System and method for recovering a security profile of a computer system

US 7,181,618 B2
Filed: 01/12/2001
Issued: 02/20/2007
Est. Priority Date: 01/12/2001
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

memory; and

a security application configured to lock down resources of said computer system by modifying a machine state of said computer system in response to a request for activating an original state of a security profile for a user, said security application configured to store data indicative of said machine state in said memory, said security application configured to modify said machine state in response to a request for activating a new state of said security profile for said user, said security application configured to retrieve said data in response to a request for recovering said original state of said security profile and to modify said machine state based on said retrieved data thereby activating said original state of said security profile for said user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for recovering previously activated security profiles utilizes memory and a security application. Initially, the security application enables a user to define a first security profile. After defining the first security profile, the user submits a request for activating the first security profile, and in response, the security application modifies a machine state of the computer system. The modification of the machine state in response to this request locks down the computer system, thereby implementing the first security profile defined by the user. Also in response to the request for activating the first security profile, the security application stores, in the memory, data indicative of the machine state so that the first security profile can be again implemented at a later time, if desired. In this regard, after causing a different security profile to be implemented by the computer system, a user may submit a request for changing the security profile of the computer system back to the first security profile. In response to such a request, the security application retrieves the data previously stored in the memory and automatically modifies the machine state so that the first security profile is again implemented by the computer system. As a result, any changes made to the security profile of the computer system since the submission of the aforementioned request for activating the first security profile are effectively nullified.

21 Citations

View as Search Results

22 Claims

1. A computer system comprising:
- memory; and
  
  a security application configured to lock down resources of said computer system by modifying a machine state of said computer system in response to a request for activating an original state of a security profile for a user, said security application configured to store data indicative of said machine state in said memory, said security application configured to modify said machine state in response to a request for activating a new state of said security profile for said user, said security application configured to retrieve said data in response to a request for recovering said original state of said security profile and to modify said machine state based on said retrieved data thereby activating said original state of said security profile for said user.
- View Dependent Claims (2, 3, 4, 15, 16, 17, 18, 19)
- - 2. The system of claim 1, wherein said security application includes default data defining default levels of security, wherein said security application enables a user to select one of said default levels of security, and wherein said security application is configured to modify said machine state in response to said request for activating said original state of said security profile based on said selected default level of security.
  - 3. The system of claim 2, wherein said security application defines a plurality of rules for locking down said computer system, wherein said security application configured to enable ones of said rules based on which of said default levels is selected by said user, and wherein said security application is further configured to cause said computer system to enforce each enabled rule within said plurality of rules by modifying said machine state in response to said request for activating said original state of said security profile.
  - 4. The system of claim 3, wherein said security application enables said user to change which of said rules are enabled.
  - 15. The system of claim 1, wherein said original state grants access to a particular resource of said computer system based on a user identifier, and wherein said new state denies access to said particular resource based on said user identifier.
  - 16. The system of claim 1, further comprising an operating system configured to read said machine state modified by said security application and to control access to at least one resource of said computer system based on said machine state.
  - 17. The computer system of claim 16, wherein said machine state read by said operating system comprises a flag indicative of whether access to said at least one resource is restricted.
  - 18. The computer system of claim 17, wherein said operating system is configured to analyze, in response to said flag, data indicating which users are authorized to access said at least one resource.
  - 19. The system of claim 1, wherein said security application, by activating said original state in response to said request for recovering said original state, enables said user to undo an error in defining said new state of said security profile for said user.

5. A computer system, comprising:
- memory; and
  
  a security application defining a plurality of rules, said security application configured to enable a user to select a set of said rules to define an original state of a security profile for a user, said security application configured to lock down said computer system by causing said computer system to enforce said selected set of rules in response to an activation request, said security application further configured to store data indicative of said original state of said security profile, said security application configured to change said security profile for said user from said original state to a new state by changing which of said plurality of rules are enforced by said computer system based on inputs to said computer system, said security application configured to retrieve said data in response to a user request and to automatically identify said set of rules based on said retrieved data, said security application further configured to return said security profile for said user to said original state thereby causing said computer system to enforce said identified rules in response to said user request.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5, wherein said security application is further configured to define multiple sets of default data, each of said sets of default data identifying different ones of said rules as being enabled for enforcement, said security application configured to enable said user to select one of said sets of default data and to determine which of said rules are selected for inclusion into said selected set of rules based on which of said rules are indicated as enabled.
  - 7. The system of claim 6, wherein said security application enables said user to change which of said rules are indicated as being enabled.

