SYSTEM AND METHOD FOR DATA SECURITY MANAGEMENT
First Claim
1. A computer-implemented method for secure deployment of at least one application identity manager (AIM) security agent, the method comprising:
- receiving a change request from a user;
using a secure request fingerprint validation process to authenticate the change request, wherein the secure request fingerprint validation process comprises the following steps;
(a) performing a reverse lookup of a source internet protocol (IP) address from a requesting server with a domain name server (DNS) to return a hostname registered in the DNS;
(b) confirming that the hostname returned from the DNS matches a name of the requesting server issuing the change request;
(c) confirming that the hostname asserted during the change request made by the user exists in a configuration management database (CMDB);
(d) confirming that the hostname asserted during the change request also has an approved change record for AIM security agent installation, as maintained by a change management database; and
(e) confirming that a change record for the AIM security agent installation is within a current deployment time window;
if all the secure request fingerprint validation process steps are confirmed, using an AIM web service to connect to a server that runs a command line interface proxy to create or reset a client registration passcode; and
sending the client registration passcode to the user making the change request to enable the user to download installation binaries from a distribution point to complete an installation.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to a computer-implemented system and method for automating the secure deployment of application identity manager (AIM) security agents to ensure integrity of identity assertion during the security sensitive agent installation process, while providing significant cost and time savings in the deployment process. The invention also relates to a command line interface (CLI) to representational state transfer (REST) web services proxy, which provides a standards-based REST web service that interfaces with a Microsoft .NET MVC framework to enable cross platform automation and integration with vault management functions. The invention also relates to a multi-vault management platform comprising a graphical user interface-based portal to manage vault functions across a number of vaults with advanced error handling and process integration.
-
Citations
20 Claims
-
1. A computer-implemented method for secure deployment of at least one application identity manager (AIM) security agent, the method comprising:
-
receiving a change request from a user; using a secure request fingerprint validation process to authenticate the change request, wherein the secure request fingerprint validation process comprises the following steps; (a) performing a reverse lookup of a source internet protocol (IP) address from a requesting server with a domain name server (DNS) to return a hostname registered in the DNS; (b) confirming that the hostname returned from the DNS matches a name of the requesting server issuing the change request; (c) confirming that the hostname asserted during the change request made by the user exists in a configuration management database (CMDB); (d) confirming that the hostname asserted during the change request also has an approved change record for AIM security agent installation, as maintained by a change management database; and (e) confirming that a change record for the AIM security agent installation is within a current deployment time window; if all the secure request fingerprint validation process steps are confirmed, using an AIM web service to connect to a server that runs a command line interface proxy to create or reset a client registration passcode; and sending the client registration passcode to the user making the change request to enable the user to download installation binaries from a distribution point to complete an installation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented system for secure deployment of at least one application identity manager (AIM) security agent, the system comprising:
-
an electronic memory; and a computer processor, wherein the computer process is programmed to; receiving a change request from a user; execute a secure request fingerprint validation process to authenticate the change request, wherein the secure request fingerprint validation process comprises the following steps; (a) perform a reverse lookup of a source internet protocol (IP) address from a requesting server with a domain name server (DNS) to return a hostname registered in the DNS; (b) confirm that the hostname returned from the DNS matches a name of the requesting server issuing the change request; (c) confirm that the hostname asserted during the change request made by the user exists in a configuration management database (CMDB); (d) confirm that the hostname asserted during the change request also has an approved change record for AIM security agent installation, as maintained by a change management database; and (e) confirm that a change record for the AIM security agent installation is within a current deployment time window; if all the secure request fingerprint validation process steps are confirmed, use a AIM web service to connect to a server that runs a command line interface proxy to create or reset a client registration passcode; and send the client registration passcode to the user making the change request to enable the user to download installation binaries from a distribution point to complete an installation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification