Framework for maintaining information security in computer networks
First Claim
1. A system for controlling access to information technology assets in a computer network, the system comprising:
- a ticket manager server configured to generate tickets based on user data in a master database; and
a ticket manager client resident on a workstation, the client being configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules, wherein the user data comprises at least one resource register, each resource register including;
a type field designating a specific one of the security modules;
resource data for use by the designated security module; and
an execution domain field designating an exclusive execution environment in which the designated security module can use the resource data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system is provided for controlling access to information technology assets in a computer network. The system includes a ticket manager server configured to generate tickets based on user data in a master database. A ticket manager client, resident on a workstation, is configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules. The user data includes resource registers, each of which has a type field designating a particular security module, resource data for use by the designated security module, and an execution domain field that exclusively designates an execution environment in which the designated security module can use the resource data.
-
Citations
64 Claims
-
1. A system for controlling access to information technology assets in a computer network, the system comprising:
-
a ticket manager server configured to generate tickets based on user data in a master database; and
a ticket manager client resident on a workstation, the client being configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules, wherein the user data comprises at least one resource register, each resource register including;
a type field designating a specific one of the security modules;
resource data for use by the designated security module; and
an execution domain field designating an exclusive execution environment in which the designated security module can use the resource data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for controlling access to information technology assets in a computer network, the system comprising:
-
a ticket manager server configured to generate tickets based on user data in a master database; and
a ticket manager client resident on a workstation, the client being configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules, wherein the user data comprises;
at least one resource register providing resource data for use by the security modules;
at least one user register, each user register corresponding to a user; and
at least one profile register, each profile register corresponding to one or more users;
wherein the system allows each user register and each profile register to be associated with one or more resource registers. - View Dependent Claims (11, 12, 13)
-
-
14. A system for controlling access to information technology assets in a computer network, the system comprising:
-
a ticket manager server configured to generate tickets based on user data in a master database;
a plurality of ticket manager clients, each resident on one of a plurality of workstations, the clients being configured to receive tickets from the ticket manager server and distribute resource data obtained from the tickets to network security modules;
a plurality of local ticket manager slave databases, each resident on one of the workstations, and configured to receive a copy of each of the tickets sent to a corresponding one of the ticket manager clients; and
a global ticket manager slave database configured to receive a copy of each of the tickets sent to the ticket manager clients. - View Dependent Claims (15)
-
-
16. A system for controlling access to information technology assets in a computer network, the system comprising:
-
means for generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers, each resource register including a type field designating a specific one of the security modules and resource data for use by the designated security module;
means for sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
means for distributing resource data obtained from the tickets to network security modules; and
means for designating an exclusive execution domain field that defines an execution environment in which the designated security module can use the resource data. - View Dependent Claims (17, 18)
-
-
19. A system for controlling access to information technology assets in a computer network, the system comprising:
-
means for generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers providing resource data for use by the security modules, user registers that each correspond to a user, and profile registers that each correspond to one or more users;
means for sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
means for distributing resource data obtained from the tickets to network security modules; and
means for associating each user register and each profile register with one or more resource registers. - View Dependent Claims (20, 21, 22)
-
-
23. Computer code for controlling access to information technology assets in a computer network, the computer code comprising:
-
code for generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers, each resource register including a type field designating one of the security modules and resource data for use by the designated security module;
code for sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
code for distributing resource data obtained from the tickets to network security modules; and
code for designating an exclusive execution domain field that defines an execution environment in which the designated security module can use the resource data. - View Dependent Claims (24, 46)
-
-
25. A method for controlling access to information technology assets in a computer network, the method comprising the steps of:
-
generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers, each resource register including a type field designating a specific one of the security modules and resource data for use by the designated security module;
sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
distributing resource data obtained from the tickets to network security modules; and
designating an exclusive execution domain field that defines an execution environment in which the designated security module can use the resource data. - View Dependent Claims (26, 27)
-
-
28. A method for controlling access to information technology assets in a computer network, the method comprising the steps of:
-
generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers providing resource data for use by the security modules, user registers that each correspond to a user, and profile registers that each correspond to one or more users;
sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
distributing resource data obtained from the tickets to network security modules; and
associating each user register and each profile register with one or more resource registers. - View Dependent Claims (29, 30, 31)
-
-
32. A method for controlling access to information technology assets in a computer network, the method comprising the steps of:
-
generating tickets based on user data in a master database of a ticket manager server;
sending tickets from the ticket manager server to a plurality of ticket manager clients, each resident on one of a plurality of workstations, distributing resource data obtained from the tickets to network security modules;
receiving a copy of each of the tickets sent to each of the ticket manager clients in a corresponding local ticket manager slave database resident on the workstation; and
receiving, in a global ticket manager slave database, a copy of each of the tickets sent to the ticket manager clients. - View Dependent Claims (33)
-
-
34. A method for controlling access to information technology assets in a computer network, the method comprising the steps of:
-
receiving a ticket request at a ticket manager server, the ticket manager server having user data in a master database;
creating a ticket for the user containing resource data for use by network security modules;
retrieving from the master database a user register corresponding to the user;
determining whether the user register refers to any resource registers;
if the user register refers to any resource registers, retrieving the referenced resource registers from the master database and adding any resource data in the retrieved resource registers to the ticket; and
outputting the ticket from the ticket manager server in accordance with the ticket request. - View Dependent Claims (35, 36)
-
-
37. A method for controlling access to information technology assets in a computer network, the method comprising the steps of:
-
requesting a ticket from a ticket manager server;
generating a ticket by retrieving from a master database a user register corresponding to a user, retrieving any referenced resource registers, and adding any resource data in the retrieved resource registers to the ticket;
sending the ticket to a ticket manager client in a workstation; and
retrieving the resource data from the ticket and distributing the resource data to network security modules. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
47. Computer code for controlling access to information technology assets in a computer network, the computer code comprising:
-
code for generating tickets based on user data in a master database of a ticket manager server, the user data including resource registers providing resource data for use by the security modules, user registers that each correspond to a user, and profile registers that each correspond to one or more users;
code for sending tickets from the ticket manager server to a ticket manager client resident on a workstation;
code for distributing resource data obtained from the tickets to network security modules; and
code for associating each user register and each profile register with one or more resource registers. - View Dependent Claims (48, 49, 50)
-
-
51. Computer code for controlling access to information technology assets in a computer network, the computer code comprising:
-
code for generating tickets based on user data in a master database of a ticket manager server;
code for sending tickets from the ticket manager server to a plurality of ticket manager clients, each resident on one of a plurality of workstations, code for distributing resource data obtained from the tickets to network security modules;
code for receiving a copy of each of the tickets sent to each of the ticket manager clients in a corresponding local ticket manager slave database resident on the workstation; and
code for receiving, in a global ticket manager slave database, a copy of each of the tickets sent to the ticket manager clients. - View Dependent Claims (52)
-
-
53. Computer code for controlling access to information technology assets in a computer network, the computer code comprising:
-
code for receiving a ticket request at a ticket manager server, the ticket manager server having user data in a master database;
code for creating a ticket for the user containing resource data for use by network security modules;
code for retrieving from the master database a user register corresponding to the user;
code for determining whether the user register refers to any resource registers;
code for, if the user register refers to any resource registers, retrieving the referenced resource registers from the master database and adding any resource data in the retrieved resource registers to the ticket; and
code for outputting the ticket from the ticket manager server in accordance with the ticket request. - View Dependent Claims (54, 55)
-
-
56. Computer code for controlling access to information technology assets in a computer network, the computer code comprising:
-
code for requesting a ticket from a ticket manager server;
code for generating a ticket by retrieving from a master database a user register corresponding to a user, retrieving any referenced resource registers, and adding any resource data in the retrieved resource registers to the ticket;
code for sending the ticket to a ticket manager client in a workstation; and
code for retrieving the resource data from the ticket and distributing the resource data to network security modules. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64)
-
Specification