US20130246590A1 - Autonomous network device configuration method - Google Patents

Autonomous network device configuration method Download PDF

Info

Publication number
US20130246590A1
US20130246590A1 US13/875,970 US201313875970A US2013246590A1 US 20130246590 A1 US20130246590 A1 US 20130246590A1 US 201313875970 A US201313875970 A US 201313875970A US 2013246590 A1 US2013246590 A1 US 2013246590A1
Authority
US
United States
Prior art keywords
network device
target network
configuration data
encapsulated agent
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/875,970
Inventor
Daniel E. Ford
Charles F. Clark
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Enterprise Development LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to US13/875,970 priority Critical patent/US20130246590A1/en
Publication of US20130246590A1 publication Critical patent/US20130246590A1/en
Assigned to HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP reassignment HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/177Initialisation or configuration control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs

Definitions

  • the present invention generally relates to networks and configuring devices in such networks.
  • Management applications generally require direct access to target devices, such as routers, switches and hubs, for example, in order to ensure that the appropriate target device receives the configuration data.
  • the central network administrator does not have physical access to the target devices, then the network administrator must trust the technicians that do have physical access to the device. It is very undesirable to grant such limited-trust technicians full access to the data contained in the configuration.
  • the configurations need to be deployed via an indirect channel, such as a technician physically interacting with the target device using a laptop or PDA, then it is difficult to ensure that the configuration remains in existence for only a specified duration of time. Therefore timeliness of the deployment is difficult to ensure.
  • the configurations in current implementations would remain on the intermediate device, such as laptop or PDA. thus allowing a malicious technician to have time to attack the encrypted configuration and potentially compromise the data integrity.
  • One embodiment of the present invention comprises a method of configuring one or more target network devices for operation, that further comprises the steps of creating an object for deployment to a predetermined target network device, the object having configuration data for configuring the target network device, and at least one of identification data identifying the object, an autonomous encapsulated agent for executing necessary steps for installing the configuration data, identification data identifying the predetermined target network device, and authentication data for authenticating at least one of the predetermined target network device identification data and object identification data, transporting the object to the predetermined target network device, and the autonomous encapsulated agent begins an on-site process of installing the configuration data in the predetermined target network device.
  • FIG. 1 is a block diagram of an object having attributes of the present invention
  • FIG. 2 is a flow diagram for carrying out a beginning portion of an embodiment of the method of the present invention.
  • FIG. 3 is a flow diagram for carrying the remaining portion of an embodiment of the method of the present invention.
  • the present invention involves embodiments of a method of protecting and reliably installing configuration data on network devices such as routers, switches and hubs, for example.
  • a remote network administrator has to create the configuration file for a network device as a text file and somehow get it to a remote assistant, such as by email, and the assistant receives the file, opens it, and after physically configuring the device, then download the configuration data into the device.
  • the assistant or technician has to have or know the security credentials that are needed in order to log into the device. Physical access by the person is often necessary, i.e., the person may need to walk up to the device and connect a cable from a laptop computer to the device, for example, or to physically manipulate the switches or settings on the device.
  • Configuration data is sensitive because it will contain policies as to how a particular network device is to behave. For example, it will have policies that certain users cannot get access to certain ports, or certain users cannot send traffic through a certain port. Configurations determine the kind of traffic that is permitted and the traffic priorities that the central administrator wants to go through the device. That kind of information, if available to an attacker, is exactly the kind of information that the attacker would like to have access to. It is desirable to limit that amount of trust that is given to a local assistant or technician and to be able to configure the device without having to disclose the information to the assistant or others in an organization.
  • Embodiments of the present invention create a single software object, into which is tightly encapsulated a network device configuration coupled with software that enables the unit to autonomously install itself into the appropriate target device and automatically delete itself after successful deployment.
  • an object 10 is created which preferably comprises authentication data 12 for authenticating the object itself, configuration data 14 for target devices such as routers, switches and hubs, for example, although the present invention can be used with other types of devices that are capable of being configured.
  • the object 10 also comprises identification data for the target device 16 and an autonomous encapsulated agent 18
  • Embodiments of the invention employ network device configurations that would be encapsulated into a tightly coupled module or block containing both data and the autonomous encapsulated software agent 18 .
  • the entire configuration for such a device can be set up in the form of a text file that has information about how that device is to be configured.
