Computer network security system and method having unilateral enforceable security policy provision
First Claim
1. A computer network security system having enforceable security policy provision comprising:
- means for providing variable security policy rule data for distribution to at least one network node;
means, operatively coupled to the means for providing, for associating a digital signature of a central security policy rule data distribution source to the variable security policy rule data;
means for storing the digital signature and the variable policy rule data; and
network node means;
operatively coupled to the storage means, for periodically obtaining the digital signature and the variable policy rule data from the means for storing, and not from a forwarded signed message, and for analyzing the variable policy rule data to facilitate unilateral security policy enforcement at a network node level.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer network security system and method utilizes digitally signed and centrally assigned policy data, such as password length rules, that is unilaterally enforced at network nodes by node policy enforcement engines. The policy data may be variable on a per client or network node basis through a centralized authority, such as a certification authority. The computer network security system provides variable security policy rule data for distribution to at least one network node through a central security policy rule data distribution source, such as the certification authority. The central security policy rule data distribution source associates a digital signature to the variable security policy rule data to ensure the integrity of the policies in the system. Each network node uses a policy rule data engine and policy rule table to decode policy rule data and enforce the policy rules as selectively determined through the central authority.
-
Citations
25 Claims
-
1. A computer network security system having enforceable security policy provision comprising:
-
means for providing variable security policy rule data for distribution to at least one network node; means, operatively coupled to the means for providing, for associating a digital signature of a central security policy rule data distribution source to the variable security policy rule data; means for storing the digital signature and the variable policy rule data; and network node means;
operatively coupled to the storage means, for periodically obtaining the digital signature and the variable policy rule data from the means for storing, and not from a forwarded signed message, and for analyzing the variable policy rule data to facilitate unilateral security policy enforcement at a network node level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 21, 22)
-
-
12. A method for providing enforceable security policy provisions comprising:
-
providing variable security policy rule data for distribution to at least one network node; associating a digital signature of a central security policy rule data distribution source to the variable security policy rule data; storing the digital signature and the variable policy rule data; and periodically obtaining the digital signature and the variable policy rule data, not forwarded with a signed message, and analyzing the variable policy rule data to facilitate unilateral security policy enforcement. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
23. A computer having enforceable security policy provision comprising:
-
means for securely obtaining variable policy rule data from a central security policy rule data distribution source and not from a forwarded signed message; means, operatively coupled to the means for obtaining, for analyzing the variable policy rule data; means, responsive to the means for analyzing the variable policy rule data, for facilitating unilateral security policy enforcement at a network node level based on the variable policy rule data; and wherein the variable policy rule data includes differing policy rule data for a plurality of software applications supported by the computer and wherein the computer includes means for facilitating cryptographic processing of data that is accessible by the plurality of software applications.
-
-
24. A computer having enforceable security policy provision comprising:
-
means for securely obtaining variable policy rule data from a central security policy rule data distribution source and not from a forwarded signed message; means, operatively coupled to the means for obtaining, for analyzing the variable policy rule data; means responsive to the means for analyzing the variable policy rule data, for facilitating unilateral security policy enforcement at a network node level based on the variable policy rule data; and wherein the variable policy rule data includes policy rule prioritization data and wherein the means for periodically obtaining obtains a digital signature corresponding to the policy rule data.
-
-
25. A storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to provide enforceable security policy provision, the storage medium comprising:
-
first means for storing programming instructions that facilitate storing variable security policy rule data for use by a network node; second means for storing programming instructions that facilitate providing the variable security policy rule data for distribution to at least one network node other than through a forwarded signed message to facilitate unilateral security policy enforcement at a network node level; and wherein the first means for storing programming instructions stores programming instructions that, when read by a processing unit, causes the processing unit to associate a digital signature to a policy rule data to create a policy certificate.
-
Specification