Distributed security system with security service providers

US 20050102535A1
Filed: 10/08/2004
Published: 05/12/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for distributed enterprise security, comprising:

a security control module (SCM) operable to accept information, wherein the information include one or more of;

a policy and configuration information;

at least one security service module (SSM) operable to accept the information from SCM;

at least one security service providers coupled to the at least one SSM, wherein the at least one security service providers is cable of at least one of;

authentication of a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource; and

wherein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method distributed enterprise security, comprising, a security control module (SCM) operable to accept information, wherein the information include one or more of: a policy and configuration information at least one security service module (SSM) operable to accept the information from SCM at least one security service providers coupled to the at least one SSM, wherein the at least one security service providers is cable of at least one of, authentication of a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource, and wherein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

138 Citations

View as Search Results

28 Claims

1. A system for distributed enterprise security, comprising:
- a security control module (SCM) operable to accept information, wherein the information include one or more of;
  
  a policy and configuration information;
  
  at least one security service module (SSM) operable to accept the information from SCM;
  
  at least one security service providers coupled to the at least one SSM, wherein the at least one security service providers is cable of at least one of;
  
  authentication of a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource; and
  
  wherein the information accepted by the SCM is relevant to one or more of the at least one SSMs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising:
    - a dynamically configurable services layer coupled to the at least one SSM.
  - 3. The system of claim 2 wherein:
    - the information can be used to configure a services layer.
  - 4. The system of claim 1, further comprising:
    - an administration server capable of providing the information to the SCM.
  - 5. The system of claim 1 wherein:
    - the information is accepted over a secure communication link.
  - 6. The system of claim 1 wherein:
    - the information only includes policies that have changed.
  - 7. The system of claim 1, further comprising:
    - a host wherein the host is one of;
      
           1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system; and
      
      wherein the host is coupled to one of the at least one SSM.
  - 8. The system of claim 1 wherein:
    - the at least one SSM can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 9. The system of claim 1 wherein:
    - the at least one SSM caches information to avoid unnecessary communication with the SCM.
  - 10. The system of claim 1 wherein:
    - the SCM provides the information for the at least one SSMs on a given computing device.

11. A method for providing distributed enterprise security, comprising:
- distributing changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  distributing the information from the first process to at least one second process;
  
  performing at least one of the following;
  
  authenticating a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource; and
  
  wherein the at least one second process can include a dynamically configurable services layer that is operable to provide services based on the distributed information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 wherein:
    - the first process and the at least one second process are on the same computing device.
  - 13. The method of claim 11, further comprising:
    - configuring the services layer based on the information.
  - 14. The method of claim 11 wherein:
    - the information only includes policies that have changed.
  - 15. The method of claim 11 wherein:
    - the at least one second process can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 16. The method of claim 11, further comprising:
    - caching the information.
  - 17. The method of claim 11 wherein:
    - a policy can be delegated.
  - 18. The method of claim 11 wherein:
    - the information is distributed over a secure communication link.
  - 19. A distributed security system capable of performing the method of claim 11.

20. A machine readable medium having instructions stored thereon to cause a system to:
- distribute changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  distribute the information from the first process to at least one second process;
  
  perform at least one of the following;
  
  authenticating a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource; and
  
  wherein the at least one second process can include a modular and dynamically configurable services layer that is operable to provide services based on the distributed information.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The machine readable medium of claim 20 wherein:
    - the first process and the at least one second process are on the same computing device.
  - 22. The machine readable medium of claim 20, further comprising instructions stored thereon to cause the system to:
    - configure the services layer based on the information.
  - 23. The machine readable medium of claim 20 wherein:
    - the information only includes policies and configuration information that have changed.
  - 24. The machine readable medium of claim 20 wherein:
    - the at least one second process can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 25. The machine readable medium of claim 20, further comprising instructions stored thereon to cause the system to:
    - cache the information.
  - 26. The machine readable medium of claim 20 wherein:
    - a policy can be delegated.
  - 27. The machine readable medium of claim 420 wherein:
    - the information is distributed over a secure communication link.

28. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for distributing changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  a code segment including instructions for distributing the information from the first process to at least one second process;
  
  a code segment including instructions for performing at least one of the following;
  
  authenticating a user, determining if access to a resource is permitted based on the information, auditing of a security decision, and mapping an authenticated identity to a set of credentials to be used to authenticate a target resource; and
  
  wherein the at least one second process can include a dynamically configurable services layer that is operable to provide services based on the distributed information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/961,351
Publication Number

US 20050102535A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Distributed security system with security service providers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed security system with security service providers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links