Devices, systems, and methods for enabling reconfiguration of services supported by a network of devices
Abstract
Systems, devices, and methods are disclosed for enabling the reconfiguration of services supported by a network of devices. Such reconfiguration can be realized dynamically and in real time without compromising the security of the overall system from external threats or internal malfunctions. These systems, devices and methods may provide a first functional stack supporting a previous version of a specific service and the provisioning of a second functional stack dynamically and in real-time that supports an updated version of the specific service. In addition, an administration function may be included in the embodiment such that the administration function manages and controls the functional stacks and network operations. Using these mechanisms, an existing service can be changed dynamically or a new service can be added dynamically in a secure manner without interruption of other existing services.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method, comprising:
(a) providing and controlling, by a primary server, one or more primary services delivered to an end user using one or more terminal devices coupled to a premises node wherein the primary server is coupled to the premises node through a first communication network and the premises node is coupled to the one or more terminal devices through a second communication network; (b) having the primary server, allowing one or more secondary services from one or more secondary servers, to be delivered to an end user using one or more terminal devices coupled to the premises node.
2 . The method of claim 1 , further comprising:
(a) reducing cross-service interference among the services using a common security function in the primary server and the premises node; (b) providing administration function that includes at least one of maintenance, diagnostics and administration in the primary server and premises node; (c) having the common security function detecting cross-service interference action, and each such action determined by the primary server and the premises node is flagged and reported to a primary server's administration function; (d) having the primary server's administration function update security rules implemented by the common security function in the primary server and in the premises node based on flagged action.
3 . The method of claim 1 , further comprising:
(a) providing one or more virtual machines in the primary server and in one or more premises nodes, each virtual machine corresponding to at least one service; (b) providing a service operating system for the virtual machine.
4 . The method of claim 3 , further comprising:
(a) providing a set of service application functions for the service in the primary server and the one or more premises nodes, the service application functions including one or more security functions based on a service in primary server and one or more premises nodes to provide specific service security; (b) determining a service security violation in the primary server and in the premises node based on the one or more service security rules to generate one or more application security violation events; (c) reporting one or more application security violation events to the common security functions in the primary server and the one or more premises nodes; (d) updating the one or more service security rules in the primary server and the one or more premises nodes improving the security functions in each of the primary server and one or more premises nodes.
5 . The method of claim 1 , further comprising:
(a) providing virtual machine reconfiguration functions in each of service virtual machine in the premises node wherein the reconfiguration functions are controlled by the primary server and the administration function in each premises node; (b) providing a privilege descriptor for each service virtual machine wherein the privilege descriptor configures the performance and access parameters of a service virtual machine including at least one of CPU usage, memory usage, memory boundary, and other required parameters; (c) configuring dynamically, in premises node, in real-time on command an updated new service virtual machine for a specific service with updated service application and providing a privilege descriptor for the new updated service virtual machines wherein a previous service virtual machine is active and the new updated service virtual machine for the specific service is in test mode; (d) providing testing and validating of the new updated service virtual machine in the premises node by at least one of primary server and the secondary server; (e) updating, in the premises node, the privilege descriptor of the new updated service virtual machine for the specific service to an active status and updating the privilege descriptor of the previous service virtual machine to an inactive status; (f) deleting, in the premises node, the previous service virtual machine from the premises node and reassigning resources associated with the previous service virtual machine.
6 . The method of claim 1 , comprising providing administration function in the primary server and the premise node such administration function including at least one of maintenance, diagnostics and administration in the primary server and the premises node.
7 . The method of claim 1 , comprising:
(a) having the common security function collecting and analyzing information regarding virtual machines in the primary server and the premises node via the shim layers, and reporting the result of the analysis to at least one of a primary server's administration function and service functions; (b) having the primary server's administration function update security rules implemented by the common security function in the primary server and in one or more premises node based on reported analysis.
8 . A system, comprising:
(a) a primary server; (b) a first communication network coupled to the primary server; (c) a premises node coupled to the primary server over the first communication network; (d) a second communication network; (e) one or more terminal devices coupled to the premises node over the second communication network; (f) the primary server configured to provide and control one or more primary services delivered to an end user using the one or more terminal devices coupled to the premises node; (g) the primary server configured to allowing one or more secondary services from one or more secondary servers, to be delivered to an end user using the one or more terminal devices coupled to the premises node.
9 . The system of claim 8 , wherein the system configured to:
(a) reducing cross-service interference among the services using a common security function in the primary server and in the premises node; (b) providing administration function that includes at least one of maintenance, diagnostics and administration in the primary server and premises node; (c) having the common security function detecting cross-service interference action, and each such action determined by the primary server and the premises node is flagged and reported to a primary server's administration function; (d) having the primary server's administration function update security rules implemented by the common security function in the primary server and in premises node based on flagged action.
10 . The system of claim 8 , wherein the system is configured to:
(a) providing one or more virtual machines in the primary server and the premises node, each virtual machine corresponding to at least one service; (b) providing a service operating system for the virtual machine.
