Peer-to-peer remediation

US 8,291,093 B2
Filed: 12/08/2005
Issued: 10/16/2012
Est. Priority Date: 12/08/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a computer system having a first client, a second client, and a centralized repository of update data, the method comprising:

a) at a first time, obtaining access for the first client to a managed network, the obtaining access comprising providing information to an access control component indicating that the first client is configured in accordance with a software update policy of the network;

b) at a second time, obtaining access for the second client to the managed network, the obtaining access comprising providing information to an access control component indicating that the second client is configured in accordance with the software update policy of the network;

c) receiving, at the first client, update data from the centralized repository and updating first software installed on the first client according to the update data;

d) at a third time, after the first time and the second time and during an attempt to establish a connection between the first client and the second client to communicate selected data between the first client and the second client,i) receiving at the first client an update status from the second client, the update status identifying updates applied to second software installed on the second client;

ii) ascertaining a relative update status between the first client and the second client, the ascertaining comprising comparing the update status of the second client to updates made to the first software to determine whether the first client has an updated version of a common software component; and

iii) when the relative update status indicates that the second client is out of date relative to the first client, communicating update information from the first client to the second client, the update information comprising at least some of the update data received at the first client in the act c), the update information comprising at least one patch for executable software installed on the first client and the second client;

e) after the at least one patch has been successfully installed on the second client in response to communicating the patch, or when the relative update status indicates that the second client is not out of date, establishing the connection between the first client and the second client and communicating the selected data; and

f) when the relative update status indicates that the second client is out of date relative to the first client and when the at least one patch has not been successfully installed on the second client in response to communicating the at least one patch from the first client to the second client, refraining from establishing the connection between the first client and the second client and refraining from exchanging the selected data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network in which peer-to-peer remediation is provided to keep clients in the network up-to-date. As network clients establish peer-to-peer connections, they exchange status information. The status information allows the clients to mutually identify whether one client is more out-of-date than another. The more up-to-date client provides update information to the more out-of-date client. To preserve the integrity of the update process, updates are provided as signed binary files and are only applied by the client receiving the update if the binary file may be authenticated by the recipient.

52 Citations

View as Search Results

19 Claims

1. A method of operating a computer system having a first client, a second client, and a centralized repository of update data, the method comprising:
- a) at a first time, obtaining access for the first client to a managed network, the obtaining access comprising providing information to an access control component indicating that the first client is configured in accordance with a software update policy of the network;
  
  b) at a second time, obtaining access for the second client to the managed network, the obtaining access comprising providing information to an access control component indicating that the second client is configured in accordance with the software update policy of the network;
  
  c) receiving, at the first client, update data from the centralized repository and updating first software installed on the first client according to the update data;
  
  d) at a third time, after the first time and the second time and during an attempt to establish a connection between the first client and the second client to communicate selected data between the first client and the second client,i) receiving at the first client an update status from the second client, the update status identifying updates applied to second software installed on the second client;
  
  ii) ascertaining a relative update status between the first client and the second client, the ascertaining comprising comparing the update status of the second client to updates made to the first software to determine whether the first client has an updated version of a common software component; and
  
  iii) when the relative update status indicates that the second client is out of date relative to the first client, communicating update information from the first client to the second client, the update information comprising at least some of the update data received at the first client in the act c), the update information comprising at least one patch for executable software installed on the first client and the second client;
  
  e) after the at least one patch has been successfully installed on the second client in response to communicating the patch, or when the relative update status indicates that the second client is not out of date, establishing the connection between the first client and the second client and communicating the selected data; and
  
  f) when the relative update status indicates that the second client is out of date relative to the first client and when the at least one patch has not been successfully installed on the second client in response to communicating the at least one patch from the first client to the second client, refraining from establishing the connection between the first client and the second client and refraining from exchanging the selected data.
- View Dependent Claims (2, 3, 4, 5, 10)
- - 2. The method of claim 1, wherein communicating update information comprises transmitting a signed file.
  - 3. The method of claim 1, wherein communicating update information comprises transmitting information usable by the second computer to perform an update.
  - 4. The method of claim 1, wherein communicating update information comprises transmitting an indication that the second client is out-of-date relative to the first client.
  - 5. The method of claim 1, further comprising:
    - g) determining status information relating to patches installed on the first software operating on the first client; and
      
      wherein;
      
      receiving the update status from the second client comprises receiving second status information identifying patches installed on the second client; and
      
      ascertaining whether the second client is out-of-date comprises comparing the update status information to the second update status information.
  - 10. The method of claim 1, further comprising:
    - f) communicating from the second client to a third client the update information in response to initiating a connection between the second client and the third client during which update status information is exchanged, the status information indicating that the second client has a more up-to-date version of the commons software component than the third client; and
      
      g) updating the common software installed on the third client according to the update information.

