Method and system for establishing an audit trail to protect objects distributed over a network
First Claim
1. In a communications network, a method for providing and protecting a record of requested actions and actions taken on objects distributed on a network, said method comprising:
- a) recording to a log file information about events, said log file stored on a security server, said events belonging to the group consisting of;
i) requests for action on a requested protected object initiated by a requester device;
ii) action taken on the requested protected object at the requestor device; and
iii) actions taken by the security server, said actions related to the protection of the requested protected object; and
b) providing an authorized user access to the log file.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for establishing a log file which may be used to create an audit trail are presented. A security server maintains a log file of actions performed by a requester and the security server which are related to protected objects. Object controls instantiated with the object on the requester device transmit an encrypted descriptor of the action to the security server and may prevent the requester device from taking any action (viewing, editing, printing, etc.) if there is no secure connection to the security server. The security server will record the information received from the requester device, along with other data, to the log file as well as recording a descriptor of any of the security server'"'"'s actions taken which relate to the protection of objects.
-
Citations
48 Claims
-
1. In a communications network, a method for providing and protecting a record of requested actions and actions taken on objects distributed on a network, said method comprising:
-
a) recording to a log file information about events, said log file stored on a security server, said events belonging to the group consisting of;
i) requests for action on a requested protected object initiated by a requester device;
ii) action taken on the requested protected object at the requestor device; and
iii) actions taken by the security server, said actions related to the protection of the requested protected object; and
b) providing an authorized user access to the log file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
15. In a communications network, a system for protecting objects by providing a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
-
a) an object server containing objects, said object server running a software program which designates what objects are to be protected and a security policy for protected objects, said object server connected to a network;
b) a requester device requesting an object from the object server, said device connected to the network; and
c) a security server running another software program providing protection services for objects designated by the software program as protected, said security server connected to the network, said software providing protection services including;
i) means for receiving a redirected, enhanced request for the requested object from the requestor device, said enhanced request corresponding to the requester device'"'"'s original request and created by the object server, said enhanced request an object including encrypted data associated with authentication and time of the original request as well as serialization, nonce, security policy, and description of the requested object;
ii) means for obtaining said requested protected object from a cache or from the object server on which the requested protected object is stored;
iii) means for encrypting said requested protected object;
iv) means for combining the requested protected object with mobile code, a security policy, and object controls; and
v) means for sending the resulting file to the requesting device, said requesting device having to execute the mobile code to render the requested object to the requesting device, a user of the requesting device to use and view the object subject to the security policy and object controls that are put in place on the requesting device upon execution of the mobile code;
vi) means for verifying proper instantiation of the object controls;
vii) means for providing a decryption key to the requesting device upon satisfactory authentication of a request for said key; and
viii) means for recording to a log file information about events, said log file stored on the security server, said events belonging to the group consisting of;
A) requests for action on a requested protected object initiated by the requestor device;
B) action taken on a requested protected object at the requester device; and
C) actions taken by the security server, said actions related to the protection of the requested protected object.
-
-
28. In a communications network, a system for protecting objects by creating a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
-
a) a requestor device connected to a network; and
b) a security server providing protection services for objects, said server connected to a network, s aid security server having means for recording to a log file stored on the security server information about events belonging to the group consisting of;
i) requests f or action on a protected object instantiated at the requestor device, said request communicated from the requestor device to the security server;
ii) actions taken on a protected object instantiated at the requestor device; and
iii) actions taken by the security server, said actions related to the protection of the requested protected object.
-
-
40. In a communications network, a system for protecting objects by creating a log file of requested actions and actions taken on objects distributed in a network, said system comprising:
-
a) a requestor device containing a protected object distributed by a security server, said object'"'"'s security policy allowing actions on the object when the requestor device is not connected to a network;
b) a security server providing protection services for objects, said security server connected to a network, said security server having means for recording to a log file stored on the security server information about events belonging to the group consisting of;
i) actions taken on a protected object instantiated at the requester device; and
ii) actions taken by the security server, said actions related to the protection of the protected object;
wherein the untethered requester device has means for recording information about actions taken on the protected object in a file on the requester device and sending the file to the security server when the requester device establishes a network connection to the security server. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
-
Specification