Non-Invasive Usage Tracking, Access Control, Policy Enforcement, Audit Logging, and User Action Automation On Software Applications

US 20100325097A1
Filed: 02/07/2007
Published: 12/23/2010
Est. Priority Date: 02/07/2007
Status: Active Grant

First Claim

Patent Images

1. Software for tracking and controlling access to legacy applications and/or related data records on a computer system using a state engine to define a set of states, triggers, and actions for use by an access agent running on an access point of the computer system to track and control user access to the legacy applications and/or related data records without modifying the legacy application and/or related data records.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present system, software, and methods relate to computer system security, particularly to tracking and controlling electronic access to legacy applications and data records without modifying the legacy applications or records. The present system, software, and methods allow for implementation of complex access audit and control rules even when the continued use of legacy application and data are required.

119 Citations

25 Claims

1. Software for tracking and controlling access to legacy applications and/or related data records on a computer system using a state engine to define a set of states, triggers, and actions for use by an access agent running on an access point of the computer system to track and control user access to the legacy applications and/or related data records without modifying the legacy application and/or related data records.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The software of claim 1, wherein the access agent comprises:
    - one or more access profiles with instructions for identifying the legacy application and specifying one or more state engines for tracking and controlling access to the application,the state engine specifying the set of states, triggers, and actions for tracking and controlling access to the legacy application.
  - 3. The software of claim 1, comprising a rule-based engine for defining states, triggers, and actions for use in tracking and controlling the legacy applications.
  - 4. The software of claim 2, comprising a rule-based engine for defining states, triggers, and actions for use in tracking and controlling the legacy applications.
  - 5. The software of claim 1, wherein the access agent comprises an audit logging module for recording user access to the legacy application.
  - 6. The software of claim 5, wherein the logging module reports audit logs to a server, to which the access agent is in communication.
  - 7. The software of claim 6, wherein instructions for the logging module to report audit logs to the server are provided in access profiles.

8. Software for tracking and controlling electronic access to legacy applications and/or related data records on a computer system without modifying the legacy applications and data records, the software comprising:
- an access agent running on an access point in the computer system and controlling user access to legacy applications and related data records,the access agent comprising;
  
  one or more access profiles with instructions for identifying a legacy application and specifying one or more state engines for tracking and controlling access to the application,the state engine specifying a set of states, triggers, and actions for tracking and controlling access to the legacy application,wherein the access agent tracks and controls user access to legacy applications and related data records without modifying the legacy application.

9. A computer method for tracking and controlling electronic access to a legacy application or related data records running on a computer system, without modifying the legacy applications or data records, the method comprising:
- defining a set of states, triggers, and actions for tracking and controlling access to the legacy application, andcontrolling user access to the legacy application and related data records using the states, triggers, and actions,wherein user access to the legacy applications and data records is tracked and controlled without modifying the legacy applications and data records.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein the states, triggers, and actions are used by an access agent running on an access point of the computer system to track and control access to the legacy application.
  - 11. The method of claim 9, wherein the states, triggers, and actions are specified by one or more state engine specifications in an access profile for use by the access agent running on an access point of the computer system to track and control access to the legacy application.

12. A system for tracking and controlling access to a legacy application in a network computer environment, the system comprising:
- a computer-implemented access agent running on an access point in a network computer environment controlling user access to a legacy application and related data records,the access agent comprising;
  
  one or more access profiles with instructions for identifying a legacy application and specifying one or more state engines for tracking and controlling access to the application,the state engine specifying a set of states, triggers, and actions for tracking and controlling access to the legacy application,wherein the access agent tracks and controls user access to the legacy application and related data records using the states, triggers, and actions specified by the state engine, without modifying the legacy application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 13. The system of claim 12, wherein the access agent is in communication with a server.
  - 14. The system of claim 13, wherein the server stores user attributes and policies for use by the access agent.
  - 15. The system of claim 12, wherein the server stores access profiles, and the access agent periodically synchronizes access profiles with the server.
  - 16. The system of claim 12, wherein the access agent further comprises a general rule-based engine for defining states, triggers, and actions for use in tracking and controlling legacy applications for which access profiles have not been defined.
  - 17. The system of claim 12, wherein the access agent further comprises an audit logging module for recording user access to the legacy application.
  - 18. The system of claim 17, wherein the logging module reports audit logs to the server.
  - 19. The system of claim 18, wherein instructions for the logging module to report audit logs to the server are provided in access profiles.
  - 20. The system of claim 18, wherein the logging module accumulates audit logs when it is not connected to the server;
    - thereby allowing the tracking of access to applications even if the computer is offline or the server is down.
  - 21. The system of claim 20, wherein the logging module accumulates audit logs in an encrypted form.
  - 22. The system of claim 12, wherein one or more triggers is determined by information selected from a company/organization policy, a user attributes, and historical context.
  - 23. The system of claim 12, wherein one or more actions is selected from disabling a widget in a window, hiding a widget in a window, closing a widget in a window, disabling a menu item in a window, disabling a sub-menu item in a window, blocking a keyboard input to a window, blocking a widget in a window, blocking a mouse input to a window, and blocking a widget in a window.
  - 24. The system of claim 23, wherein the window is in the background.
  - 25. The system of claim 23, wherein the window is in the foreground.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Low, Chee Meng, Ganesh, Sharad, Er, Chiang Kai

Granted Patent

US 8,250,045 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/702
CPC Class Codes

G06F 21/629 to features or functions of...

G06F 2221/2101 Auditing as a secondary aspect

Non-Invasive Usage Tracking, Access Control, Policy Enforcement, Audit Logging, and User Action Automation On Software Applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Non-Invasive Usage Tracking, Access Control, Policy Enforcement, Audit Logging, and User Action Automation On Software Applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links