Title of Invention

MECHANISM FOR AUTOMATIC DEVICE MISCONFIGURATION DETECTION AND ALERTING.

Abstract There is provided a method for automatically detecting and indicating a miss-configuration condition in an electronic device having one or more factory-default settings. At least one miss-configuration rule that relates to at least one miss-configuration condition of the electronic device is checked against at least one corresponding current configuration setting to determine whether the electronic device is miss-configured. A miss-configuration alert is provided with respect to the electronic device, when the electronic device is determined to be miss-configured in said checking step.
Full Text BACKGROUND OF THE INVENTION
FIELD OF THE INVENTION
The present invention generally relates to electronic devices having factory
default settings and, more particularly, to an apparatus and method for automatically
detecting and indicating a mis-configuration condition in an electronic device having
one or more factory-default settings.
BACKGROUND OF THE INVENTION
Many electronic devices such as communication and/or multimedia devices
are pre-configured with factory set defaults. Such devices include, but are not limited
to, network equipment such as routers, Access Points (including Wireless Access
Points (WAPs)), and so forth. For example, a WAP is set to have a default channel,
a default network name and a default encryption setting.
These default settings allow the device to be functioning in at least a basic mode. In
many cases, the user of the device does not bother to change these default values.
This can be acceptable in some cases relating to certain types of devices (e.g.,
televisions), but for some other devices like APs, this is not acceptable. In many
APs, security is disabled by default. If the user does not configure the AP to enable
security, all the data is sent unencrypted. As a result, any malicious user can snoop
the data. In a corporate environment, this problem is even more acute because
confidential data can be involved. Moreover, if multiple APs are located in
geographically close locations, they can interfere with each other if the default
channel setting is not changed. Thus, some of the parameters of these devices are
critical and should be changed by the user/administrator. However, although most of
the devices come with factory defaults, none of these devices provide a mechanism
to alert the user/administrator that the default settings are in use and can be
potentially risky to employ.
Accordingly, it would be desirable and highly advantageous to have an
apparatus and/or method that overcome the above-identified deficiencies of the prior
art.
SUMMARY OF THE INVENTION
The problems stated above, as well as other related problems of the prior art,
are solved by the present invention, which is directed to an apparatus and method for
automatically detecting and indicating a mis-configuration condition in an electronic
device having one or more factory-default settings.
The present invention provides an apparatus and method that detect if an
electronic device is configured with factory default settings and to provide an
indication of the same, if the device is so configured. The indication can be provided,
for example, using a visual indication including, but not limited to, changing a visible
color, sending a message to a management/administrative entity via email,
employing cellular text messaging service, and so forth. It is to be appreciated that
the present invention can be implemented to automatically detect any kind of misconfiguration
and alert a user/administrator about the same.
According to an aspect of the present invention, there is provided a method for
automatically detecting and indicating a mis-configuration condition in an electronic
device having one or more factory-default settings. At least one mis-configuration
rule is received that relates to at least one mis-configuration condition of the
electronic device. The at least one mis-configuration rule is checked against at least
one corresponding current configuration setting to determine whether the electronic
device is mis-configured. A mis-configuration alert is provided with respect to the
electronic device, when the electronic device is determined to be mis-configured in
said checking step.
According to another aspect of the present invention, there is provided an
apparatus for automatically detecting and indicating a mis-configuration condition in
an electronic device having one or more factory-default settings. A memory device
stores at least one mis-configuration rule and at least one corresponding current
configuration setting, the at least one mis-configuration rule relating to at least one
mis-configuration condition of the electronic device. Rule checking circuitry checks
the at least one mis-configuration rule against the at least one corresponding current
configuration setting to determine whether the electronic device is mis-configured. A
mis-configuration indicator provides a mis-configuration alert when the electronic
device is determined to be mis-configured by the rule checking circuitry.
According to yet another aspect of the present invention, there is provided a
method for automatically detecting and indicating a mis-configuration condition in an
electronic device having one or more factory-default settings. At least one misconfiguration
rule is received that relates to a security feature of the electronic device.
The at least one mis-configuration rule is checked against at least one corresponding
current configuration setting to determine whether the security feature is one of
