Centralized enterprise security policy framework

US 20060059539A1
Filed: 03/17/2005
Published: 03/16/2006
Est. Priority Date: 09/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating using a centralized enterprise security framework, comprising:

receiving a plurality of operation requests from a plurality of applications at a centralized enterprise security framework;

retrieving a plurality of entries from a directory structure within the centralized enterprise security framework; and

validating each requests if a comparison between the request and its corresponding entry is successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized enterprise security and provisioning policy framework is described. Enterprise wide security and provisioning is stored in a hierarchical fashion in a centralized LDAP based Directory server. Each policy and user maps directly to a unique entry in the directory. Policy entries can be created at specific administrative points in the Directory Information Tree instead of having to duplicate these policies as attributes of every user entry in the directory. The policies can be classified into provisioning, authentication, and authorization policies.

Citations

31 Claims

1. A method for authenticating using a centralized enterprise security framework, comprising:
- receiving a plurality of operation requests from a plurality of applications at a centralized enterprise security framework;
  
  retrieving a plurality of entries from a directory structure within the centralized enterprise security framework; and
  
  validating each requests if a comparison between the request and its corresponding entry is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein validating each request comprises, sending a validation message to an originator of the request;
    - and invalidating the request if the comparison between the policy and the request was not successful.
  - 3. The method of claim 2, wherein the request is for a kerberos ticket.
  - 4. The method of claim 2, wherein the request is for a public key infrastructure certificate.
  - 5. The method of claim 2, wherein the request is for password modification.
  - 6. The method of claim 2, wherein the request is for authentication.
  - 7. The method of claim 2, wherein the request is for operation authorization.
  - 8. The method of claim 7, further comprising:
    - sending a rejection message, if the comparison between the directory tree information and the request was not successful;
      
      checking for an account lockout policy; and
      
      incrementing the login failure count.
  - 9. The method of claim 8, further comprising checking a plurality of password state policy information, the plurality of password state policy information including password expiration information, expiration warning information, number of grace logins information, and forced password change count information.
  - 10. The method of claim 9, wherein the checking produces warning messages, the warnings being included in the validation message.
  - 11. The method of claim 1, wherein the request may originate from a plurality of applications, each of the plurality of applications not possessing a separate policy repository or server.

12. A centralized enterprise security policy framework comprising:
- an LDAP database server including a directory information tree;
  
  a plurality of security policies for a plurality of applications;
  
  a plurality of user identities, each policy and user identity combination mapping to a unique entry in the directory information tree.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The centralized enterprise security policy framework of claim 12, wherein the policy is a password value policy.
  - 14. The centralized enterprise security policy framework of claim 12, wherein the policy is a password state policy.
  - 15. The centralized enterprise security policy framework of claim 12, wherein the policy is a kerberos ticket policy.
  - 16. The centralized enterprise security policy framework of claim 12, wherein the policy is a public key infrastructure policy.
  - 17. The centralized enterprise security policy framework of claim 12, wherein the policy is a provisioning policy.
  - 18. The centralized enterprise security policy framework of claim 12, wherein the policy is a role based access control policy.
  - 19. The centralized enterprise security policy framework of claim 12, wherein the request may originate from a plurality of applications, the applications not possessing a separate policy repository or server.

20. A computer program product embodied on computer readable medium, the computer readable medium having stored thereon a sequence of instructions which, when executed by a processor, causes the processor to execute a method for authenticating using a centralized enterprise security framework, the method comprising:
- receiving a plurality of operation requests from a plurality of applications at a centralized enterprise security framework;
  
  retrieving a plurality of entries from a directory structure within the centralized enterprise security framework; and
  
  validating each requests if a comparison between the request and its corresponding entry is successful.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The computer program product of claim 20 wherein validating comprises, sending a validation message to an originator of the request;
    - and invalidating the request if the comparison between the directory tree information and the request was not successful.
  - 22. The computer program product of claim 21, wherein the request is for a kerberos ticket.
  - 23. The computer program product of claim 21, wherein the request is for a public key infrastructure certificate.
  - 24. The computer program product of claim 21, wherein the request is for password modification.
  - 25. The computer program product of claim 21, wherein the request is for authentication.
  - 26. The computer program product of claim 21, wherein the request is for operation authorization.
  - 27. The computer program product of claim 26, further comprising:
    - sending a rejection message, if the request was invalidated;
      
      checking for an account lockout policy; and
      
      incrementing the login failure count.
  - 28. The computer program product of claim 27, further comprising checking a plurality of password state policy information, the plurality of password state policy information including password expiration information, expiration warning information, number of grace logins information, and forced password change count information.
  - 29. The computer program product of claim 28, wherein the checking produces warning messages, the warnings being included in the validation message.
  - 30. The computer program product of claim 20, wherein the request may originate from a plurality of applications, each of the plurality of applications not possessing a separate policy repository or server.

31. A system for authenticating comprising:
- means for receiving a plurality of operation requests from a plurality of applications at a centralized enterprise security framework;
  
  means for retrieving a plurality of entries from a directory structure within the centralized enterprise security framework; and
  
  means for validating each requests if a comparison between the request and its corresponding entry is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sastry, Hari V. N., Shashikumar, Gurudatt

Granted Patent

US 8,463,819 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 63/20 for managing network securi...

Centralized enterprise security policy framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized enterprise security policy framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links