  • the configuration files are constructed for these network devices and contain information, for example, internet protocol (or “IP”) address, simplified network management protocol (or “SNMP”) community strings necessary for the network device to properly communicate on the network, the operating speed of particular ports of the device; the name given to the device, the users that are allowed to access the device, the security credentials that are needed to access the device, for example.
  • IP internet protocol
  • SNMP simplified network management protocol community strings
  • the configuration text file contain configuration data destined for configuring the device, plus code, i.e., instructions that would be executed automatically as soon as that file was downloaded onto a personal computer or onto a switch. Those instructions would cover what could be done with the configuration data that was bundled within that block or object.
  • the autonomous agent 18 In order to implement this, the autonomous agent 18 must be deployed on the device that can examine these encapsulated configuration files and execute the instructions contained within them and be able to decrypt them and determine if a particular file is destined for it or not.
  • the software agent is preferably an executable agent that exposes a programmatic interface capable of interacting with potential target network devices. In other words, if it were installed in a switch device, the agent in the switch would trigger execution of the code imbedded in the configuration file.
  • the object 10 shown in FIG. I is constructed in the manner as shown in the flow diagram of FIG. 2 whereby an object is created (block 20 ) and then configuration data for a target device is inserted in the object (block 22 ). This is followed by insertion of an autonomous encapsulated agent in the object (block 24 ) as well as the target network device identification data (block 26 ). Similarly, the object itself is provided with object authentication data (block 28 ). At this point, the object as shown in FIG. 1 is complete and it is then necessary to transport the object (block 30 ) to a target network device. This can be done by transmitting the object over a network or the Internet or can be loaded onto an intermediate device such as a laptop, PDA, or other device that is capable of storing the object. When it is in communication with the target network device, such as by a direct link from a laptop to the device, for example, the installation process in the target network device is begun (block 32 ).
  • the first thing that is done is to authenticate the target network device (block 34 ). More particularly, once the agent detects contact with a network device (via a serial port, a USB connection, or even a standard network connection), it verifies that the device it is in contact with is the intended target device. This is done by validating certificates or other security credentials available on the target device.
  • the installation process is aborted (block 36 ). If it is authenticated then the object 10 also supplies its own credentials to the target device in order for the target device to validate the authenticity of the object transporting the configuration data (block 38 ). Once mutual authentication is complete, the agent deploys the configuration to the device in a secure fashion.
  • the configuration data is installed on the target device, (block 40 ), but if not, then the installation process is aborted (block 36 ).
  • the agent 18 destroys the configuration data, ( 42 ) and terminates its own execution existence. There are different platforms that support different mechanisms for deleting data or files. If it was on a USB flash drive, and you put the flash drive on a laptop computer, the Windows operating system would automatically execute the autoexec code and would execute whatever it is supposed to do.
  • the installation of the configuration data be done within a predetermined time period, and if it is not installed also results in the destruction of the configuration data (block 42 ).
  • the configuration data is not left intact on a technician or assistant's laptop, for example, and is therefore not vulnerable to improper or inadvertent misappropriation.
  • the device configurations can be deployed over indirect and insecure delivery channels without concern for compromising the contained configuration.
  • indirect it is meant that the configuration can be deployed to an intermediate computational device (such as a laptop or notebook computer or a FDA), which in turn delivers it to the target device.
  • the source of the autonomous configuration which is preferably an authorized management application, need not have physical connectivity with the target device.
  • Such autonomous configurations can be given to technicians with only a limited security clearance, because it is very unlikely that such limited trust technicians would be able to decode and read the configuration data.
  • the embodiments only deploy the configuration data to an authorized and intended target device and deploy the configuration in a timely manner. This is because if the autonomous configuration is not deployed to the target device within a specified window of time, it self-destructs.
  • the embodiments also substantially eliminate unauthorized access to the configuration after deployment, for the same reason that the autonomous configuration self-destructs after a successful deployment.

Abstract

An embodiment of the present invention comprises a method of configuring one or more target network devices for operation, that further comprises the steps of creating an object for deployment to a predetermined target network device, the object having configuration data for configuring the target network device, and at least one of identification data identifying the object, an autonomous encapsulated agent for executing necessary steps for installing the configuration data, identification data identifying the predetermined target network device, and authentication data for authenticating at least one of the predetermined target network device identification data and object identification data, transporting the object to the predetermined target network device, and the autonomous encapsulated agent begins an on-site process of installing the configuration data in the predetermined target network device.

