SYSTEM AND METHOD FOR MAINTAINING SECURITY IN A DISTRIBUTED COMPUTER NETWORK
First Claim
Patent Images
1. A system for maintaining security in a distributed computing environment, comprising:
- a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients; and
a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager,wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for maintaining security in a distributed computing environment comprises a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients, and a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager.
123 Citations
18 Claims
-
1. A system for maintaining security in a distributed computing environment, comprising:
-
a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients; and a plurality of application guards, wherein each application guard is located at one of the plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from the policy manager, wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. The system of claim 16, further comprising:
a policy loader to bulk load a existing set of policy rules into the enterprise policy database.
-
17. A system for maintaining security in a distributed computing environment, comprising:
-
a policy manager located on a server to maintain policy data files and distribute local security policies to a plurality of clients, wherein the policy manager operates to derive local security policies from a global security policy, the global security policy includes a plurality of rules applicable to one or more of the plurality of clients; organize the global security policy into an optimized form, wherein the optimized form only distributes attributes relevant to a specific client; compute any differences caused by a modification on the global security policy and commit only the changed portion of the global security policy to a specific client;
-
-
18. A system for maintaining security in a distributed computing environment, comprising:
-
a plurality of application guards, wherein each application guard is located at one of a plurality of clients to manage access by individual transactions to at least one application associated with the application guard, wherein the application guard controls access to the application based on a local security policy received from a policy manager, wherein the application guard receives an authorization request including a subject, an object and a privilege and evaluates said request by matching the rules received from the policy manager to said subject, said object and said privilege in order to control access to said application associated with the application guard.
-
Specification