TREA

Conformance authority reconciliation

Follow

Information

  • Patent Grant
  • 10318894
  • Patent Number
    10,318,894
  • Date Filed
    Tuesday, August 16, 2005
    19 years ago
  • Date Issued
    Tuesday, June 11, 2019
    5 years ago
Information
Abstract
An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further include facilitating reconciling the change with a conformance authority, the conformance authority having one or more guidelines. Other embodiments of the present invention may include, but are not limited to, apparatuses adapted to facilitate practice of the above-described method.
Description
FIELD

Disclosed embodiments of the present invention relate generally to the field of data processing, and more particularly to conformance authority reconciliation in data processing environments.


BACKGROUND

Data processing devices are deployed in many different configurations and are used for many different applications in a variety of data processing environments. Management of a data processing environment may be performed in a number of nonexclusive ways. Changes may occur to data processing devices of a data processing environment. Compliance with various regulatory and/or other guidelines may be impacted by these changes.





BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:



FIG. 1 illustrates some aspects of a data processing environment, in accordance with various embodiments of this invention;



FIG. 2 illustrates some aspects of an application of guidelines in the context of a data processing device, in accordance with various embodiments of this invention;



FIG. 3 illustrates parts of a conformance authority reconciliation workflow, in accordance with various embodiments of this invention; and



FIG. 4 illustrates an example computer system suitable for use in association with conformance authority reconciliation, in accordance with various embodiments of this invention.





DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

Embodiments of the present invention include, but are not limited to, an automated method for facilitating management of a data processing environment. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further include facilitating reconciling the change with a conformance authority, the conformance authority having one or more guidelines. Other embodiments of the present invention may include, but are not limited to, apparatuses adapted to facilitate practice of the above-described method. While portions of the following discussion may be primarily presented in the context of specific types of data processing devices, it is understood that the principles described herein apply to a broad range of data processing devices.


In the following description, various aspects of embodiments of the present invention will be described. However, it will be apparent to those skilled in the art that other embodiments may be practiced with only some or all of the described aspects. For purposes of explanation, specific numbers, materials and configurations are set forth in order to provide a thorough understanding of the embodiments. However, it will be apparent to one skilled in the art that other embodiments may be practiced without the specific details. In other instances, well-known features are omitted or simplified in order not to obscure the description.


Parts of the descriptions of various embodiments will be presented in terms of operations performed by a processor-based device, using terms such as data and the like, consistent with the manner commonly employed by those skilled in the art to convey the substance of their work to others skilled in the art. As well understood by those skilled in the art, the quantities may take the form of electrical, magnetic, or optical signals capable of being stored, transferred, combined, and otherwise manipulated through mechanical and electrical components of the processor-based device; and the term processor includes microprocessors, micro-controllers, digital signal processors, and the like, that are standalone, adjunct or embedded.


Various operations will be described as multiple discrete operations in turn, in a manner that is most helpful in understanding the embodiments, however, the order of description should not be construed as to imply that these operations are necessarily order dependent. In particular, these operations need not be performed in the order of presentation.


The phrase “in some embodiments” is used repeatedly. The phrase does not generally refer to the same group of embodiments, however, it may. The phrase “in various embodiments” is used repeatedly. The phrase does not generally refer to the same group of embodiments, however, it may. The terms “comprising,” “having” and “including” are synonymous, unless the context dictates otherwise.


Some embodiments of the present invention include a scalable architecture to facilitate conformance authority reconciliation in data processing environments containing data processing devices. Such data processing devices may include, but are not limited to, networking devices, servers, desktop computers, laptop computers, tablet computers, personal digital assistants, cellular phones, set top boxes, media players, or other types of data processing devices. In some embodiments, a data processing environment may comprise a continuously or intermittently connected environment of data processing devices, including data processing devices communicating through the Internet. In some embodiments, a data processing environment may comprise a directly or indirectly connected environment of data processing devices, including data processing devices communicating through the Internet. In various embodiments, one or more modules may facilitate the operations described herein.



FIG. 1 illustrates some aspects of data processing environment 100, in accordance with various embodiments of this invention. Data processing environment 100 may include data processing device 102. Data processing environment 100 may include other data processing devices of one or more types. In various embodiments, data processing device 102 may comprise a computer, such as a server or a desktop computer. In various embodiments, data processing device 102 may comprise another type of data processing device, such as, a networking device (a router, a switch, a gateway, or the like), a laptop computer, a tablet computer, a personal data assistant, a cellular phone, a set top box, a media player, or the like.