Description

    BACKGROUND OF THE INVENTION
  • The present invention generally relates to networks and configuring devices in such networks.
  • Management applications generally require direct access to target devices, such as routers, switches and hubs, for example, in order to ensure that the appropriate target device receives the configuration data.
  • If the central network administrator does not have physical access to the target devices, then the network administrator must trust the technicians that do have physical access to the device. It is very undesirable to grant such limited-trust technicians full access to the data contained in the configuration.
  • Current deployment solutions have a limited capability to ensure that the configuration is deployed only to the intended targeted device. This is particularly true if the deployment must occur through a secondary computational device, such as a laptop or notebook computer or PDA.
  • If the configurations need to be deployed via an indirect channel, such as a technician physically interacting with the target device using a laptop or PDA, then it is difficult to ensure that the configuration remains in existence for only a specified duration of time. Therefore timeliness of the deployment is difficult to ensure.
  • If the configuration is deployed indirectly, the configurations (in current implementations) would remain on the intermediate device, such as laptop or PDA. thus allowing a malicious technician to have time to attack the encrypted configuration and potentially compromise the data integrity.
  • Current practice is to encapsulate configurations in simple text files. Even though it is possible to encrypt such text files to protect them during transit to the target device, without an autonomous encapsulated agent, it is not possible for the configuration itself to enforce the intended use of the configuration. Such enforcement would have to be implemented by management applications requiring direct interaction with the target device. Such requirements increase the cost and complexity of management solutions, and also impose undesirable connectivity requirements.
    • SUMMARY OF THE INVENTION
  • One embodiment of the present invention comprises a method of configuring one or more target network devices for operation, that further comprises the steps of creating an object for deployment to a predetermined target network device, the object having configuration data for configuring the target network device, and at least one of identification data identifying the object, an autonomous encapsulated agent for executing necessary steps for installing the configuration data, identification data identifying the predetermined target network device, and authentication data for authenticating at least one of the predetermined target network device identification data and object identification data, transporting the object to the predetermined target network device, and the autonomous encapsulated agent begins an on-site process of installing the configuration data in the predetermined target network device.
    • DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of an object having attributes of the present invention;
  • FIG. 2 is a flow diagram for carrying out a beginning portion of an embodiment of the method of the present invention; and
  • FIG. 3 is a flow diagram for carrying the remaining portion of an embodiment of the method of the present invention.
    •  DESCRIPTION OF THE EMBODIMENTS
  • The present invention involves embodiments of a method of protecting and reliably installing configuration data on network devices such as routers, switches and hubs, for example. Currently, a remote network administrator has to create the configuration file for a network device as a text file and somehow get it to a remote assistant, such as by email, and the assistant receives the file, opens it, and after physically configuring the device, then download the configuration data into the device. The assistant or technician has to have or know the security credentials that are needed in order to log into the device. Physical access by the person is often necessary, i.e., the person may need to walk up to the device and connect a cable from a laptop computer to the device, for example, or to physically manipulate the switches or settings on the device. Very often the device will be in another building or a different city from where the network administrator is sitting, so it is desirable to connect to the device over a network and apply configuration changes over the network. However, not everything about configuring a device is possible without being physically present, because part of the configuration process requires placing the device in a rack, plugging in wires in the ports, plugging in the power cord and turning it on.
  • Configuration data is sensitive because it will contain policies as to how a particular network device is to behave. For example, it will have policies that certain users cannot get access to certain ports, or certain users cannot send traffic through a certain port. Configurations determine the kind of traffic that is permitted and the traffic priorities that the central administrator wants to go through the device. That kind of information, if available to an attacker, is exactly the kind of information that the attacker would like to have access to. It is desirable to limit that amount of trust that is given to a local assistant or technician and to be able to configure the device without having to disclose the information to the assistant or others in an organization.
  • Embodiments of the present invention create a single software object, into which is tightly encapsulated a network device configuration coupled with software that enables the unit to autonomously install itself into the appropriate target device and automatically delete itself after successful deployment.
  • Turning to the drawings and particularly FIG. 1, an object 10 is created which preferably comprises authentication data 12 for authenticating the object itself, configuration data 14 for target devices such as routers, switches and hubs, for example, although the present invention can be used with other types of devices that are capable of being configured. The object 10 also comprises identification data for the target device 16 and an autonomous encapsulated agent 18
