Security policy management for network devices

US 8,141,144 B2
Filed: 05/10/2001
Issued: 03/20/2012
Est. Priority Date: 05/10/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for automatically provisioning a plurality of computing devices in accordance with established policies, the method comprising the steps of:

creating a plurality of templates reflecting said policies;

expanding at least one template at a central location to create a document comprising expanded information; and

sending from the central location the document comprising the expanded information to said plurality of computing deviceswherein each of the plurality of templates includes a conditional statement that determines whether a template is to be expanded with predetermined information on the basis of whether or not the computing device to which said expanded information is to be provided meets the condition.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for use within a computer network that allows for automated provisioning, configuration, and maintenance of the servers and other devices connected to a computer network in accordance with established policies. This system and method make use of templates which represent security polices which are applicable to all devices within the system, a subset of the devices, or a particular type of device. In addition, the template structure includes conditional statements which allows for flexibility in defining the policies.

17 Citations

View as Search Results

34 Claims

1. A method for automatically provisioning a plurality of computing devices in accordance with established policies, the method comprising the steps of:
- creating a plurality of templates reflecting said policies;
  
  expanding at least one template at a central location to create a document comprising expanded information; and
  
  sending from the central location the document comprising the expanded information to said plurality of computing deviceswherein each of the plurality of templates includes a conditional statement that determines whether a template is to be expanded with predetermined information on the basis of whether or not the computing device to which said expanded information is to be provided meets the condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising interpreting the expanded information by agents which are respectively resident on each of said plurality of computing devices.
  - 3. The method of claim 1, wherein the plurality of templates includes a first category of templates that reflect policies applicable to all of the plurality of computing devices.
  - 4. The method of claim 3, wherein the plurality of templates includes a second category of templates that reflect policies applicable to only a subset of the plurality of computing devices.
  - 5. The method of claim 3, wherein the plurality of templates includes another category of templates that reflect policies applicable to only a particular type of the plurality of computing devices.
  - 6. The method of claim 1, wherein said policies are security polices regarding user access to each of the plurality of computing devices.
  - 7. The method of claim 1, wherein at least one template includes a reference to information external to the template, and wherein said expanding step comprises creating the document that includes information contained in the template and said external information.
  - 8. The method of claim 7, wherein said document is an XML document.
  - 9. The method of claim 7, wherein said external information comprises a list of users.

10. A system for automatically provisioning a plurality of computing devices in accordance with established policies, the system comprising:
- a database system which stores a plurality of templates which reflect said polices;
  
  a plurality of agents which are respectively resident on each of said plurality of computing devices, and which communicate with said database system to obtain information with regard to provisioning and maintenance of the respective computing devices; and
  
  a communications gateway through which communication messages are exchanged between said agents and said database system, wherein said communications gateway is configured to;
  
  retrieve individual ones of the plurality of templates;
  
  expand the retrieved templates to create respective documents containing combined template information and expanded information; and
  
  provide the documents containing the combined template information and expanded information to said plurality of agents;
  
  wherein at least one of the templates are configured to selectably incorporate a policy defined only by a different template.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, wherein the structure of said plurality of templates includes conditional statements that determine whether a template is to be expanded with predetermined information on the basis of the computing device to which the expanded information is being provided.
  - 12. The system of claim 11, wherein the plurality of templates included a first category of templates that reflect policies applicable to all of the plurality of computing devices.
  - 13. The system of claim 12, wherein the plurality of templates includes a second category of templates that reflect policies applicable to a subset of the plurality of computing devices.
  - 14. The system of claim 12, wherein the plurality of templates includes another category of templates that reflect policies applicable to a particular type of the plurality of computing devices.
  - 15. The system of claim 11 wherein said communications gateway expands a template to include information contained in a conditional statement only if the computing device to which said expanded information is to be provided meets the condition.
  - 16. The system of claim 10, wherein said policies are security polices regarding user access to each of the plurality of computing devices.
  - 17. The system of claim 10, wherein at least one template includes a reference to information external to the template, and wherein said communication gateway expands the template by creating a document that includes information contained in the template and said external information.
  - 18. The system of claim 17 wherein said document is an XML document.
  - 19. The system of claim 17 wherein said external information comprises a list of users.

20. A method of controlling user access to networked computing devices, comprising the steps of:
- storing a plurality of templates that identify user-access policies for respective ones of said devices, at least one of said templates including a reference to information that is external to the template;
  
  retrieving a template that pertains to a given one of said devices and creating a document at a central location comprising a listing of users identified in said template and users identified by any externally referenced information; and
  
  sending said document from said central location to the given one of said devices;
  
  configuring at least one of the templates to selectably incorporate a policy defined only by a different template.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20 wherein said external information comprises a list of users.
  - 22. The method of claim 21 wherein all of the users on said list perform a specified role relative to said computing devices.
  - 23. The method of claim 20 wherein at least one of said templates includes a conditional statement, and the step of creating a document comprises including information from said conditional statement in said document only if said given device meets the condition.
  - 24. The method of claim 20, wherein said plurality of templates are classified into at least two categories, wherein a template in a first category pertains to all of the computing devices, and a template in a second category pertains to a subset of said computing devices.
  - 25. The method of claim 24, wherein a template in said second category inherits policies contained in a template of said first category.
  - 26. The method of claim 25, wherein said inheritance can be selectively disabled.
  - 27. The method of claim 25, further including a third category of templates that pertain to specific devices and inherit policies from templates in said second category.
  - 28. The method of claim 20, wherein said document is an XML document.

29. A method for controlling user access to networked computing devices, comprising the steps of:
- storing a plurality of templates that identify user-access policies for respective ones of said devices, at least one of said templates including a conditional statement;
  
  retrieving a template that pertains to a given one of said devices and creating a document at a central location comprising a listing of users identified in said template, and users identified in any conditional statement if said given device meets the condition; and
  
  sending said document from said central location to the given one of said devices;
  
  configuring at least one of the templates to selectably incorporate a policy defined only by a different template.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The method of claim 29, wherein said document is an XML document.
  - 31. The method of claim 29, wherein said plurality of templates are classified into at least two categories, wherein a template in a first category pertains to all of the computing devices, and a template in a second category pertains to a subset of said computing devices.
  - 32. The method of claim 31, wherein a template in said second category inherits policies contained in a template of said first category.
  - 33. The method of claim 32, wherein said inheritance can be selectively disabled.
  - 34. The method of claim 32, further including a third category of templates that pertain to specific devices and inherit policies from templates in said second category.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Good, Gordon
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US09/852,244
Publication Number

US 20020169975A1
Time in Patent Office

3,967 Days
Field of Search

713200-202, 713/154, 713/155, 713/162, 702224-229, 726/2, 726/12, 726/30, 726/14, 710/39, 709/220, 709/225, 717/176
US Class Current

726/14
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/0806   for initial configuration o...

H04L 41/0843   based on generic templates

H04L 41/0856   by backing up or archiving ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/20   for managing network securi...

Security policy management for network devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

Security policy management for network devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others