Uniform modular framework for a host computer system
First Claim
1. A system which provides a modular uniform security applications framework for a host computer system and a compliant security token in processing communications with the host computer system comprising:
- said compliant security token including a set of retrievable token security policies and one or more token security applications;
said host computer system including a retrievable set of host security policies and a token access control application, wherein said token access control application includes means for;
retrieving at least a portion of said host security policies from said host computer system, retrieving at least a portion of said token security policies from said compliant security token, generating a composite set of security policies from said host security policies and said token security policies, and ensuring enforcement of said composite set of security policies on a request to perform a security function using said compliant security token.
3 Assignments
0 Petitions
Accused Products
Abstract
A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.
-
Citations
54 Claims
-
1. A system which provides a modular uniform security applications framework for a host computer system and a compliant security token in processing communications with the host computer system comprising:
-
said compliant security token including a set of retrievable token security policies and one or more token security applications;
said host computer system including a retrievable set of host security policies and a token access control application, wherein said token access control application includes means for;
retrieving at least a portion of said host security policies from said host computer system, retrieving at least a portion of said token security policies from said compliant security token, generating a composite set of security policies from said host security policies and said token security policies, and ensuring enforcement of said composite set of security policies on a request to perform a security function using said compliant security token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
9. A system which provides a modular uniform security applications framework for a host computer system and a compliant security token in processing communications with the host computer system comprising:
-
said compliant security token including a set of retrievable token security policies and one or more token security applications;
said host computer system including a token access control application, a retrievable set of host security policies and at least one security application agent functionally associated with said token access control application;
said token access control application including means for;
retrieving at least a portion of said host security policies from said host computer system, retrieving at least a portion of said token security policies from said compliant security token, generating a composite set of security policies from said host security policies and said token security policies, and transferring at least a portion of said composite set of security policies to said at least one of security application agent. - View Dependent Claims (10, 11, 12)
-
-
13. A system which provides a modular uniform security applications framework for a host computer system and a compliant security token in processing communications with the host computer system comprising:
-
said compliant security token including a set of retrievable token security policies and one or more token security applications;
said host computer system including a requesting application, a token access control application, a retrievable set of host security policies and at least one security application agent functionally associated with said token access control application;
said token access control application including means for;
retrieving at least a portion of said host security policies from said host computer system, retrieving at least a portion of said token security policies from said compliant security token, generating a composite set of security policies from said host security policies and said token security policies, and returning at least a portion of said composite set of security policies to said requesting application;
said requesting application including means for;
generating a request to perform a security function using said compliant security token, ensuring enforcement of said at least a portion of said composite set of security policies, and causing said at least one security application agent to execute in response to said request; and
said at least one security application agent including means for performing a security function with said one or more token security applications in accordance with said at least a portion of said composite set of security requirements. - View Dependent Claims (14, 15, 16)
-
-
17. A system which provides a modular uniform security applications framework for a host computer system and a compliant security token in processing communications with the host computer system comprising:
-
said compliant security token including a set of retrievable token security policies and one or more token security applications;
said host computer system including a token access control application, a retrievable set of host security policies and at least one security application agent functionally associated with said token access control application;
said token access control application including means for;
retrieving at least a portion of said host security policies from said host computer system, retrieving at least a portion of said token security policies from said compliant security token, generating a composite set of security policies from said host security policies and said token security policies, ensuring enforcement of said composite set of security policies on a request to perform a security function using said compliant security token, and said at least one security application agent, including means for performing said security function with said one or more token security applications in accordance with said composite set of security policies.
-
-
27. A method for using a modular uniform security applications framework for a host computer system and a compliant security token comprising the steps of:
-
a. receiving a token security function request from a requesting application, b. retrieving a set of token security policies, c. retrieving a set of host security policies, d. combining said token security policies and said host security policies into a composite security policy, e. ensuring enforcement of said composite security policy on said security function request, f. receiving a credential if required by said composite security policy, g. sending said credential to an appropriate security application agent if required by said composite security policy, h. sending said credential to an appropriate token security application if required by said composite security policy, and i. performing a security function in accordance with said composite security policy. - View Dependent Claims (30, 31)
-
-
28. A method for using a modular uniform security applications framework for a host computer system and a compliant security token comprising the steps of:
-
a. receiving a token security function request from a requesting application, b. retrieving a set of token security policies, c. retrieving a set of host security policies, d. combining said token security policies and said host security policies into a composite security policy, e. sending at least a portion of said composite security policy to a appropriate security application agent, f. ensuring enforcement of at least a portion of said composite security policy on said security function request, g. receiving a credential if required by said composite security policy, h. sending said credential to an appropriate token security application if required by said composite security policy, and h. performing a security function in accordance with said composite security policy.
