Distributed security system with dynamic roles

US 20050257245A1
Filed: 10/08/2004
Published: 11/17/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for distributed enterprise security, comprising:

a security control module (SCM) operable to accept information, wherein the information includes one or more policies;

at least one security service module (SSM) operable to accept the information from the SCM;

a role mapping module coupled to the at least one SSM, wherein the role mapping module is operable to map a user to at least one role based on the information; and

wherein the information accepted by the SCM is relevant to the at least one SSM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributed enterprise security, comprising, a security control module (SCM) operable to accept information, wherein the information includes one or more policies, at least one security service module (SSM) operable to accept the information from the SCM, a role mapping module coupled to the at least one SSM, wherein the role mapping module is operable to map a user to at least one role based on the information, and wherein the information accepted by the SCM is relevant to the at least one SSM.

140 Citations

View as Search Results

25 Claims

1. A system for distributed enterprise security, comprising:
- a security control module (SCM) operable to accept information, wherein the information includes one or more policies;
  
  at least one security service module (SSM) operable to accept the information from the SCM;
  
  a role mapping module coupled to the at least one SSM, wherein the role mapping module is operable to map a user to at least one role based on the information; and
  
  wherein the information accepted by the SCM is relevant to the at least one SSM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising:
    - a modular and dynamically configurable services layer coupled to the at least one SSM.
  - 3. The system of claim 2 wherein:
    - information accepted by the SCM can be used to configure the services layer.
  - 4. The system of claim 1, further comprising:
    - an administration server capable of providing the information to the SCM.
  - 5. The system of claim 1 wherein:
    - the information is accepted over a secure communication link.
  - 6. The system of claim 1 wherein:
    - the information only includes policies that have changed.
  - 7. The system of claim 1, further comprising:
    - a host wherein the host is one of;
      
           1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system;
      
      wherein the host is coupled to one of the at least one SSM.
  - 8. The system of claim 1 wherein:
    - the at least one SSM can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 9. The system of claim 1 wherein:
    - the at least one SSM caches information to avoid unnecessary communication with the SCM.

10. A method for providing distributed enterprise security, comprising:
- distributing changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  distributing the information from the first process to at least one second process on the same computing device as the first process; and
  
  wherein the at least one second process can include a configurable security service module that is operable to provide a role mapping service based on the information and operable to provide an authorization service based on the information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 wherein:
    - the at least one second process can accept configuration information from the first process.
  - 12. The method of claim 10 wherein:
    - the information only includes policies and configuration information that have changed.
  - 13. The method of claim 10 wherein:
    - the at least one second process can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 14. The method of claim 10, further comprising:
    - caching the information.
  - 15. The method of claim 10 wherein:
    - a policy can be delegated.
  - 16. The method of claim 10 wherein:
    - the information is distributed over a secure communication link.
  - 17. A distributed security system capable of performing the method of claim 10.

18. A machine readable medium having instructions stored thereon to cause a system to:
- distribute changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  distribute the information from the first process to at least one second process on the same computing device as the first process; and
  
  wherein the at least one second process can include a configurable security service module that is operable to provide a role mapping service based on the information and operable to provide an authorization service based on the information.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The machine readable medium of claim 18 wherein:
    - the at least one second process can accept configuration information from the first process.
  - 20. The machine readable medium of claim 18 wherein:
    - the information only includes policies that have changed.
  - 21. The machine readable medium of claim 18 wherein:
    - the at least one second process can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 22. The machine readable medium of claim 18, further comprising instructions stored thereon to cause the system to:
    - cache the information.
  - 23. The machine readable medium of claim 18 wherein:
    - a policy can be delegated.
  - 24. The machine readable medium of claim 18 wherein:
    - the information is distributed over a secure communication link.

25. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for distributing changes to information to a first process, wherein the information can include one or more of;
  
  a policy and configuration information;
  
  a code segment including instructions for distributing the information from the first process to at least one second process on the same computing device as the first process; and
  
  wherein the at least one second process can include a configurable security service module that is operable to provide a role mapping service based on the information and operable to provide an authorization service based on the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/961,549
Publication Number

US 20050257245A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/0815   providing single-sign-on or...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Distributed security system with dynamic roles

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Distributed security system with dynamic roles

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others