Peer-to-peer remediation
First Claim
1. A method of operating a computer system having a first client, a second client, and a centralized repository of update data, the method comprising:
- a) at a first time, obtaining access for the first client to a managed network, the obtaining access comprising providing information to an access control component indicating that the first client is configured in accordance with a software update policy of the network;
b) at a second time, obtaining access for the second client to the managed network, the obtaining access comprising providing information to an access control component indicating that the second client is configured in accordance with the software update policy of the network;
c) receiving, at the first client, update data from the centralized repository and updating first software installed on the first client according to the update data;
d) at a third time, after the first time and the second time and during an attempt to establish a connection between the first client and the second client to communicate selected data between the first client and the second client,i) receiving at the first client an update status from the second client, the update status identifying updates applied to second software installed on the second client;
ii) ascertaining a relative update status between the first client and the second client, the ascertaining comprising comparing the update status of the second client to updates made to the first software to determine whether the first client has an updated version of a common software component; and
iii) when the relative update status indicates that the second client is out of date relative to the first client, communicating update information from the first client to the second client, the update information comprising at least some of the update data received at the first client in the act c), the update information comprising at least one patch for executable software installed on the first client and the second client;
e) after the at least one patch has been successfully installed on the second client in response to communicating the patch, or when the relative update status indicates that the second client is not out of date, establishing the connection between the first client and the second client and communicating the selected data; and
f) when the relative update status indicates that the second client is out of date relative to the first client and when the at least one patch has not been successfully installed on the second client in response to communicating the at least one patch from the first client to the second client, refraining from establishing the connection between the first client and the second client and refraining from exchanging the selected data.
2 Assignments
0 Petitions
Accused Products
Abstract
A network in which peer-to-peer remediation is provided to keep clients in the network up-to-date. As network clients establish peer-to-peer connections, they exchange status information. The status information allows the clients to mutually identify whether one client is more out-of-date than another. The more up-to-date client provides update information to the more out-of-date client. To preserve the integrity of the update process, updates are provided as signed binary files and are only applied by the client receiving the update if the binary file may be authenticated by the recipient.
52 Citations
19 Claims
-
1. A method of operating a computer system having a first client, a second client, and a centralized repository of update data, the method comprising:
-
a) at a first time, obtaining access for the first client to a managed network, the obtaining access comprising providing information to an access control component indicating that the first client is configured in accordance with a software update policy of the network; b) at a second time, obtaining access for the second client to the managed network, the obtaining access comprising providing information to an access control component indicating that the second client is configured in accordance with the software update policy of the network; c) receiving, at the first client, update data from the centralized repository and updating first software installed on the first client according to the update data; d) at a third time, after the first time and the second time and during an attempt to establish a connection between the first client and the second client to communicate selected data between the first client and the second client, i) receiving at the first client an update status from the second client, the update status identifying updates applied to second software installed on the second client; ii) ascertaining a relative update status between the first client and the second client, the ascertaining comprising comparing the update status of the second client to updates made to the first software to determine whether the first client has an updated version of a common software component; and iii) when the relative update status indicates that the second client is out of date relative to the first client, communicating update information from the first client to the second client, the update information comprising at least some of the update data received at the first client in the act c), the update information comprising at least one patch for executable software installed on the first client and the second client; e) after the at least one patch has been successfully installed on the second client in response to communicating the patch, or when the relative update status indicates that the second client is not out of date, establishing the connection between the first client and the second client and communicating the selected data; and f) when the relative update status indicates that the second client is out of date relative to the first client and when the at least one patch has not been successfully installed on the second client in response to communicating the at least one patch from the first client to the second client, refraining from establishing the connection between the first client and the second client and refraining from exchanging the selected data. - View Dependent Claims (2, 3, 4, 5, 10)
-
-
6. A storage device having computer-executable instructions for performing steps comprising:
-
a) ascertaining first update status of a first client computer on which the computer-executable instructions are executed, the first update status identifying patches applied to software on the first client computer; b) initiating a connection with a second client computer for exchanging selected data with the second client computer, the initiating comprising exchanging handshake messages between the first client computer and the second client computer, the initiating comprising; i) receiving a second update status from the second client computer as part of a message of the handshake messages, the second update status identifying patches applied to software on the second client computer; ii) determining whether the second client computer is out-of-date relative to the first client computer, the determining comprising comparing patches identified in each of the first and second update statuses for a common software component installed on each of the first and second client computers; and iii) in response to a determination during the act ii) that the second client computer is out of date relative to the first client computer, communicating a patch for the common software component from the first client computer to the second client computer; c) after the patch has been successfully installed on the second client computer, or when the second client computer is determined not to be out-of-date relative to the first client computer, establishing the connection between the first client computer and the second client computer and exchanging the selected data; and d) when the determination during the act ii) is that the second client computer is out of date relative to the first client computer and when the patch has not been successfully installed on the second client computer in response to communicating the patch from the first client computer to the second client computer, refraining from establishing the connection between the first client computer and the second client computer and refraining from exchanging the selected data. - View Dependent Claims (7, 8, 9, 11, 19)
-
-
12. A method comprising:
-
a) ascertaining first update status of a first client computer, the first update status identifying patches applied to software on the first client computer; b) initiating a connection with a second client computer for exchanging selected data with the second client computer, the initiating comprising exchanging handshake messages between the first client computer and the second client computer, the initiating comprising; i) receiving a second update status from the second client computer as part of a message of the handshake messages, the second update status identifying patches applied to software on the second client computer; ii) determining whether the second client computer is out-of-date relative to the first client computer, the determining comprising comparing patches identified in each of the first and second update statuses for a common software component installed on each of the first and second client computers; iii) in response to a determination during the act ii) that the second client computer is out of date relative to the first client computer, communicating a patch for the common software component from the first client computer to the second client computer, the patch being digitally protected so as to enable the second client to determine whether the patch was originally provided from a source trusted by the second client; c) after the patch has been successfully installed on the second client computer in response to communicating the patch, or when the second client computer is determined not to be out-of-date relative to the first client computer, establishing the connection between the first client computer and the second client computer and exchanging the selected data; and d) when the determination during the act ii) is that the second client computer is out of date relative to the first client computer and when the patch has not been successfully installed on the second client computer in response to communicating the patch from the first client computer to the second client computer, refraining from establishing the connection between the first client computer and the second client computer and refraining from exchanging the selected data. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. The method of 1, wherein establishing the connection after the update information has been communicated to the second client comprises conditioning the establishing of the connection on the second client being up-to-date.
Specification