disabled and at a default setting. A mis-configuration alert is provided with respect to
the electronic device, when the security feature is determined to be one of disabled
and at the default setting in said checking step.
These and other aspects, features and advantages of the present invention will
become apparent from the following detailed description of preferred embodiments,
which is to be read in connection with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram illustrating an apparatus 100 for automatically
detecting and indicating a mis-configuration condition in an electronic device 199
having one or more factory-default settings, according to an illustrative embodiment
of the present invention; and
FIG. 2 is a flow diagram illustrating a method for automatically detecting and
indicating a mis-configuration condition in an electronic device 199 having one or
more factory-default settings, according to an illustrative embodiment of the present
invention.
DETAILED DESCRIPTION OF THE INVENTION
The present invention is directed to an apparatus and method for automatically
detecting and indicating a mis-configuration condition in an electronic device having
one or more factory-default settings.
It is to be understood that the present invention can be implemented in various
forms of hardware, software, firmware, special purpose processors, or a combination
thereof. Preferably, the present invention is implemented as a combination of
hardware and software. Moreover, the software is preferably implemented as an
application program tangibly embodied on a program storage device. The application
program can be uploaded to, and executed by, a machine comprising any suitable
architecture. Preferably, the machine is implemented on a computer platform having
hardware such as one or more central processing units (CPU), a random access
memory (RAM), and input/output (I/O) interface(s). The computer platform also
includes an operating system and microinstruction code. The various processes and
functions described herein can either be part of the microinstruction code or part of
the application program (or a combination thereof) that is executed via the operating
system. In addition, various other peripheral devices can be connected to the
computer platform such as an additional data storage device and a printing device.
It is to be further understood that, because some of the constituent system
components and method steps depicted in the accompanying Figures are preferably
implemented in software, the actual connections between the system components (or
the process steps) can differ depending upon the manner in which the present
invention is programmed. Given the teachings herein, one of ordinary skill in the
related art will be able to contemplate these and similar implementations or
configurations of the present invention.
FIG. 1 is a block diagram illustrating an apparatus 100 for automatically
detecting and indicating a mis-configuration condition in an electronic device 199
having one or more factory-default settings, according to an illustrative embodiment
of the present invention.
The apparatus 100 includes a user/administrator interface (hereinafter
"interface") 105, a memory device 110, a processor 120, a mis-configuration indicator
130, and a communication device 140, all interconnected via a bus 150.
The bus 150, in addition to interconnecting the preceding elements, also serves as an
interface to the electronic device 199 and to other external components (not shown).
The interface 105 is for inputting information into the apparatus 100. Such
information can include, but is not limited to, one or more mis-configuration rules.
The mis-configuration rules specify one or more mis-configuration conditions of the
electronic device 199.
The memory device 110 is preferably a non-volatile memory device. The
memory device 110 preferably includes a default area 110A and a user area 110B.
The default area 110A of the non-volatile memory 110 stores the factory default
settings. If necessary or desired, a user or an administrator (hereinafter collectively
referred to as "administrator") 188 can always re-apply one or more of the factorydefault
settings to the electronic device 199. For example, the factory default settings
can be re-applied to the electronic device 199 through some mechanism such as, but
not limited to, pressing a "restore" button. Examples of some factory-default settings,
for example, for a wireless AP, include, but are not limited to:
Extended Service Set Identifier (ESSID) : "linksys"
Security : OFF
Encryption Key : None
Channel : 3
Default Admin Password : Admin
Typically and preferably, the default area 110A cannot be overwritten by the
administrator 188. This allows the electronic device 199 to be reset to factorysettings
even if the administrator 188 mis-configured the electronic device 199.
The user area 110B is accessible for writing thereto. The administrator 188
can choose his/her own values for various settings/parameters. For example, for a
wireless AP, some of these parameters could be set as follows:
Extended Service Set Identifier (ESSID): "cafetriaOl"
Security : ON
Encryption Key : alf!G
Channel : 6
Default Admin Password : ap@12pOdwCCv
The processor 120 performs functions as specified herein. Such functions
include, but are not limited to, checking mis-configuration rules stored in the memory
device 110 against corresponding current configuration settings to determine whether
the electronic device is mis-configured. As noted above, the mis-configuration rules
specify one or more mis-configuration conditions of the electronic device 199.
