Computer system security service

US 7,512,965 B1
Filed: 07/07/2000
Issued: 03/31/2009
Est. Priority Date: 04/19/2000
Status: Active Grant

First Claim

Patent Images

1. A system providing a computer security service for a computer network accessible by users and comprising services and resources, the system comprising,a computer system that executes security service software components,said software components comprising;

a policy builder component available to one or more policy managers, for defining access policies for the computer network users, services and resources, anda web-based delegated administration component accessible to users for defining access policies for the computer network users, services and resources, the delegated administration component comprising a graphical user interface available to users for defining said access policies.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security service of computer networks having a policy builder, an LDAP-compliant database, a validator and an API. The policy builder component provides a graphical user interface to be used by a policy manager to define access policies for users seeking to access network services and resources. The graphical user interface has a grid of nodes representing access policies. The grid is arranged to correspond to a defined tree structure representing services and resources and a business relationship tree structure representing users. The graphical user interface permits the policy manager to define policy builder plug-ins for access policy customization. The LDAP-compliant database maintains the policy builder plug-ins. The validator component receives requests from users and queries the LDAP-compliant database to obtain relevant access policies as defined by the policy manager. The system provides for double inheritance of access policies such that where there is no express definition of an access policy for a node, the access policies are propagated according to the hierarchical structures of the data. The validator includes validator plug-ins for carrying out access policies corresponding to the access policies defined by policy builder plug-ins.

365 Citations

7 Claims

1. A system providing a computer security service for a computer network accessible by users and comprising services and resources, the system comprising,a computer system that executes security service software components,said software components comprising;
- a policy builder component available to one or more policy managers, for defining access policies for the computer network users, services and resources, anda web-based delegated administration component accessible to users for defining access policies for the computer network users, services and resources, the delegated administration component comprising a graphical user interface available to users for defining said access policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 in which the delegated administration component is implemented as a service supported by the computer security service.
  - 3. The system of claim 1 in which the graphical user interface comprises one or more HTML format pages accessible to users.
  - 4. The system of claim 1 further comprising a delegated administration definition component for defining delegated administration permissions for users whereby users are selectively enabled to use the delegated administration component to define access policies for specified resources and users.
  - 5. The system of claim 4 in which the delegated administration definition component further comprises a graphical user interface for displaying a grid having nodes, laid out on a first axis and on a second axis, each node corresponding to a variable set of users, potentially including the null set, for which delegated administration permissions are granted, the position of each node relative to the first and second axes in the grid defining the users and the resources, respectively, for which permissions are granted for the node.
  - 6. The system of claim 5, the graphical user interface further comprising an array of nodes relative to the second axis for defining specified users enabled to modify user data maintained by the computer security service, the position of each node in the array of nodes, relative to the first axis, defining the user data for which the modification of data is enabled.
  - 7. A computer program product for users with a computer network, said computer program product comprising a computer usable medium having computer readable program code embodied in said medium for implementing the computer security service of claim 1, 2, 3, 4, 5, or 6.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Flint, Andrew, Szyszkowski, Andrzej, Kotsopoulos, Steve, Amdur, Eugene, Reid, Irving, Fernandes, Laryn-Joe, Koch, C. Harald, Lamb, Steven
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US09/611,463
Time in Patent Office

3,189 Days
Field of Search

713/201, 713/168, 713/152, 713/153, 726/1, 726/11, 709/203, 709/227, 709/230
US Class Current

726/1
CPC Class Codes

H04L 63/20 for managing network securi...

Computer system security service

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

365 Citations

7 Claims

Specification

Use Cases

Quick Links

Others

Computer system security service

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

365 Citations

7 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others