Methods and apparatus for facilitating security in a network

US 6,807,636 B2
Filed: 02/13/2002
Issued: 10/19/2004
Est. Priority Date: 02/13/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for facilitating security in a system, wherein the system includes a manager module used in routing a security request associated with an application to a security service module, comprising:

receiving data indicative of a security request from a first module associated with an application, wherein said first module identified said security request and said security request is associated with said application;

selecting a security service module capable of processing said security request after said receiving said data indicative of a security request from said first modules, wherein said selecting a security service module is performed dynamically based at least in part on information associated with at least one of said data indicative of a security request and data indicative of a security policy; and

providing at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request, wherein said second module is associated with said security service module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, apparatus, means, and computer program code for facilitating security in a network, particularly a distributed network. According to embodiments of the present invention an apparatus or system may include a manager in communication with one or more mappers and one or more adapters for facilitating security requests that may be associated with an application or its environment. An adapter may be associated with an application to identify security requests associated with the application. Similarly, a mapper may be associated with a security service to facilitate communication to and from the security service regarding security requests.

221 Citations

47 Claims

1. A method for facilitating security in a system, wherein the system includes a manager module used in routing a security request associated with an application to a security service module, comprising:
- receiving data indicative of a security request from a first module associated with an application, wherein said first module identified said security request and said security request is associated with said application;
  
  selecting a security service module capable of processing said security request after said receiving said data indicative of a security request from said first modules, wherein said selecting a security service module is performed dynamically based at least in part on information associated with at least one of said data indicative of a security request and data indicative of a security policy; and
  
  providing at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request, wherein said second module is associated with said security service module.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
3. The method of claim 2, further comprising:
- providing at least some of said data indicative of said response to said first module associated with said application, wherein said data indicative of said response is in a format independent of said application.
4. The method of claim 1, further comprising:
- initiating a module capable of configuring said manager module.
5. The method of claim 4, wherein said configuring adds said manager module to said system.
6. The method of claim 1, wherein said data indicative of a security request is in a format independent of said application.
7. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 1.

8. A method for facilitating security in a system, wherein the system includes an adapter module associated with an application, comprising:
- identifying a security request associated with said application; and
  
  providing data indicative of said security request to a module in said system that can dynamically select a security service module to process said security request based at least in part on at least one of said security request and a security policy of said system, wherein said data indicative of said security request is in a format independent of said application.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising:
10. The method of claim 9, further comprising:
- providing a response regarding said security request to said application, wherein said response is based on said data indicative of a response.
11. The method of claim 8, further comprising:
- initiating a module capable of configuring said adapter module and associating said adapter module with said application.
12. The method of claim 11, wherein said configuring adds said adapter module to said system.
13. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 8.

14. A method for facilitating security in a system, wherein the system includes a mapper module associated with a security service module, comprising:
- receiving data indicative of a security request associated with an application from a module capable of dynamically selecting said security service module to process said security request based at least in part on at least one of said security request and a security policy of said system, wherein said data associated with said security request is in a format independent of said application; and
  
  providing data indicative of said security request to said security service module.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising:
16. The method of claim 15, further comprising:
- providing data indicative of said response to said module, wherein said data indicative of said response is in a format independent of said security service module.
17. The method of claim 14, further comprising:
- initiating a module capable of configuring said mapper module and associating said mapper module with said security service module.
18. The method of claim 17, wherein said configuring adds said mapper module to said system.
19. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 14.

20. A method for facilitating security in system that includes an adapter module associated with an application, at least one mapper module associated with at least one respective security service module, and a manager module in communication with the adapter module and the at least one mapper module, comprising the steps of:
- identifying, by said adapter module, a security request associated with an application;
  
  selecting, by said manager module, a security service module that can process said security request, wherein said selecting is performed dynamically based at least in part on data associated with at least one of said security request and a security policy of said system;
  
  calling, by said mapper module, said security service module;
  
  receiving, by said mapper module, a response to said security request from said security service module; and
  
  providing, by said adapter module, said response to said application.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29, 30)
- - 21. The method of claim 20, further comprising:
22. The method of claim 21, further comprising:
- translating said data using a designated protocol.
23. The method of claim 22, wherein said protocol is independent of said application.
24. The method of claim 22, wherein said protocol is independent of said security service module.
25. The method of claim 20, further comprising:
- mapping an attribute of one security domain to an attribute in another security domain.
26. The method of claim 20, further comprising:
- determining a security requirement associated with said security request.
27. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 20.
29. A computer readable storage media having computer readable code implementing a method for facilitating security in a system, wherein said code includes statements for performing the method of claim 23.
30. The method of claim 23, further comprising:
- determining a security requirement associated with said security request.

28. A method for facilitating security in a system that includes an adapter module associated with an application, at least one mapper module associated with at least one respective security service module, and a manager module in communication with the adapter module and the at least one mapper module, comprising the steps of:
- identifying, by said adapter module, a first security request associated with an application;
  
  translating, by said adapter module, said first security request to create data indicative of said first security request;
  
  selecting, by said manager module, a security service module that can process said first security request, said selecting performed dynamically based at least in part on data associated with at least one of said first security request and a security policy of said system;
  
  creating, by said mapper module, a second security request directed to said security service module and based on said data indicative of said first security request;
  
  calling, by said mapper module, said security service module;
  
  receiving, by said mapper module, a first response from said security service module regarding said second security request;
  
  translating, by said mapper module, said first response to create data indicative of said first response;
  
  creating, by said adapter module, a second response regarding said first security request based on said data indicative of said first response; and
  
  providing, by said adapter module, said second response to said application.

