Security management system and method
First Claim
1. A method of managing security in an electronic network, comprising the steps of:
- providing a plurality of security services;
providing a plurality of security mechanisms;
linking the services and mechanisms with a plurality of security management functions; and
linking the services, mechanisms, and security management functions with at least one security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A comprehensive system and method for managing security in an electronic network. The method includes the steps of providing a plurality of security services, providing a plurality of security mechanisms, and linking the services and mechanisms with a plurality of security management functions. The method supports all associated security protocols in the electronic network while maintaining transparency for message exchange. Advantageously, the method of the invention readily provides compatibility with a plurality of environments, network types, and technologies. The method provides five functional hierarchical layers, one protocol handling access to the layers, and includes a security management information base segmented according to the five functional layers. The five functional layers are, from the base, fundamental security primitives, security mechanisms, security services, security management functions, and security policies. Each layer can contain several independent modules. Exchange of messages between modules in a layer and between layers is provided. An implementing system facilitates the method in an electronic network, illustratively including an electronic processing environment.
161 Citations
8 Claims
-
1. A method of managing security in an electronic network, comprising the steps of:
-
providing a plurality of security services;
providing a plurality of security mechanisms;
linking the services and mechanisms with a plurality of security management functions; and
linking the services, mechanisms, and security management functions with at least one security policy. - View Dependent Claims (2)
-
-
3. A method for managing security in an electronic network, comprising the steps of:
-
providing five functional hierarchical layers and one protocol handling access to the layers, the five functional layers including, from the base, fundamental security primitives, security mechanisms, security services, security management functions, and security policies;
providing a security management information base segmented according to the five functional layers;
enabling exchange of messages between layers; and
providing a plurality of independent modules in at least one of the layers, the enabling step enabling exchange of messages between the modules. - View Dependent Claims (4)
-
-
5. A system for managing security in an electronic network, comprising:
-
means for providing a plurality of security services;
means for providing a plurality of security mechanisms;
means for linking the security services providing means and the security mechanisms providing means with an interface; and
means connected to said interface for providing a plurality of security management functions;
wherein the linking means comprises means for linking the security services providing means, the security mechanisms providing means, and the security management functions providing means with at least one security policy. - View Dependent Claims (6)
-
-
7. A system for managing security in an electronic network, comprising:
-
means for providing five functional hierarchical layers and one protocol handling access to the layers, the five functional layers including, from the base, fundamental security primitives, security mechanisms, security services, security management functions, and security policies;
means for providing a security management information base segmented according to the five functional layers;
means for enabling exchange of messages between layers; and
a plurality of independent modules in at least one of the layers, the enabling means including means for enabling exchange of messages between the modules. - View Dependent Claims (8)
-
Specification