Multi-platform operational objective configurator for computing devices

US 8,805,972 B1
Filed: 06/26/2013
Issued: 08/12/2014
Est. Priority Date: 06/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method for managing security application configuration settings for a plurality of diverse computing devices having independent security applications, the method comprising:

hosting, via a computer-implemented configuration service, a user interface associated with a user account that facilitates selective adjustment of security functionality settings for a plurality of security objectives;

maintaining, by the computer-implemented configuration service, a first mapping that associates each of the security objectives with a corresponding set of tasks;

maintaining, by the computer-implemented configuration service, a second mapping that associates each task with different sets of security modules executable on corresponding different ones of the diverse computing devices, each of the security modules comprising instructions that, when executed according to certain operational parameter settings by its corresponding computing device, cause that computing device to perform at least a portion of the corresponding task;

maintaining, by the computer-implemented configuration service, an inventory of computing devices and security modules available on each of the computing devices, associated with the user account;

receiving, via the user interface, security functionality setting input defining at least one security objective to be carried out on each of the diverse computing devices;

determining, by the computer-implemented configuration service, based on the inventory and on the security functionality setting input, an extent to which each independent security application of each one of the computing devices has a capability to meet the at least one security objective;

in response to a result of the determining being indicative of a first computing device having capability to meet the at least one security objective, generating, by the configuration service, configuration instructions particularized to the first computing device to cause a first security application of the first computing device to carry out the tasks associated with the at least one security objective; and

in response to a result of the determining being indicative of a second computing device lacking capability to meet one or more of the at least one security objective, indicating, by the configuration service, an exception condition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application configuration settings are managed for a plurality of diverse computing devices having different resources including independent applications. An operational objective defining certain behaviors for a plurality of applications executable computing devices is received via a user input. Configuration and resource information is obtained for each computing device. A determination is made of applications on each of the computing devices for which the specified operational objective can be at least partially achieved. The determination is based on the user input, on the configuration and resource information for each of the computing devices, and on a predefined set of resource mappings that defines requirements for meeting various operational objectives and resources needed for meeting each of the requirements. Configuration instructions particularized to one or more of the computing devices is generated in response to the determination that the operational objective can be at least partially achieved.

67 Citations

View as Search Results

22 Claims

1. A method for managing security application configuration settings for a plurality of diverse computing devices having independent security applications, the method comprising:
- hosting, via a computer-implemented configuration service, a user interface associated with a user account that facilitates selective adjustment of security functionality settings for a plurality of security objectives;
  
  maintaining, by the computer-implemented configuration service, a first mapping that associates each of the security objectives with a corresponding set of tasks;
  
  maintaining, by the computer-implemented configuration service, a second mapping that associates each task with different sets of security modules executable on corresponding different ones of the diverse computing devices, each of the security modules comprising instructions that, when executed according to certain operational parameter settings by its corresponding computing device, cause that computing device to perform at least a portion of the corresponding task;
  
  maintaining, by the computer-implemented configuration service, an inventory of computing devices and security modules available on each of the computing devices, associated with the user account;
  
  receiving, via the user interface, security functionality setting input defining at least one security objective to be carried out on each of the diverse computing devices;
  
  determining, by the computer-implemented configuration service, based on the inventory and on the security functionality setting input, an extent to which each independent security application of each one of the computing devices has a capability to meet the at least one security objective;
  
  in response to a result of the determining being indicative of a first computing device having capability to meet the at least one security objective, generating, by the configuration service, configuration instructions particularized to the first computing device to cause a first security application of the first computing device to carry out the tasks associated with the at least one security objective; and
  
