System and method for maintaining security in a distributed computer network
First Claim
1. A system for maintaining security in a distributed computing environment, comprising:
- a policy manager for managing a security policy; and
an application guard for managing access to securable components as specified by the security policy, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for maintaining security in a distributed computing environment comprises a policy manager located on a server for managing and distributing a security policy, and an application guard located on a client for managing access to securable components as specified by the security policy. In the preferred embodiment, a global policy specifies access privileges of the user to securable components. The policy manager may then preferably distribute a local client policy based on the global policy to the client. An application guard located on the client then manages access to the securable components as specified by the local policy.
-
Citations
52 Claims
-
1. A system for maintaining security in a distributed computing environment, comprising:
-
a policy manager for managing a security policy; and an application guard for managing access to securable components as specified by the security policy, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for controlling user access in a distributed computing environment, comprising:
-
a global policy specifying access privileges of the user to securable components; a policy manager located on a server for managing and distributing a local client policy based on the global policy to a client, and an application guard located on the client for managing access to the securable components as specified by the local client policy, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for authorization that provides access to securable components for a user, comprising:
-
a policy specifying access privileges of the user to the securable components; an application guard that allows for additional customized code to process and evaluate authorization requests based on the additional customized code; and a processor coupled to said system, said processor executing said application guard to manage access to the securable components. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A system for managing security in a distributed computing environment, comprising:
-
a policy manager specifying access priveleges to securable components selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; and a processor coupled to said system, said processor executing said policy manager to manage and distribute a customized local policy based on a global policy to a client. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A method for maintaining security in a distributed computing environment, comprising the steps of:
-
managing a policy using a policy manager by specifying access privileges of a user to securable components selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; and distributing the policy to a client having an application guard, whereby the application guard manages access to the securable components as specified by the policy. - View Dependent Claims (46)
-
-
47. A method for maintaining security on a client in a distributed computing environment, comprising the steps of:
-
constructing and issuing an authorization request for a user to access to securable components located on the client using an application guard, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; evaluating the authorization request using the application guard to determine if the authorization request is valid or invalid; and allowing access to the user via the application guard if the evaluated authorization request was valid, and denying access to the user via the application guard if the authorization request was invalid. - View Dependent Claims (48)
-
-
49. A computer-readable medium comprising program instructions for maintaining security in a distributed computing environment by performing the steps of:
-
managing a policy using a policy manager by specifying access privileges of a user to securable components selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; distributing the policy using the policy manager to a client having an application guard, whereby the application guard manages access to the securable components as specified by the policy; and executing said policy manager with a processor to manage and distribute the policy.
-
-
50. A computer-readable medium comprising program instructions for maintaining security on a client in a distributed computing environment by performing the steps of:
-
constructing and issuing an authorization request for a user to access to securable components located on the client using an application guard, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; evaluating the authorization request using the application guard to determine if the authorization request is valid or invalid; allowing access to the user via the application guard if the evaluated authorization request was valid, and denying access to the user via the application guard if the authorization request was invalid; and executing said application guard with a processor to automatically maintain security on the client.
-
-
51. A system for maintaining security in a distributed computing environment, comprising:
-
means for managing a policy using a policy manager by specifying access privileges of a user to securable components selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; means for distributing the policy using the policy manager to a client having an application guard, whereby the application guard manages access to the securable components as specified by the policy; and means for executing the policy manager to manage and distribute the policy.
-
-
52. A system for maintaining security on a client in a distributed computing environment, comprising:
-
means for constructing and issuing an authorization request for a user to access to securable components located on the client using an application guard, said securable components being selected from the group consisting of at least one application, a function within an application, a procedure within an application, a data structure within an application, a database object referenced by an application, or a file system object referenced by an application; means for evaluating the authorization request using the application guard to determine if the authorization request is valid or invalid; means for allowing access to the user via the application guard if the evaluated authorization request was valid, and denying access to the user via the application guard if the authorization request was invalid; and means for executing said application guard to automatically maintain security on the client.
-
Specification