POLICY ENFORCEMENT USING ESSO

US 20090205016A1
Filed: 12/10/2008
Published: 08/13/2009
Est. Priority Date: 12/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method for enforcing policies used with a computer client, the method comprising:

receiving, at policy decision point (PDP) processor, information from a single sign-on (SSO) system indicating an occurrence of an event of interest on the computer client;

performing, using the PDP processor, a policy check in response to the occurrence of the event of interest, wherein a policy check result is generated; and

providing the generated policy check result to the SSO system.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enforcing policies used with a computer client, the method including receiving, at policy decision point (PDP) processor, information from a single sign-on (SSO) system indicating an occurrence of an event of interest on the computer client, performing, using the PDP processor, a policy check in response to the occurrence of the event of interest, wherein a policy check result is generated, and providing the generated policy check result to the SSO system.

168 Citations

34 Claims

1. A method for enforcing policies used with a computer client, the method comprising:
- receiving, at policy decision point (PDP) processor, information from a single sign-on (SSO) system indicating an occurrence of an event of interest on the computer client;
  
  performing, using the PDP processor, a policy check in response to the occurrence of the event of interest, wherein a policy check result is generated; and
  
  providing the generated policy check result to the SSO system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein performing the policy check includes performing a separation of duty policy check.
  - 3. The method of claim 2 wherein the separation of duty policy check is a dynamic separation of duty policy check.
  - 4. The method of claim 1 wherein the event of interest is selected from the group consisting of launching a computer application, logging onto the computer application, attempting to start the computer application, accessing a webpage, and accessing a remote server.
  - 5. The method of claim 1 wherein the SSO system is an enterprise single sign-on system.
  - 6. The method of claim 1 further comprising limiting access to a computer application until the policy check result is generated.
  - 7. The method of claim 1 further comprising limiting access to a computer application as a function of the policy check result.
  - 8. The method of claim 1 further comprising automating a logon process of a computer application as a function of the policy check result.
  - 9. The method of claim 1 further comprising at least one of preventing access to a computer application, and shutting down the computer application as a function of the policy check result.
  - 10. The method of claim 1 further comprising receiving, at the PDP processor, information relating to events of interest on a plurality of computer clients.
  - 11. The method of claim 10 wherein the events of interest are selected from the group consisting of attempting access to a computer application, accessing the computer application, shutting down of the computer application, and logging off of the computer application.
  - 12. The method of claim 11 further comprising preventing access to a computer application running on a first computer client in response to a computer application running on a second computer client.
  - 13. The method of claim 1 further comprising storing the policy check result in a log file.
  - 14. The method of claim 1 further comprising maintaining a list of active computer applications based upon the information received from the SSO system.
  - 15. The method of claim 14 wherein the list of active computer applications relates to a plurality of computer clients.
  - 16. The method of claim 15 wherein the performing the policy check is performed using the list of active computer applications.
  - 17. The method of claim 14 further comprising updating the list of active computer applications in response to at least one of a shutdown event and a logoff event.

18. A policy enforcement system for use with a computer client configured to execute computer applications, the system comprising:
- a single sign-on (SSO) system configured to monitor the computer client for an occurrence of an event of interest;
  
  a policy decision point (PDP) processor in communication with the SSO system and configured to;
  
  receive from the SSO system an indication of the occurrence of the event of interest;
  
  perform a policy check in response to the occurrence of the event of interest;
  
  provide a policy check result to the SSO system; and
  
  wherein the SSO system is further configured to manage the computer application as a function of the policy check result.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The system of claim 18 wherein the PDP processor is configured to perform a separation of duty policy check.
  - 20. The system of claim 19 wherein the separation of duty policy check is a dynamic separation of duty policy check.
  - 21. The system of claim 18 wherein the event of interest is selected from the group consisting of launching a computer application, logging onto the computer application, attempting to start the computer application, accessing a webpage, and accessing a remote server.
  - 22. The system of claim 18 wherein the SSO system is configured as an enterprise single sign-on system.
  - 23. The system of claim 18 wherein the SSO system is configured to limit access to the computer application until the policy check result is generated.
  - 24. The system of claim 18 wherein the SSO system is configured to limit access to the computer application as a function of the policy check result.
  - 25. The system of claim 18 wherein the SSO system is further configured to automate the logon process of the computer application as a function of the policy check result.
  - 26. The system of claim 18 wherein the SSO system is further configured to at least one of prevent access to the computer application, and shut down the computer application as a function of the policy check result.
  - 27. The system of claim 18 wherein the PDP processor is further configured to receive information relating to events of interests on a plurality of computer clients.
  - 28. The system of claim 18 wherein the events of interest are selected from the group consisting of attempting access to the computer application, accessing the computer application, shutting down of the computer application, and logging off of the computer application.
  - 29. The system of claim 18 wherein the PDP processor is configured to identify a policy violation in response to a computer application running on another computer client.
  - 30. The system of claim 18 wherein the PDP processor is configured to store the policy check result in a log file.
  - 31. The system of claim 18 wherein the PDP processor is further configured to maintain a list of active computer applications based upon the information received from the SSO system.
  - 32. The system of claim 31 wherein the list of active computer applications relates to a plurality of computer clients.
  - 33. The system of claim 32 wherein the PDP processor is further configured to perform the policy check using the list of active computer applications.
  - 34. The system of claim 31 wherein the PDP processor is further configured to update the list of active computer applications in response to at least one of a shutdown event and a logoff event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ecrime Management Strategies, Inc.
Original Assignee
Courion Corporation
Inventors
Milas, Brian T.

Granted Patent

US 8,601,562 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/41 where a single sign-on prov...

G06F 21/629 to features or functions of...

POLICY ENFORCEMENT USING ESSO

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY ENFORCEMENT USING ESSO

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links