Policy enforcement via attestations

US 10,275,723 B2
Filed: 12/13/2006
Issued: 04/30/2019
Est. Priority Date: 09/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

configuring a security enforcement service with a policy-based attestation service on a computer network architecture at least in part by;

authenticating, by a computer system, a true identity of a principal;

creating, by the computer system in response to authenticating the true identity of the principal, a first data structure representing a crafted identity for the principal, the crafted identity concealing the true identity of the principal and comprising one or more identifiers and secrets that provide a statement specifying one or more roles and one or more permissions that the principal has in relation to one or more resources but which permits the principal'"'"'s true identity to remain anonymous to the one or more resources;

detecting, by the computer system, the crafted identity of a session of interaction of the principal within an environment, and enforcing global policy limitations to recognize or trap a condition within the environment that corresponds to a current operation of the principal during the session of interaction of the principal, where the current operation corresponds to a definition of a previously defined activity;

in response to the recognizing or trapping the condition, acquiring, by the computer system, at least one attestation for the principal from at least one attesting resource at least in part by;

generating a notification comprising condition information specifying one or more characteristics of the condition occurring within the environment;

sending the notification to at least one attesting resource, the at least one attesting resource being a particular resource that has permission and authority to generate and transfer the at least one attestation, the at least one attesting resource generating the at least one attestation for the principal based on the crafted identity in response to the condition, the at least one attestation corresponding to a second data structure created to include;

a policy for altering access permissions of the principal during the session of interaction of the principal within the environment, the access permissions allowing access to resources based on a role of the principal,a statement including an indication as to the at least one attesting resource that is attesting for the principal and under what authority the at least one attestation is being made, and a signature of the at least one attesting resource that is attesting for the principal; and

enforcing, by the computer system, the policy included in the at least one attestation against the principal within the environment at least in part by;

altering the one or more permissions of the principal specified by the statement in relation to the one or more resources to create one or more altered permissions during the session of interaction of the principal within the environment; and

restricting resource access of the principal in accordance with the one or more altered permissions for at least part of the session of interaction of the principal within the environment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Policy enforcement via attestations is provided. A principal operates within an environment and assumes roles having certain access rights to resources and the principal takes actions while assuming those roles. The roles and actions are monitored and attestations are raised under the proper set of circumstances. The attestations trigger policy restrictions that are enforced against the principal. The policy restrictions circumscribe the access rights to the resources.

Citations

20 Claims

1. A method comprising:
- configuring a security enforcement service with a policy-based attestation service on a computer network architecture at least in part by;
  
  authenticating, by a computer system, a true identity of a principal;
  
  creating, by the computer system in response to authenticating the true identity of the principal, a first data structure representing a crafted identity for the principal, the crafted identity concealing the true identity of the principal and comprising one or more identifiers and secrets that provide a statement specifying one or more roles and one or more permissions that the principal has in relation to one or more resources but which permits the principal'"'"'s true identity to remain anonymous to the one or more resources;
  
  detecting, by the computer system, the crafted identity of a session of interaction of the principal within an environment, and enforcing global policy limitations to recognize or trap a condition within the environment that corresponds to a current operation of the principal during the session of interaction of the principal, where the current operation corresponds to a definition of a previously defined activity;
  
  in response to the recognizing or trapping the condition, acquiring, by the computer system, at least one attestation for the principal from at least one attesting resource at least in part by;
  
  generating a notification comprising condition information specifying one or more characteristics of the condition occurring within the environment;
  
  sending the notification to at least one attesting resource, the at least one attesting resource being a particular resource that has permission and authority to generate and transfer the at least one attestation, the at least one attesting resource generating the at least one attestation for the principal based on the crafted identity in response to the condition, the at least one attestation corresponding to a second data structure created to include;
  
  a policy for altering access permissions of the principal during the session of interaction of the principal within the environment, the access permissions allowing access to resources based on a role of the principal,a statement including an indication as to the at least one attesting resource that is attesting for the principal and under what authority the at least one attestation is being made, and a signature of the at least one attesting resource that is attesting for the principal; and
  
  enforcing, by the computer system, the policy included in the at least one attestation against the principal within the environment at least in part by;
  