It is to be appreciated that while the apparatus 100 is described to include a
processor 120, other circuitry such as comparators, logic gates, Application Specific
Integrated Circuits (ASICs), Programmable Logic Arrays (PLAs), and so forth can be
employed to perform the method steps described herein. The processor 120 and the
other circuitry can also be interchangeably referred to herein as "rule checking
.circuitry".
The mis-configuration indicator 140 provides an indication to the administrator
188 that the electronic device is mis-configured. The indication can be provided
visually, audibly, or using any other methodology or structure to provide such
indication. For example, one or more speakers, Light Emitting Diodes (LEDs) or
other visual indicators can be employed, while maintaining the spirit of the present
invention. Of course, the present invention is not limited to the preceding types of
indicators and, thus, other types of indicators can also be employed while maintaining
the spirit of the present invention. It is to be appreciated that while the misconfiguration
indicator 140 is shown in FIG. 1 as being located proximate to the
administrator, the same indicator 140 or another similar indicator can be located at a
location remote from the apparatus 100 or the electronic device 199 in the case when
the administrator is located remote from the apparatus 10 or the electronic device
199. In this way, even if the administrator is away from the electronic device 199
and, thus, cannot remedy the situation locally (i.e., correctly configure the electronic
device 199), then perhaps the administrator can contact someone who is proximate
to the electronic device (but is unaware of the indication) in order to expediently
remedy the situation before an undesirable condition occurs (i.e., theft or snooping of
data). In such a case, the communication device 130 would be employed to
communicate the indication to the administrator 188.
The communication device 130 allows for communication between the
electronic device 199 and the administrator 188 who can configure the electronic
device 199 correctly. Accordingly, if the administrator 188 is in a location remote
from the apparatus 100 and the electronic device 199, the administrator 188 can still
nonetheless receive an indication that the electronic device 199 is mis-configured.
The communication device 130 can be, for example, but is not limited to a modem, a
transmitter, and so forth. In this way, for example, the modem can be used to dial a
telephone, beeper, Personal Digital Assistant (PDA) and/or other device (collectively
referred to as "mis-configuration alert remote receiving device" 187) that is local to
the administrator 188.
Moreover, it is to be appreciated that while the apparatus 100 is described as
including the preceding-identified elements, one or more of such elements can
already be included in the electronic device and, thus, can be utilized as described
herein in accordance with the present invention to avoid duplicity of parts while
maintaining the spirit of the present invention.
Additionally, it is to be appreciated that while the apparatus 100 is shown as being
within electronic device 199, the entire apparatus 100 or any parts thereof can be
located external to the electronic device 199, while maintaining the spirit of the
present invention.
Further, it is to be appreciated that, given the teachings of the present
invention provided herein, one of ordinary skill in the related art will contemplate
these and various other elements for performing the steps described herein, while
maintaining the spirit of the present invention.
FIG. 2 is a flow diagram illustrating a method for automatically detecting and
indicating a mis-configuration condition in an electronic device 199 having one or
more factory-default settings, according to an illustrative embodiment of the present
invention. The apparatus 100 shown in FIG. 1 implements the method of FIG.
At least one rule (hereinafter "rules") for determining whether or not the
electronic device 199 is mis-configured is received, for example, via the interface 105
(step 205). It is to be appreciated that the rules can also be received from a remote
location via the communication device 130. The rules can also be pre-loaded upon
construction of the electronic device 199. It is to be further appreciated that the rules
can be set statically or can be dynamically configured by the administrator 188 via,
for example, the interface 105 and/or the communication device 130. The rules can
be complex and specific, for example, particularly describing the preferred settings.
Alternatively, the rules can be simple and can simply determine whether some or all
of the currently set parameters/settings are the same as the corresponding factory
default settings (particularly security related settings).
At a random or pre-determined time or with respect to some event (e.g., the
device is powered on, etc.), the rules are checked against the current configuration to
determine whether or not any of the rules have been violated (i.e., to determine
whether the electronic device 199 is mis-configured as specified in the rules) (step
210). In one embodiment of the present invention, wherein the rule is that "the
configuration in use should not be exactly the same as the default factory setting", the,
apparatus 100 compares one or more factory-default settings to one or more
corresponding current configuration settings to determine if there is a match (step
21 Oa). The actual settings that are compared can include "critical settings" in that