  • Embodiments of the invention employ network device configurations that would be encapsulated into a tightly coupled module or block containing both data and the autonomous encapsulated software agent 18. The entire configuration for such a device can be set up in the form of a text file that has information about how that device is to be configured. The configuration files are constructed for these network devices and contain information, for example, internet protocol (or “IP”) address, simplified network management protocol (or “SNMP”) community strings necessary for the network device to properly communicate on the network, the operating speed of particular ports of the device; the name given to the device, the users that are allowed to access the device, the security credentials that are needed to access the device, for example. There may be a long list of items that need to be configured. That information can be extracted from the devices and can also be redeployed back to the devices to restore the devices back to a specific configuration state.
  • The configuration text file contain configuration data destined for configuring the device, plus code, i.e., instructions that would be executed automatically as soon as that file was downloaded onto a personal computer or onto a switch. Those instructions would cover what could be done with the configuration data that was bundled within that block or object. In order to implement this, the autonomous agent 18 must be deployed on the device that can examine these encapsulated configuration files and execute the instructions contained within them and be able to decrypt them and determine if a particular file is destined for it or not.
  • If an assistant or technician does not have the security keys that decrypt the block of data were to look at the block of data, it is not possible to tear it apart and identify the part that defines the configuration, or the part that contains the instructions or the part of the key for decrypting. It would not be possible for anyone to analyze the content of the block of data. The block therefore contains configuration data, instructions and security keys that are encrypted. Someone who does not have the proper credentials would be unable to identify the boundaries of the three different parts of the block of data, much less determine what the text file contains.
  • The software agent is preferably an executable agent that exposes a programmatic interface capable of interacting with potential target network devices. In other words, if it were installed in a switch device, the agent in the switch would trigger execution of the code imbedded in the configuration file.
  • The object 10 shown in FIG. I is constructed in the manner as shown in the flow diagram of FIG. 2 whereby an object is created (block 20) and then configuration data for a target device is inserted in the object (block 22). This is followed by insertion of an autonomous encapsulated agent in the object (block 24) as well as the target network device identification data (block 26). Similarly, the object itself is provided with object authentication data (block 28). At this point, the object as shown in FIG. 1 is complete and it is then necessary to transport the object (block 30) to a target network device. This can be done by transmitting the object over a network or the Internet or can be loaded onto an intermediate device such as a laptop, PDA, or other device that is capable of storing the object. When it is in communication with the target network device, such as by a direct link from a laptop to the device, for example, the installation process in the target network device is begun (block 32).
  • The first thing that is done is to authenticate the target network device (block 34). More particularly, once the agent detects contact with a network device (via a serial port, a USB connection, or even a standard network connection), it verifies that the device it is in contact with is the intended target device. This is done by validating certificates or other security credentials available on the target device.
  • If it is not authenticated, then the installation process is aborted (block 36). If it is authenticated then the object 10 also supplies its own credentials to the target device in order for the target device to validate the authenticity of the object transporting the configuration data (block 38). Once mutual authentication is complete, the agent deploys the configuration to the device in a secure fashion.
  • If that authentication is confirmed, then the configuration data is installed on the target device, (block 40), but if not, then the installation process is aborted (block 36). Once the deployment to the target device is complete, the agent 18 destroys the configuration data, (42) and terminates its own execution existence. There are different platforms that support different mechanisms for deleting data or files. If it was on a USB flash drive, and you put the flash drive on a laptop computer, the Windows operating system would automatically execute the autoexec code and would execute whatever it is supposed to do.
  • It is desired that the installation of the configuration data be done within a predetermined time period, and if it is not installed also results in the destruction of the configuration data (block 42). Thus, in either event, the configuration data is not left intact on a technician or assistant's laptop, for example, and is therefore not vulnerable to improper or inadvertent misappropriation.
  • There are several advantages of the embodiments of the present invention. The device configurations can be deployed over indirect and insecure delivery channels without concern for compromising the contained configuration. By indirect, it is meant that the configuration can be deployed to an intermediate computational device (such as a laptop or notebook computer or a FDA), which in turn delivers it to the target device.
  • Also, the source of the autonomous configuration, which is preferably an authorized management application, need not have physical connectivity with the target device. Such autonomous configurations can be given to technicians with only a limited security clearance, because it is very unlikely that such limited trust technicians would be able to decode and read the configuration data. The embodiments only deploy the configuration data to an authorized and intended target device and deploy the configuration in a timely manner. This is because if the autonomous configuration is not deployed to the target device within a specified window of time, it self-destructs. The embodiments also substantially eliminate unauthorized access to the configuration after deployment, for the same reason that the autonomous configuration self-destructs after a successful deployment.
  • While various embodiments of the present invention have been shown and described, it should be understood that other modifications, substitutions and alternatives are apparent to one of ordinary skill in the art. Such modifications, substitutions and alternatives can be made without departing from the spirit and scope of the invention, which should be determined from the appended claims.
  • Various features of the invention are set forth in the following claims.

