System and method for maintaining security in a distributed computer network
First Claim
1. A system for controlling access to a software application in accordance with enterprise and local security policies, comprising:
- a server that includes a policy manager to manage an enterprise set of security policies, and to distribute to each of a plurality of clients a subset of said enterprise set of security policies; and
a plurality of clients, each client including an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application;
wherein said policy manager further includes;
an optimizer component that determines, for each application guard, which subset of the enterprise set of security policies said each application guard should receive; and
a differ component that computes a difference between the subset and any previous local security policy of said each application guard, such that the policy manager distributes only changed portions of the local security policy, which are applicable to said each application guard as determined by the optimizer element.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for maintaining security in a distributed computing environment comprises a policy manager located on a server for managing and distributing a security policy, and an application guard located on a client for managing access to securable components as specified by the security policy. In the preferred embodiment, a global policy specifies access privileges of the user to securable components. The policy manager may then preferably distribute a local client policy based on the global policy to the client. An application guard located on the client then manages access to the securable components as specified by the local policy.
-
Citations
21 Claims
-
1. A system for controlling access to a software application in accordance with enterprise and local security policies, comprising:
-
a server that includes a policy manager to manage an enterprise set of security policies, and to distribute to each of a plurality of clients a subset of said enterprise set of security policies; and a plurality of clients, each client including an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application; wherein said policy manager further includes; an optimizer component that determines, for each application guard, which subset of the enterprise set of security policies said each application guard should receive; and a differ component that computes a difference between the subset and any previous local security policy of said each application guard, such that the policy manager distributes only changed portions of the local security policy, which are applicable to said each application guard as determined by the optimizer element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for controlling access to a software application in accordance with enterprise and local security policies, comprising the steps of:
-
providing a server that includes a policy manager to manage an enterprise set of security policies, and distributing to each of a plurality of clients a subset of said enterprise set of security policies; and providing a plurality of clients, each client including an application guard, wherein the client receives the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application; wherein said policy manager further includes; an optimizer component that determines, for each application guard, which subset of the enterprise set of security policies said each application guard should receive; and a differ component that computes a difference between the subset and any previous local security policy of said each application guard, such that the policy manager distributes only changed portions of the local security policy, which are applicable to said each application guard as determined by the optimizer element. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer readable medium, including instructions stored thereon, which when executed by a computer causes the computer to perform the steps of:
-
providing a server that includes a policy manager to manage an enterprise set of security policies and a plurality of clients for enforcing the set of enterprise security policies; determining, for an application guard residing on a client, a subset of the enterprise set of security policies that is applicable to the application guard, said determining performed by an optimizer component of the policy manager; computing a difference between the subset and any previous local security policy of said application guard, said computing performed by a differ component of the policy manager; and distributing to each of the plurality of clients a changed portions of the subset of said enterprise set of security policies, wherein the client receives the changed portions of the subset of security policies from the server and stores them locally on the client, and wherein the application guard then uses the local security policies to manage access by a user of the client to a software application.
-
Specification