Method and system for distribution of notifications in file security systems

US 20050138371A1
Filed: 12/19/2003
Published: 06/23/2005
Est. Priority Date: 12/19/2003
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for providing a security change notification to clients of a file security system, said method comprising:

interacting with a first client of the file security system to determine a determined delivery type for security criteria change notifications;

determining whether a security criteria change to the file security system has been made;

preparing a security criteria change notification based on the security policy change; and

delivering the security criteria change notification to the first client using the determined delivery type.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for providing notifications in a distributed file security system are disclosed. The file security system includes a file security server that manages file security for a plurality of clients. When security criteria (e.g., security policies or rules) change at the file security system, typically the clients need to be notified so that they operate in accordance with the correct security criteria. The security criteria impacts whether a particular client (or its user) are able to access certain files being protected by the file security system. A client can be notified in different ways depending on network characteristics. In one embodiment, an appropriate way to perform notifications between the file security server and clients can be automatically determined, thus advantageously minimizing user impact and allowing the system to transparently adapt to different networks.

Citations

25 Claims

1. A computer-implemented method for providing a security change notification to clients of a file security system, said method comprising:
- interacting with a first client of the file security system to determine a determined delivery type for security criteria change notifications;
  
  determining whether a security criteria change to the file security system has been made;
  
  preparing a security criteria change notification based on the security policy change; and
  
  delivering the security criteria change notification to the first client using the determined delivery type.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A computer-implemented method as recited in claim 1, wherein the clients are client-side programs of the file security system, the client-side programs being operable on client machines.
  - 3. A computer-implemented method as recited in claim 1, wherein said interacting is separately performed for each of the clients, thereby providing a determined delivery type for each of the clients.
  - 4. A computer-implemented method as recited in claim 3, wherein said method further comprises:
    - determining which of the clients are affected by the security criteria change, and wherein said delivering operates to deliver the security criteria change notification to each of the determined clients using the delivery type corresponding to each of the clients.
  - 5. A method as recited in claim 4, whereby only the determined clients receive the security criteria change notification.
  - 6. A computer-implemented method as recited in claim 1, wherein said interacting uses at least one handshake operation between the file security system and the first client for deterministic changes in the delivery type for use with the first client.
  - 7. A computer-implemented method as recited in claim 1, wherein said interacting is performed for each of the clients following successful login to the file security system by users associated with each of the clients.
  - 8. A computer-implemented method as recited in claim 1, wherein the determined delivery type is one of a poll delivery type and a push delivery type.
  - 9. A computer-implemented method as recited in claim 1, wherein said interacting comprises:
    - determining whether a first delivery type can be used for security criteria change notifications to be delivered to the first client;
      
      requesting that the first client use the first delivery type for security criteria change notifications when said determining determines that the first delivery type can be used;
      
      determining whether an acknowledgement of said requesting has been received; and
      
      setting the first delivery type to be used for security criteria change notifications when said determining determines that the acknowledgement of said requesting has been received.
  - 10. A computer-implemented method as recited in claim 1, wherein the determined delivery type is one of a first delivery type and a second delivery type, and wherein said interacting comprises:
    - sending a test message to the first client;
      
      determining whether a response to the test message has been received from the first client; and
      
      utilizing the second delivery type for security criteria change notifications when said determining determines that no response from the first client was received.
  - 11. A computer-implemented method as recited in claim 10, wherein said interacting further comprises:
    - requesting that the first client use the first delivery type for security criteria change notifications when said determining determines that the response from the first client was received;
      
      determining whether an acknowledgement of said requesting has been received; and
      
      utilizing the first delivery type for policy change notifications when said determining determines that the acknowledgement of said requesting has been received.
  - 12. A computer-implemented method as recited in claim 11, wherein said method is performed without user input.
  - 13. A computer-implemented method as recited in claim 11, wherein said security system has a security server that communicates with the clients over a network, and wherein said method is performed by the security server.
  - 14. A computer-implemented method as recited in claim 13, wherein the computer network is an enterprise computer network.
  - 15. A computer-implemented method as recited in claim 1, wherein the security criteria change alters at least one of an access rule or a group'"'"'s membership.
  - 16. A computer-implemented method as recited in claim 1, wherein the security criteria change, when effectuated, affects restrictive access to files secured by the file security system.

17. A computer-implemented method for providing a security change notification to a client of a file security system, the client communicates with the file security system via a network, said method comprising:
- placing the client into a first state that causes the client to poll the file security system to inquire whether there are any security criteria change notifications for the client and to obtain security criteria changes for the client if there are any;
  
  automatically assisting the file security system with an evaluation of network topology of the network;
  
  subsequently receiving a request to switch the client to a second state in which the client is not required to poll the file security system in order to obtain any security criteria change notifications for the client, the request being sent to the client from the file security system dependent on the network topology; and
  
  switching the client from the first state to the second state in response to the request.
- View Dependent Claims (18, 19, 20)
- - 18. A computer-implemented method as recited in claim 17, wherein said method further comprises:
    - initiating, prior to said placing the client into the first state, the client into an initial state in which the client does not receiving any information concerning security criteria change notifications.
  - 19. A computer-implemented method as recited in claim 18, wherein said placing comprises:
    - assisting a user to login into the file security system; and
      
      transitioning from the initial state to the first state following successful login of the user.
  - 20. A computer-implemented method as recited in claim 17, wherein the security criteria change, when effectuated, affects restrictive access to files secured by the file security system.

21. A security system for securing files from unauthorized access within a distributed computer network, said security system comprising:
- a server module operating on a server; and
  
  a plurality of client modules operating on respective user computers, wherein said server module stores security policy information that governs a type and extent of access to secured files that are permitted by users via the respective user computers, wherein said client modules receive some or all of the portion of the security policy information from said server module, and wherein said server module and said client module interact, without user input, to determine a manner by which said client modules are to be notified of subsequent changes to the security policy information.
- View Dependent Claims (22, 23)
- - 22. A security system as recited in claim 21, wherein when a security policy change is received at said server module, said server module identifies those of said client modules that are affected by the security policy change, and thereafter informs said client modules that are affected of the security policy change.
  - 23. A security system as recited in claim 22, wherein said client modules that are affected thereafter update the security information at said client modules that are affected.

24. A computer readable medium including at least computer program code for providing a security change notification to clients of a file security system, said computer readable medium comprising:
- computer program code for interacting with a first client of the file security system to determine a determined delivery type for security criteria change notifications;
  
  computer program code for determining whether a security criteria change to the file security system has been made;
  
  computer program code for preparing a security criteria change notification based on the security policy change; and
  
  computer program code for delivering the security criteria change notification to the first client using the determined delivery type.

25. A computer readable medium including at least computer program code for providing a security change notification to a client of a file security system, the client communicates with the file security system via a network, said computer readable medium comprising:
- computer program code for placing the client into a first state that causes the client to poll the file security system to inquire whether there are any security criteria change notifications for the client, and to obtain security criteria changes for the client if there are any;
  
  computer program code for automatically assisting the file security system with an evaluation of network topology of the network;
  
  computer program code for subsequently receiving a request to switch the client to a second state in which the client is not required to poll the file security system in order to obtain any security criteria change notifications for the client, the request being sent to the client from the file security system dependent on the network topology; and
  
  computer program code for switching the client from the first state to the second state in response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
PSS Systems, Inc. (International Business Machines Corporation)
Inventors
Supramaniam, Senthilvasan, Gutnik, Yevgeniy

Application Number

US10/742,710
Publication Number

US 20050138371A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

H04L 63/20 for managing network securi...

Method and system for distribution of notifications in file security systems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for distribution of notifications in file security systems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links