-
-
29. A method for providing a modular uniform security applications framework for a host computer system and a compliant security token comprising the steps of:
-
a. receiving a token security function request from a requesting application, b. retrieving a set of token security policies, c. retrieving a set of host security policies, d. combining said token security policies and said host security policies into a composite security policy, e. sending at least a portion of said composite security policy to said requesting application, f. ensuring enforcement of at least a portion of said composite security policy by said requesting application, g. receiving a credential if required by said composite security policy, h. sending said credential to an appropriate security application agent if required by said composite security policy, i. sending said credential to an appropriate token security application if required by said composite security policy, and j. performing a security function in accordance with said composite security policy.
-
-
32. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a computer to provide a modular uniform security applications framework for a host computer system and a compliant security token, said executable instructions comprising computer readable program code means for causing said computer to;
-
a. receive a token security function request from a requesting application, b. retrieve a set of token security policies, c. retrieve a set of host security policies, d. combine said token security policies and said host security policies into a composite security policy, e. enforce said composite security policy on said security function request, receive a credential if required by said composite security policy, h. send said credential to an appropriate security application agent if required by said composite security policy, i. send said credential to an appropriate token security application if required by said composite security policy, and j. perform a security function in accordance with said composite security policy. - View Dependent Claims (35, 36)
-
-
33. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a computer to provide a modular uniform security applications framework for a host computer system and a compliant security token, said executable instructions comprising computer readable program code means for causing said computer to;
-
a. receive a security function request from a requesting application, b. retrieve a set of token security policies, c. retrieve a set of host security policies, d. combine said token security policies and said host security policies into a composite security policy, e. send at least a portion of said composite security policy to an appropriate security application agent, f. enforce at least a portion of said composite security policy on said security function request, g. receive a credential if required by said composite security policy, h. send said credential to an appropriate token security application if required by said composite security policy, and i. perform a security function in accordance with said composite security policy.
-
-
34. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a computer to provide a modular uniform security applications framework for a host computer system and a compliant security token, said executable instructions comprising computer readable program code means for causing said computer to;
-
a. receive a security function request from a requesting application, b. retrieve a set of token security policies, c. retrieve a set of host security policies, d. combine said token security policies and said host security policies into a composite security policy, e. send at least a portion of said composite security policy to requesting application, f. enforce at least a portion of said composite security policy by said requesting application, g. receive a credential if required by said composite security policy, h. send said credential to an appropriate security application agent if required by said composite security policy, i. send said credential to an appropriate token security application if required by said composite security policy, and j. perform a security function in accordance with said composite security policy.
-
-
37. A system which provides for retrieval of compatibility information associated with one or more counterpart security application agents from a functionally connected security token by at least one security application installed on a host computer system comprising:
-
said functionally connected security token including said retrievable compatibility information and one or more token security applications installed in said functionally connected security token, wherein said retrievable capability information relates to compatibility between said one or more counterpart security application agents and said one or more token security applications;
said host computer system including said one or more counterpart security application agents and said at least one security application, wherein said at least one security application includes means for;
retrieving said compatibility information related to said one or more counterpart security application agents;
verifying that at least one compatible counterpart security application agent is operatively installed and if not, retrieving and operatively installing at least one compatible counterpart security application agent. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
-
-
45. A method which provides for retrieval of compatibility information related to one or more counterpart security application agents from a functionally connected security token by at least one security application installed on a host computer system comprising the steps of:
-
a. retrieving said compatibility information related to said one or more counterpart security application agents from said functionally connected security token, b. verifying that at least one compatible counterpart security application agent is operatively installed on a host computer system, and if not, c. retrieving said at least one compatible counterpart security application agent and d. operatively installing said at least one compatible counterpart security application agent on said host computer system. - View Dependent Claims (46, 47, 48, 49)
-
-
50. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a computer to provide for retrieval of compatibility information related to one or more counterpart security application agents from a functionally connected security token by at least one security application installed on a host computer system, said executable instructions comprising computer readable program code means for causing said computer to;
-
a. retrieve said compatibility information related to said one or more counterpart security application agents from said functionally connected security token, b. verify that at least one compatible counterpart security application agent is operatively installed on a host computer system, and if not, c. retrieve said at least one compatible counterpart security application agent and d. operatively install said at least one compatible counterpart security application agent on said host computer system. - View Dependent Claims (51, 52, 53, 54)
-
Specification