Method and system for securing confidential data in a computer network
First Claim
Patent Images
1. A method for securing confidential data in a computer network, wherein said computer network includes a management information database that assists in the management of said computer network, said method comprising the steps of:
- identifying confidential data within said management information database;
associating particular data objects with said identified confidential data;
accessing said identified confidential data from said management information database; and
automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securing confidential data in a computer network, wherein the computer network includes a management information database that assists in the management of the computer network. Initially, confidential data are identified within the management information database. Next, particular data objects are associated with the identified confidential data. Thereafter, the identified confidential data are accessed from the management information database. Finally each particular data object and its associated confidential data are automatically converted into a secure data object, in response to accessing the confidential data from the management information database, such that the confidential data may only be understood or altered external to the management information database by converting the secure data object back into the particular data objects and the associated confidential data. The particular data objects may comprise primitive data objects while the secure data object may be composed of an opaque data object. Network management format and conventions may be governed by a network management protocol.
-
Citations
39 Claims
-
1. A method for securing confidential data in a computer network, wherein said computer network includes a management information database that assists in the management of said computer network, said method comprising the steps of:
-
identifying confidential data within said management information database;
associating particular data objects with said identified confidential data;
accessing said identified confidential data from said management information database; and
automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
associating particular data objects with said identified confidential data via a message protocol.
-
-
3. The method of claim 2 further comprising the step of:
defining particular data objects that can be manipulated by network devices.
-
4. The method of claim 3 wherein the step of associating particular data objects with said identified confidential data, further comprises the step of:
associating particular data objects with said identified confidential data, wherein said particular data objects comprise primitive data objects.
-
5. The method of claim 4 wherein the step of automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data, further comprises the step of:
automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data, wherein said secure data object comprises an opaque data object.
-
6. The method of claim 5 further comprising the steps of:
-
modifying said identified confidential data; and
storing said identified confidential data in a memory location.
-
-
7. The method of claim 6 wherein the step of modifying said identified confidential data further comprises the step of:
creating said confidential data.
-
8. The method of claim 7 wherein the step of associating particular data objects with said identified confidential data via a message protocol, further comprises the step of:
associating particular data objects with said identified confidential data via a message protocol, wherein said message protocol comprises a network management protocol.
-
9. The method of claim 8 wherein the step of accessing said identified confidential data from said management information database, further comprises the step of:
releasing said identified confidential data from said management information database, in response to accessing of said confidential data by a network device.
-
10. The method of claim 9 further comprising the step of:
retrieving said identified confidential data from said management information database.
-
11. The method of claim 10 further comprising the step of:
updating said confidential data.
-
12. The method of claim 11 further comprising the step of:
deleting said confidential data, in response to a particular user input.
-
13. A system for securing confidential data in a computer network, wherein said computer network includes a management information database that assists in the management of said computer network, said system comprising:
-
means for identifying confidential data within said management information database;
means for associating particular data objects with said identified confidential data;
means for accessing said identified confidential data from said management information database; and
means for automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
means for associating particular data objects with said identified confidential data via a message protocol.
-
-
15. The system of claim 14 further comprising:
means for defining particular data objects that can be manipulated by network devices.
-
16. The system of claim 15 wherein said particular data objects comprise primitive data objects.
-
17. The system of claim 16 wherein said secure data object comprises an opaque data object.
-
18. The system of claim 17 further comprising:
-
means for modifying said identified confidential data; and
means for storing said identified confidential data in a memory location.
-
-
19. The system of claim 18 wherein said means for modifying said identified confidential data further comprises:
means for creating said confidential data.
-
20. The system of claim 19 wherein said message protocol comprises a network management protocol.
-
21. The system of claim 20 further comprising:
means for releasing said identified confidential data from said management information database, in response to an accessing of said confidential data by a network device.
-
22. The system of claim 21 further comprising:
means for retrieving said identified confidential data from said management information database.
-
23. The system of claim 22 further comprising:
means for updating said confidential data.
-
24. The system of claim 23 further comprising:
means for deleting said confidential data, in response to a particular user input.
-
25. A program product residing in a computer memory in a computer for securing confidential data in a computer network, wherein said computer network includes a management information database that assists in the management of said computer network, said program product comprising:
-
instruction means residing in a computer for identifying confidential data within said management information database;
instruction means residing in a computer for associating particular data objects with said identified confidential data;
instruction means residing in a computer for accessing said identified confidential data from said management information database; and
instruction means residing in a computer for automatically converting each particular data object and its associated confidential data into a secure data object, in response to an accessing of said confidential data from said management information database, such that said confidential data may only be understood or altered external to said management information database by converting said secure data object back into said particular data objects and said associated confidential data. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
instruction means residing in a computer for associating particular data objects with said identified confidential data via a message protocol.
-
-
27. The program product of claim 26 further comprising:
instruction means residing in a computer for defining particular data objects that can be manipulated by network devices.
-
28. The program product of claim 27 wherein said particular data objects comprise primitive data objects.
-
29. The program product of claim 28 wherein said secure data object comprises an opaque data object.
-
30. The program product of claim 29 further comprising:
-
instruction means residing in a computer for modifying said identified confidential data; and
instruction means residing in a computer for storing said identified confidential data in a memory location.
-
-
31. The program product of claim 30 wherein said instruction means residing in a computer for modifying said identified confidential data further comprises:
instruction means residing in a computer for creating said confidential data.
-
32. The program product of claim 31 wherein said message protocol comprises a network management protocol.
-
33. The program product of claim 32 further comprising:
instruction means residing in a computer for releasing said identified confidential data from said management information database, in response to an accessing of said confidential data by a network device.
-
34. The program product of claim 33 further comprising:
means for retrieving said identified confidential data from said management information database.
-
35. The program product of claim 34 further comprising:
means for updating said confidential data.
-
36. The program product of claim 35 further comprising:
means for deleting said confidential data, in response to a particular user input.
-
37. The program product of claim 36 wherein each of said instruction means further comprise signal bearing media.
-
38. The program product of claim 37 wherein said signal bearing media comprises transmission media.
-
39. The program product of claim 37 wherein said signal bearing media comprises recordable media.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKerr, Joseph Brendan, Chen, David De-Hui, Owen, Stephen Anton
-
Primary Examiner(s)Wright, Norman M.
-
Assistant Examiner(s)Revak, Christopher A.
-
Application NumberUS09/150,977Time in Patent Office1,173 DaysField of Search713/200, 713/201, 713/164, 713/167, 713/194, 707/103, 707/103.R, 707/103.Y, 707/103.Z, 709/310, 709/313, 709/315, 709/316, 709/317US Class Current726/6CPC Class CodesG06F 21/6245 Protecting personal data, e...H04L 41/28 Restricting access to netwo...H04L 63/0428 wherein the data content is...H04L 63/105 Multiple levels of securityY10S 707/99944 Object-oriented database st...
