Command processing system by a management agent
First Claim
1. A command processing system for processing commands sent through a communication path between a management application and a management agent, comprising:
- a memory that stores a first table pre-registering operational security levels of the communication path between the management application and the management agent and a second table pre-registering security levels required for execution of commands that the management application requests the management agent to execute;
first means for obtaining, for each command sent from the management application to the management agent, the operational security level for the command by referencing the first table;
second means for obtaining, for each command sent from the management application to the management agent, the required security level by referencing the second table;
third means for comparing the operational security level obtained by the first means and the required security level obtained by the second means; and
fourth means for determining whether to permit the execution of the command based on result of the comparison made by the third means,wherein the first table lists cipher algorithms and authentication algorithms used on the communication path between the management application and the management agent, together with the operational security level assigned to each combination of the cipher and authentication algorithms.
0 Assignments
0 Petitions
Accused Products
Abstract
In a system where a management application sends commands to a remotely-located agent over a network, the agent maintains a security specification table defining the security level for each combination of the cipher and authentication algorithms of the communication path to/from the management application and a required security level table defining the minimum security level required for the execution of each command. Upon receiving a command from the management application, the agent obtains, by referencing these tables, the operational security level of the communication path and the required security level for the command, and executes the command only if the former is greater than or equal to the latter. This mechanism ensures high security in system management by preventing a malicious intruder from executing potent commands that can cause a down of a computer system, without unreasonably limiting the use of the management application by the system administrator.
26 Citations
4 Claims
-
1. A command processing system for processing commands sent through a communication path between a management application and a management agent, comprising:
-
a memory that stores a first table pre-registering operational security levels of the communication path between the management application and the management agent and a second table pre-registering security levels required for execution of commands that the management application requests the management agent to execute; first means for obtaining, for each command sent from the management application to the management agent, the operational security level for the command by referencing the first table; second means for obtaining, for each command sent from the management application to the management agent, the required security level by referencing the second table; third means for comparing the operational security level obtained by the first means and the required security level obtained by the second means; and fourth means for determining whether to permit the execution of the command based on result of the comparison made by the third means, wherein the first table lists cipher algorithms and authentication algorithms used on the communication path between the management application and the management agent, together with the operational security level assigned to each combination of the cipher and authentication algorithms. - View Dependent Claims (2, 3)
-
-
4. A command processing system for processing commands sent through a communication path between a management application and a management agent, comprising:
-
a memory that stores a first table pre-registering the operational security levels of the communication path between the management application and the management agent and a second table pre-registering security levels required for execution of commands that the management application requests the management agent to execute; first means for obtaining, for each command sent from the management application to the management agent, the operational security level for the command by referencing the first table; second means for obtaining, for each command sent from the management application to the management agent, the required security level by referencing the second table; third means for comparing the operational security level obtained by the first means and the required security level obtained by the second means; fourth means for determining whether to permit the execution of the command based on result of the comparison made by the third means, the memory further storing a third table registering a history of the commands issued from the management application to the management agent and a fourth table holding a security level uplift value for each client ID that is determined according to the result of judgment (execution permitted or rejected) recorded in the third table; and fifth means for adding the security level uplift value obtained from the fourth table to the required security level obtained by the second means; wherein the required security level thus modified is used in the comparison using the third means.
-
Specification