11 . The system of claim 10 , wherein the system is configured to:
(a) providing a set of service application functions for the service in the primary server and the premises node, the service application functions including one or more security functions based on a service in primary server and the premises node to provide specific service security; (b) determining a service security violation in the primary server and in the premises node based on the one or more service security rules to generate one or more application security violation events; (c) reporting one or more application security violation events to the common security functions in the primary server and the premises node; (d) updating the one or more service security rules in the primary server and the premise nodes improving the security functions in each of the primary server and the premises node.
12 . The system of claim 8 , wherein the system is configured to:
(a) providing virtual machine reconfiguration functions in each of service virtual machine in premises node wherein the reconfiguration functions are controlled by the primary server and the administration function in the premises node; (b) providing a privilege descriptor for each service virtual machine wherein the privilege descriptor configures the performance and access parameters of a service virtual machine including at least one of CPU usage, memory usage, memory boundary, and other required parameters; (c) configuring dynamically, in the premises node, in real-time on command an updated a new service virtual machine for a specific service with updated service application and providing a privilege descriptor for the new updated service virtual machines wherein a previous service virtual machine is active and the new updated service virtual machine for the specific service is in test mode; (d) providing testing and validating of the new updated service virtual machine in the premises node by at least one of primary server or the secondary server; (e) updating, in the premises node, the privilege descriptor of the new updated service virtual machine for the specific service to an active status and updating the privilege descriptor of the previous service virtual machine to an inactive status; (f) deleting, in the premises node, the previous service virtual machine from the premises node and reassigning resources associated with the previous service virtual machine.
13 . The system of claim 8 , wherein the system is configured to providing administration function in the primary server and the premise node such administration function including at least one of maintenance, diagnostics and administration in the primary server and the premises node.
14 . The system of claim 8 , wherein the system is configured to:
(a) having the common security function collecting and analyzing information regarding virtual machines in the primary server and the premises node via the shim layers, and reporting the result of the analysis to at least one of a primary server's administration function and service functions; (b) having the primary server's administration function update security rules implemented by the common security function in the primary server and in the premises node based on reported analysis.
15 . A primary server device, comprising:
(a) one or more processors; (b) one or more storage devices coupled to the one or more processors; (c) the primary server device is configured to provide and control one or more primary services delivered to an end user using the one or more terminal devices coupled to the premises node; (d) the primary server device is configured to allow one or more secondary services from one or more secondary servers, to be delivered to an end user using the one or more terminal devices coupled to the premises node.
16 . The primary server device of claim 15 , wherein:
(a) the primary server device is configured to reduce cross-service interference among the services using a common security function in the primary server device; (b) the primary server device is configured to provide administration function that includes at least one of maintenance, diagnostics and administration in the primary server device; (c) the primary server device is configured to have the common security function detecting cross-service interference action, and each such action determined by the primary server device is flagged and reported to a primary server device's administration function; (d) the primary server device is configured to have the primary server device's administration function update security rules implemented by the common security function in the primary server device based on flagged action.
17 . The primary server device of claim 15 , wherein the primary server device is configured to:
(a) provide one or more virtual machines in the primary server device, each virtual machine corresponding to at least one service; (b) provide a service operating system for each virtual machine. (c) provide administrative functions for administering the primary server device and premises node.
18 . The primary server device of claim 17 , the primary server device configured to:
(a) provide a set of service application functions for the service in the primary server device, the service application functions including one or more security functions based on a service in primary server device to provide specific service security; (b) determine a at least one of a service security violation and an functional violation in the primary server device based on the one or more service security rules to generate one or more application security violation events; (c) report one or more application security violation events to the common security functions in the primary server device; (d) update the one or more service security rules in the primary server device improving the security functions in each of the primary server device and the premises node.
19 . The primary server device of claim 15 , wherein the primary server device is configured to:
(a) provide virtual machine reconfiguration functions in each of service virtual machine wherein the reconfiguration functions are controlled by the primary server device; (b) provide a privilege descriptor for each service virtual machine wherein the privilege descriptor configures the performance and access parameters of a service virtual machine including at least one of CPU usage, memory usage, memory boundary, and other required parameters; (c) configure dynamically, in the premises node, in real-time on command an updated a new service virtual machine for a specific service with updated service application and providing a privilege descriptor for the new updated service virtual machines wherein a previous service virtual machine is active and the new updated service virtual machine for the specific service is in test mode; (d) provide testing and validating of the new updated service virtual machine in the premises node by at least one of the primary server and the secondary server; (e) update, in the premises node, the privilege descriptor of the new updated service virtual machine for the specific service to an active status and updating the privilege descriptor of the previous service virtual machine to an inactive status; (f) delete, in the premises node, the previous service virtual machine and reassigning resources associated with the previous service virtual machine.
20 . The primary server device of claim 15 , wherein the primary server device is configured to provide administration function in the primary server device such administration function including at least one of maintenance, diagnostics, analysis and administration.
21 . The primary server device of claim 15 , wherein the primary server device is configured to:
(a) have the common security function collecting and analyzing information regarding virtual machines in the primary server device and the premises node via the shim layers, and reporting the result of the analysis to at least one of a primary server device's administration function and service functions; (b) have the primary server device's administration function update security rules implemented by the common security function in the primary server device based on reported analysis.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.