Master security policy server

US 8,776,230 B1
Filed: 10/02/2001
Issued: 07/08/2014
Est. Priority Date: 10/02/2001
Status: Active Grant

First Claim

Patent Images

1. A computerized method of distributing security policies comprising:

maintaining a security policy at a master policy server;

periodically synchronizing the master policy server and a local policy server to replicate the security policy at the local policy server;

wherein the local policy server manages security with respect to a plurality of client platforms operating anti-virus programs and wherein the local policy server is configured to consolidate security statistics received from each of the plurality of client platforms, and wherein the synchronizing further comprises obtaining the consolidated security statistics associated with the client platforms from the local policy server, and wherein the master policy server is configured to schedule the synchronizing at times when less data traffic is experienced on a network associated with the master policy server and the local policy server, and wherein the master policy server is configured to maintain global level security policy configurations to be used by the local policy server for deriving set-up policies for the anti-virus programs of the client platforms;

requesting the consolidated security statistics from the local policy server by the master policy server;

receiving the consolidated security statistics from the local policy server by the master policy server; and

deriving a global status from the consolidated security statistics.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A master policy server manages security polices for client computers through a network of local policy servers. Each local policy server is responsible for the security policies on a group of clients and maintains a data store containing the security policies and security information pertaining to the clients. Periodically, the master policy server and the local policy server synchronize, at which time the master policy server replicates updated policies to the local policy servers and the local policy servers upload client security statistics to the master policy server for consolidation into a global status.

43 Citations

View as Search Results

25 Claims

1. A computerized method of distributing security policies comprising:
- maintaining a security policy at a master policy server;
  
  periodically synchronizing the master policy server and a local policy server to replicate the security policy at the local policy server;
  
  wherein the local policy server manages security with respect to a plurality of client platforms operating anti-virus programs and wherein the local policy server is configured to consolidate security statistics received from each of the plurality of client platforms, and wherein the synchronizing further comprises obtaining the consolidated security statistics associated with the client platforms from the local policy server, and wherein the master policy server is configured to schedule the synchronizing at times when less data traffic is experienced on a network associated with the master policy server and the local policy server, and wherein the master policy server is configured to maintain global level security policy configurations to be used by the local policy server for deriving set-up policies for the anti-virus programs of the client platforms;
  
  requesting the consolidated security statistics from the local policy server by the master policy server;
  
  receiving the consolidated security statistics from the local policy server by the master policy server; and
  
  deriving a global status from the consolidated security statistics.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computerized method of claim 1 further comprising:
    - replicating the security policy to the local policy server upon request to the master policy server.
  - 3. The computerized method of claim 2, wherein a plurality of security policies are capable of being created at the master policy server.
  - 4. The computerized method of claim 3, wherein the local policy server requests a specific security policy from the plurality of security policies.
  - 5. The computerized method of claim 1 further comprising:
    - creating the security policy at the local policy server; and
      
      transferring the security policy to the master policy server.
  - 6. The computerized method of claim 1 further comprising:
    - creating the security policy at the master policy server.
  - 7. The computerized method of claim 1, wherein the synchronizing is performed securely across a communications medium coupling the master policy server and the local policy server.
  - 8. The computerized method of claim 1, further comprising:
    - deriving security policy parameters particular to each client platform from global security parameters, the security policy at the master policy comprising the global security parameters.
  - 9. The computerized method of claim 1, wherein the plurality of client platforms managed by the local policy server are determined according to hardware and software platform type.
  - 10. The computerized method of claim 1, wherein the plurality of client platforms managed by the local policy server are determined according to at least one of a domain name, a site location, and a physical or logical region.
  - 11. The computerized method of claim 1, wherein the local policy server schedules checks for updated policies in addition to periodically synchronizing with the master policy server.

12. A non-transitory computer-readable medium having executable instructions to cause a computer to perform a method comprising:
- maintaining a security policy at a master policy server;
  
  periodically synchronizing the master policy server and a local policy server to replicate the security policy at the local policy server;
  
  wherein the local policy server manages security with respect to a plurality of client platforms operating anti-virus programs and wherein the local policy server is configured to consolidate security statistics received from each of the plurality of client platforms, and wherein the synchronizing further comprises obtaining the consolidated security statistics associated with the client platforms from the local policy server, and wherein the master policy server is configured to schedule the synchronizing at times when less data traffic is experienced on a network associated with the master policy server and the local policy server, and wherein the master policy server is configured to maintain global level security policy configurations to be used by the local policy server for deriving set-up policies for the anti-virus programs of the client platforms;
  