8. A computer system comprising:
- means for storing data; and
  
  means for locking down resources of said computer system by modifying a machine state of said computer system in response to a request for activating an original state of a security profile for a user, said locking down means including a means for storing security profile data indicative of said machine state in said memory in response to said request for activating said original state of said security profile, said locking down means including a means for modifying said machine state in response to a request for activating a new state of said security profile for said user, said locking down means including a means for retrieving said security profile data in response to a request for recovering said original state of said security profile and for modifying said machine state based on said retrieved data thereby activating said original state of said security profile for said user.

9. A method for locking down resources of a computer system, comprising:
- receiving a request for activating a an original state of a security profile for a user;
  
  modifying a machine state of said computer system in response to said request foractivating said original state of said security profile;
  
  storing data indicative of said machine state;
  
  modifying said machine state in response to a request for activating a new state of said security profile for said user;
  
  retrieving said data in response to a request for recovering said original state of said security profile; and
  
  modifying said machine state based on said retrieved data in response to said request for recovering said first security profile.
- View Dependent Claims (10, 11, 12, 20, 21)
- - 10. The method of claim 9, further comprising:
    - defining default levels of security; and
      
      selecting one of said default levels of security,wherein said modifying that is performed in response to said request for activating said original state of said security profile is based on said selecting.
  - 11. The method of claim 10, further comprising:
    - defining a plurality of rules for locking down said computer system;
      
      associating each of said default levels of security with different ones of said rules;
      
      enabling ones of said rules based on which of said rules are associated, via said associating step, with said default level selected in said selecting; and
      
      enforcing each of said rules enabled via said enabling based on said machine state as modified via said modifying that is performed in response to said request for activating said original state of said security profile.
  - 12. The method of claim 11, further comprising:
    - enabling a user to change which of said rules are enabled.
  - 20. The method of claim 9, further comprising:
    - detecting an operational problem caused by activation of said new state of said security profile; and
      
      providing said request for recovering said original state of said security profile in response to said detecting.
  - 21. The method of claim 9, wherein said storing is in response to said request for activating said original state of said security profile.

13. A method for locking down resources of a computer system, comprising:
- defining a plurality of rules for locking down said computer system;
  
  receiving an input from a user of said computer system;
  
  selecting a set of said rules based on said input;
  
  causing said computer system to enforce said selected set of rules in response to an activation request;
  
  storing data identifying said selected set of rules in response to said activation request;
  
  changing which of said plurality of rules are enforced by said computer system;
  
  detecting an operational problem caused by said changing;
  
  providing a request to change a security state of said computer system in response to said detecting;
  
  retrieving said data in response to said request to change said security state;
  
  automatically identifying said selected set of rules based on said retrieved data; and
  
  causing said computer system to enforce said selected set of rules in response to said request to change said security state.
- View Dependent Claims (14)
- - 14. The method of claim 13, further comprising:
    - defining multiple sets of default data, each of said sets of default data identifying different ones of said rules as being enabled; and
      
      selecting one of said sets of default data,wherein said selecting a set of said rules is further based on which of said sets of default data is selected via said selecting one of said sets of default data.

22. A computer system, comprising:
- memory; and
  
  a security application configured to define a security profile for controlling access to at least one resource of said computer system, said security application configured to activate an original state of said security profile and to store data indicative of said original state in said memory, said security application further configured to activate a new state of said security profile in response to a user request, said security application further configured to enable a user to undo an error in defining said new state by allowing said user to initiate activation of said original state based on said data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Daigle, Brian K., Frank, Mitchell R., Daniell, William T., Sevounts, Gary
Primary Examiner(s)
ZIA, SYED

Application Number

US09/760,404
Publication Number

US 20020095593A1
Time in Patent Office

2,230 Days
Field of Search

713/164, 713/166, 713/167, 713/201
US Class Current

713/166
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

System and method for recovering a security profile of a computer system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for recovering a security profile of a computer system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links