Method and system for establishing an audit trail to protect objects distributed over a network

US 20020046350A1
Filed: 09/14/2001
Published: 04/18/2002
Est. Priority Date: 09/14/2000
Status: Abandoned Application

First Claim

Patent Images

1. In a communications network, a method for providing and protecting a record of requested actions and actions taken on objects distributed on a network, said method comprising:

a) recording to a log file information about events, said log file stored on a security server, said events belonging to the group consisting of;

i) requests for action on a requested protected object initiated by a requester device;

ii) action taken on the requested protected object at the requestor device; and

iii) actions taken by the security server, said actions related to the protection of the requested protected object; and

b) providing an authorized user access to the log file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing a log file which may be used to create an audit trail are presented. A security server maintains a log file of actions performed by a requester and the security server which are related to protected objects. Object controls instantiated with the object on the requester device transmit an encrypted descriptor of the action to the security server and may prevent the requester device from taking any action (viewing, editing, printing, etc.) if there is no secure connection to the security server. The security server will record the information received from the requester device, along with other data, to the log file as well as recording a descriptor of any of the security server'"'"'s actions taken which relate to the protection of objects.

Citations

48 Claims

1. In a communications network, a method for providing and protecting a record of requested actions and actions taken on objects distributed on a network, said method comprising:
- a) recording to a log file information about events, said log file stored on a security server, said events belonging to the group consisting of;
  
  i) requests for action on a requested protected object initiated by a requester device;
  
  ii) action taken on the requested protected object at the requestor device; and
  
  iii) actions taken by the security server, said actions related to the protection of the requested protected object; and
  
  b) providing an authorized user access to the log file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1 further including object controls instantiated on the requestor device denying an attempted action on a protected object at the requestor device when the requestor device is not in network communication with the security server.
  - 3. The method of claim 1 further including object controls instantiated on the requestor device attempting to establish a connection between the requestor device and the security server when the requestor device is not in network communication with the security server and the requester device attempts an action on the protected object.
  - 4. The method of claim 1 wherein the information recorded to the log file includes local data.
  - 5. The method of claim 1 wherein the information recorded to the log file includes time of the event.
  - 6. The method of claim 1 wherein the information recorded to the log file includes a network IP address of the requester device initiating the event.
  - 7. The method of claim 1 wherein the information recorded to the log file includes a descriptor of the event.
  - 8. The method of claim 1 wherein the information recorded to the log file includes a request sent to the security server.
  - 9. The method of claim 1 wherein the information sent by the requestor device to the security server is encrypted according to a protocol.
  - 10. The method of claim 9 wherein a protocol including encryption for the information provides strong encryption.
  - 11. The method of claim 9 wherein a protocol including encryption for the information provides non-malleable encryption.
  - 12. The method of claim 1 wherein the log file is used to create an audit trail.
  - 13. The method of claim 1 wherein an untethered requester device records any actions on a protected object in a file on the requestor device and sends the file to the security server when the requester devices establishes a network connection to the security server.
  - 14. The method of claim 1 wherein access to the log file includes restricted views of the log file.
  - 16. The system of claim 15 wherein the log file is used to create an audit trail.
  - 17. The system of claim 15 wherein the information recorded is time of the event.
  - 18. The system of claim 15 wherein the information recorded is local data.
  - 19. The system of claim 15 wherein the information recorded is a network IP address of the requestor device initiating the event.
  - 20. The system of claim 15 wherein the information recorded to the log file includes a descriptor of the event.
  - 21. The system of claim 15 wherein the information recorded to the log file includes a request sent to the security server.
  - 22. The system of claim 15 wherein the information sent by the requestor device to the security server is encrypted according to a protocol.
  - 23. The system of claim 22 wherein a protocol including encryption for the information provides strong encryption.
  - 24. The system of claim 22 wherein a protocol including encryption for the information provides non-malleable encryption.
  - 25. The system of claim 15 further including means to establish a connection between the requestor device and the security server in order to record information about requests for action initiated at the requester device, said connection to be established when there is no existing connection between said requester device and said security server.
  - 26. The system of claim 25 further including means to refuse a requested action on a protected object if a connection between the requester device and the security server cannot be established.
  - 27. The system of claim 15 further including means for an untethered requestor device to record any actions on a requested protected object in a file on the requestor device and send the file to the security server when the requestor devices establishes a network connection to the security server.
  - 29. The system of claim 28 wherein the log file is used to create an audit trail.
  - 30. The system of claim 28 wherein the information recorded is time of the event.
  - 31. The system of claim 28 wherein the information recorded is local data.
  - 32. The system of claim 28 wherein the information recorded is a network IP address of the requestor device initiating the event.
  - 33. The system of claim 28 wherein the information recorded to the log file includes a descriptor of the event.
  - 34. The system of claim 28 wherein the information recorded to the log file includes a request sent to the security server.
  - 35. The system of claim 28 wherein the information sent by the requester device to the security server is encrypted according to a protocol.
  - 36. The system of claim 35 wherein a protocol including encryption for the information provides strong encryption.
  - 37. The system of claim 35 wherein a protocol including encryption for the information provides non-malleable encryption.
  - 38. The system of claim 28 further including means to establish a connection between the requester device and the security server in order to record information about requests for action initiated at the requester device, said connection to be established when there is no existing connection between said requestor device and said security server.
  - 39. The system of claim 38 further including means to refuse a requested action on a protected object if a connection between the requestor device and the security server cannot be established.