Illustrating a portion of a possible operational context in some embodiments, change detection agent 104 may facilitate detecting of a change to an element (not shown) of data processing device 102 of data processing environment 100. In various embodiments, an element may comprise, for example, a file of data processing device 102. In various embodiments, an element may comprise another component of data processing device 102. In various embodiments, change detection agent 104 may detected a change in an element and may memorialize the change detected in change memorialization 106. In various embodiments, change memorialization 106 may comprise a memorialization of one or more changes detected on one or more elements of data processing device 102.


In various embodiments, change memorialization 106 may comprise a file. In various embodiments, change memorialization 106 may comprise a different type of memorialization of a change detected. In various embodiments, change detection agent 104 may facilitate detecting a change by facilitating taking a snapshot of a current state (not shown) of an element of data processing device 102, and may further compare the snapshot to a previously taken snapshot (not shown) of the element. In various embodiments, change detection agent 104 may facilitate taking a snapshot of a current state of an element of data processing device 102 in the course of facilitating taking a snapshot of a set of elements of data processing device 102.


In some embodiments, the previously taken snapshot may include a baseline state of the element, with FIG. I illustrating some such embodiments with baseline memorialization 108 including a baseline state of the element. In various embodiments, a baseline of an element may include a known, good state of the element. In various other embodiments, a baseline of an element may include another state of the element. In some embodiments, the previously taken snapshot may represent a state other than a current baseline state. In some embodiments, change detection agent 104 may facilitate obtaining the previously taken snapshot of the element. In some embodiments, the previously taken snapshot of the element may be obtained in another manner.


Illustrating a portion of a possible operational context in various embodiments, change detection agent 104 may facilitate reconciling the change with conformance authority 110. In various embodiments, conformance authority 110 may comprise a policy-based management tool. In various embodiments, conformance authority 110 may comprise a configuration management tool. In various embodiments, conformance authority 110 may comprise another type of conformance authority. Conformance authority 110 may contain one or more guidelines, illustrated as guidelines 112, pertaining to one or more data processing devices. In various embodiments, the one or more guidelines may be segmented and used by conformance authority 110 in any number of ways, including, but not limited to, having subsets of guidelines for specific data processing devices, having subsets of guidelines for certain types of data processing devices, having subsets of guidelines for designated groups of data processing devices, and the like. In various embodiments, conformance authority 110 may contain one or more such subsets of guidelines within its guidelines 112.


In various embodiments, change detection agent 104 may facilitate reconciling the change by determining whether at least one of the guidelines of conformance authority 110 relates to at least a subset of the element where the change was detected. For example, change detection agent 104 may detect a change to an element of data processing device 102, but guidelines 112 of conformance authority 110 may not encompass the element at issue, or guidelines 112 may encompass the element at issue, but may not encompass the subset of the element where the change was detected. In various embodiments, change detection agent 104 may facilitate reconciling the change in another manner.


In various embodiments, change detection agent 104 may facilitate reconciling the change by determining whether the detected change violates at least one guideline of guidelines 112. An exemplar is provided in FIG. 2, providing more detail on some operations involved in such a process, in accordance with various embodiments. In various embodiments, change detection agent 104 may facilitate reconciling the change in another manner.


In various embodiments of data processing environment 100, the facilitating detecting of a change and the facilitating reconciling the change may be first performed at a first point in time, with further operations repeating the facilitating detecting and the facilitating reconciling at least once, at a second later point in time. In some such embodiments, further operations may comprise scheduling the repeating of the facilitating detecting and the facilitating reconciling at the second later point in time.


In various embodiments, a further operation of reporting the change supplemented with a performance parameter of data processing device 102 may be provided. Such a performance parameter may include, but not be limited to, transactions per time period processed. In various embodiments, a further operation may be provided of reporting the change among a plurality of detected changes, the reporting supplemented with one or more performance parameters of a plurality of data processing devices of a data processing environment. Such a performance parameter may include, but not be limited to, network outages. Such reporting may be used as a basis for an operational analysis of a data processing device and/or a data processing environment, and may provide a basis for changing the guidelines used.