Claims (21)

1-16. (canceled)
17. An apparatus for creating an object to configure a target device, said apparatus comprising:
a processor;
a memory storing machine readable instructions that when executed cause the processor to:
create an object for deployment to a target network device, said object having identification data identifying said object;
insert configuration data in the object, said configuration data to configure said target network device;
insert an autonomous encapsulated agent in said object, wherein the autonomous encapsulated agent is to autonomously install the configuration data into the target network device;
insert identification data identifying said target network device in said object; and
insert authentication data in said object authenticating at least one of said target network device identification data and object identification data.
18. The apparatus according to claim 17, wherein the machine readable instructions are further to cause the processor to transport the object having the inserted configuration data, autonomous encapsulated agent, target network device identification data, and object identification data to the target network device.
19. The apparatus according to claim 17, wherein the autonomous encapsulated agent is further to trigger execution of code embedded in the configuration file to expose a programmatic interface to the target network device.
20. The apparatus according to claim 19, wherein, following installation of the autonomous encapsulated agent in the target network device, the autonomous encapsulated agent is further to:
authenticate the identification of said target network device;
install said configuration data in said target network device; and
abort an on-site installing process of the configuration data in response to a failure in the authentication of the target network device identification.
21. The apparatus according to claim 20, wherein the autonomous encapsulated agent is further to:
destroy the configuration data subsequent to the on-site installing process being completed or aborted.
22. The apparatus according to claim 21, wherein the autonomous encapsulated agent is further to:
destroy the configuration data in response to the on-site installing process not completing within a first predetermined time period.
23. The apparatus according to claim 17, wherein the machine readable instructions are further to cause the processor to:
transfer the object to an intermediate device that is to transfer the object to the predetermined target network.
24. The apparatus according to claim 23, wherein the intermediate device comprises one of a laptop computer, a notebook computer, and a personal digital assistant device.
25. The apparatus according to claim 17, wherein the target network device comprises one of a computer, server, router, network switch, node, gateway, printer, scanner, and multi-function device.
26. An apparatus to create an object to configure a target network device for operation, said apparatus comprising:
a processor;
a memory storing machine readable instructions that when executed cause the processor to:
create an object for deployment to a target network device, said object having configuration data to configure the target network device, an autonomous encapsulated agent to autonomously install the configuration data into the target network device, and at least one of identification data identifying said object, identification data identifying said predetermined target network device, and authentication data for authenticating at least one of said predetermined target network device identification data and object identification data.
27. The apparatus according to claim 26, wherein the machine readable instructions are further to cause the processor to transport the object to the target network device.
28. The apparatus according to claim 26, wherein the autonomous encapsulated agent is further to trigger execution of code embedded in the configuration file to expose a programmatic interface to the target network device.
29. The apparatus according to claim 28, wherein, following installation of the autonomous encapsulated agent in the target network device, the autonomous encapsulated agent is further to:
authenticate the identification of said target network device;
install said configuration data in said target network device; and
abort an on-site installing process of the configuration data in response to a failure in the authentication of the target network device identification.
30. The apparatus according to claim 29, wherein the autonomous encapsulated agent is further to:
destroy the configuration data subsequent to the on-site installing process being completed or aborted.
31. The apparatus according to claim 30, wherein the autonomous encapsulated agent is further to:
destroy the configuration data in response to the on-site installing process not completing within a first predetermined time period.
32. A non-transitory computer readable storage medium on which is stored machine readable instructions that when executed by a processor cause the processor to:
create an object for deployment to a target network device, said object having identification data identifying said object;
insert configuration data in the object, wherein the configuration data is to configure said target network device;
insert an autonomous encapsulated agent in said object, wherein the autonomous encapsulated agent is to autonomously install the configuration data into the target network device;
insert identification data identifying said target network device in said object; and
insert authentication data in said object authenticating at least one of said target network device identification data and object identification data.
33. The non-transitory computer readable storage medium according to claim 32, wherein the autonomous encapsulated agent is further to trigger execution of code embedded in the configuration file to expose a programmatic interface to the target network device.
34. The non-transitory computer readable storage medium according to claim 32, wherein following installation of the autonomous encapsulated agent in the target network device, the autonomous encapsulated agent is further to:
authenticate the identification of said target network device;
install said configuration data in said target network device; and
abort an on-site installing process of the configuration data in response to a failure in the authentication of the target network device identification.
35. The non-transitory computer readable storage medium according to claim 34, wherein the autonomous encapsulated agent is further to:
destroy the configuration data subsequent to the on-site installing process being completed or aborted.
36. The non-transitory computer readable storage medium according to claim 35, wherein the autonomous encapsulated agent is further to:
destroy the configuration data in response to the on-site installing process not completing within a first predetermined time period.
US13/875,970 2007-09-24 2013-05-02 Autonomous network device configuration method Abandoned US20130246590A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/875,970 US20130246590A1 (en) 2007-09-24 2013-05-02 Autonomous network device configuration method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/903,601 US8321538B2 (en) 2007-09-24 2007-09-24 Autonomous network device configuration method
US13/659,567 US20130054767A1 (en) 2007-09-24 2012-10-24 Autonomous network device configuration method
US13/875,970 US20130246590A1 (en) 2007-09-24 2013-05-02 Autonomous network device configuration method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/659,567 Division US20130054767A1 (en) 2007-09-24 2012-10-24 Autonomous network device configuration method

