Application level security

US 20040034767A1
Filed: 06/04/2003
Published: 02/19/2004
Est. Priority Date: 06/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method performed at a security service arbitrator, the method comprising:

receiving a security tender comprising security requirements for an application;

searching for security services to fulfill the security requirements;

determining that the security services satisfy the security requirements; and

generating a security contract for the application, the security contract specifying how the application is to communicate with the security services.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing application layer security may be facilitated by an arbitrator. In general, in one implementation, an arbitrator may receive a security tender including security requirements for an application, search for security services to fulfill the security requirements, determine whether discovered security services can satisfy the security requirements, and, if security services that can satisfy the security requirements exist, generate a security contract for the application, the security contract specifying how the application is to communicate with the security services that can satisfy the security requirements.

Citations

30 Claims

1. A method performed at a security service arbitrator, the method comprising:
- receiving a security tender comprising security requirements for an application;
  
  searching for security services to fulfill the security requirements;
  
  determining that the security services satisfy the security requirements; and
  
  generating a security contract for the application, the security contract specifying how the application is to communicate with the security services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the security requirements in the tender vary depending on application communication functions.
  - 3. The method of claim 1, wherein generating a security contract for the application comprises selecting between a set of security services that satisfy a security requirement.
  - 4. The method of claim 1, wherein the security contract allows the application to communicate directly with the security services that satisfy the security requirements.
  - 5. The method of claim 1, further comprising binding the contract with the application.
  - 6. The method of claim 1, further comprising:
    - receiving remote security requirements from a remote arbitrator;
      
      determining whether the security services satisfy the remote security requirements; and
      
      generating a message regarding the security services.
  - 7. The method of claim 6, further comprising generating the security contract for the application based on the security services.
  - 8. The method of claim 1, further comprising:
    - monitoring the contract to determine whether it is still valid; and
      
      if the contract is not still valid, revoking the contract.
  - 9. The method of claim 8, wherein revoking the contract comprises determining that a predetermined period of time has expired.

10. A system comprising:
- an arbitrator comprising;
  
  a registrar operable to generate a security contract for an application in response to a security tender, the security tender comprising application security requirements, the security contract specifying how the application is to communicate with security services that can satisfy the security requirements; and
  
  an administrator operable to determine whether the security contract is invalid.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the registrar is operable to:
    - receive the security tender;
      
      search for the security services to fulfill the security requirements;
      
      determine whether the security services satisfy the security requirements; and
      
      generate the security contract.
  - 12. The system of claim 10, wherein the register is further operable to select between a set of security services that satisfy a security requirement.
  - 13. The system of claim 10, wherein the security contract allows the application to communicate directly with the security services.
  - 14. The system of claim 10, wherein the arbitrator comprises a linker operable to bind the contract with the application.
  - 15. The system of claim 10, wherein the arbitrator further comprises a negotiator operable to:
    - receive remote security requirements from a remote arbitrator;
      
      determine that security services that satisfy the remote security requirements exist; and
      
      generate a message regarding the security services.

16. An article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
- determining whether a security tender has been received at an arbitrator, the security tender comprising security requirements for an application;
  
  searching for security services to fulfill the security requirements;
  
  determining that the security services satisfy the security requirements; and
  
  generating a security contract for the application, the security contract specifying how the application is to communicate with the security services.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The article of claim 16, wherein generating a security contract for the application comprises selecting between a set of security services that satisfy a security requirement.
  - 18. The article of claim 16, wherein the security contract allows the application to communicate directly with the security services that.
  - 19. The article of claim 16, wherein the instructions are further operable to cause one or more machines to perform operations comprising binding the contract with the application.
  - 20. The article of claim 16, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - receiving remote security requirements from a remote arbitrator;
      
      determining that security services that satisfy the remote security requirements exist; and
      
      generating a message regarding the security services.
  - 21. The article of claim 16, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - monitoring the contract to determine whether it is still valid; and
      
      if the contract is not still valid, revoking the contract.

22. A method performed by an application, the method comprising:
- generating a security tender, the security tender containing security requirements for the application; and
  
  determining whether a security contract has been received, the contract specifying how the application is to communicate with security services that satisfy the security requirements.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, further comprising:
    - determining that communication is desired with a second application;
      
      contacting a security service based on a type of communication; and
      
      communicating with the second application in accordance with the security service.
  - 24. The method of claim 22, further comprising:
    - determining whether the contract is still valid; and
      
      if the contract is not still valid, terminating communication with a second application.
  - 25. The method of claim 22, further comprising:
    - determining whether the security contract is acceptable; and
      
      if the security contract is not acceptable, refusing to communicate using the security contract.

26. An article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
- generating a security tender at an application, the security tender containing security requirements for the application; and
  
  determining whether a security contract has been received, the contract specifying how the application is to communicate with security services that satisfy the security requirements.
- View Dependent Claims (27, 28, 29)
- - 27. The article of claim 26, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - determining that communication is desired with a second application;
      
      contacting a security service based on a type of communication; and
      
      communicating with the second application in accordance with the security service.
  - 28. The article of claim 26, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - determining whether the contract is still valid; and
      
      if the contract is not still valid, terminating communication with a second application.
  - 29. The article of claim 26, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - determining whether the security contract is acceptable; and
      
      if the security contract is not acceptable, refusing to communicate using the security contract.

30. A system comprising:
- an article comprising a machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising;
  
  generating a security tender, the security tender containing security requirements for the application, determining whether a security contract has been received, the contract specifying how the application is to communicate with security services that satisfy the security requirements, determining that communication is desired with a second application, contacting a security service based on a type of communication, communicating with the second application in accordance with the security service, determining whether the contract is still valid, and if the contract is not still valid, terminating communication with the second application; and
  
  an arbitrator operable to;
  
  receive the security tender, search for security services to fulfill the security requirements, the security requirements varying depending on application communication functions, determine that the security services satisfy the security requirements, generate the security contract, bind the contract with the application, receive remote security requirements from a remote arbitrator, determine that security services that can satisfy the remote security requirements exist, generate a message regarding the security services, generate a security contract for an application based on the security services that can satisfy the security requirements, monitor the security contract to determine whether it is still valid, and if the contract is not still valid, revoke the contract.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Haller, Jochen, Robinson, Philip

Granted Patent

US 7,313,812 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06Q 10/10 Office automation; Time man...

H04L 9/32 including means for verifyi...

Application level security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Application level security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links