FIG. 2 illustrates some aspects of an application 200 of guidelines in the context of a data processing device, in accordance with various embodiments of this invention. Router 202 may have one or more elements associated with it, including but not limited to, start-up configuration 204. In various embodiments, an element of a data processing device may reside on the data processing device. In various other embodiments, an element of a data processing device may reside elsewhere in the data processing environment. In various embodiments, an element may be of one data processing device, while in various other embodiments, an element may be of multiple data processing devices.


While router 202 is illustrated as an example data processing device in FIG. 2, various embodiments of the invention may apply to a wide range of data processing devices, such as, but not limited to, other networking devices, servers, desktop computers, laptop computers, tablet computers, personal digital assistants, cellular phones, set top boxes, media players, and the like. In various embodiments, facilitating detecting of a change and facilitating reconciling the change with a conformance authority may occur within a data processing environment containing a heterogeneous mixture of data processing devices. In various other embodiments, such facilitating detecting and reconciling may occur within other kinds of data processing environments. While certain operations will be described in discussing FIG. 2, other operations may supplement or supplant the operations shown, in the context of various embodiments.


Start-up configuration 204 may have content classifiable as subsets of start-up configuration 204, such as, but not limited to, parameters. One such parameter may be a time to live (TTL) parameter. A change may occur to the TTL parameter in start-up configuration 204, such as, for example, by a network administrator making the change. A change detection agent may detect such a change, as illustrated in FIG. 1. The change detection agent (not shown in FIG. 2) may then facilitate reconciling the change with guidelines 206 of a conformance authority (not shown). In the example of guidelines 206 encompassing a TTL parameter, conformance of the changed TTL parameter may be reconciled with the TTL range provided by guidelines 206. If the changed TTL parameter is determined to be outside of the range provided by guidelines 206, then a number of operations may occur in various embodiments, as discussed in more detail in relation to FIG. 3. A TTL parameter is used herein as just one example of a possible operational context of various embodiments. Another such exemplar may be guidelines being used in the context of a registry, where a change is detected in a setting of the registry, and reconciliation of the change with guidelines for the registry is facilitated. Many such operational contexts are possible, such as facilitating conformance of a security parameter on detection of a change with the security parameter, as would be readily apparent to one skilled in the art.


In various embodiments, the subset of the element where the change was detected may be reconciled with the relevant conformance authority guideline(s). In various other embodiments, the operational context may involve less granularity, and facilitating reconciling the change with a conformance authority may comprise facilitating the conformance authority in asserting all of its guidelines for the changed element against the element to determine if the element is in conformance. Guidelines 206 may comprise guidelines in a wide range of formats, including but not limited to, one or more searches of expressions. In some such embodiments, guidelines 206 may serve to ensure a certain expression either does or does not exist within the element at issue. In some other such embodiments, guidelines 206 may encompass accompanying specified values, or ranges of values, for the expressions. In various other embodiments, guidelines 206 may involve other operations, structure, and the like, to provide a basis for the conformance authority to determine conformance.



FIG. 3 illustrates parts of a conformance authority reconciliation workflow 300, in accordance with various embodiments of this invention. While certain operations are illustrated in FIG. 3, other operations may supplement or supplant the operations shown, in the context of various embodiments. Conformance authority reconciliation workflow 300 may include various operations, including operation, Perform Change Detection 302, where a change detection agent may perform one or more change detection operations to a data processing device. Perform Change Detection 302 may be followed by an operation determining whether changes were detected as a result of performing the one or more change detection operations, denoted as Changes Detected? 304. In various embodiments, some change detection agents that perform operation, Changes Detected? 304, may additionally or alternatively include other operations.


If operation 304 is determined in the affirmative, then operation, Reconcilable with Conformance Authority? 306, may follow in some embodiments. If operation 304 is determined in the negative, then operation, Perform Change Detection 302, may follow in some embodiments, either immediately, after a delay, at a future scheduled time, etc. In various other embodiments, operation 304 being determined in the negative may be followed by another operation (not shown) or may comprise an endpoint, either temporary or otherwise.


If Reconcilable with Conformance Authority? 306 is determined in the affirmative, then operation, Baseline 308, may follow in various embodiments. In various embodiments, Baseline 308 may include changing a baseline of an element of a data processing device to incorporate the change or changes detected in operation 304. In various embodiments, Baseline 308 may include additional or alternative sub-operations. In various embodiments, a baseline of an element may include a full version of the element. In various embodiments, a baseline of an element may include a text version of the element. In one such embodiment in the case where the element is a file, the baseline of the file may include a text version of the file. In various other embodiments, a baseline of an element may additionally or alternatively include other things, including but not limited to, attributes of the element.