15. In a communications network, a system for protecting objects by providing a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
- a) an object server containing objects, said object server running a software program which designates what objects are to be protected and a security policy for protected objects, said object server connected to a network;
  
  b) a requester device requesting an object from the object server, said device connected to the network; and
  
  c) a security server running another software program providing protection services for objects designated by the software program as protected, said security server connected to the network, said software providing protection services including;
  
  i) means for receiving a redirected, enhanced request for the requested object from the requestor device, said enhanced request corresponding to the requester device'"'"'s original request and created by the object server, said enhanced request an object including encrypted data associated with authentication and time of the original request as well as serialization, nonce, security policy, and description of the requested object;
  
  ii) means for obtaining said requested protected object from a cache or from the object server on which the requested protected object is stored;
  
  iii) means for encrypting said requested protected object;
  
  iv) means for combining the requested protected object with mobile code, a security policy, and object controls; and
  
  v) means for sending the resulting file to the requesting device, said requesting device having to execute the mobile code to render the requested object to the requesting device, a user of the requesting device to use and view the object subject to the security policy and object controls that are put in place on the requesting device upon execution of the mobile code;
  
  vi) means for verifying proper instantiation of the object controls;
  
  vii) means for providing a decryption key to the requesting device upon satisfactory authentication of a request for said key; and
  
  viii) means for recording to a log file information about events, said log file stored on the security server, said events belonging to the group consisting of;
  
  A) requests for action on a requested protected object initiated by the requestor device;
  
  B) action taken on a requested protected object at the requester device; and
  
  C) actions taken by the security server, said actions related to the protection of the requested protected object.

28. In a communications network, a system for protecting objects by creating a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
- a) a requestor device connected to a network; and
  
  b) a security server providing protection services for objects, said server connected to a network, s aid security server having means for recording to a log file stored on the security server information about events belonging to the group consisting of;
  
  i) requests f or action on a protected object instantiated at the requestor device, said request communicated from the requestor device to the security server;
  
  ii) actions taken on a protected object instantiated at the requestor device; and
  
  iii) actions taken by the security server, said actions related to the protection of the requested protected object.

40. In a communications network, a system for protecting objects by creating a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
- a) a requestor device containing a protected object distributed by a security server, said object'"'"'s security policy allowing actions on the object when the requestor device is not connected to a network;
  
  b) a security server providing protection services for objects, said security server connected to a network, said security server having means for recording to a log file stored on the security server information about events belonging to the group consisting of;
  
  i) actions taken on a protected object instantiated at the requester device; and
  
  ii) actions taken by the security server, said actions related to the protection of the protected object;
  
  wherein the untethered requester device has means for recording information about actions taken on the protected object in a file on the requester device and sending the file to the security server when the requester device establishes a network connection to the security server.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. The system of claim 40 wherein the log file is used to create an audit trail.
  - 42. The system of claim 40 wherein the information recorded is time of the event.
  - 43. The system of claim 40 wherein the information recorded is local data.
  - 44. The system of claim 40 wherein the information recorded is a network IP address of the requestor device initiating the event.
  - 45. The system of claim 40 wherein the information recorded is a descriptor of the event.
  - 46. The system of claim 40 wherein the information sent by the requestor device to the security server is encrypted according to a protocol.
  - 47. The system of claim 46 wherein a protocol including encryption for the information provides strong encryption.
  - 48. The system of claim 46 wherein a protocol including encryption for the information provides non-malleable encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OmniTrust Security Systems, Inc. (TriIs, Inc.)
Original Assignee
OmniTrust Security Systems, Inc. (TriIs, Inc.)
Inventors
Scheibe, Paul O., Robinson, Daniel J., Lordemann, David A.

Application Number

US09/952,696
Publication Number

US 20020046350A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/1078   Logging; Metering

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2463/101   applying security measures ...

H04L 63/0442   wherein the sending and rec...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

Method and system for establishing an audit trail to protect objects distributed over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for establishing an audit trail to protect objects distributed over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links