Method and apparatus for facilitating information security policy control on a per security engine user basis
First Claim
1. A method for facilitating information security policy control for at least one information security engine comprising the steps of:
- generating security policy association data on a per security engine user basis wherein the security policy association data includes data representing at least first policy user identification data and corresponding policy identification data wherein the first policy user identification data is based on executable file data of a software program, and wherein the first policy user identification data is derived at least in part by applying a hash function to at least a portion of the executable file data;
storing the security policy association data;
obtaining second policy user identification data after the security policy association data has been generated; and
comparing at least the first stored policy user identification data with the second policy user identification data on a per security engine user basis and using the stored policy identification to control security policy requirements when the first and second policy user identification data matches.
7 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method facilitates information security policy control for an information security engine by utilizing security policy association data on a per security engine user basis. Security policy association data may include, for example, data representing identification information of the user of the security engine along with corresponding policy identification data. Policy user identification data may be a hash value of the disk image of an executable software application which uses the security engine, along with policy object identification data which indicates which policy (or policies) that particular application is required to use. A security engine obtains access to this information and also obtains comparison information such as generating a realtime hash value of a calling application that is requesting use of the security engine and compares the newly generated hash value to a stored hash value included as the policy association data. If the hash values match, indicating that the calling application has been previously approved by the trusted policy authority, the policy rules referenced by the policy association data are then employed by the security engine.
-
Citations
39 Claims
-
1. A method for facilitating information security policy control for at least one information security engine comprising the steps of:
-
generating security policy association data on a per security engine user basis wherein the security policy association data includes data representing at least first policy user identification data and corresponding policy identification data wherein the first policy user identification data is based on executable file data of a software program, and wherein the first policy user identification data is derived at least in part by applying a hash function to at least a portion of the executable file data;
storing the security policy association data;
obtaining second policy user identification data after the security policy association data has been generated; and
comparing at least the first stored policy user identification data with the second policy user identification data on a per security engine user basis and using the stored policy identification to control security policy requirements when the first and second policy user identification data matches. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for facilitating information security policy control for at least one information security engine comprising:
-
means for generating security policy association data on a per security engine user basis wherein the security policy association data includes data representing at least first policy user identification data and corresponding policy identification data wherein the first policy user identification data is based on executable file data of a software program; and
wherein the first policy user identification data is derived at least in part by applying a hash function to at least a portion of the executable file data;
means for storing the security policy association data;
means for obtaining second policy user identification data after the security policy association data has been generated; and
means, operatively coupled to the means for storing and the means for obtaining, for comparing at least the first stored policy user identification data with the second policy user identification data on a per security engine use user basis and using the stored policy identification to control security policy requirements when the first and second policy user identification data matches. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A storage medium comprising:
-
memory containing executable program data that when read by one or more processing units, causes the one or more processing units to;
generate security policy association data on a per security engine user basis wherein the security policy association data includes data representing at least first policy user identification data and corresponding policy identification data wherein the first policy user identification data is based on executable file data of a software program and wherein the first policy user identification data is derived at least in part by applying a hash function to at least a portion of the executable file data;
store the security policy association data;
obtain second policy user identification data after the security policy association data has been generated; and
compare at least the first stored policy user identification data with the second policy user identification data on a per security engine use user basis and using the stored policy identification to control security policy requirements when the first and second policy user identification data matches. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for facilitating information security policy control for at least one information security engine comprising the steps of:
-
generating security policy association data on a per security engine user basis wherein the security policy association data includes data representing at least first policy user identification data and corresponding policy identification data wherein the first policy user identification data is an internet protocol address;
storing the security policy association data;
obtaining second policy user identification data after the security policy association data has been generated; and
comparing at least the first stored policy user identification data with the second policy user identification data on a per security engine user basis and using the stored policy identification to control security policy requirements when the first and second policy user identification data matches.
-
Specification