In various embodiments, one or more additional operations other than Baseline 308 may follow an affirmative determination of Reconcilable with Conformance Authority? 306. In various embodiments, operation 306 being determined in the affirmative may be followed by modifying a severity state of the detected change (not shown), such as decreasing it. In various embodiments, operation 306 being determined in the affirmative may be followed by automatic approval of the detected change(s) without modification to the baseline state. In some other embodiments, no response may follow an affirmative determination of Reconcilable with Conformance Authority? 306.


If Reconcilable with Conformance Authority? 306 is determined in the negative, then operation, Alert 310, may follow in various embodiments. In various embodiments, Alert 310 may include alerting the nonconformance of a detected change. Alerting the nonconformance of a detected change may take many forms, according to various embodiments, including but not limited to, creating a helpdesk incident, alerting with a severity state indicator of the change in a graphical user interface (GUI), notifying a user (for example, a system administrator) of the nonconforming change, reverting the element, or a portion of the element, back to its baseline state, etc. In various embodiments, operation 306 being determined in the negative may be followed by modifying a severity state of the change detected, such as increasing it. In various embodiments, Alert 310 may include facilitating a user to modify the element at issue to conform to at least one of the one or more guidelines of a conformance authority. In some embodiments, such facilitation may include reporting the one or more guidelines that were violated by the detected change. In various embodiments, such facilitation may include other sub-operations.


In various other embodiments, operation 306 being determined in the negative may be followed by various other operations. The sophistication of operation 306 may vary widely, depending on the implementation and the information available to make the reconciliation. In various embodiments, a further operation of determining one or more users associated with the detected change may be included. In various embodiments, Alert 310 may include the one or more users associated with the detected change. In some embodiments, the one or more users associated with the detected change may be the user(s) determined to have caused the change.


In various embodiments, conformance authority reconciliation may be performed to maintain or demonstrate control of an enterprise's information technology infrastructure. In various embodiments, conformance authority reconciliation may be performed to maintain or demonstrate control of an enterprise's financial systems or data. In various embodiments, conformance authority reconciliation may be performed to maintain or demonstrate control of an enterprise's business processes, such as, for example, enterprise resource planning (ERP) or customer relationship management (CRM). In various embodiments, conformance authority reconciliation may be performed to facilitate compliance with governmental laws/regulations regarding establishment and maintenance of an internal control structure and/or procedures for financial reporting, such as, for example, the Sarbanes-Oxley Act (the Public Company Accounting Reform and Investor Protection Act), including any amendments and/or successor Acts to any part of the Sarbanes-Oxley Act, or the like.


In various embodiments, conformance authority reconciliation may be performed to facilitate compliance with a number of laws, regulations, or guidelines, including but not limited to, the Gramm Leach Bliley Act, the regulations of Food and Drug Administration 21 Code of Federal Regulations 11, the Health Insurance Portability & Accountability Act, the Visa Cardholder Information Security Plan, the Payment Card Industry (PCI) Data Security Standard, the National Credit Union Administration Guidelines, the Office of the Comptroller of the Currency Guidelines, the International Organization for Standardization 17799, Common Criteria Certification, California Civil Code Senate Bill 1386 (California Security Breach Information Act), or the like, including any amendments and/or successors to any of the above, or the like.


In various embodiments, conformance authority reconciliation may be performed as part of an audit of an enterprise, including but not limited to, a financial accounting or statement audit. In some such embodiments, conformance authority reconciliation may be performed to at least provide an audit trail for said audit.


In various embodiments where conformance authority reconciliation is performed to maintain or demonstrate control of an enterprise's information technology infrastructure, financial systems or data, or business processes, use of conformance authority reconciliation may occur in a number of areas, including but not limited to, access control, network security, auditing and monitoring of security-related events, or the like. In various embodiments where conformance authority reconciliation is performed to maintain or demonstrate control of an enterprise's information technology infrastructure, financial systems or data, or business processes, said maintenance or demonstration of control may include other aspects of an enterprise's information technology infrastructure, financial systems or data, or business processes, respectively.


