Method and system for enforcing network security by preserving event execution information utilizing a service event stack

US 7,694,344 B1
Filed: 08/28/2002
Issued: 04/06/2010
Est. Priority Date: 03/15/2002
Status: Active Grant

First Claim

Patent Images

1. A method for enhancing network security by using a service entry stack in a distributed computer network, the method comprising:

receiving, by an event system, an indication for publishing, by a publisher, a first event to an editable subscriber list of one or more event subscribers;

using a processor to examine authorization concerns for publishing the first event to each event subscriber by sequentially examining each event subscriber in the subscriber list utilizing a service entry stack maintained in a computer-readable medium for recording event execution information and process hierarchy of the distributed computer network;

if the first event is allowed to be published to the event subscriber, publishing the first event to the event subscriber and pushing a first entry to the service entry stack indicating that the first event is now published to the event subscriber;

recording the first entry in the service entry stack via a state change in the computer-readable medium;

wherein the service entry stack retains execution information related to the published event, thereby enhancing the security for event publication.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is disclosed for enhancing network security by using a service entry stack in a distributed computer network. After an event system receives an indication for a publisher to publish a first event to a subscriber list of one or more event subscribers, authorization concerns are examined for publishing the first event to each event subscriber by sequentially examining each event subscriber in the subscriber list. When publishing the first event to the event subscriber, a service entry stack is utilized for recording event execution information and process hierarchy of the distributed computer network so that such information can be used for enhancing the security of the distributed computer network.

Citations

12 Claims

1. A method for enhancing network security by using a service entry stack in a distributed computer network, the method comprising:
- receiving, by an event system, an indication for publishing, by a publisher, a first event to an editable subscriber list of one or more event subscribers;
  
  using a processor to examine authorization concerns for publishing the first event to each event subscriber by sequentially examining each event subscriber in the subscriber list utilizing a service entry stack maintained in a computer-readable medium for recording event execution information and process hierarchy of the distributed computer network;
  
  if the first event is allowed to be published to the event subscriber, publishing the first event to the event subscriber and pushing a first entry to the service entry stack indicating that the first event is now published to the event subscriber;
  
  recording the first entry in the service entry stack via a state change in the computer-readable medium;
  
  wherein the service entry stack retains execution information related to the published event, thereby enhancing the security for event publication.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising publishing, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event.
  - 3. The method of claim 1 if the first event is allowed to be published further comprising:
    - calling a service event handler for the event subscriber to publish the first event;
      
      pushing one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
      
      returning the service event handler back to the event system when there are no more events triggered by the published first event; and
      
      popping the first entry out from the service entry stack.

4. A method for enhancing network security by using a service entry stack in a distributed computer network, the method comprising:
- receiving, by an event system, an indication for publishing a first event to a subscriber list of one or more event subscribers by a publisher;
  
  publishing, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event, the second event containing the subscription list;
  
  examining authorization concerns and publishing the first event to each event subscriber of the subscriber list by sequentially examining each event subscriber in the subscriber list, the examining further comprising;
  
  evaluating, by the event system, whether an event subscriber is authorized to receive the first event;
  
  publishing, by the event system, a third event to a second group of security subscribers including at least one security manager determining whether there are authorization concerns for publishing the first event;
  
  if the first event is allowed to be published to the event subscriber, pushing a first entry to the service entry stack indicating that the first event is now published to the event subscriber;
  
  calling a service event handler for the event subscriber to publish the first event;
  
  pushing one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
  
  returning the service event handler back to the event system when there are no more events triggered by the published first event; and
  
  popping the first entry out from the service entry stack,wherein the service entry stack helps to reflect a process hierarchy of the distributed computer network and retains execution information related to the published event on a computer-readable storage medium, thereby enhancing the security for event publication.

5. An event system in a distributed computer network using a service entry stack for enhancing network security, the system comprising:
- an examining module on a first computer system in the distributed computer network for, after receiving an indication for publishing, by a publisher, a first event to a subscriber list of one or more event subscribers, examining authorization concerns for publishing the first event to each event subscriber;
  
  a service entry stack for recording event execution information and process hierarchy of the distributed computer network while the examining module of the event system sequentially examining each event subscriber in the subscriber list, wherein at least one event subscriber is on a second computer system in the distributed computer network;
  
  editing the subscriber list to enforce security criteria for each event subscriber; and
  
  a publishing module for publishing the first event to the event subscriber if it is authorized to receive the first event;
  
  wherein if the first event is allowed to be published to the event subscriber, the service entry stack receives information related to the published event, the execution information including an indication that the first event is now published to the event subscriber.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5 further comprising means for publishing, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event.
  - 7. The system of claim 5 if the first event is allowed to be published further comprising means for:
    - calling a service event handler for the event subscriber to publish the first event;
      
      pushing one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
      
      returning the service event handler back to the event system when there are no more events triggered by the published first event; and
      
      popping the first entry out from the service entry stack.

