Application level security

US 7,313,812 B2
Filed: 06/04/2003
Issued: 12/25/2007
Est. Priority Date: 06/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method performed by a security service arbitrator, the method comprising:

receiving a security tender comprising security requirements for an application, the security requirements specifying the application'"'"'s desired level of security;

searching for security services to fulfill the security requirements;

determining that the security services satisfy the security requirements;

generating a security contract for the application, the security contract specifying how the application is to communicate with the security services;

receiving remote security requirements from a remote security service arbitrator;

determining whether the security services satisfy the remote security requirements;

generating a message regarding the security services; and

generating a second security contract for an application based on the security services that satisfy the remote security requirements.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing application layer security may be facilitated by an arbitrator. In general, in one implementation, an arbitrator may receive a security tender including security requirements for an application, search for security services to fulfill the security requirements, determine whether discovered security services can satisfy the security requirements, and, if security services that can satisfy the security requirements exist, generate a security contract for the application, the security contract specifying how the application is to communicate with the security services that can satisfy the security requirements.

25 Citations

View as Search Results

18 Claims

1. A method performed by a security service arbitrator, the method comprising:
- receiving a security tender comprising security requirements for an application, the security requirements specifying the application'"'"'s desired level of security;
  
  searching for security services to fulfill the security requirements;
  
  determining that the security services satisfy the security requirements;
  
  generating a security contract for the application, the security contract specifying how the application is to communicate with the security services;
  
  receiving remote security requirements from a remote security service arbitrator;
  
  determining whether the security services satisfy the remote security requirements;
  
  generating a message regarding the security services; and
  
  generating a second security contract for an application based on the security services that satisfy the remote security requirements.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the security requirements in the tender vary depending on application communication functions.
  - 3. The method of claim 1, wherein generating the security contract for the application comprises selecting between a set of security services that satisfy a security requirement.
  - 4. The method of claim 1, wherein the security contract allows the application to communicate directly with the security services that satisfy the security requirements.
  - 5. The method of claim 1, further comprising binding the contract with the application.
  - 6. The method of claim 1, further comprising:
    - monitoring the contract to determine whether it is still valid; and
      
      if the contract is not still valid, revoking the contract.
  - 7. The method of claim 6, wherein revoking the contract comprises determining that a predetermined period of time has expired.

8. A system comprising:
- an arbitrator comprising;
  
  a registrar operable to generate a security contract for an application in response to a security tender, the security tender comprising application security requirements specifying the application'"'"'s desired level of security;
  
  the security contract specifying how the application is to communicate with security services that can satisfy the security requirements;
  
  an administrator operable to determine whether the security contract is invalid; and
  
  a negotiator operable to;
  
  receive remote security requirements from a remote security service arbitrator;
  
  determine whether security services satisfy the remote security requirements;
  
  generate a message regarding the security services; and
  
  generate a second security contract for an application based on the security services that satisfy the remote security requirements.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the registrar is operable to:
    - receive the security tender;
      
      search for the security services to fulfill the security requirements;
      
      determine whether the security services satisfy the security requirements; and
      
      generate the security contract.
  - 10. The system of claim 8, wherein the registrar is further operable to select between a set of security services that satisfy a security requirement.
  - 11. The system of claim 8, wherein the security contract allows the application to communicate directly with the security services.
  - 12. The system of claim 8, wherein the arbitrator comprises a linker operable to bind the contract with the application.

13. An article comprising a physical machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising:
- determining whether a security tender has been received at an arbitrator, the security tender comprising security requirements for an application, the security requirements specifying the application'"'"'s desired level of security;
  
  searching for security services to fulfill the security requirements;
  
  determining that the security services satisfy the security requirements;
  
  generating a security contract for the application, the security contract specifying how the application is to communicate with the security services;
  
  determining whether remote security requirements from a remote security service arbitrator have been received at the arbitrator;
  
  determining whether security services satisfy the remote security requirements;
  
  generating a message regarding the security services; and
  
  generating a second security contract for an application based on the security services that satisfy the remote security requirements.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The article of claim 13, wherein generating the security contract for the application comprises selecting between a set of security services that satisfy a security requirement.
  - 15. The article of claim 13, wherein the security contract allows the application to communicate directly with the security services that satisfy the security requirements.
  - 16. The article of claim 13, wherein the instructions are further operable to cause one or more machines to perform operations comprising binding the contract with the application.
  - 17. The article of claim 13, wherein the instructions are further operable to cause one or more machines to perform operations comprising:
    - monitoring the contract to determine whether it is still valid; and
      
      if the contract is not still valid, revoking the contract.

18. A system comprising:
- an article comprising a physical machine-readable medium storing instructions operable to cause one or more machines to perform operations comprising;
  
  generating a security tender, the security tender containing security requirements for the application, the security requirements specifying the application'"'"'s desired level of security,determining whether a security contract has been received, the contract specifying how the application is to communicate with security services that satisfy the security requirements,determining that communication is desired with a second application,contacting a security service based on a type of communication,communicating with the second application in accordance with the security service,determining whether the contract is still valid, and if the contract is not still valid, terminating communication with the second application; and
  
  an arbitrator operable to;
  
  receive the security tender,search for security services to fulfill the security requirements, the security requirements varying depending on application communication functions,determine that the security services satisfy the security requirements,generate the security contract,bind the contract with the application,receive remote security requirements from a remote arbitrator,determine that security services that can satisfy the remote security requirements exist,generate a message regarding the security services,generate a security contract for an application based on the security services that can satisfy the security requirements,monitor the security contract to determine whether it is still valid, andif the contract is not still valid, revoke the contract.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Robinson, Philip, Haller, Jochen
Primary Examiner(s)
Song, Hosuk

Application Number

US10/453,873
Publication Number

US 20040034767A1
Time in Patent Office

1,665 Days
Field of Search

726 1- 6, 726/10, 726/17, 713/152, 713/156, 713/166, 713/168
US Class Current

726/1
CPC Class Codes

G06Q 10/10 Office automation; Time man...

H04L 9/32 including means for verifyi...

Application level security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Application level security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links