DYNAMIC SWITCHING OF SECURITY CONFIGURATIONS

US 20110047589A1
Filed: 08/20/2009
Published: 02/24/2011
Est. Priority Date: 08/20/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for switching security configurations, the computer implemented method comprising:

accessing a first security configuration, wherein a security configuration comprises at least one security parameter, via a thread of execution;

receiving an incoming request;

responsive to receiving the incoming request, switching to a second security configuration that specifies a resource, based on the incoming request;

storing the second security configuration or a reference to the second security configuration to a stack;

authenticating the incoming request based on the second security configuration;

granting or denying access to the resource;

executing a method referenced in the incoming request; and

responsive to completing the method, restoring to a first security configuration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a computer implemented method, computer program product, and apparatus to switch security configurations. A data processing system accesses a first security configuration via a thread of execution, wherein a security configuration comprises at least one security parameter. The thread receives an incoming request. The thread switches to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request. The thread stores the second security configuration or a reference to the second security configuration to a stack. The thread authenticates the incoming request based on the second security configuration. The thread grants or denies access to the resource. The thread executes a method referenced in the incoming request. The thread restores to a first security configuration, responsive to completing the method.

29 Citations

View as Search Results

25 Claims

1. A computer implemented method for switching security configurations, the computer implemented method comprising:
- accessing a first security configuration, wherein a security configuration comprises at least one security parameter, via a thread of execution;
  
  receiving an incoming request;
  
  responsive to receiving the incoming request, switching to a second security configuration that specifies a resource, based on the incoming request;
  
  storing the second security configuration or a reference to the second security configuration to a stack;
  
  authenticating the incoming request based on the second security configuration;
  
  granting or denying access to the resource;
  
  executing a method referenced in the incoming request; and
  
  responsive to completing the method, restoring to a first security configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer implemented method of claim 1, wherein switching to the second security configuration comprises:
    - storing the second security configuration to a stack.
  - 3. The computer implemented method of claim 2, wherein restoring the first security configuration comprises popping the second security configuration from the stack.
  - 4. The computer implemented method of claim 3, wherein the first security configuration is a default security configuration.
  - 5. The computer implemented method of claim 1, wherein the incoming request is an Enterprise Java Beans request.
  - 6. The computer implemented method of claim 1, wherein the second security configuration is applied to the thread during execution of steps responsive to the incoming request.
  - 7. The computer implemented method of claim 1, wherein the first security configuration comprises a security configuration used in the absence of data referenced by a top of stack.
  - 8. The computer implemented method of claim 1, wherein the at least one security parameter is authorization data.
  - 9. The computer implemented method of claim 1, wherein the at least one security parameter is one selected from the group consisting of an authentication mechanism, a credential, a user registry, a login module, a secure channel configuration, an encryption key store and a trust store.

10. A computer program product for switching security configurations, the computer program product comprising:
- computer readable program code configured to access a first security configuration, wherein the second security configuration comprises at least one security parameter, via a thread of execution;
  
  computer readable program code configured to receive an incoming request;
  
  computer readable program code configured to switch to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request;
  
  computer readable program code configured to store the second security configuration or a reference to the second security configuration to a stack;
  
  computer readable program code configured to authenticate the incoming request based on the second security configuration;
  
  computer readable program code configured to grant or deny access to the resource;
  
  computer readable program code configured to execute a method referenced in the incoming request; and
  
  computer readable program code configured to restore to a first security configuration, responsive to completing the method.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer program product of claim 10, wherein computer readable program code configured to switch to the second security configuration comprises:
    - computer readable program code configured to store the second security configuration to a stack.
  - 12. The computer program product of claim 11, wherein computer readable program code configured to restore the first security configuration comprises computer readable program code configured to pop the second security configuration from the stack.
  - 13. The computer program product of claim 12, wherein the first security configuration is a default security configuration.
  - 14. The computer program product of claim 10, wherein the incoming request is an Enterprise Java Beans request.
  - 15. The computer program product of claim 10, wherein the second security configuration is applied to the thread during execution of steps responsive to the incoming request.
  - 16. The computer program product of claim 10, wherein the first security configuration comprises a security configuration used in the absence of data referenced by a top of stack.
  - 17. The computer program product of claim 10, wherein the security parameter is authorization data.

18. A data processing system comprising:
- a bus;
  
  a storage device connected to the bus, wherein computer usable code is located in the storage device;
  
  a communication unit connected to the bus; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code for switching security configurations, wherein the processing unit executes the computer usable code to access a first security configuration, wherein a security configuration comprises at least one security parameter, wherein accessing the first security configuration is via the thread of execution;
  
  receive an incoming request;
  
  switch to a second security configuration that specifies a resource, based on the incoming request, responsive to receiving the incoming request;
  
  store the second security configuration or a reference to the second security configuration to a stack;
  
  authenticate the incoming request based on the second security configuration;
  
  grant or deny access to the resource;
  
  execute a method referenced in the incoming request; and
  
  restore to a first security configuration, responsive to completing the method.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The data processing system of claim 18, wherein in executing computer usable program code configured to switch to the second security configuration the processor further executes computer usable code to store the second security configuration to a stack.
  - 20. The data processing system of claim 19, wherein in executing computer usable code configured to restore the first security configuration the processor executes computer usable code configured to pop the second security configuration from the stack.
  - 21. The data processing system of claim 20, wherein the first security configuration is a default security configuration.
  - 22. The data processing system of claim 18, wherein the incoming request is an Enterprise Java Beans request.
  - 23. The data processing system of claim 18, wherein the second security configuration is applied to the thread during execution of steps responsive to the incoming request.
  - 24. The data processing system of claim 18, wherein the first security configuration comprises a security configuration used in the absence of data referenced by a top of stack.
  - 25. The data processing system of claim 18, wherein the at least one security parameter is authorization data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ferracane, Elisa A., Bennett, Paul W., Thompson, Michael C., Morris, Daniel E.

Granted Patent

US 9,292,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6209 to a single file or object,...

DYNAMIC SWITCHING OF SECURITY CONFIGURATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC SWITCHING OF SECURITY CONFIGURATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links