Compliance protocol and architecture
First Claim
1. A method of enabling a client to receive secure packages, the method comprising:
- establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
automatically routing the security update from the electronic mail messaging application to the security configuration management application;
inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises;
performing a security compliance survey of the client;
determining a security metric of the client based on an outcome of the security compliance survey;
comparing the determined security metric of the client with a compliance threshold;
when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and
when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.
1 Assignment
0 Petitions
Accused Products
Abstract
A process for centrally managing a large number of computers from a central location when technical expertise is not available at each end point nor can other remote management techniques be employed such as remote desktop or direct connection to an agent.
This process consists of the generation of processing instructions at a central point which can then be distributed to any number of endpoints in an asynchronous manner where they will be automatically applied and, if requested, response returned to the central management point asynchronously. The communication mechanisms are secure, verifiable, and require no special expertise at the endpoint to employ.
Asynchronous refers to the ability for processing instructions and responses to be transferred by a variety of methods but not solely dependent on direct communications, such as via a store-and-forward mechanism, and can also include server-side push directly to the endpoint and client-side pull from a predetermined rendezvous point. The processing instructions can include system settings checks, asset enumeration, messaging/user notification, security assessment, configuration changes, software installation/removal, or any combination, to include actions such as patch download and installation based on the results of a security assessment.
62 Citations
11 Claims
-
1. A method of enabling a client to receive secure packages, the method comprising:
-
establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client; configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application; receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client; automatically routing the security update from the electronic mail messaging application to the security configuration management application; inspecting, using the security configuration management application, the security update to ensure that the security update is valid; loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application; executing, using the security configuration management application, the loaded instructions, wherein executing the loaded instructions comprises; performing a security compliance survey of the client; determining a security metric of the client based on an outcome of the security compliance survey; comparing the determined security metric of the client with a compliance threshold; when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system configured to enable a client to receive secure packages, the system comprising a processor and instructions that when executed on the processor cause the processor to perform operations that include:
- establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
automatically routing the security update from the electronic mail messaging application to the security configuration management application;
inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises; performing a security compliance survey of the client; determining a security metric of the client based on an outcome of the security compliance survey; comparing the determined security metric of the client with a compliance threshold; when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.
- establishing, on the client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
-
11. A non-transitory computer readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations that include:
- establishing, on a client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
configuring the electronic mail messaging application to route a security message with a security update for the security configuration management application from the electronic mail messaging application to the security configuration management application;
receiving, at the electronic mail messaging application on the client, the security message from a security configuration manager, wherein the security configuration manager is executed on one or more computers external to the client;
automatically routing the security update from the electronic mail messaging application to the security configuration management application;
inspecting, using the security configuration management application, the security update to ensure that the security update is valid;
loading, in response to inspecting the security update to ensure that the security update is valid, instructions within the security update to the security configuration management application;
executing, using the security configuration management application, the loaded instructions,wherein executing the loaded instructions comprises; performing a security compliance survey of the client; determining a security metric of the client based on an outcome of the security compliance survey; comparing the determined security metric of the client with a compliance threshold; when the determined security metric of the client meets or exceeds the compliance threshold, instructing the client to enter an activated state in which one or more features of the client are activated; and when the determined security metric of the client does not meet the compliance threshold, instructing the client to enter a secured state in which one or more features of the client are limited.
- establishing, on a client, a connection between a security configuration management application and an electronic mail messaging application, wherein the security configuration management application and the electronic mail messaging application are both executed on the client;
Specification