Rule based security policy enforcement
First Claim
Patent Images
1. A method of enforcing security policies in a data access system, said data access system having data access management software in program memory, said method comprising:
- defining a first condition;
upon occurrence of said first condition, placing a rule into data access management software in said data access system, said rule testing for a second condition and precluding an action if said second condition is present, said rule being stored remotely and only loaded into program memory for the duration of said first condition, said rule being placed into data access management for an amount of time that differs from an amount of time for which a user is logged on.
2 Assignments
0 Petitions
Accused Products
Abstract
A rules based system enforces security policies in a data access management system. The rules based system provides rules that preclude certain activities, but those rules are only implemented and fired upon certain conditions occurring. This results in certain actions being precluded when specified conditions are true, without additional software required to check for the condition each time the action is requested.
90 Citations
46 Claims
-
1. A method of enforcing security policies in a data access system, said data access system having data access management software in program memory, said method comprising:
-
defining a first condition; upon occurrence of said first condition, placing a rule into data access management software in said data access system, said rule testing for a second condition and precluding an action if said second condition is present, said rule being stored remotely and only loaded into program memory for the duration of said first condition, said rule being placed into data access management for an amount of time that differs from an amount of time for which a user is logged on. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. Apparatus for enforcing security policies to increase security of data access management software, said apparatus comprising:
-
a file of rules, said rules only being applicable to prevent specified data transactions by a first user upon the effectuation of a specified action by said first user, said specified action occurring after said user logs on to said data access management software and being defined by one or more transactions a user may effectuate; software for recognizing that said first user has effected said specified action, and means for reading said file, locating said rules to prevent said specified data transactions, and, upon occurrence of said specified action of said first user, integrating said rules into said data access management software such that said specified data transactions are prohibited, wherein said rules are not integrated with said data access management software prior to said occurrence of said specified action. - View Dependent Claims (18, 19, 20)
-
-
21. A method of enforcing confidentiality in the form of a wall comprising the steps of:
-
storing at least one rule that prohibits a known party from accessing specified information in a database or file of a data access system if a first specified condition occurs after said known party has logged on to said data access system; upon a first specified condition occurring, modifying data access management software to include a rule that prohibits a known party from accessing specified information in a database or file; said first specified condition being indicative of said known party having knowledge of a particular set of information; and upon a second specified condition occurring, removing said rule from the data access management software and storing said rule for future use, said specified second condition indicating that said knowledge is no longer sensitive. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
Specification