System and method for securing information accessible using a plurality of software applications

US 20060200664A1
Filed: 03/07/2005
Published: 09/07/2006
Est. Priority Date: 03/07/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system for securing information accessible using a plurality of software applications, comprising:

a computer readable storage medium; and

computer software stored on the computer readable storage medium and operable to;

receive a request from a user to process information using one of a plurality of software applications;

retrieve user information associated with the user;

determine whether the user has authority to process the information as requested according to the retrieved user information and one or more rules defined using XACML;

allow the user to process the information using the software application in response to determining that the user has authority to process the information as requested; and

prevent the user from processing the information using the software application in response to determining that the user does not have authority to process the information as requested.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing information accessible using a plurality of software applications includes a computer readable storage medium and computer software stored on the computer readable storage medium. The computer software may receive a request from a user to process information using one of a plurality of software applications and may retrieve user information associated with the user. The computer software may determine whether the user has authority to process the information as requested according to the retrieved user information and one or more rules defined using XACML. The computer software may allow the user to process the information using the software application in response to determining that the user has authority to process the information as requested and may prevent the user from processing the information using the software application in response to determining that the user does not have authority to process the information as requested.

63 Citations

View as Search Results

20 Claims

1. A system for securing information accessible using a plurality of software applications, comprising:
- a computer readable storage medium; and
  
  computer software stored on the computer readable storage medium and operable to;
  
  receive a request from a user to process information using one of a plurality of software applications;
  
  retrieve user information associated with the user;
  
  determine whether the user has authority to process the information as requested according to the retrieved user information and one or more rules defined using XACML;
  
  allow the user to process the information using the software application in response to determining that the user has authority to process the information as requested; and
  
  prevent the user from processing the information using the software application in response to determining that the user does not have authority to process the information as requested.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein at least some of the software applications are commercial off-the-shelf (COTS) applications.
  - 3. The system of claim 1, wherein the computer software is further operable to receive the requests through a web-based interface.
  - 4. The system of claim 1, wherein the request is to access the information.
  - 5. The system of claim 1, wherein the computer software is further operable to:
    - receive from a first user a request to store a file using one of the plurality of software applications;
      
      receive from the first user security information relating to the file;
      
      associate the security information with the file;
      
      receive from a second user a request to access the file using one of the plurality of software applications;
      
      retrieve second user information associated with the second user;
      
      retrieve the security information associated with the file;
      
      determine whether the second user has authority to access the file according to the second user information, the security information, and one or more rules defined using XACML;
      
      allow the second user to access the file using the software application in response to determining that the second user has authority to access the file; and
      
      prevent the second user from accessing the file using the software application in response to determining that the second user does not have authority to access the file.
  - 6. The system of claim 1, wherein the computer software further comprises application wrappers operable to interface with the plurality of software applications using the applications'"'"' application programming interfaces (APIs).
  - 7. The system of claim 1, wherein the computer software is further operable to receive a file for storage and to generate a security label to be associated with the file.
  - 8. The system of claim 1, wherein the rules defined using XACML establish how the computer software may compare the received user information to one or more attributes from a security label associated with the information to determine whether the user has authority to process the information as requested
  - 9. The system of claim 1, wherein at least one of the rules provides that a confidentiality level of the user must meet or exceed a confidentiality level associated with the information.
  - 10. The system of claim 1, wherein the rules may be changed to implement new security requirements without changing the computer software.

11. A method for securing information accessible using a plurality of software applications, comprising:
- receiving a request from a user to process information using one of a plurality of software applications;
  
  retrieving user information associated with the user;
  
  determining whether the user has authority to process the information as requested according to the retrieved user information and one or more rules defined using XACML;
  
  allowing the user to process the information using the software application in response to determining that the user has authority to process the information as requested; and
  
  preventing the user from processing the information using the software application in response to determining that the user does not have authority to process the information as requested.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein at least some of the software applications are commercial off-the-shelf (COTS) applications.
  - 13. The method of claim 11, further comprising receiving requests from users to process information through a web-based interface.
  - 14. The method of claim 11, wherein the request is to access the information.
  - 15. The method of claim 11, wherein the request is to search the information.
  - 16. The method of claim 11, further comprising:
    - receiving from a first user a request to store a file using one of the plurality of software applications;
      
      receiving from the first user security information relating to the file;
      
      associating the security information with the file;
      
      receiving from a second user a request to access the file using one of the plurality of software applications;
      
      retrieving second user information associated with the second user;
      
      retrieving the security information associated with the file;
      
      determining whether the second user has authority to access the file according to the second user information, the security information, and one or more rules defined using XACML;
      
      allowing the second user to access the file using the software application in response to determining that the second user has authority to access the file; and
      
      preventing the second user from accessing the file using the software application in response to determining that the second user does not have authority to access the file.
  - 17. The method of claim 11, further comprising interfacing with the plurality of software applications using the applications'"'"' application programming interfaces (APIs).
  - 18. The method of claim 11, further comprising:
    - receiving a file for storage; and
      
      generating a security label to be associated with the file.
  - 19. The method of claim 11, wherein the rules defined using XACML establish how to compare the received user information to one or more attributes from a security label associated with the information to determine whether the user has authority to process the information as requested
  - 20. The method of claim 11, wherein at least one of the rules provides that a confidentiality level of the user must meet or exceed a confidentiality level associated with the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Whitehead, Dave, Pullinger, Paul T.

Application Number

US11/073,899
Publication Number

US 20060200664A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 21/6218 to a system of files or obj...

System and method for securing information accessible using a plurality of software applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing information accessible using a plurality of software applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links