8. A system for enhancing network security by using a service entry stack in a distributed computer network including a plurality of computers, the system comprising:
- receiving, by an event system on a first computer system in the distributed computer network, an indication for publishing a first event to a subscriber list of one or more event subscribers by a publisher, wherein at least one event subscriber is on a second computer system in the distributed computer network;
  
  publishing, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event, the second event containing the subscription list;
  
  examining authorization concerns and publishing the first event to each event subscriber of the subscriber list by sequentially examining each event subscriber in the subscriber list, the examining further comprising means for;
  
  evaluating, by the event system, whether an event subscriber is authorized to receive the first event;
  
  publishing, by the event system, a third event to a second group of security subscribers including at least one security manager determining whether there are authorization concerns for publishing the first event;
  
  if the first event is allowed to be published to the event subscriber, pushing a first entry to the service entry stack indicating that the first event is now published to the event subscriber;
  
  calling a service event handler for the event subscriber to publish the first event;
  
  pushing one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
  
  returning the service event handler back to the event system when there are no more events triggered by the published first event; and
  
  popping the first entry out from the service entry stack,wherein the service entry stack helps to reflect a process hierarchy of the distributed computer network and retains execution information related to the published event, thereby enhancing the security for event publication.

9. A computer-readable storage medium comprising computer-interpretable instructions that, when executed by a computer:
- receive, by an event system, an indication for publishing, by a publisher, a first event to a subscriber list of one or more event subscribers;
  
  examine authorization concerns for publishing the first event to each event subscriber by sequentially examining each event subscriber in the subscriber list utilizing a service entry stack for recording event execution information and process hierarchy of the distributed computer network;
  
  publish the first event to the event subscriber if it is authorized to receive the first event; and
  
  updating the service entry stack with the first event and first event security information;
  
  wherein the first event security information includes an indication that the first event is now published to the event subscriber; and
  
  wherein the service entry stack retains execution information related to the published event, thereby enhancing the security for event publication.
- View Dependent Claims (10, 11)
- - 10. The computer-readable medium of claim 9 wherein the computer-interpretable instructions further include instructions that, when executed by a computer, publish, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event.
  - 11. The computer-readable medium of claim 9 wherein the computer-interpretable instructions further include instructions that, when executed by a computer, if the first event is allowed to be published:
    - call a service event handler for the event subscriber to publish the first event;
      
      push one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
      
      return the service event handler back to the event system when there are no more events triggered by the published first event; and
      
      pop the first entry out from the service entry stack.

12. A computer-readable storage medium comprising computer-interpretable instructions that, when executed by a computer:
- receive, by an event system, an indication for publishing a first event to a subscriber list of one or more event subscribers by a publisher;
  
  publish, by the event system, a second event to a first group of security subscribers including at least one security manager determining whether the publisher is authorized to publish the first event, the second event containing the subscription list;
  
  examine authorization concerns and publish the first event to each event subscriber of the subscriber list by sequentially examining each event subscriber in the subscriber list, the examining further comprising instructions for;
  
  evaluating, by the event system, whether an event subscriber is authorized to receive the first event;
  
  publishing, by the event system, a third event to a second group of security subscribers including at least one security manager determining whether there are authorization concerns for publishing the first event;
  
  if the first event is allowed to be published to the event subscriber, pushing a first entry to the service entry stack indicating that the first event is now published to the event subscriber;
  
  calling a service event handler for the event subscriber to publish the first event;
  
  pushing one or more entries to the service entry stack representing one or more events executed and triggered by publishing the first event to the event subscriber;
  
  returning the service event handler back to the event system when there are no more events triggered by the published first event; and
  
  popping the first entry out from the service entry stack,wherein the service entry stack helps to reflect a process hierarchy of the distributed computer network and retains execution information related to the published event, thereby enhancing the security for event publication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Felsted, Pat, Fletcher, Samuel F., Lowry, Dale, Pratt, David
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US10/229,730
Time in Patent Office

2,778 Days
Field of Search

726/22, 726/28, 726/1, 719/318
US Class Current

726/28
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/20 for managing network securi...

Method and system for enforcing network security by preserving event execution information utilizing a service event stack

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enforcing network security by preserving event execution information utilizing a service event stack

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links