In various embodiments where conformance authority reconciliation is performed as part of an audit of an enterprise, or to facilitate compliance with governmental laws/regulations, use of conformance authority reconciliation may occur in a number of areas, including but not limited to, access control, network security, auditing and monitoring of security-related events, or the like. In various other embodiments, where conformance authority reconciliation is performed as part of an audit of an enterprise, or to facilitate compliance with governmental laws/regulations, use of conformance authority reconciliation may include other aspects of an enterprise audit or regulatory compliance procedures, respectively.



FIG. 4 illustrates an example computer system suitable for use in association with out-of-band change detection, in accordance with various embodiments of this invention. As shown, computer system 400 may include one or more processors 402 and may include system memory 404. Additionally, computer system 400 may include mass storage 406 in the form of one or more devices (such as diskette, hard drive, compact disk (CD), flash memory, and so forth), input/output devices 408 (such as keyboard, cursor control and so forth) and communication interfaces 410 (such as network interface cards, modems and so forth). The elements may be coupled to each other via system bus 412, which may represent one or more buses. In the case where system bus 412 represents multiple buses, the multiple buses may be bridged by one or more bus bridges (not shown).


These elements each perform their conventional functions known in the art. In various embodiments, communication interfaces 410 may facilitate coupling of computing system 400 to a network, though which computing system 400 may be coupled to data processing device 102 of FIG. I and so forth, as necessary. In various embodiments, computing system 400 may at least be partially incorporated in a data processing device, such as data processing device 102 of FIG. 1. System memory 404 and mass storage 406 may be employed to store a working copy and a permanent copy of the programming instructions implementing various aspects of the one or more earlier described embodiments of the present invention. In various embodiments, the programming instructions may at least partially implement a change control subsystem adapted to identify a change to an element of a data processing device of a data processing environment. In various embodiments, the change control subsystem may additionally or alternatively include other functionality. In various embodiments, the programming instructions may at least partially implement an audit subsystem coupled to the change control subsystem to provide an audit trail of reconciling the change with a conformance authority, the conformance authority having one or more guidelines. In various embodiments, the audit subsystem may additionally or alternatively include other functionality.


The permanent copy of the programming instructions may be loaded into mass storage 406 in the factory or in the field, through a distribution medium (not shown), or through communication interface 410 from, for example, a distribution server (not shown). The constitution of these elements 402-412 are known, and accordingly will not be further described. In alternate embodiments, part or all of the one or more modules may be implemented in hardware, for example, using one or more Application Specific Integrated Circuits (ASICs) instead.


Thus, it can be seen from the above description, an automated method for facilitating management of a data processing environment is described. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further include facilitating reconciling the change with a conformance authority, the conformance authority having one or more guidelines. Other embodiments of the present invention may include, but are not limited to, apparatuses adapted to facilitate practice of the above-described method. While the present invention has been described in terms of the foregoing embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described. Other embodiments may be practiced with modification and alteration within the spirit and scope of the appended claims. Accordingly, the description is to be regarded as illustrative instead of restrictive.

Claims
  • 1. An automated, computer-implemented method for facilitating management of a data processing environment, the method comprising: by a change detection agent, detecting a change to an element of a data processing device of the data processing environment by comparing a state of the data processing device to a baseline state of the data processing device;separately from the detecting the change and also by the change detection agent, determining whether the detected change violates one or more guidelines of a conformance authority;responsive to determining that the detected change violates at least one of the guidelines, performing one or more responses;responsive to determining that the detected change does not violate the at least one of the guidelines, changing the baseline state to incorporate the change;reporting the detected change together with a performance parameter of the data processing device; andchanging the one or more guidelines used by the change detection agent based on the reported performance parameter.
  • 2. The method of claim 1, further comprising, by the change detection agent, determining whether the one or more guidelines of the conformance authority relates to at least a subset of the element where the detected change was detected.
  • 3. The method of claim 1, further comprising determining one or more users associated with the detected change.
  • 4. The method of claim 1, wherein the data processing device is a device selected from the group consisting of a networking device, a server, a desktop computer, a laptop computer, a tablet computer, a personal digital assistant, a cellular phone, a set top box, and a media player.
  • 5. The method of claim 1, wherein the method maintains or demonstrates control of one or more selected from the group consisting of an enterprise's information technology infrastructure, an enterprise's financial systems, an enterprise's financial data and an enterprise's business processes.
  • 6. The method of claim 1, wherein the method is part of an audit of an enterprise and provides an audit trail for the audit.
  • 7. The method of claim 1, wherein the one or more guidelines specify multiple conforming values for the element.
  • 8. The method of claim 7, wherein the one or more guidelines specify a search for an expression that should not exist in the element.
  • 9. The method of claim 1, wherein the one or more responses include modifying a severity state of the change detected.
  • 10. The method of claim 1, wherein the conformance authority also has device start-up configuration guidelines, and wherein the method further comprises: detecting a start-up configuration change to a second element of the data processing device; andin response to detecting the start-up configuration change, determining if the start-up configuration change violates at least one of the device start-up configuration guidelines.
  • 11. The method of claim 1, wherein the one or more responses comprises reverting the element of the data processing device to the baseline state.
  • 12. The method of claim 1, wherein the one or more guidelines of the conformance authority are a subset of guidelines from the conformance authority specific for the data processing device.
  • 13. The method of claim 1, wherein the conformance authority is a policy-based management tool separate from the change detection agent.
  • 14. The method of claim 1, wherein the change detection agent is a dedicated change detection agent for the data processing device and performs the detecting, determining, performing, and changing only for the data processing device and not for any other data processing device in the data processing environment.
  • 15. The method of claim 1, wherein the reported performance parameter represents a number of transactions per time period processed or network outages.
  • 16. One or more non-transitory computer-readable storage media storing instructions that, when executed by a computer, cause the computer to perform a method, the method comprising: by a change detection agent, detecting a change to an element of a data processing device of a data processing environment by comparing a state of the data processing device to a baseline state of the data processing device;separately from the detecting the change and also by the change detection agent, determining whether the detected change violates one or more guidelines of a conformance authority;responsive to determining that the detected change violates at least one of the guidelines, performing one or more responses;responsive to determining that the detected change does not violate the at least one of the guidelines,changing the baseline state to incorporate the detected change;reporting the detected change together with a performance parameter of the data processing device; andchanging the one or more guidelines used by the change detection agent based on the reported performance parameter.
  • 17. The media of claim 16, wherein the one or more responses include an alert response.
  • 18. The media of claim 16, wherein the method maintains or demonstrates control of one or more selected from the group consisting of an enterprise's information technology infrastructure, an enterprise's financial systems, an enterprise's financial data and an enterprise's business processes.
  • 19. The media of claim 16, wherein the one or more guidelines specify multiple conforming values for the element.
  • 20. The media of claim 19, wherein the one or more guidelines specify a search for an expression that should not exist in the element.
  • 21. The media of claim 19, wherein the change detection agent is a dedicated change detection agent for the data processing device and performs the detecting, determining, performing, and changing only for the data processing device and not for any other data processing device in the data processing environment.
  • 22. The media of claim 19, wherein the reported performance parameter represents a number of transactions per time period processed or network outages.
  • 23. The media of claim 16, wherein the one or more responses include modifying a severity state of the change detected.
  • 24. The media of claim16, wherein the one or more guidelines include a device start-up configuration guideline that specifies a time-to-live (TTL) parameter.
  • 25. The media of claim 16, wherein the one or more responses comprises reverting the element of the data processing device to the baseline state.
  • 26. The media of claim 16, wherein the one or more guidelines of the conformance authority are a subset of guidelines from the conformance authority specific for the data processing device.
  • 27. The media of claim 16, wherein the conformance authority is a policy-based management tool separate from the change detection agent.
US Referenced Citations (167)
Number Name Date Kind
5063523 Vrenjak Nov 1991 A
5542047 Armstrong Jul 1996 A
5655081 Bonnell et al. Aug 1997 A
5745669 Hugard et al. Apr 1998 A
5764913 Jancke et al. Jun 1998 A
5778184 Brownmiller et al. Jul 1998 A
5845062 Branton et al. Dec 1998 A
5878408 Van Huben et al. Mar 1999 A
5913036 Brownmiller et al. Jun 1999 A
5913037 Spofford et al. Jun 1999 A
5933838 Lomet Aug 1999 A
5963959 Sun et al. Oct 1999 A
6041347 Harsham et al. Mar 2000 A
6052722 Taghadoss Apr 2000 A
6064656 Angal et al. May 2000 A
6070244 Orchier et al. May 2000 A
6072777 Bencheck et al. Jun 2000 A
6122639 Babu et al. Sep 2000 A
6122664 Boukobza et al. Sep 2000 A
6125390 Touboul Sep 2000 A
6144993 Fukunaga et al. Nov 2000 A
6195689 Bahlmann Feb 2001 B1
6222827 Grant et al. Apr 2001 B1
6253339 Tse et al. Jun 2001 B1
6272537 Kekic et al. Aug 2001 B1
6341287 Sziklai et al. Jan 2002 B1
6356885 Ross et al. Mar 2002 B2
6393386 Zager et al. May 2002 B1
6393474 Eichert et al. May 2002 B1
6490690 Gusler Dec 2002 B1
6493755 Hansen et al. Dec 2002 B1
6535512 Daniel et al. Mar 2003 B1
6647400 Moran Nov 2003 B1
6658568 Ginter et al. Dec 2003 B1
6664978 Kekic et al. Dec 2003 B1
6701345 Carley et al. Mar 2004 B1
6742114 Carter et al. May 2004 B1
6751661 Geddes Jun 2004 B1
6853987 Cook Feb 2005 B1
6886047 Leong et al. Apr 2005 B2
6895414 Ford et al. May 2005 B2
6957227 Fogel et al. Oct 2005 B2
6983317 Bishop et al. Jan 2006 B1
7016888 Slemmer et al. Mar 2006 B2
7035877 Markham et al. Apr 2006 B2
7039698 Slemmer et al. May 2006 B2
7051050 Chen et al. May 2006 B2
7058861 Adams Jun 2006 B1
7065767 Kambhammettu et al. Jun 2006 B2
7080037 Burger et al. Jul 2006 B2
7082554 Wilson et al. Jul 2006 B2
7131037 LeFaive et al. Oct 2006 B1
7158985 Liskov Jan 2007 B1
7159036 Hinchliffe et al. Jan 2007 B2
7228460 Pomaranski et al. Jun 2007 B2
7243348 Good et al. Jul 2007 B2
7290164 Harvey et al. Oct 2007 B1
7316016 DiFalco Jan 2008 B2
7317693 Roesch et al. Jan 2008 B1
7360099 DiFalco et al. Apr 2008 B2
7474425 Sasama Jan 2009 B2
7529197 Shell et al. May 2009 B2
7587754 DiFalco et al. Sep 2009 B2
7590669 Yip et al. Sep 2009 B2
7600007 Lewis Oct 2009 B1
7603440 Grabowski et al. Oct 2009 B1
7620715 DiFalco et al. Nov 2009 B2
7636736 Kumar et al. Dec 2009 B1
7765460 DiFalco et al. Jul 2010 B2
7774791 Applebaum et al. Aug 2010 B1
7822724 DiFalco et al. Oct 2010 B2
8090677 Murphy et al. Jan 2012 B2
8140635 DiFalco Mar 2012 B2
8176158 DiFalco et al. May 2012 B2
8443445 Andruss et al. May 2013 B1
8914341 DiFalco Dec 2014 B2
9209996 DiFalco Dec 2015 B2
9256841 DiFalco Feb 2016 B2
20010044840 Carleton Nov 2001 A1
20010052010 Kim Dec 2001 A1
20020026339 Frankland et al. Feb 2002 A1
20020035561 Archer et al. Mar 2002 A1
20020069274 Tindal et al. Jun 2002 A1
20020116363 Grainger Aug 2002 A1
20020156799 Markel Oct 2002 A1
20020176378 Hamilton et al. Nov 2002 A1
20020188711 Meyer et al. Dec 2002 A1
20030005109 Kambhammettu et al. Jan 2003 A1
20030008662 Stern et al. Jan 2003 A1
20030101341 Kettler et al. May 2003 A1
20030110280 Hinchliffe et al. Jun 2003 A1
20030149756 Grieve et al. Aug 2003 A1
20030172151 Schade Sep 2003 A1
20030197743 Hill et al. Oct 2003 A1
20030202201 Muto et al. Oct 2003 A1
20030204517 Skinner et al. Oct 2003 A1
20030217134 Fontoura et al. Nov 2003 A1
20030233431 Reddy et al. Dec 2003 A1
20040006614 DiFalco Jan 2004 A1
20040024843 Smith Feb 2004 A1
20040059770 Bossen Mar 2004 A1
20040059930 DiFalco et al. Mar 2004 A1
20040060046 Good et al. Mar 2004 A1
20040068562 Tilton et al. Apr 2004 A1
20040122962 DiFalco et al. Jun 2004 A1
20040123133 DiFalco et al. Jun 2004 A1
20040153875 Amyot et al. Aug 2004 A1
20040186903 Lambertz Sep 2004 A1
20040205182 Geddes Oct 2004 A1
20040243600 Ikeda et al. Dec 2004 A1
20040252693 Cheriton et al. Dec 2004 A1
20040254927 Lang et al. Dec 2004 A1
20040260803 Nakamura Dec 2004 A1
20050005169 Kelekar Jan 2005 A1
20050015622 Williams et al. Jan 2005 A1
20050043961 Tones et al. Feb 2005 A1
20050071642 Moghe et al. Mar 2005 A1
20050096949 Aiber et al. May 2005 A1
20050097199 Woodard et al. May 2005 A1
20050120101 Nocera Jun 2005 A1
20050149578 Sustman et al. Jul 2005 A1
20050165790 Seliger et al. Jul 2005 A1
20050165954 Burdick et al. Jul 2005 A1
20050177600 Eilam et al. Aug 2005 A1
20050207553 Fleck et al. Sep 2005 A1
20050256787 Wadawadigi et al. Nov 2005 A1
20050278191 DiFalco et al. Dec 2005 A1
20050278453 Cherkasova Dec 2005 A1
20060025985 Vinberg et al. Feb 2006 A1
20060031529 Keith, Jr. Feb 2006 A1
20060036560 Fogel Feb 2006 A1
20060080656 Cain et al. Apr 2006 A1
20060085403 Harrison et al. Apr 2006 A1
20060085543 Hrastar Apr 2006 A1
20060101520 Schumaker May 2006 A1
20060143685 Vasishth et al. Jun 2006 A1
20060149704 Wyatt et al. Jul 2006 A1
20060195905 Fudge Aug 2006 A1
20060212477 Murphy et al. Sep 2006 A1
20060212487 Kennis et al. Sep 2006 A1
20060224663 Shahbazi Oct 2006 A1
20060242277 Torrence et al. Oct 2006 A1
20060248084 Sack et al. Nov 2006 A1
20060277080 DeMartine et al. Dec 2006 A1
20070005320 Vinberg et al. Jan 2007 A1
20070005740 DiFalco et al. Jan 2007 A1
20070022365 DiFalco et al. Jan 2007 A1
20070028303 Brennan Feb 2007 A1
20070043674 DiFalco et al. Feb 2007 A1
20070124255 DiFalco et al. May 2007 A1
20070180490 Renzi et al. Aug 2007 A1
20070214193 Takahashi et al. Sep 2007 A1
20080082374 Kennis et al. Apr 2008 A1
20080104217 Srinivasa et al. May 2008 A1
20080126377 Bush et al. May 2008 A1
20080229262 Harashima et al. Sep 2008 A1
20090171732 Bobak et al. Jul 2009 A1
20090183236 Ben-Ezra et al. Jul 2009 A1
20090204701 Herzog et al. Aug 2009 A1
20100005107 DiFalco Jan 2010 A1
20110137905 Good et al. Jun 2011 A1
20110138038 Good et al. Jun 2011 A1
20110138039 Good et al. Jun 2011 A1
20110197094 Wagner Aug 2011 A1
20110197189 Wagner et al. Aug 2011 A1
20110197205 Wagner et al. Aug 2011 A1
20120023076 Torrence et al. Jan 2012 A1
Non-Patent Literature Citations (8)
Entry
Parnas. “On the criteria to be used in decomposing systems into modules” Dec. 1972. Communications of the ACM. vol. 15 Issue 12. pp. 1053-1058.
IEEE 100: the authoritative dictionary of IEEE standards terms. 7th edition. 2000. pp. 407.
Payment Card Industry Data Security Standard, Visa, Version 1.0, Dec. 15, 2004 (Year: 2004).
RFC1157 Simple Network Management Protocol (SNMP), Case et al. May 1990. (Year: 1990).
Derbort et al., “Conversion of a Rule Based to an Object Oriented Expert System,” IEEE, pp. 751-754 (1991).
Kerschberg et al., “Intelligent Network Management: A Heterogeneous Knowledge Source Approach,” IEEE, pp. 314-316 (1990).
Kim et al., “The Design and Implementation of Tripwire: A File System Integrity Checker,” (1993) Computer Science Technical Reports, 23 pages.
Kim et al., “Experiences with Tripwire: Using Integrity checkers for Intrusion Detection,” (1994) Computer Science Technical Reports, 15 pages.
Related Publications (1)
Number Date Country
20070043786 A1 Feb 2007 US