their mis-configuration can pose security or other undesirable risks to the device and
the information communicated therewith.
it is to be appreciated that, in addition to or in place of having step 210
automatically performed to determine whether the electronic device 199 is misconfigured,
the administrator 188 can query the electronic device 199 to determine
whether or not the electronic device 199 is mis-configured (e.g., configured with one
or more factory default settings). In such a case, a user and/or administrator
generated query is received regarding whether the electronic device 199 is misconfigured
(step 208). In such a case, a mechanism (such as, e.g., interface 105) for
performing the query of step 208 can be provided on the apparatus 100 and/or the
electronic device 199. For example, in the case of a wireless AP, an SNMP (Simple
Network Management Protocol) Interface can be provided on the apparatus 100
and/or the electronic device 199 to perform the query.
If, in fact, one or more of the rules are violated, then the apparatus 100 alerts
the administrator 188 via the mis-configuration alert indicator 130 (step 220). For
example, in the case of the rule specified above with respect to step 21 Oa, if the one
or more factory-default settings are the same as the one or more corresponding
current configuration settings, then the apparatus 100 alerts the administrator 188 via
mis-configuration alert indicator 130. It is to be appreciated that the way in which the
administrator 188 is alerted is not critical to the present invention and, thus, any
approach and/or device for providing the alert can be employed while maintaining the
spirit of the present invention. For example, the alert can be provided, but is not
limited to, the following: (a) a visual method/device (flashing LED); (b) an audio
method/device (series of beeps); (c) an alert message (e.g., Simple Network
Monitoring Protocol (SNMP) trap to management console, Short Message Service
(SMS) message); and so forth.
It is to be appreciated that the mis-configuration alert can be provided to the
administrator at a remote location with respect to the electronic device 199 via the
communication device 130 (step 230).
A description will now be given further regarding mis-configuration detection
apd alerting, according to another embodiment of the present invention. It is to be
appreciated that any kind of rules that govern the proper configuration of a device can
be employed in accordance with the present invention. As noted above, such rules
can either be statically configured, or can be dynamically changed by the
administrator. Moreover, as noted above, the apparatus 100 monitors the
configuration of the electronic device 199 and, upon detecting any violation of the
rules, alerts the administrator. The default configuration detection is simply one
possible rule example that can be employed in accordance with the present
invention. In the illustrative default configuration detection case, the rule is that "the
configuration in use should not be exactly the same as the default factory setting".
However, as noted above, it is to be appreciated that other useful rules can also be
employed in accordance with the present invention, while maintaining the spirit of the
present invention. Some other illustrative rules that can be employed include, but are
\0
not limited to the following described immediately herein after. For example, one
such rule is that if encryption is not configured, then packet filtering must be set up.
Another illustrative rule is that if neither encryption nor packet filtering are turned on,
then the transmit power must be under 20mW. Yet another illustrative rule is that if
the AP is configured as a router, then the Wireless Local Area Network (WLAN)
interface and the Ethernet interface should not belong to the same sub network.
It is to be appreciated that the present invention is not limited to the specific
rules and mis-configuration conditions described herein and, thus, other rules and
mis-configuration conditions, as readily contemplated by one of ordinary skill in the
related art, can also be employed with respect to the present invention while
maintaining the spirit of the present invention.
A description will now be given of violation detection, according to an
illustrative embodiment of the present invention. It is to be appreciated that the
detections of violation conditions can be carried out in a variety of ways. It is to be
further appreciated that the present invention is not limited to the violation detection
methodologies and steps described herein and, thus, other steps, as readily
contemplated by one of ordinary skill in the related art, can also be employed in
accordance with the present invention while maintaining the spirit of the present
invention. The detection process can be started whenever the configuration is
changed through the administration interface, or at any other time. For example, the
detection process can be started whenever the device reboots, the detection process
can be scheduled periodically; and/or can be started manually by the administrator.
Although the illustrative embodiments have been described herein with
reference to the accompanying drawings, it is to be understood that the present
invention is not limited to those precise embodiments, and that various other changes
and modifications can be affected therein by one of ordinary skill in the related art
without departing from the scope or spirit of the invention. All such changes and
modifications are intended to be included within the scope of the invention as defined
by the appended claims.

