System and method for maintaining security in a distributed computer network

US 20050257247A1
Filed: 06/30/2005
Published: 11/17/2005
Est. Priority Date: 10/28/1998
Status: Active Grant

First Claim

Patent Images

1. A system for controlling access to a software application in accordance with enterprise and local security policies, comprising:

a server that includes a policy manager to manage an enterprise set of security policies, and to distribute to each of a plurality of clients a subset of said enterprise set of security policies; and

a plurality of clients, each of which clients includes an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for maintaining security in a distributed computing environment comprises a policy manager located on a server for managing and distributing a security policy, and an application guard located on a client for managing access to securable components as specified by the security policy. In the preferred embodiment, a global policy specifies access privileges of the user to securable components. The policy manager may then preferably distribute a local client policy based on the global policy to the client. An application guard located on the client then manages access to the securable components as specified by the local policy.

Citations

21 Claims

1. A system for controlling access to a software application in accordance with enterprise and local security policies, comprising:
- a server that includes a policy manager to manage an enterprise set of security policies, and to distribute to each of a plurality of clients a subset of said enterprise set of security policies; and
  
  a plurality of clients, each of which clients includes an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the server distributes to each of said plurality of clients only those security policies that are relevant to that client.
  - 3. The system of claim 1, wherein the software application is installed locally on one or more of the clients.
  - 4. The system of claim 1, wherein the software application is installed on the server.
  - 5. The system of claim 1, wherein the application guard assigns the user of the client a particular role to use with the software application.
  - 6. The system of claim 5, wherein the application guard manages access by the user to a particular function of the software application.
  - 7. The system of claim 6, wherein the assigned role includes a set of privileges to use the particular function of the software application.
  - 8. The system of claim 7, wherein the particular software application is organized into a role hierarchy such that if a user is granted a certain role, then that user is automatically granted any children roles.
  - 9. The system of claim 7, wherein the particular function of the software application is organized into a function hierarchy such that if a user is granted a privilege to a parent function, then that user is automatically granted the privilege to any children functions.
  - 10. The system of claim 1, wherein the application guard runs as a service that allows the software application to make a request for authorization.

11. A method for controlling access to a software application in accordance with enterprise and local security policies, comprising the steps of:
- providing a server that includes a policy manager to manage an enterprise set of security policies, and distributing to each of a plurality of clients a subset of said enterprise set of security policies; and
  
  providing a plurality of clients, each of which clients includes an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the server distributes to each of said plurality of clients only those security policies that are relevant to that client.
  - 13. The method of claim 11, wherein the software application is installed locally on one or more of the clients.
  - 14. The method of claim 11, wherein the software application is installed on the server.
  - 15. The method of claim 11, wherein the application guard assigns the user of the client a particular role to use with the software application.
  - 16. The method of claim 15, wherein the application guard manages access by the user to a particular function of the software application.
  - 17. The method of claim 16, wherein the assigned role includes a set of privileges to use the particular function of the software application.
  - 18. The method of claim 17, wherein the particular software application is organized into a role hierarchy such that if a user is granted a certain role, then that user is automatically granted any children roles.
  - 19. The method of claim 17, wherein the particular function of the software application is organized into a function hierarchy such that if a user is granted a privilege to a parent function, then that user is automatically granted the privilege to any children functions.
  - 20. The method of claim 11, wherein the application guard runs as a service that allows the software application to make a request for authorization.

21. A computer readable medium, including instructions stored thereon, which when executed by a computer causes the computer to perform the steps of:
- providing a server that includes a policy manager to manage an enterprise set of security policies; and
  
  distributing to each of a plurality of clients a subset of said enterprise set of security policies, wherein each of the clients includes an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Moriconi, Mark, Qian, Shelly

Granted Patent

US 7,318,237 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

Y10S 707/99939   Privileged access

System and method for maintaining security in a distributed computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for maintaining security in a distributed computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links