  requesting the consolidated security statistics from the local policy server by the master policy server;
  
  receiving the consolidated security statistics from the local policy server by the master policy server; and
  
  deriving a global status from the consolidated security statistics.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer-readable medium of claim 12, wherein the method further comprises:
    - replicating the security policy to the local policy server upon request to the master policy server.
  - 14. The non-transitory computer-readable medium of claim 12, wherein the method further comprises:
    - creating the security policy at the local policy server; and
      
      transferring the security policy to the master policy server.
  - 15. The non-transitory computer readable medium of claim 12, wherein the method further comprises:
    - creating the security policy at the master policy server.
  - 16. The non-transitory computer readable medium of claim 12, wherein the synchronizing is performed securely across a communications medium coupling the master policy server and the local policy server.
  - 17. The non-transitory computer readable medium of claim 12, wherein the method further comprises:
    - deriving security policy parameters particular to each client platform from global security parameters, the security policy at the master policy comprising the global security parameters.

18. A computer system comprising:
- a processor and a memory coupled through a bus;
  
  a network interface coupled to the processor through the bus; and
  
  a master server process executed from the memory by the processor to cause the processor to maintain a security policy and to periodically synchronize with a local policy server through the network interface to replicate the security policy at the local policy server;
  
  wherein the local policy server manages security with respect to a plurality of client platforms operating anti-virus programs and wherein the local policy server is configured to consolidate security statistics received from each of the plurality of client platforms, and wherein the synchronizing further comprises obtaining the consolidated security statistics associated with the client platforms from the local policy server, and wherein the master server process is configured to schedule the synchronizing at times when less data traffic is experienced on a network associated with the master server process and the local policy server, and wherein the master server process is configured to maintain global level security policy configurations to be used by the local policy server for deriving set-up policies for the anti-virus programs of the client platforms; and
  
  wherein the master server process is further configured to request the consolidated security statistics from the local policy server, receive the consolidated security statistics from the local policy server and derive a global status from the consolidated security statistics.
- View Dependent Claims (19, 20, 21)
- - 19. The computer system of claim 18, wherein the master server process further causes the processor to receive a request from the local policy server and to replicate the security policy to the local policy server in response.
  - 20. The computer system of claim 18, wherein the master server process further causes the processor to create the security policy.
  - 21. The computer system of claim 18, wherein the master server process further causes the processor to couple the network interface to a secure communications medium for synchronization.

22. A computer system comprising:
- a processor and a memory coupled through a bus;
  
  a network interface coupled to the processor through the bus; and
  
  a local server process executed from the memory by the processor to cause the processor to periodically synchronize with a master policy server through the network interface to receive a security policy from a master policy server;
  
  wherein the local server process manages security with respect to a plurality of client platforms operating anti-virus programs and wherein the local server process is configured to consolidate security statistics received from each of the plurality of client platforms, and wherein the synchronizing further comprises obtaining the consolidated security statistics associated with the client platforms from the local server process, and wherein the master policy server is configured to schedule the synchronizing at times when less data traffic is experienced on a network associated with the master policy server and the local server process, and wherein the master policy server is configured to maintain global level security policy configurations to be used by the local server process for deriving set-up policies for the anti-virus programs of the client platforms; and
  
  wherein the local server process is further configured to receive a request for the consolidated security statistics from the master policy server and send the consolidated security statistics to the master policy server; and
  
  wherein the master policy server is configured to derive a global status from the consolidated security statistics.
- View Dependent Claims (23, 24, 25)
- - 23. The computer system of claim 22, wherein the local server process further causes the processor to request a security policy from the master policy server through the network interface and to receive the security policy in response.
  - 24. The computer system of claim 22, wherein the local server process further causes the processor to create the security policy and to transfer the security policy to a master policy server through the network interface.
  - 25. The computer system of claim 22, wherein the local server process further causes the processor to derive security policy parameters particular to each client platform from global security parameters, the security policy at the master policy comprising the global security parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Singleton, Richard B.
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US09/969,686
Time in Patent Office

4,662 Days
Field of Search

709/225, 726/3, 726/22, 726/24, 726/1, 713/188, 713/200, 713/201
US Class Current

726/24
CPC Class Codes

G06F 16/178   Techniques for file synchro...

G06F 21/552   involving long-term monitor...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0218   Distributed architectures, ...

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Master security policy server

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Master security policy server

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links