We claim :
1. A method for automatically detecting and indicating a mis-configuraiion
condition in an electronic device having at least one factory-default setting, the
method comprising the steps of:
checking at least one mis-configuration rule relating to at least one misconfiguration
condition of the electronic device, against at least one corresponding
current configuration setting to determine whether the electronic device is misconfigured;
and
providing a mis-configuration alert with respect to the electronic device, when
the electronic device is determined to be mis-configured in said checking step,
wherein the at least one mis-configuration rule comprises a rule that specifies
that the at least one corresponding current configuration setting must be different than
at least one corresponding factory default setting.
2. The method of claim 1, further including the step of dynamically receiving the
at least one mis-configuration rule from at least one of a user and an administrator.
3. The method of claim 1, wherein the at least one corresponding factory default
setting relates to a disabled state of a security feature of the electronic device.
4. The method of claim 1, wherein said checking step is performed at least one*of:
(a) at a random time, (b) a pre-determined time, and (b) with respect to at least one
pre-specified event.
5. The method of claim 1, wherein said checking step is performed at least one of:
(a) automatically and (b) in response to a user query of a mis-configuration state orthe
electronic device.
6. The method of claim 1, further comprising the step of receiving a query from at
least one of a user and an administrator, the query relating to whether the electronic
device is currently mis-configured, and wherein said checking step is performed in
response to said receiving step.
7. The method of claim 1, wherein said providing step provides the misconfiguration
alert to at least one of a user and an administrator.
8. The method of claim 1, wherein the mis-configuration alert is provided to the at
least one of the user and the administrator at a remote location with respect to the
electronic device using a pre-designated communication medium.
9. The method of claim 1, wherein said providing step provides the misconfiguration
alert at least one of visually and audibly.
10. The method of claim 1, wherein said providing step provides the
mis-configuration alert using an alert message.
11. The method of claim 10, wherein the alert message is a Short Message Service
(SMS) message.
12. The method of claim 10, wherein the alert message employs a Simple Network
Monitoring Protocol (SNMP) trap.
13. An apparatus for automatically detecting and indicating a mis-configuration
condition in an electronic device having one or more factory-default settings,
comprising:
a memory device for storing at least one mis-configuration rule, and at least
one corresponding current configuration setting, the at least one mis-configuration
rule relating to at least one mis-configuration condition of the electronic device;
rule checking circuitry for checking the at least one mis-configuration rule
against the at least one corresponding current configuration setting to determine
whether the electronic device is mis-configured; and
a mis-configuration indicator for providing a mis-configuration alert when the
electronic device is determined to be mis-configured by said rule checking circuitry,
wherein the memory device is further for storing the one or more factory-default
settings.
14. The apparatus of claim 13, further comprising a communication device for
communicating the mis-configuration alert to at least one of a user and an
administrator at a remote location with respect to the electronic device.
*
15. The apparatus of claim 13, wherein the memory device is a non-volatile
memory device.
16. The apparatus of claim 13, wherein the memory device comprises:
a default area for storing the one or more factory-default settings; and
a user area accessible by at least one of a user and an administrator for writing
thereto corresponding current configuration settings.
17. The apparatus of claim 13, wherein the at least one mis-configuration rule and
the at least one corresponding current configuration setting both relate to a security
feature of the electronic device.
18. The apparatus of claim 17, wherein the security feature relates to at least one of
enabling/disabling of a security function, an encryption key and a password.
19. The apparatus of claim 13, further comprising an interface for receiving inputs
from at least one of a user and an administrator.
20. The apparatus of claim 19, wherein the interface is further for receiving the at
least one mis-configuration rule for subsequent storage in the memory device.
21. The apparatus of claim 19, wherein the at least one mis-configuration rule is
capable of being set dynamically via the interface by the at least one of the user and
the administrator.
*
22. The apparatus of claim 19, wherein the interface is further for receiving a query
from at least one of a user and an administrator, the query relating to whether the
electronic device is currently mis-configured, and wherein the rule checking circuitry
automatically checks the at least one mis-configuration rule against the at least one
corresponding current configuration setting in response to a receipt of the query by trie
interface.
23. The method of claim 14, wherein the interface comprises a Simple Network
Management Protocol (SN MP) Interface.
*
24. The apparatus of claim 13, further comprising a communication device for
providing the mis-configuration alert to at least one of a user and an administrator at a
remote location with respect to the electronic device.
25. A method for automatically detecting and indicating a mis-configuratioji
condition in an electronic device having one or more factory-default settings, the
method comprising the steps of:
maintaining at least one mis-configuration rule relating to a security feature of
the electronic device;
checking the at least one mis-configuration rule against at least one