6. A storage device having computer-executable instructions for performing steps comprising:
- a) ascertaining first update status of a first client computer on which the computer-executable instructions are executed, the first update status identifying patches applied to software on the first client computer;
  
  b) initiating a connection with a second client computer for exchanging selected data with the second client computer, the initiating comprising exchanging handshake messages between the first client computer and the second client computer, the initiating comprising;
  
  i) receiving a second update status from the second client computer as part of a message of the handshake messages, the second update status identifying patches applied to software on the second client computer;
  
  ii) determining whether the second client computer is out-of-date relative to the first client computer, the determining comprising comparing patches identified in each of the first and second update statuses for a common software component installed on each of the first and second client computers; and
  
  iii) in response to a determination during the act ii) that the second client computer is out of date relative to the first client computer, communicating a patch for the common software component from the first client computer to the second client computer;
  
  c) after the patch has been successfully installed on the second client computer, or when the second client computer is determined not to be out-of-date relative to the first client computer, establishing the connection between the first client computer and the second client computer and exchanging the selected data; and
  
  d) when the determination during the act ii) is that the second client computer is out of date relative to the first client computer and when the patch has not been successfully installed on the second client computer in response to communicating the patch from the first client computer to the second client computer, refraining from establishing the connection between the first client computer and the second client computer and refraining from exchanging the selected data.
- View Dependent Claims (7, 8, 9, 11, 19)
- - 7. The storage device of claim 6, wherein the storage device further has update information stored in an update file and communicating an update comprises sending the update file.
  - 8. The storage device of claim 7, wherein the update file comprises virus signatures.
  - 9. The storage device of claim 7, further having computer-executable instructions for performing steps comprising:
    - d) receiving at the first client computer a second update from the second client computer; and
      
      e) validating the authenticity of the second update file by applying a key to the second update file.
  - 11. The storage device of claim 6, wherein the first update status and second update status further comprises a time of last update of software components on the first and second client computers, respectively.
  - 19. The storage device of claim 6, further comprising, when the patch has not been successfully installed on the second client in response to communicating the patch:
    - determining whether the patch is a critical patch;
      
      when the patch is a critical patch, performing the refraining from establishing the connection between the first client computer and the second client computer and refraining from exchanging the selected data; and
      
      when the patch is not a critical patch, establishing the connection between the first client computer and the second client computer and exchanging the selected data.

12. A method comprising:
- a) ascertaining first update status of a first client computer, the first update status identifying patches applied to software on the first client computer;
  
  b) initiating a connection with a second client computer for exchanging selected data with the second client computer, the initiating comprising exchanging handshake messages between the first client computer and the second client computer, the initiating comprising;
  
  i) receiving a second update status from the second client computer as part of a message of the handshake messages, the second update status identifying patches applied to software on the second client computer;
  
  ii) determining whether the second client computer is out-of-date relative to the first client computer, the determining comprising comparing patches identified in each of the first and second update statuses for a common software component installed on each of the first and second client computers;
  
  iii) in response to a determination during the act ii) that the second client computer is out of date relative to the first client computer, communicating a patch for the common software component from the first client computer to the second client computer, the patch being digitally protected so as to enable the second client to determine whether the patch was originally provided from a source trusted by the second client;
  
  c) after the patch has been successfully installed on the second client computer in response to communicating the patch, or when the second client computer is determined not to be out-of-date relative to the first client computer, establishing the connection between the first client computer and the second client computer and exchanging the selected data; and
  
  d) when the determination during the act ii) is that the second client computer is out of date relative to the first client computer and when the patch has not been successfully installed on the second client computer in response to communicating the patch from the first client computer to the second client computer, refraining from establishing the connection between the first client computer and the second client computer and refraining from exchanging the selected data.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein communicating an update comprises sending an update file.
  - 14. The method of claim 13, wherein communicating the update file comprises communicating virus signatures.
  - 15. The method of claim 13, wherein communicating the update file comprises communicating a patch for software operating on the second client computer.
  - 16. The method of claim 12, further comprising:
    - c) receiving at the first client computer a second update from the second client computer; and
      
      d) validating the authenticity of the second update file by applying a key to the second update file.
  - 17. The method of claim 12, wherein the first update status and second update status further comprises a time of last update of software components on the first and second client computers, respectively.

18. The method of 1, wherein establishing the connection after the update information has been communicated to the second client comprises conditioning the establishing of the connection on the second client being up-to-date.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Choe, Calvin Choon-Hwan
Primary Examiner(s)
Moise, Emmanuel L
Assistant Examiner(s)
KIM, EDWARD J

Application Number

US11/297,681
Publication Number

US 20070136297A1
Time in Patent Office

2,504 Days
Field of Search

709/220, 709/221, 709/223, 709/246, 709/201, 709217-219, 709/225, 709227-229, 709236-237, 707610-615, 707/685
US Class Current

709/229
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

Peer-to-peer remediation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Peer-to-peer remediation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others