  altering the one or more permissions of the principal specified by the statement in relation to the one or more resources to create one or more altered permissions during the session of interaction of the principal within the environment; and
  
  restricting resource access of the principal in accordance with the one or more altered permissions for at least part of the session of interaction of the principal within the environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - obtaining, by the computer system, at least one other attestation in response to detecting that the condition associated with an identified resource within the environment; and
      
      enforcing, by the computer system, another policy included in the at least one other attestation against the identified resource within the environment.
  - 3. The method of claim 1, wherein each role of the one or more roles includes one or more rights, one or more policies, and/or one or more access permissions for one or more resources accessible from the environment.
  - 4. The method of claim 1, further comprising determining as the condition that at least one role of the one or more roles is activated by the principal operating within the environment.
  - 5. The method of claim 1, further comprising determining as the condition that predefined roles, activities, or events occur within a predefined period of time.
  - 6. The method of claim 1, further comprising one or more of the following:
    - removing, by the computer system, the policy in response to a time-to-live attribute associated with the policy expiring;
      
      removing, by the computer system, the policy in response to an event;
      
      removing, by the computer system, the policy in response to another different policy disposition; and
      
      /orremoving, by the computer system, the policy in response to a revocation of the policy by an attester that initially supplied the attestation.
  - 7. The method of claim 1, wherein the enforcing further includes enforcing the policy for a defined period of time.

8. A system comprising:
- a processor; and
  
  a memory coupled with and readable by the processor and storing therein a set of instructions which, when executed by the processor, causes the processor to perform;
  
  configuring a security enforcement service with a policy-based attestation service on a computer network architecture at least in part by;
  
  authenticating a true identity of a principal;
  
  creating, in response to authenticating the true identity of the principal, a first data structure representing a crafted identity for the principal, the crafted identity concealing the true identity of the principal and comprising one or more identifiers and secrets that provide a statement specifying one or more roles and one or more permissions that the principal has in relation to one or more resources but which permits the principal'"'"'s true identity to remain anonymous to the one or more resources;
  
  detecting the crafted identity of a session of interaction of the principal within an environment, and enforcing global policy limitations to recognize or trap a condition within the environment that corresponds to a current operation of the principal during the session of interaction of the principal, where the current operation corresponds to a definition of a previously defined activity;
  
  in response to the recognizing or trapping the condition, acquiring at least one attestation for the principal from at least one attesting resource at least in part by;
  
  generating a notification comprising condition information specifying one or more characteristics of the condition occurring within the environment;
  
  sending the notification to at least one attesting resource, the at least one attesting resource being a particular resource that has permission and authority to generate and transfer the at least one attestation, the at least one attesting resource generating the at least one attestation in response to the condition, the at least one attestation corresponding to a second data structure created to include;
  
  a policy for altering access permissions of the principal during the session of interaction of the principal within the environment, the access permissions allowing access to resources based on a role of the principal,a statement including an indication as to the at least one attesting resource that is attesting for the principal and under what authority the at least one attestation is being made, anda signature of the at least one attesting resource that is attesting for the principal; and
  
  enforcing the policy included in the at least one attestation against the principal within the environment at least in part by;
  
  altering the one or more permissions of the principal specified by the statement in relation to the one or more resources to create one or more altered permissions during the session of interaction of the principal within the environment; and
  
  restricting resource access of the principal in accordance with the one or more altered permissions for at least part of the session of interaction of the principal within the environment.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the processor to further provide security enforcement by:
    - obtaining at least one other attestation in response to detecting that the condition associated with an identified resource within the environment; and
      
      enforcing another policy in response to the at least one other attestation against the identified resource within the environment.
  - 10. The system of claim 8, wherein each role of the one or more roles includes one or more rights, one or more policies, and/or one or more access permissions for one or more resources accessible from the environment.
  - 11. The system of claim 8, the processor to further provide security enforcement by determining as the condition that at least one role of the one or more roles is activated by the principal operating within the environment.
  - 12. The system of claim 8, the processor to further provide security enforcement by determining as the condition that predefined roles, activities, or events occur within a predefined period of time.
  - 13. The system of claim 8, the processor to further provide security enforcement by one or more of the following:
    - removing the policy in response to a time-to-live attribute associated with the policy expiring;
      
      removing the policy in response to an event;
      
      removing the policy in response to another different policy disposition; and
      
      /orremoving the policy in response to a revocation of the policy by an attester that initially supplied the attestation.
  - 14. The system of claim 8, wherein the enforcing further includes enforcing the policy for a defined period of time.

15. A non-transitory, computer-readable memory comprising a set of instructions stored therein which, when executed by a processor, causes the processor to perform:
- configuring a security enforcement service with a policy-based attestation service on a computer network architecture at least in part by;
  
  authenticating a true identity of a principal;
  
  creating, in response to authenticating the true identity of the principal, a first data structure representing a crafted identity for the principal, the crafted identity concealing the true identity of the principal and comprising one or more identifiers and secrets that provide a statement specifying one or more roles and one or more permissions that the principal has in relation to one or more resources but which permits the principal'"'"'s true identity to remain anonymous to the one or more resources;
  
  detecting the crafted identity of a session of interaction of the principal within an environment, and enforcing global policy limitations to recognize or trap a condition within the environment that corresponds to a current operation of the principal during the session of interaction of the principal, where the current operation corresponds to a definition of a previously defined activity;
  
  in response to the recognizing or trapping the condition, acquiring at least one attestation for the principal from at least one attesting resource at least in part by;
  
  generating a notification comprising condition information specifying one or more characteristics of the condition occurring within the environment;
  
  sending the notification to at least one attesting resource, the at least one attesting resource being a particular resource that has permission and authority to generate and transfer the at least one attestation, the at least one attesting resource generating the at least one attestation in response to the condition, the at least one attestation corresponding to a second data structure created to include;
  
  a policy for altering access permissions of the principal during the session of interaction of the principal within the environment, the access permissions allowing access to resources based on a role of the principal,a statement including an indication as to the at least one attesting resource that is attesting for the principal and under what authority the at least one attestation is being made, anda signature of the at least one attesting resource that is attesting for the principal; and
  
  enforcing the policy included in the at least one attestation against the principal within the environment at least in part by;
  
  altering the one or more permissions of the principal specified by the statement in relation to the one or more resources to create one or more altered permissions during the session of interaction of the principal within the environment; and
  
  restricting resource access of the principal in accordance with the one or more altered permissions for at least part of the session of interaction of the principal within the environment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory, computer-readable memory of claim 15, the processor to further provide security enforcement by:
    - obtaining at least one other attestation in response to detecting that the condition associated with an identified resource within the environment; and
      
      enforcing another policy in response to the at least one other attestation against the identified resource within the environment.
  - 17. The non-transitory, computer-readable memory of claim 15, wherein each role of the one or more roles includes one or more rights, one or more policies, and/or one or more access permissions for one or more resources accessible from the environment.
  - 18. The non-transitory, computer-readable memory of claim 15, the processor to further provide dynamic security enforcement by:
    - determining as the condition that at least one role of the one or more roles is activated by the principal operating within the environment, or determining as the condition that predefined roles, activities, or events occur within a predefined period of time.
  - 19. The non-transitory, computer-readable memory of claim 15, the processor to further provide dynamic security enforcement by one or more of the following:
    - removing the policy in response to a time-to-live attribute associated with the policy expiring;
      
      removing the policy in response to an event;
      
      removing the policy in response to another different policy disposition; and
      
      /orremoving the policy in response to a revocation of the policy by an attester that initially supplied the attestation.
  - 20. The non-transitory, computer-readable memory of claim 15, wherein the enforcing further includes enforcing the policy for a defined period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Buss, Duane Fredrick, Carter, Stephen R.
Primary Examiner(s)
Vyas, Abhishek
Assistant Examiner(s)
Dega, Murali K

Application Number

US11/638,121
Publication Number

US 20070179802A1
Time in Patent Office

4,521 Days
Field of Search

705 1- 45, 705 50- 79
US Class Current
CPC Class Codes

G06Q 10/00   Administration; Management

G06Q 10/06   Resources, workflows, human...

H04L 63/102   Entity profiles

Policy enforcement via attestations

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy enforcement via attestations

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links