one change notification recipient; and
  
  means for determining if a change acknowledgement is provided, to the communications interface, from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the request change to the configuration of the computerized device to take place; and
  
  if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device is capable of detecting that a configuration change to the computerized device may have taken place.

18. A computer program product having a computer-readable medium including computer program logic encoded thereon that, when performed on a processor of a computerized device, causes the computerized device to tracking modification to a configuration of the computerized device by performing the operations of:
- receiving a change request indicating a requested change to an existing configuration of the computerized device;
  
  preparing a change notification message identifying the requested change to the existing configuration of the computerized device;
  
  transmitting the change notification message to at least one change notification recipient; and
  
  determining if a change acknowledgement is provided from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the requested change to the configuration of the computerized device to take place; and
  
  if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device perceives that a configuration change to the computerized device may have taken place.

19. A method for detecting modification to a configuration of a computerized device, the method comprising the steps of:
- receiving a change notification message identifying a requested change to an existing configuration of a computerized device;
  
  processing the change notification message to record the requested change to the existing configuration of the computerized device;
  
  producing a change acknowledgement indicating confirmation of receipt of the change notification message;
  
  forwarding the change acknowledgement to the computerized device to authorize the requested change to the existing configuration of the computerized device; and
  
  detecting a conditional operation of the computerized device that may indicate that an unauthorized configuration change may have take place to the computerized device.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19 wherein the step of producing a change acknowledgement indicating confirmation of receipt of the change notification message comprises the steps of:
    - obtaining a challenge request from the change notification message;
      
      validating the authenticity of the change notification message; and
      
      generating a challenge response to the change notification message, the challenge response indicating that the requested change to the existing configuration of the computerized device was successfully communicated to a monitoring device.
  - 21. The method of claim 19 wherein the step of detecting a conditional operation of the device that may indicate that an unauthorized configuration change may have take place to the computerized device comprises the steps of:
    - transmitting a periodic operational check of the computerized device;
      
      awaiting receipt of a periodic operational response from the computerized device for a period of time indicates that the computerized device has performed a mandatory shutdown sequence; and
      
      in response to the step of awaiting receipt of a periodic operational response, providing an indication that the computerized device has potentially performed a mandatory shutdown sequence and thus may have experienced unauthorized configuration change.

22. A monitoring device comprising:
- a memory;
  
  a processor;
  
  at least one communications interface;
  
  an interconnection mechanism coupling the memory, the processor and the at least one communications interface;
  
  wherein the memory is encoded with logic instructions that comprise a change monitor application that, when performed by the processor, forms a change monitor process capable of detecting modification to a configuration of a computerized device, the change monitor process, when performed by the processor, performing the steps of;
  
  receiving a change notification message over the at least one communications interface identifying a requested change to an existing configuration of a computerized device;
  
  processing the change notification message to record the requested change to the existing configuration of the computerized device;
  
  producing a change acknowledgement indicating confirmation of receipt of the change notification message;
  
  forwarding the change acknowledgement to the computerized device to authorize the requested change to the existing configuration of the computerized device; and
  
  detecting a conditional operation of the device that may indicate that an unauthorized configuration change may have take place to the computerized device.

23. A system for monitoring changes made to an existing configuration of a computerized device, the system comprising:
- a computerized device operating a change controller, the change controller causing the computerized device to perform the operations of;
  
  receiving a change request indicating a requested change to an existing configuration of the computerized device;
  
  preparing a change notification message identifying the requested change to the existing configuration of the computerized device;
  
  transmitting the change notification message to at least one change notification recipient; and
  
  determining if a change acknowledgement is provided from the at least one change notification recipient in response to transmitting the change notification message, the change acknowledgement indicating confirmation of receipt of the change notification message, and if a change acknowledgement is provided from the at least one change notification recipient that indicates confirmation of receipt of the change notification message, allowing the requested change to the configuration of the computerized device to take place; and
  
  if the change acknowledgement is not provided from the at least one change notification recipient, operating the computerized device so that a monitoring device networked to the computerized device is capable of detecting that a configuration change to the computerized device may have taken place; and
  
  a monitoring device operating a change monitor, the monitoring device operating as one of the at least one change notification recipients, the change monitor causing the monitoring device to perform the operations of;
  
  receiving a change notification message identifying a requested change to an existing configuration of a computerized device;
  
  processing the change notification message to record the requested change to the existing configuration of the computerized device;
  
  producing a change acknowledgement indicating confirmation of receipt of the change notification message;
  
  forwarding the change acknowledgement to the computerized device to authorize the requested change to the existing configuration of the computerized device; and
  
  detecting a conditional operation of the computerized device that may indicate that an unauthorized configuration change may have take place to the computerized device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
O'Toole, James W. Jr.
Primary Examiner(s)
ELAMIN, ABDELMONIEM I

Application Number

US10/385,028
Time in Patent Office

1,121 Days
Field of Search

713/1, 713/2, 713/100, 726/23, 726/24, 709/220, 709/221, 709/222, 717/121, 717/126
US Class Current

713/1
CPC Class Codes

H04L 41/0813   characterised by the condit...

H04L 41/085   Retrieval of network config...

H04L 41/0866   Checking the configuration

H04L 41/28   Restricting access to netwo...

H04L 63/08   for authentication of entit...

H04L 63/1416   Event detection, e.g. attac...

Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links