  in response to a result of the determining being indicative of a second computing device lacking capability to meet one or more of the at least one security objective, indicating, by the configuration service, an exception condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein indicating the exception condition includes providing a notification to a user, via the user interface, that the second computing device is not fully configurable for the at least one security objective.
  - 3. The method of claim 2, wherein indicating the exception condition further includes soliciting user authorization to obtain at least one additional security application component to increase the capability of the second computing device to carry out tasks associated with the at least one security objective.
  - 4. The method of claim 1, further comprising:
    - in response to the exception condition, generating, by the computer-implemented configuration service, configuration instructions particularized to the second computing device to cause a second security application of the second computing device to carry out a reduced set of tasks associated with the at least one security objective for which the second computing device lacks a capability to meet.
  - 5. The method of claim 1, further comprising:
    - in response to the exception condition, generating, by the computer-implemented configuration service, configuration instructions particularized to the second computing device to cause a second security application of the second computing device to limit functionality of at least one software application that represents a risk attributable to the lack of capability of the second computing device to meet the at least one security objective.
  - 6. The method of claim 1, further comprising:
    - in response to the exception condition, assessing, by the computer-implemented configuration service, an extent to which a second security application of the second computing device is able to partially carry out tasks associated with the one or more security objective for which the second computing device lacks a capability to meet fully.
  - 7. The method of claim 1, further comprising:
    - transmitting the configuration instructions particularized to the first computing device for reception by a local configuration remote agent executing on the first computing device.
  - 8. The method of claim 1, wherein in generating the configuration instructions particularized to the first computing device, the configuration instructions include configuration parameters and specific values thereof.
  - 9. The method of claim 1, wherein in generating the configuration instructions particularized to the first computing device, the configuration instructions include a specific configuration script executable on the first computing device.

10. A method for managing application configuration settings for a plurality of diverse computing devices having independent applications, the method comprising:
- hosting, via a configuration service, a user interface associated with a user account that facilitates selective adjustment of functionality preferences defining certain behaviors adjustable in a plurality of independent applications;
  
  maintaining, by the configuration service, an inventory of computing devices and resources available on each of the computing devices, associated with the user account;
  
  storing, by the configuration service, a first mapping that associates user-specifiable application behavior objectives with applications having adjustable settings impacting at least a portion of each one of the user-specifiable application behavior objectives;
  
  storing, by the configuration service, a second mapping that associates each of the applications of the first mapping with available adjustable parameters and corresponding particular behaviors;
  
  receiving, via the user interface on the configuration service, application behavior setting input defining at least one user-specified behavior objective to be instituted on each of the plurality of diverse computing devices;
  
  determining, by the configuration service, based on the first mapping, on the inventory, and on the application behavior setting input, applications present on computing devices having a capability to at least partially achieve for which the at least one user-specified behavior objective;
  
  in response to a result of the determining being indicative of a first computing device having at least one application with the capability to at least partially achieve at least one user-specified behavior objective, generating, by the configuration service, configuration instructions particularized to the first computing device to cause the first computing device to configure the at least one application to institute the at least one user-specified behavior objective based on the second mapping; and
  
  transmitting, by the configuration service, the configuration instructions for reception by a local configuration remote agent executing on the first computing device.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, further comprising:
    - determining, by the configuration service, based on the inventory and on the application behavior setting input, an extent to which each independent application of each one of the plurality of diverse computing devices has a respective capability to achieve the at least one user-specified behavior objective;
      
      andproviding a notification to a user, via the user interface, of an extent to which each independent application has the respective capability to achieve the at least one user-specified behavior objective.
  - 12. The method of claim 10, wherein in generating the configuration instructions, the configuration instructions include configuration parameters and specific values thereof.
  - 13. The method of claim 10, wherein in generating the configuration instructions, the configuration instructions include a specific configuration script executable on the first computing device.

14. A system for managing application configuration settings for a plurality of diverse computing devices having different resources including independent applications, the system comprising:
- set of instructions executable by computing hardware and stored in a non-transitory storage medium that, when executed, cause the computing hardware to implement;
  
  a user interface module that facilitates interaction with a user corresponding to a user account to accept user input for setting a specified operational objective defining certain behaviors for a plurality of applications executable on the plurality of diverse computing devices associated with the user account;
  
  a remote agent interface module that communicates with each of the plurality of diverse computing devices associated with the user account to obtain configuration and resource information for that computing device;
  
  an analysis module that produces a determination of independent applications, if any, on each of the plurality of computing devices, which are capable to at least partially achieve the specified operational objective the determination being based on the user input, on the configuration and resource information for each of the plurality of computing devices, and on a predefined set of resource mappings that defines requirements for meeting various operational objectives and resources needed for meeting each of the requirements; and
  
