SYSTEM AND METHOD FOR MAINTAINING SECURITY IN A DISTRIBUTED COMPUTER NETWORK

US 20090178111A1
Filed: 03/10/2009
Published: 07/09/2009
Est. Priority Date: 10/28/1998
Status: Abandoned Application

First Claim

Patent Images

1. A system for maintaining security in a distributed computing environment, comprising:

a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients; and

a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager,wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for maintaining security in a distributed computing environment comprises a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients, and a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager.

123 Citations

18 Claims

1. A system for maintaining security in a distributed computing environment, comprising:
- a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients; and
  
  a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager,wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1 wherein:
    - the policy manager derives local security policies from a global security policy, the global security policy includes a plurality of rules applicable to all application guards in the system.
  - 3. The system of claim 2 wherein:
    - the policy manager optimizes the global security policy into an optimized form, wherein the optimized form only distributes attributes relevant to a specific application guard.
  - 4. The system of claim 1 wherein:
    - the policy manager computes any differences caused by a modification on the security policy and commit only the changed portion of the security policy to an appropriate application guards.
  - 5. The system of claim 1 wherein:
    - the policy manager supports concurrent rule development by multiple users.
  - 6. The system of claim 1 wherein:
    - the policy manager tracks and record authorization requests.
  - 7. The system of claim 1 wherein:
    - the policy manager is associated with an application guard to allow only authorized administrator to access and operate the policy manager.
  - 8. The system of claim 1 wherein:
    - the policy manager reviews and reconstructs policy rules to make sure the policy rules are syntactically and semantically correct to a predefined policy language.
  - 9. The system of claim 1 wherein:
    - the policy manager determines which application guard needs to receive which policy rules.
  - 10. The system of claim 1 wherein:
    - the application guard is integrated into the application associated with the application guard.
  - 11. The system of claim 1 wherein:
    - the application guard evaluates the authorization request against a stored local security policy.
  - 12. The system of claim 1 wherein:
    - the application guard is associated with plug-ins to allow for additional capabilities to process and evaluate the authorization request based on customized code.
  - 13. The system of claim 1 wherein:
    - the application guard is implemented as a remote authorization service through a remote procedure call to another server.
  - 14. The system of claim 1 wherein:
    - the application guard uses multiple authorization engines to add performance and reliability.
  - 15. The system of claim 1, further comprising:
    - an enterprise policy database that allows a user to enter policy rules one at a time.

16. The system of claim 16, further comprising:
- a policy loader to bulk load a existing set of policy rules into the enterprise policy database.

17. A system for maintaining security in a distributed computing environment, comprising:
- a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients, wherein the policy manager operates toderive local security policies from a global security policy, the global security policy includes a plurality of rules applicable to one or more of the plurality of clients;
  
  organize the global security policy into an optimized form, wherein the optimized form only distributes attributes relevant to a specific client;
  
  compute any differences caused by a modification on the global security policy and commit only the changed portion of the global security policy to a specific client;

18. A system for maintaining security in a distributed computing environment, comprising:
- a plurality of application guards, wherein each application guard is located at one of a plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from a policy manager,wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Moriconi, Mark, Qian, Shelly

Application Number

US12/401,540
Publication Number

US 20090178111A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

Y10S 707/99939   Privileged access

SYSTEM AND METHOD FOR MAINTAINING SECURITY IN A DISTRIBUTED COMPUTER NETWORK

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR MAINTAINING SECURITY IN A DISTRIBUTED COMPUTER NETWORK

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links