Publications (1)

Publication Number Publication Date
US20130246590A1 true US20130246590A1 (en) 2013-09-19

Family

ID=40472897

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/903,601 Active 2031-09-27 US8321538B2 (en) 2007-09-24 2007-09-24 Autonomous network device configuration method
US13/659,567 Abandoned US20130054767A1 (en) 2007-09-24 2012-10-24 Autonomous network device configuration method
US13/875,970 Abandoned US20130246590A1 (en) 2007-09-24 2013-05-02 Autonomous network device configuration method

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11/903,601 Active 2031-09-27 US8321538B2 (en) 2007-09-24 2007-09-24 Autonomous network device configuration method
US13/659,567 Abandoned US20130054767A1 (en) 2007-09-24 2012-10-24 Autonomous network device configuration method

Country Status (1)

Country Link
US (3) US8321538B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8918781B1 (en) * 2013-09-25 2014-12-23 Linkedin Corporation Product deployment system

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9753712B2 (en) * 2008-03-20 2017-09-05 Microsoft Technology Licensing, Llc Application management within deployable object hierarchy
US8510540B2 (en) * 2009-01-21 2013-08-13 Ricoh Company, Ltd. System and method for setting security configuration to a device
CA2762465A1 (en) * 2011-02-11 2012-08-11 Research In Motion Limited System and method for managing access to a communication network
US8839001B2 (en) * 2011-07-06 2014-09-16 The Boeing Company Infinite key memory transaction unit
DE102011107092B4 (en) * 2011-07-11 2017-09-14 Fujitsu Ltd. Computer system, method for starting a server computer, server computer, management station and use
US20140298007A1 (en) * 2013-03-28 2014-10-02 Hewlett-Packard Development Company, L.P. Network switch configuration
US9148339B2 (en) * 2013-12-12 2015-09-29 Dell Products L.P. Methods and systems for deploying network configuration information for multiple information handling systems
US10601647B2 (en) 2014-12-31 2020-03-24 Dell Products L.P. Network configuration system
JP6455178B2 (en) * 2015-01-26 2019-01-23 富士ゼロックス株式会社 Information processing apparatus and information processing program
US11277307B2 (en) * 2019-03-21 2022-03-15 Cisco Technology, Inc. Configuring managed devices when a network management system (NMS) is not reachable
US11762668B2 (en) * 2021-07-06 2023-09-19 Servicenow, Inc. Centralized configuration data management and control

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282711B1 (en) * 1999-08-10 2001-08-28 Hewlett-Packard Company Method for more efficiently installing software components from a remote server source
US20060010435A1 (en) * 2001-10-31 2006-01-12 Microsoft Corporation Dynamic software update
US20060224705A1 (en) * 2005-03-30 2006-10-05 Matsushita Electric Industrial Co., Ltd. Server apparatus and system for providing device drivers and application softwares
US20070294362A1 (en) * 2003-06-17 2007-12-20 Imagine Broadband Limited Method and System for Selectively Distributing Data to a Set of Network Devices
US20080130639A1 (en) * 2006-12-05 2008-06-05 Jose Costa-Requena Software update via peer-to-peer networks
US20090063620A1 (en) * 2007-08-29 2009-03-05 Hanna Ihab M Novel method and system for controlling access to features of a software program
US20090064197A1 (en) * 2007-08-31 2009-03-05 Microsoft Corporation Driver installer usable in plural environments
US20090077206A1 (en) * 2007-09-17 2009-03-19 At&T Knowledge Ventures, Lp. System and method of installing a network device