corresponding current configuration setting to determine whether the security feature
is one of disabled and at a default setting; and
providing a mis-configuration alert with respect to the electronic device, when
the security feature is determined to be one of disabled and at the default setting in
said checking step,
wherein the memory device is further for storing the one or more factory



Documents:

1580-delnp-2007-Abstract-(24-12-2012).pdf

1580-delnp-2007-abstract.pdf

1580-delnp-2007-assignments.pdf

1580-delnp-2007-Claims-(11-02-2014).pdf

1580-delnp-2007-Claims-(24-12-2012).pdf

1580-delnp-2007-claims.pdf

1580-delnp-2007-Correspondence Others-(11-02-2014).pdf

1580-delnp-2007-Correspondence Others-(22-06-2012).pdf

1580-delnp-2007-Correspondence Others-(24-12-2012).pdf

1580-delnp-2007-correspondence-others-1.pdf

1580-DELNP-2007-Correspondence-Others.pdf

1580-delnp-2007-description (complete).pdf

1580-delnp-2007-drawings.pdf

1580-delnp-2007-form-1.pdf

1580-delnp-2007-form-18.pdf

1580-delnp-2007-Form-2-(24-12-2012).pdf

1580-delnp-2007-form-2.pdf

1580-delnp-2007-form-26.pdf

1580-delnp-2007-Form-3-(22-06-2012).pdf

1580-DELNP-2007-Form-3.pdf

1580-delnp-2007-form-5.pdf

1580-delnp-2007-GPA-(11-02-2014).pdf

1580-delnp-2007-pct-101.pdf

1580-delnp-2007-pct-210.pdf

1580-delnp-2007-pct-237.pdf

1580-delnp-2007-pct-409.pdf

1580-delnp-2007-pct-416.pdf

abstract.jpg


Patent Number 258988
Indian Patent Application Number 1580/DELNP/2007
PG Journal Number 08/2014
Publication Date 21-Feb-2014
Grant Date 19-Feb-2014
Date of Filing 27-Feb-2007
Name of Patentee THOMSON LICENSIING
Applicant Address 46, QUAI A. LE GALLO,F-92100 BOULOGNE-BILLANCOURT (FR)
Inventors:
# Inventor's Name Inventor's Address
1 MATHUR, SAURABH 4923 QUAIL RIDGE DRIVE, PLAINSBORO, NJ 08536, U.S.A.
2 ZHANG, JUNBIAO 20 JENNA DRIVE,BRIDGEWATER, NJ 08807, U.S.A.
PCT International Classification Number H04L 29/06
PCT International Application Number PCT/US2004/028952
PCT International Filing date 2004-09-03
PCT Conventions:
# PCT Application Number Date of Convention Priority Country
1 NA