Distributed enterprise security system for a resource hierarchy

US 20050102401A1
Filed: 10/08/2004
Published: 05/12/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A distributed system for controlling access to a first resource in a hierarchy of resources, comprising:

a distributor located on a first server and capable of distributing to a second server a first policy for the first resource;

a security service module (SSM) located on the second server and capable of managing based on the first policy conditions for access to at least one of;

the first resource and a second resource that is hierarchically inferior to the first resource; and

wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for a distributed system for controlling access to a first resource in a hierarchy of resources, comprising, a distributor located on a first server and capable of distributing to a second server a first policy for the first resource, a security service module (SSM) located on the second server and capable of managing based on the first policy conditions for access to at least one of: the first resource and a second resource that is hierarchically inferior to the first resource, and wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.

Citations

16 Claims

1. A distributed system for controlling access to a first resource in a hierarchy of resources, comprising:
- a distributor located on a first server and capable of distributing to a second server a first policy for the first resource;
  
  a security service module (SSM) located on the second server and capable of managing based on the first policy conditions for access to at least one of;
  
  the first resource and a second resource that is hierarchically inferior to the first resource; and
  
  wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The distributed system of claim 1 wherein:
    - the first policy is for a resource accessible through the SSM.
  - 3. The distributed system of claim 1, further comprising:
    - a modular services layer coupled to the SSM.
  - 4. The distributed system of claim 1 wherein:
    - the first policy is accepted over a secure communication link.
  - 5. The distributed system of claim 1, further comprising:
    - a second SSM on a third server; and
      
      wherein the distributor is capable of distributing a policy to the second SSM.
  - 6. The distributed system of claim 1 wherein:
    - the distributor further comprises a cache for policies.

7. A method for controlling access to a first resource in a hierarchy of resources, comprising:
- accepting a first policy for the first resource;
  
  managing based on the first policy conditions for access to at least one of;
  
  the first resource and a second resource that is hierarchically inferior to the first resource; and
  
  wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7 wherein:
    - the first policy is for a resource accessible through a server.
  - 9. The method of claim 7 wherein:
    - the first policy is accepted over a secure communication link.
  - 10. The method of claim 7, further comprising:
    - caching the first policy.

11. A method for controlling access to a first resource in a hierarchy of resources, comprising:
- on a first server;
  
  distributing a first policy for the first resource;
  
  on a second server;
  
  accepting the first policy from the first server;
  
  managing based on the first policy conditions for access to at least one of;
  
  the first resource and a second resource that is hierarchically inferior to the first resource; and
  
  wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.

12. A machine readable medium having instructions stored thereon to cause a system to:
- accept a first policy for a first resource;
  
  manage based on the first policy conditions for access to at least one of;
  
  the first resource and a second resource that is hierarchically inferior to the first resource; and
  
  wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.
- View Dependent Claims (13, 14, 15)
- - 13. The machine readable medium of claim 12 wherein:
    - the first policy is for a resource accessible through a server.
  - 14. The machine readable medium of claim 12 wherein:
    - the first policy is accepted over a secure communication link.
  - 15. The machine readable medium of claim 12, further comprising instructions that cause the system to:
    - cache the first policy.

16. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for accepting a first policy for the first resource;
  
  a code segment including instructions for managing based on the first policy conditions for access to at least one of;
  
  the first resource and a second resource that is hierarchically inferior to the first resource; and
  
  wherein the first policy can be overridden by a second policy wherein the second policy specifies conditions for access for a resource that is hierarchically inferior to the first resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/961,677
Publication Number

US 20050102401A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Distributed enterprise security system for a resource hierarchy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed enterprise security system for a resource hierarchy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links