Family Cites Families (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5860012A (en) * 1993-09-30 1999-01-12 Intel Corporation Installation of application software through a network from a source computer system on to a target computer system
US5815682A (en) * 1994-12-13 1998-09-29 Microsoft Corporation Device independent modem interface
US5838907A (en) * 1996-02-20 1998-11-17 Compaq Computer Corporation Configuration manager for network devices and an associated method for providing configuration information thereto
US6049671A (en) * 1996-04-18 2000-04-11 Microsoft Corporation Method for identifying and obtaining computer software from a network computer
US6009274A (en) * 1996-12-13 1999-12-28 3Com Corporation Method and apparatus for automatically updating software components on end systems over a network
US6094679A (en) * 1998-01-16 2000-07-25 Microsoft Corporation Distribution of software in a computer network environment
US6567860B1 (en) * 1998-10-30 2003-05-20 Computer Associates Think, Inc. Method and apparatus for new device driver installation by an operating system
US6301710B1 (en) * 1999-01-06 2001-10-09 Sony Corporation System and method for creating a substitute registry when automatically installing an update program
US6408434B1 (en) * 1999-01-07 2002-06-18 Sony Corporation System and method for using a substitute directory to automatically install an update program
JP2002259010A (en) * 2001-03-05 2002-09-13 Fujitsu Ltd Program for automatically generating and deleting shortcut icon
US20020188941A1 (en) * 2001-06-12 2002-12-12 International Business Machines Corporation Efficient installation of software packages
US6854112B2 (en) * 2001-08-29 2005-02-08 International Business Machines Corporation System and method for the automatic installation and configuration of an operating system
US20030051235A1 (en) * 2001-09-07 2003-03-13 Simpson Mark D. Method and apparatus for verifying and analyzing computer software installation
US6993760B2 (en) * 2001-12-05 2006-01-31 Microsoft Corporation Installing software on a mobile computing device using the rollback and security features of a configuration manager
JP3863118B2 (en) * 2002-04-01 2006-12-27 松下電器産業株式会社 Receiving device, printing device, and firmware update system
US20030217126A1 (en) * 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
EP1573528A2 (en) * 2002-10-07 2005-09-14 Koninklijke Philips Electronics N.V. Broadcasting of software packages
JP3966179B2 (en) * 2003-01-06 2007-08-29 ブラザー工業株式会社 Driver software setting system, computer, driver software setting method, and program
US7401332B2 (en) * 2003-01-09 2008-07-15 International Business Machines Corporation System and apparatus for eliminating user interaction during hardware configuration at system boot
US7558855B2 (en) * 2003-06-09 2009-07-07 Hewlett-Packard Development Company, L.P. Vending network resources
US7313792B2 (en) * 2003-09-08 2007-12-25 Microsoft Corporation Method and system for servicing software
US20050108705A1 (en) * 2003-11-05 2005-05-19 Masayoshi Koyama Installing method, network apparatus, identification information communicating method, information processing apparatus, connection information acquiring method, connection information displaying method, recording medium, and program
US7562357B2 (en) * 2004-03-08 2009-07-14 Microsoft Corporation Relational database schema version management
WO2006018864A1 (en) * 2004-08-17 2006-02-23 Mitsubishi Denki Kabushiki Kaisha Storage device and storage method
US8578371B2 (en) * 2004-08-31 2013-11-05 International Business Machines Corporation Software distribution method and system with automatic prerequisite installation
US20060080659A1 (en) * 2004-10-13 2006-04-13 Jp Mobile Operating, L.P. System and method of provisioning software to mobile devices
US20060253617A1 (en) * 2005-04-22 2006-11-09 Microsoft Corporation Driver upgrade tools
JP2006309309A (en) * 2005-04-26 2006-11-09 Kyocera Mita Corp Software authentication device, and image formation device
US7669201B2 (en) * 2005-05-02 2010-02-23 Intermec Ip Corp. System and method for common file installation
US8413134B2 (en) * 2005-05-10 2013-04-02 International Business Machines Corporation Method, system and computer program for installing software products based on package introspection
US7917950B2 (en) * 2005-05-12 2011-03-29 Jds Uniphase Corporation Protocol-generic eavesdropping network device
KR20060119373A (en) * 2005-05-20 2006-11-24 엘지전자 주식회사 Computer system and method for setting up system software and software of portable computer
WO2007007229A1 (en) * 2005-07-07 2007-01-18 Koninklijke Philips Electronics N.V. Method, apparatus and system for verifying authenticity of an object
GB0516471D0 (en) * 2005-08-10 2005-09-14 Symbian Software Ltd Protected software identifiers for improving security in a computing device
JP2007048216A (en) * 2005-08-12 2007-02-22 Canon Inc Document management device, document management method, document management program, and storage medium
US7519561B2 (en) * 2005-11-10 2009-04-14 International Business Machines Corporation System, method and program to manage software licenses
SG136825A1 (en) * 2006-04-20 2007-11-29 Mitac Int Corp Navigation provision system and framework for providing content to an end user
GB2439574A (en) * 2006-06-29 2008-01-02 Symbian Software Ltd Detecting revoked certificates for downloaded software
US8136090B2 (en) * 2006-12-21 2012-03-13 International Business Machines Corporation System and methods for applying social computing paradigm to software installation and configuration
US8117162B2 (en) * 2007-03-21 2012-02-14 International Business Machines Corporation Determining which user files to backup in a backup system
US7725770B2 (en) * 2007-04-01 2010-05-25 International Business Machines Corporation Enhanced failure data collection system apparatus and method
JP2008282251A (en) * 2007-05-11 2008-11-20 Sourcenext Corp Download program, information storage medium, download system, and download method
US7913086B2 (en) * 2007-06-20 2011-03-22 Nokia Corporation Method for remote message attestation in a communication system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282711B1 (en) * 1999-08-10 2001-08-28 Hewlett-Packard Company Method for more efficiently installing software components from a remote server source
US20060010435A1 (en) * 2001-10-31 2006-01-12 Microsoft Corporation Dynamic software update
US20070294362A1 (en) * 2003-06-17 2007-12-20 Imagine Broadband Limited Method and System for Selectively Distributing Data to a Set of Network Devices
US20060224705A1 (en) * 2005-03-30 2006-10-05 Matsushita Electric Industrial Co., Ltd. Server apparatus and system for providing device drivers and application softwares
US20080130639A1 (en) * 2006-12-05 2008-06-05 Jose Costa-Requena Software update via peer-to-peer networks
US20090063620A1 (en) * 2007-08-29 2009-03-05 Hanna Ihab M Novel method and system for controlling access to features of a software program
US20090064197A1 (en) * 2007-08-31 2009-03-05 Microsoft Corporation Driver installer usable in plural environments
US20090077206A1 (en) * 2007-09-17 2009-03-19 At&T Knowledge Ventures, Lp. System and method of installing a network device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8918781B1 (en) * 2013-09-25 2014-12-23 Linkedin Corporation Product deployment system
US9092287B2 (en) 2013-09-25 2015-07-28 Linkedin Corporation Product deployment system

