Compliance protocol and architecture

US 8,874,685 B1
Filed: 09/22/2010
Issued: 10/28/2014
Est. Priority Date: 09/22/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method of enabling a client to receive secure packages, the method comprising:

establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;

configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;

receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;

automatically routing the security update from the electronic mail messaging application to the security configuration management application;

inspecting, using the security configuration management application, the security update to ensure that the security update is valid;

loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;

executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises;

performing a security compliance survey of the client;

determining a security metric of the client based on an outcome of the security compliance survey;

comparing the determined security metric of the client with a compliance threshold;

when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and

when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process for centrally managing a large number of computers from a central location when technical expertise is not available at each end point nor can other remote management techniques be employed such as remote desktop or direct connection to an agent.

This process consists of the generation of processing instructions at a central point which can then be distributed to any number of endpoints in an asynchronous manner where they will be automatically applied and, if requested, response returned to the central management point asynchronously. The communication mechanisms are secure, verifiable, and require no special expertise at the endpoint to employ.

Asynchronous refers to the ability for processing instructions and responses to be transferred by a variety of methods but not solely dependent on direct communications, such as via a store-and-forward mechanism, and can also include server-side push directly to the endpoint and client-side pull from a predetermined rendezvous point. The processing instructions can include system settings checks, asset enumeration, messaging/user notification, security assessment, configuration changes, software installation/removal, or any combination, to include actions such as patch download and installation based on the results of a security assessment.

62 Citations

View as Search Results

11 Claims

1. A method of enabling a client to receive secure packages, the method comprising:
- establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
  
  configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
  
  receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
  
  automatically routing the security update from the electronic mail messaging application to the security configuration management application;
  
  inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
  
  loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
  
  executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises;
  
  performing a security compliance survey of the client;
  
  determining a security metric of the client based on an outcome of the security compliance survey;
  
  comparing the determined security metric of the client with a compliance threshold;
  
  when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and
  
  when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - configuring the security configuration management application to route a confirmation message to the security configuration manager using the electronic mail messaging application; and
      
      sending, using the electronic mail messaging application, the confirmation message to the security configuration manager.
  - 3. The method of claim 1 wherein automatically routing the security update from the electronic mail messaging application to the security configuration management application includes automatically prompting the user to confirm that the security update should be routed to the security configuration management application.
  - 4. The method of claim 1 wherein automatically routing the security update from the electronic mail messaging application to the security configuration management application includes sending the security update to the security configuration management application without user interaction.
  - 5. The method of claim 1 wherein receiving the security message includes receiving the security message addressed to a particular machine.
  - 6. The method of claim 1 wherein receiving the security message includes receiving the security message addressed to a user identity.
  - 7. The method of claim 1 wherein receiving the security message includes receiving the security message addressed to a particular piece of software.
  - 8. The method of claim 1 further comprising receiving, on the client, security actions generated by an administrator with appropriate authority, using an electronic mail messaging infrastructure to which the electronic mail messaging application interfaces.
  - 9. The method of claim 1 wherein establishing the connection includes passing instructions using an API within the client.

10. A system configured to enable a client to receive secure packages, the system comprising a processor and instructions that when executed on the processor cause the processor to perform operations that include:
- establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
  
  configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
  
  receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
  
  automatically routing the security update from the electronic mail messaging application to the security configuration management application;
  
  inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
  
  loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
  
  executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises;
  
  performing a security compliance survey of the client;
  
  determining a security metric of the client based on an outcome of the security compliance survey;
  
  comparing the determined security metric of the client with a compliance threshold;
  
  when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and
  
  when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.

11. A non-transitory computer readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations that include:
- establishing, on a client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
  
  configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
  
  receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
  
  automatically routing the security update from the electronic mail messaging application to the security configuration management application;
  
  inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
  
  loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
  
  executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises;
  
  performing a security compliance survey of the client;
  
  determining a security metric of the client based on an outcome of the security compliance survey;
  
  comparing the determined security metric of the client with a compliance threshold;
  
  when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and
  
  when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Threatguard, Inc.
Original Assignee
Threatguard, Inc.
Inventors
Hollis, Robert L., Engelbach, Gunnar, Taylor, Randal Scot
Primary Examiner(s)
Patel, Hitesh

Application Number

US12/888,269
Time in Patent Office

1,497 Days
Field of Search

709/203, 709/217, 726/1, 726/3, 726/23, 726/25, 713/188, 713/189, 713/191
US Class Current

709/217
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Compliance protocol and architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Compliance protocol and architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links