Command processing system by a management agent

US 20060272029A1
Filed: 08/01/2006
Published: 11/30/2006
Est. Priority Date: 11/08/2002
Status: Active Grant

First Claim

Patent Images

1-17. -17. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system where a management application sends commands to a remotely-located agent over a network, the agent maintains a security specification table defining the security level for each combination of the cipher and authentication algorithms of the communication path to/from the management application and a required security level table defining the minimum security level required for the execution of each command. Upon receiving a command from the management application, the agent obtains, by referencing these tables, the operational security level of the communication path and the required security level for the command, and executes the command only if the former is greater than or equal to the latter. This mechanism ensures high security in system management by preventing a malicious intruder from executing potent commands that can cause a down of a computer system, without unreasonably limiting the use of the management application by the system administrator.

25 Citations

View as Search Results

22 Claims

1-17. -17. (canceled)

18. A command processing system for processing commands sent through a communication path between a management application and a management agent, comprising:
- a memory that stores a first table pre-registering the security levels of the communication path between the management application and the management agent and a second table pre-registering the security levels required for the execution of commands that the management application requests the management agent to execute;
  
  first means for obtaining, for each command sent from the management application to the management agent, the operational security level for the command by referencing the first table;
  
  second means for obtaining, for each command sent from the management application to the management agent, the required security level by referencing the second table;
  
  third means for comparing the operational security level obtained by the first means and the required security level obtained by the second means; and
  
  fourth means for determining whether to permit the execution of the command based on the result of the comparison made by the third means.
- View Dependent Claims (19, 20, 21, 22)
- - 19. A command processing system of claim 18, wherein the first table lists the cipher algorithms and the authentication algorithms used on the communication path between the management application and the management agent, together with the security level assigned to each combination of the cipher and authentication algorithms.
  - 20. A command processing system of claim 18, wherein the second table lists the commands defined between the management application and the management agent, together with the security level required for the execution of each of the commands.
  - 21. A command processing system of claim 18, wherein the fourth means grants permission for command execution when the comparison made by the third means indicates that the operational security level is greater than or equal to the required security level.
  - 22. A command processing system of claim 18, wherein the memory further stores a third table registering the history of the commands issued from the management application to the management agent and a fourth table holding the security level uplift value for each client ID that is determined according to the result of judgment (execution permitted or rejected) recorded in the third table;
    - further comprising;
      
      means for adding the security level uplift value obtained from the fourth table to the required security level obtained by the second means;
      
      wherein the required security level thus modified is used in the comparison using the third means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Kaneda, Yasunori, Fujita, Takahiro

Granted Patent

US 7,430,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/57   Certifying or maintaining t...

Y10S 707/99939   Privileged access

Command processing system by a management agent

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Command processing system by a management agent

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links