  a device configurator module that generates configuration instructions particularized to one or more target computing devices of the plurality of diverse computing devices in response to the determination by the analysis module being indicative that the one or more target computing devices can at least partially achieve the specified operational objective, wherein the configuration instructions, when executed, cause the one or more target computing devices to reconfigure their resources to operate in accordance with the specified operational objective.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The system of claim 14, wherein the different resources include security applications, wherein the specified operational objective is a security objective, and wherein the requirements for meeting various operational objectives are security tasks.
  - 16. The system of claim 14, wherein the analysis module is adapted to:
    - generate a set of functionality requirements particularized to the specified operational objective based on a predefined first mapping of the resource mappings that associates the various operational objectives with functionality requirements for carrying out each of the various operational objectives; and
      
      generate a set of resource requirements particularized to the specified operational objective based on a predefined second mapping of the resource mappings that associates various functionality requirements with resource requirements for implementing each of the various functionality requirements; and
      
      compare the set of resource requirements particularized to the specified operational objective with the configuration and resource information of each of the plurality of diverse computing devices to produce an indication of one or more target computing devices having the capability to at least partially achieve on which the specified operational objective.
  - 17. The system of claim 16, further comprising:
    - a first mapping module that maintains the predefined first mapping in a data structure stored in a non-transitory storage medium; and
      
      a second mapping module that maintains the predefined second mapping in a data structure stored in a non-transitory storage medium.
  - 18. The system of claim 14, further comprising:
    - a user account module that maintains, in a non-transitory storage medium;
      
      an inventory data structure that stores an inventory of the configuration and resource information for each one of the plurality of diverse computing devices associated with the user account; and
      
      a user specifications data structure that stores a set of user-specified operational objectives corresponding to the user account.
  - 19. The system of claim 14, wherein the analysis module is adapted to provide, via the user interface module, a notification to a user of an exception determination in response to a determination that at least one limited computing device lacks resources to fully implement the specified operational objective.
  - 20. The system of claim 19, wherein the analysis module is adapted to solicit, via the user interface module, an approval for partially implementing the specified operational objective in response to an exception determination.
  - 21. The system of claim 19, wherein the device configurator module is adapted to generate exception configuration instructions in response to an exception determination, the exception configuration instructions, when executed, cause the at least one limited computing devices to reconfigure its resources to operate partially in accordance with the operational objective.

22. A system for managing security application configuration settings for a plurality of diverse computing devices having independent security applications, the system comprising computing hardware and instructions stored in the computing hardware, that, when executed, cause the computing hardware to implement:
- a user interface module associated with a user account that facilitates selective adjustment of security functionality settings for a plurality of security objectives;
  
  a communicative coupling to a first mapping data set that associates each of the plurality of security objectives with a corresponding set of tasks;
  
  a communicative coupling to a second mapping data set that associates each task with different sets of security modules executable on corresponding different ones of the plurality of diverse computing devices, each of the security modules comprising instructions that, when executed according to certain operational parameter settings by its corresponding computing device, cause that computing device to perform at least a portion of the corresponding task;
  
  an inventory module that stores an inventory of computing devices and security modules available on each of the plurality of diverse computing devices associated with the user account;
  
  a user specifications module that stores information defining at least one security objective to be carried out on each of the plurality of diverse computing devices;
  
  an analysis module that determines, based on the inventory and on the information defining at least one security objective to be carried out, an extent to which each of the independent security application of each one of the plurality of diverse computing devices is capable of meeting the at least one security objective;
  
  a device configurator module that generates configuration instructions in response to a result of the determining being indicative of a first computing device having capability to meet the at least one security objective, the configuration instructions being particularized to the first computing device to cause a security application of the first computing device to carry out the tasks associated with the at least one security objective; and
  
  wherein the analysis module is configured to cause the user interface module to indicate an exception condition in response to a result of the determining being indicative of a second computing device lacking capability to meet one or more of the at least one security objective.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Kaspersky Lab ZAO
Inventors
Merkulov, Petr S., Dronov, Victor F.
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US13/928,125
Time in Patent Office

412 Days
Field of Search

709220-223, 709227-229, 726 22- 25
US Class Current

709/220
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Multi-platform operational objective configurator for computing devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-platform operational objective configurator for computing devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links