31. A system for facilitating security in a system, comprising:
- an adapter module associated with an application;
  
  a mapper module associated with a security service module;
  
  a manager module in communication with said adapter module and said mapper module;
  
  wherein said adapter module can identify a security request associated with said application, provide data indicative of said security request to said manager module, and provide a response to said application regarding said security request after receiving data indicative of said response from said manager module;
  
  wherein said manager module can receive said data indicative of said security request from said adapter module, dynamically determine to provide said data indicative of said security request to said mapper module if said security service module associated with said mapper module can process said security request, and provide data indicative of said response to said adapter module after receiving said data indicative of said response from said mapper module; and
  
  wherein said mapper module can receive said data indicative of said security request from said manager module, prepare a security service module version of said security request, calls said security service module to process said security service module version of said security request, receives a response to said security service module version of said security request from said security service module, and provide data indicative of said response to said manager module.
- View Dependent Claims (33, 34, 35)
- - 33. The adapter module of claim 31, wherein said adapter module includes an application generic portion and an application specific portion.
  - 34. The adapter module of claim 33, wherein said application specific portion identifies said security request, extracts said data indicative of said security request, and provides said response regarding said security request to said application.
  - 35. The adapter module of claim 34, wherein said application generic portion of said adapter module provides said data indicative of said security request to said manager module and receives said data indicative of said response from said manager module.

32. A module for facilitating security in a network, comprising:
- an adapter module, wherein said adapter module is operative to identify a security request associated with an application, provide data indicative of said security request to a manager module capable of dynamically selecting a security service module to process said security request based at least in part on said data indicative of said security request, and provide a response to said application regarding said security request after receiving data indicative of said response from said manager module.

36. A module for facilitating security in a system, comprising:
- a manager module, wherein said manager module is operative to receive data indicative of a security request associated with an application from an adapter module associated with said application, dynamically determine a security service module to process said security request based at least in part on said data indicative of a security request, provide data indicative of said security request to a mapper module associated with said security service module, and provide data indicative of a response regarding said security request to said adapter module after receiving said data indicative of said response from said mapper module.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The manager module of claim 36, wherein said manager module includes an application generic portion.
  - 38. The manager module of claim 37, wherein said application generic portion of said manager is in communication with an application generic portion of said adapter module and a security service generic portion of said mapper module.
  - 39. The manager module of claim 38, wherein said application generic portion of said manager module receives said data indicative of said security request from said application generic portion of said adapter module and provides said data indicative of said response to said application generic portion of said adapter module.
  - 40. The manager module of claim 38, wherein said application generic portion of said manager module provides said data indicative of said security request to said security service module generic portion of said mapper module and receives said data indicative of said response from said security service module generic portion of said mapper module.
  - 41. The manager module of claim 36, wherein said manager module includes a decision object.
  - 42. The manager module of claim 41, wherein said decision object selects said security service module to process said security request.

43. A module for facilitating security in a system, comprising:
- a mapper module associated with a security service module, wherein said mapper module is dynamically selected by a manager module to receive from the manager module data indicative of a security request associated with an application, prepare a version of said security request specific to a security service module selected by said manager module, call said security service module to process said security service module specific version of said security request, receive a response to said security service module version of said security request from said security service module, and provide data indicative of said response to said manager module.
- View Dependent Claims (44, 45, 46)
- - 44. The mapper module of claim 43, wherein said mapper module includes a security service module generic portion and a security service module specific portion.
  - 45. The mapper module of claim 44, wherein said security service module specific portion of said mapper module prepares said security specific version of said security request and receives said response to said security service module version of said security request from said security service module.
  - 46. The mapper module of claim 44, wherein said security service module generic portion of said mapper module receives said data indicative of said security request from said manager module and provides said data indicative of said response to said manager module.

47. An apparatus for facilitating security in a system, wherein the system includes a manager module used in dynamically routing a security request associated with an application to a security service module, comprising:
- means for obtaining data indicative of a security request from a first module associated with an application and that identified said security request;
  
  means for dynamically identifying a security service module capable of processing said security request after said data indicative of a security request is obtained based at least in part on said data indicative of a security request; and
  
  means for sending at least some of said data indicative of said security request to a second module capable of calling said security service module to process said security request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi Computer Products America Incorporated (Hitachi, Ltd.)
Original Assignee
Hitachi Computer Products America Incorporated (Hitachi, Ltd.)
Inventors
Hartman, Bret A., Burghart, Theodore R. Jr., Flinn, Donald J.
Primary Examiner(s)
Smithers, Matthews
Assistant Examiner(s)
Fields, Courtney D.

Application Number

US10/075,812
Publication Number

US 20030154401A1
Time in Patent Office

979 Days
Field of Search

713/200, 713/201, 713/202, 713/153, 713/167
US Class Current

726/14
CPC Class Codes

H04L 63/102 Entity profiles

H04L 63/20 for managing network securi...

Methods and apparatus for facilitating security in a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

221 Citations

47 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for facilitating security in a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

221 Citations

47 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others