Virtual distributed security system

US 20030074579A1
Filed: 02/06/2002
Published: 04/17/2003
Est. Priority Date: 10/16/2001
Status: Abandoned Application

First Claim

Patent Images

1. A distributed security system comprising:

a security policy written in a security policy language; and

a least one computer device that processes data in accordance with the security policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

195 Citations

View as Search Results

32 Claims

1. A distributed security system comprising:
- a security policy written in a security policy language; and
  
  a least one computer device that processes data in accordance with the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The distributed security system of claim 1, wherein:
    - the security policy identifies components of the security system.
  - 3. The distributed security system of claim 1, wherein:
    - the security policy identifies access rights of the security system.
  - 4. The distributed security system of claim 1, wherein:
    - the security policy language comprises the extensible markup language.
  - 5. The distributed security system of claim 1, wherein:
    - the security policy is configurable.
  - 6. The distributed security system of claim 1, wherein:
    - the security policy language comprises at least some logic-based components.
  - 7. The distributed security system of claim 1, wherein:
    - the security policy language comprises at least some rule-based components.
  - 8. The distributed security system of claim 1, wherein:
    - the security policy language comprises procedural components.
  - 9. The distributed security system of claim 1, wherein the computer device is configured with computer-executable instructions to:
    - receive from a first entity a message formatted in a first protocol; and
      
      transmit to a second entity the message formatted in a second protocol that is different from the first protocol.
  - 10. The distributed security system of claim 9, wherein the computer device is configured with computer-executable instructions to:
    - receive from a first entity a message transported with a first transport; and
      
      transmit to the second entity the message using a second transport that is different from the first transport.
  - 11. The distributed security system of claim 1, wherein the security policy is implemented with at least one application programming interface.
  - 12. The distributed security system of claim 1, wherein the security language includes programming language constructs.
  - 13. The distributed security system of claim 1, wherein the security policy includes an identity service.
  - 14. The distributed security system of claim 1, wherein the security policy includes an admission service.
  - 15. The distributed security system of claim 1, wherein the security policy includes a permission service.
  - 16. The distributed security system of claim 1, wherein the security policy includes a revocation service.
  - 17. The distributed security system of claim 1, wherein the security policy includes a mapping of entities to rights.
  - 18. The distributed security system of claim 17, wherein the security policy further includes a mapping of entities to capabilities.
  - 19. The distributed security system of claim 1, wherein the security policy is configured to invoke external computer-readable instructions.
  - 20. The distributed security system of claim 19, wherein the external computer-readable instructions comprise native processor code.
  - 21. The distributed security system of claim 19, wherein the external computer-readable instructions comprise Java code.

22. A method of delegating security credentials, the method including:
- providing to a second party a first license issued to a first party; and
  
  providing to the second party a second license that allows the second party to use the first license.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein the second license is issued by the first party.
  - 24. The method of claim 22, wherein the second license includes conditions on the use of the first license.

25. A method of transmitting a message between a first party and a second party, the method including:
- receiving from the first party a message addressed to the second party, wherein the message is transported with a first transport and formatted in accordance with a first protocol;
  
  determining a transport and protocol required by the second party from a security policy; and
  
  transmitting the message to the second party using the transport and protocol required by the second party.

26. A method of transmitting a secure message between a first party and a second party, the method including:
- formatting the message with a markup language; and
  
  inserting a security credential into a header of the message.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, wherein the markup language comprises the extensible markup language.
  - 28. The method of claim 26, wherein the security credential comprises a license.
  - 29. The method of claim 26, wherein the security credential comprises a key.

30. A method of defining a security arrangement between entities of a distributed computing system, the method including:
- identifying a portion of a first security policy written in a first security policy language;
  
  identifying a portion of a second security policy written in a second security policy language; and
  
  processesing data in accordance with the portion of the first security policy and the portion of the second security policy.
- View Dependent Claims (31, 32)
- - 31. The method of claim 30, further including exchanging messages between the entities to negotiate on the identification of the portion of the first security policy and the portion of the second security policy.
  - 32. The method of claim 30, wherein the first security policy language is the same as the second security policy language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shewchuk, John P., Kaler, Christopher G., Leach, Paul J., Della-Libera, Giovanni M., Rashid, Richard F., Lucco, Steven E., Lovering, Bradford H., Millet, Stephen J., Konersmann, Scott A., Lampson, Butler W.

Application Number

US10/068,444
Publication Number

US 20030074579A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 45/02   Topology update or discovery

H04L 45/34   Source routing

H04L 45/566   Routing instructions carrie...

H04L 63/02   for separating internal fro...

H04L 63/04   for providing a confidentia...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

Virtual distributed security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

195 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Virtual distributed security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others