Also Published As

Publication number Publication date
US20090083398A1 (en) 2009-03-26
US8321538B2 (en) 2012-11-27
US20130054767A1 (en) 2013-02-28

Similar Documents

Publication Publication Date Title
US8321538B2 (en) Autonomous network device configuration method
US10659434B1 (en) Application whitelist using a controlled node flow
US10659462B1 (en) Secure data transmission using a controlled node flow
CN113810369B (en) Device authentication based on tunnel client network request
KR101130394B1 (en) System and method for protecting a computing device from computer exploits delivered over a networked environment in a secured communication
Souppaya et al. Guide to enterprise telework, remote access, and bring your own device (BYOD) security
EP2834957A1 (en) Anti-tamper device, system, method, and computer-readable medium
US20210320787A1 (en) Storing and using multipurpose secret data
US20230403258A1 (en) Secure configuration of a virtual private network server
US11962570B2 (en) Configuration of a virtual private network server
KR102554875B1 (en) Apparatus and method for connecting network for providing remote work environment
US11070372B2 (en) Storing and using multipurpose secret data
CN115134146A (en) Vehicle-mounted entertainment system and vehicle
US20210004472A1 (en) Storing and using multipurpose secret data
JP2008234410A (en) Remote access system, information processing device, remote access program, and remote access method
WO2020191027A1 (en) Chained trusted platform modules (tpms) as a secure bus for pre-placement of device capabilities
Wells Better Practices for IoT Smart Home Security
US11757843B1 (en) Protected configuration of a virtual private network server
CN114080782B (en) Method and system for preventing luxury software or phishing attack
KR102444356B1 (en) Security-enhanced intranet connecting method and system
CN117879899A (en) Centralized security authentication system for GPON equipment
WAN FIPS 140-2 Security Policy
ADM FIPS 140-2 Security Policy
Souppaya et al. Draft nist special publication 800-46
WO2017046238A1 (en) System, method and device for preventing cyber attacks

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:037079/0001

Effective date: 20151027

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION