Patent Issued for Secure Configuration Management System (USPTO 10,805,154)

2020 OCT 28 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors D’Onofrio, Nicholas M. (Newington, CT); Kraus, Monika L. (Harwinton, CT); Roberts, Deborah A. (Litchfield, CT); Whitlock, Stephen (Westfield, NJ), filed on October 16, 2018, was published online on October 26, 2020, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 10,805,154 is assigned to Hartford Fire Insurance Company.

The following quote was obtained by the news editors from the background information supplied by the inventors: “In some cases, an enterprise may want to maintain and utilize a number of different software components. For example, the components may be associated with applications that the enterprise uses to facilitate sales, provide customer support, etc. Moreover, the enterprise may want to update, modify, patch, etc. various components as appropriate to create a ‘build’ of a software system. For example, the enterprise might want to patch security vulnerabilities, improve performance of a software configuration, etc. Note that increased cloud provisioning and automation may require treating ‘infrastructure as code’ and code management processes may be required to ensure sustainable operations. Such code management processes may improve version management, ensure that only approved configuration specifications are employed for Infrastructure as a Service (‘IaaS’) and Platform as a Service (‘PaaS’) implementations, etc.

“To implement this type of code management process, an enterprise Information Technology (‘IT’) department might manually review and select appropriate updates and patches. Such an approach may be impractically time consuming, especially when there are a substantial number of updates and/or a substantial number of changes that need to be made to a baseline configuration (e.g., an enterprise may need to make thousands of such changes to software code modules to support evolving business requirements).

“It would therefore be desirable to provide systems and methods to automatically facilitate implementation of a secure configuration management strategy in a way that results in an accurate and efficient management of multiple versions, modifications, patches, etc. and that allows flexibility and effectiveness when new builds are requested and/or updates are made to the system.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “According to some embodiments, systems, methods, apparatus, computer program code and means to automatically facilitate implementation of a secure configuration management strategy in a way that results in an accurate and efficient management of multiple versions, modifications, patches, etc. (and that allows flexibility and effectiveness when new builds are requested and/or updates are made to the system) may be provided. In some embodiments, a configuration benchmark data store may include a plurality of secure configuration benchmarks. A back-end configuration management computer server may retrieve one of the secure configuration benchmarks and provision, by an orchestration engine, an initial operating system build in accordance with the retrieved secure configuration benchmark and an automation template. The back-end configuration management computer server may then apply, by a provisioning tool, enterprise-specific modifications to the initial operating system build to create an environment compliant with an enterprise standard benchmark. The back-end configuration management computer server may validate the enterprise standard benchmark via secure configuration and vulnerability checks, apply at least one configuration update to the enterprise standard benchmark to create a service instance, and then apply application code to the service instance.

“Some embodiments comprise: means for retrieving, from a configuration benchmark data store including a plurality of secure configuration benchmarks, one of the secure configuration benchmarks; means for provisioning an initial operating system build in accordance with the retrieved secure configuration benchmark and an automation template; means for applying enterprise-specific modifications to the initial operating system build to create an environment compliant with an enterprise standard benchmark; means for validating the enterprise standard benchmark via secure configuration and vulnerability checks; means for applying at least one configuration update to the enterprise standard benchmark to create a service instance; and means for applying application code to the service instance.

“In some embodiments, a communication interface associated with a back-end configuration management computer server exchanges information with remote devices. The information may be exchanged, for example, via public and/or proprietary communication networks.

“Technical effects of some embodiments of the invention are improved and computerized ways to facilitate implementation of a secure configuration management strategy in a way that results in an accurate and efficient management of multiple versions, modifications, patches, etc. and that allows flexibility and effectiveness when new builds are requested and/or updates are made to the system. With these and other advantages and features that will become hereinafter apparent, a more complete understanding of the nature of the invention can be obtained by referring to the following detailed description and to the drawings appended hereto.”

The claims supplied by the inventors are:

“What is claimed:

“1. A system to manage a secure configuration management strategy for an enterprise via an automated back-end configuration management computer server, comprising: (a) a configuration benchmark data store including a plurality of secure configuration benchmarks; (b) a communication interface to facilitate an exchange of electronic messages, including messages exchanged via a distributed communication network, supporting interactive user interface displays at remote user devices; and © the back-end configuration management computer server, coupled to the configuration benchmark data store and the communication interface, programmed to: (i) retrieve one of the secure configuration benchmarks, (ii) provision, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template, (iii) apply, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark, (iv) validate the enterprise standard benchmark via secure configuration and vulnerability checks, (v) apply at least one configuration update to the enterprise standard benchmark to create a software service instance, (vi) apply application code to the software service instance; (vii) label the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; (viii) execute a reboot and refresh process; and (ix) execute a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of: a national institute of standards and technology checklist, and a department of defense security technical implementation guide.

“2. The system of claim 1, wherein the orchestration engine is further to provision, in addition to the initial operating system, at least one of: (i) a web server, (ii) middleware, (iii) a database, (iv) a programming language, and (v) an entire technology stack.

“3. The system of claim 1, wherein the enterprise standard benchmark is associated with at least one of: (i) infrastructure as code cloud provisioning, (ii) an infrastructure as a service, and (iii) a platform as a service.

“4. The system of claim 1, wherein the back-end configuration management computer server is further to execute a vulnerability scan to identify security issues.

“5. The system of claim 1, wherein the back-end configuration management computer server is further to execute continuous monitoring to identify configuration drift issues.

“6. The system of claim 1, wherein the back-end configuration management computer server is further to execute a decommission process.

“7. A computerized method to manage a secure configuration management strategy for an enterprise via an automated back-end configuration management computer server, comprising: retrieving, by the back-end configuration management computer server from a configuration benchmark data store including a plurality of secure configuration benchmarks, one of the secure configuration benchmarks; provisioning, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template; applying, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark; validating the enterprise standard benchmark via secure configuration and vulnerability checks; applying at least one configuration update to the enterprise standard benchmark to create a software service instance; applying application code to the software service instance; labeling the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; executing a reboot and refresh process; and executing a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of: a national institute of standards and technology checklist, and a department of defense security technical implementation guide.

“8. The method of claim 7, wherein the orchestration engine is further to provision, in addition to the initial operating system, at least one of: (i) a web server, (ii) middleware, (iii) a database, (iv) a programming language, and (v) an entire technology stack.

“9. The method of claim 7, wherein the enterprise standard benchmark is associated with at least one of: (i) infrastructure as code cloud provisioning, (ii) an infrastructure as a service, and (iii) a platform as a service.

“10. The method of claim 7, wherein the back-end configuration management computer server is further to execute a vulnerability scan to identify security issues.

“11. The method of claim 7, wherein the back-end configuration management computer server is further to execute continuous monitoring to identify configuration drift issues.

“12. A non-transitory, computer-readable medium storing program code, the program code executable by a computer processor of an automated back-end configuration management computer server to cause the computer processor to perform a method to manage a secure configuration management strategy for an enterprise, comprising: retrieving, by the back-end configuration management computer server from a configuration benchmark data store including a plurality of secure configuration benchmarks, one of the secure configuration benchmarks; provisioning, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template; applying, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark; validating the enterprise standard benchmark via secure configuration and vulnerability checks; applying at least one configuration update to the enterprise standard benchmark to create a software service instance; applying application code to the software service instance; labeling the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; executing a reboot and refresh process; and executing a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of: a national institute of standards and technology checklist, and a department of defense security technical implementation guide.

“13. The medium of claim 12, wherein the orchestration engine is further to provision, in addition to the initial operating system, at least one of: (i) a web server, (ii) middleware, (iii) a database, (iv) a programming language, and (v) an entire technology stack.

“14. The medium of claim 12, wherein the back-end configuration management computer server is further to execute a decommission process.”

URL and more information on this patent, see: D’Onofrio, Nicholas M.; Kraus, Monika L.; Roberts, Deborah A.; Whitlock, Stephen. Secure Configuration Management System. U.S. Patent Number 10,805,154, filed October 16, 2018, and published online on October 26, 2020. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=10,805,154.PN.&OS=PN/10,805,154RS=PN/10,805,154

(Our reports deliver fact-based news of research and discoveries from around the world.)