Security system with staging capabilities

US 7,890,990 B1
Filed: 12/20/2002
Issued: 02/15/2011
Est. Priority Date: 12/20/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

forming access information for staging with respect to a security system, wherein the security system operates to restrict access to secured electronic data based on access information, wherein the access information includes or references one or more of access rules or access policies including at least when and where the secured electronic data can be accessed by a plurality of users, wherein the access information is based on active access information currently in use by the security system, and wherein the active access information and the access information is stored in a database operatively connected to the security system;

forming altered access information to modify the behavior of the security system during the staging;

testing the behavior of the security system during the staging by operating the security system in accordance with the altered access information; and

deploying the altered access information so as to synchronize the active access information stored in the database with the altered access information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and method for providing a security system with the capability to stage a modification to its operation is disclosed. Staging the modification before actually modifying normal operation of the security system allows the impact of the modification on the security system to be examined prior to deployment. If the staging of the modification to the security system is deemed successful, the modification can be fully deployed with reduced risk of unexpected security lapses or other detrimental consequences.

Citations

30 Claims

1. A method comprising:
- forming access information for staging with respect to a security system, wherein the security system operates to restrict access to secured electronic data based on access information, wherein the access information includes or references one or more of access rules or access policies including at least when and where the secured electronic data can be accessed by a plurality of users, wherein the access information is based on active access information currently in use by the security system, and wherein the active access information and the access information is stored in a database operatively connected to the security system;
  
  forming altered access information to modify the behavior of the security system during the staging;
  
  testing the behavior of the security system during the staging by operating the security system in accordance with the altered access information; and
  
  deploying the altered access information so as to synchronize the active access information stored in the database with the altered access information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein the security system thereafter operates in the manner as previously staged.
  - 3. The method as recited in claim 1, wherein forming altered access information comprises modifying at least one of the access rules or at least one of the access policies of the access information to produce the altered access information.
  - 4. The method as recited in claim 1, wherein forming access information for staging is configured by a user, andwherein forming altered access information is performed in accordance with input provided by the user.
  - 5. The method as recited in claim 1, wherein forming access information for staging is configured by a user, andwherein the testing of the behavior of the security system is performed in accordance with input provided by the user.
  - 6. The method as recited in claim 1, wherein forming access information for staging comprises copying the active access information to the access information.
  - 7. The method as recited in claim 1, wherein the deploying of the altered access information comprises:
    - archiving the active access information in use by the security system; and
      
      replacing the active access information with the altered access information.
  - 8. The method as recited in claim 7,wherein forming altered access information comprises modifying at least one of the access rules or at least one of the access policies of the access information to produce the altered access information.

9. A method comprising:
- initializing a staging server with initial access limitations derived from active access limitations, wherein a security system operates to restrict access to secured electronic data based on the access limitations, the access limitations including at least when and where the secured electronic data can be accessed by one or more user groups, and wherein the active access limitations are stored in a database operatively connected to the security system;
  
  modifying the initial access limitations to provide a staged environment;
  
  verifying operation of the security system in the staged environment while utilizing the modified access limitations; and
  
  deploying the staged environment as an active environment of the security system so as to synchronize the active access limitations stored in the database with the modified access limitations.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method as recited in claim 9, wherein the security system includes an active server for normal operation and the staging server for staging changes to the security system.
  - 11. The method as recited in claim 10, wherein the active environment is provided through use of the active access limitations and the active server of the security system.
  - 12. The method as recited in claim 9, wherein the initializing comprises copying the active access limitations to the initial access limitations.
  - 13. The method as recited in claim 9, wherein the modifying of the initial access limitations is performed in accordance with selections from a user.
  - 14. The method as recited in claim 9, wherein the deploying comprises:
    - replacing the access limitations of the security system with the modified access limitations.
  - 15. The method as recited in claim 9, wherein the deploying comprises:
    - archiving the access limitations of the security system; and
      
      replacing the access limitations of the security system with the modified access limitations.
  - 16. The method as recited in claim 9, wherein the active access limitations include or reference one or more of access rules or access policies.
  - 17. The method as recited in claim 16, wherein the initial access limitations include or reference one or more of access rules or access policies.

18. A system comprising:
- an active server configured to enforce access limitations regarding secured electronic documents in accordance with organizational information of an entity and active document access information, wherein the active document access information includes or references one or more of access rules or access policies including at least when and where the secured electronic documents can be accessed by one or more user groups;
  
  a staging server configured to test access limitations imposed on the secured electronic documents in accordance with the organizational information of the entity and document access information, wherein the document access information includes or references one or more of access rules or access policies including at least when and where the secured electronic documents can be accessed by the one or more user groups; and
  
  a database stored in a computer readable storage medium, wherein the database is operatively connected to the active server and the staging server, wherein the database includes at least the organizational information of the entity synchronized for use by both the active server and the staging server, the active document access information for use by the active server, and the document access information for use by the staging server.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system as recited in claim 18, wherein a plurality of users in the one or more user groups can interact with the active server to access the secured electronic documents, and wherein an authorized administrator of the security system can interact with the staging server to test the staging environment prior to deploying the staging environment as the active environment by synchronizing the document access information stored in the database with the access information for use by the staging server.
  - 20. The system as recited in claim 19, wherein the document access information is derived from the active document access information.
  - 21. The system as recited in claim 18, wherein the database further includes at least revert document access information for storing at least one prior version of the active document access information.
  - 22. The system as recited in claim 21, wherein at least one of the active document access information and the revert document access information are configured to include at least a plurality of partitions, each of the partitions pertaining to a different type of document access information.
  - 23. The system as recited in claim 22, wherein the document access information is derived from a selection of at least one partition from the active document access information and at least one partition from the revert document access information.
  - 24. The system as recited in claim 22, wherein each of the active document access information, the document access information and the revert document access information includes or references one or more of access rules or access policies.

25. A non-transitory computer readable storage medium having instructions stored thereon, the instructions comprising:
- instructions to form access information for staging with respect to a security system, wherein the security system operates to restrict access to secured electronic data based on access information, and wherein the access information is based on active access information in use by the security system, wherein the access information includes or references one or more of access rules or access policies including at least when and where the secured electronic data can be accessed by a plurality of users, and wherein the active access information is stored in a database operatively connected to the security system;
  
  instructions to alter the access information to modify the behavior of the security system during the staging; and
  
  instructions to deploy the altered access information so as to synchronize the active access information stored in the database with the altered access information.
- View Dependent Claims (26, 27)
- - 26. The non-transitory computer readable storage medium as recited in claim 25, wherein:
    - the security system thereafter operates in the manner as previously staged; and
      
      the instructions to alter comprises modifying at least one of the access rules or at least one of the access policies of the access information to produce the altered access information.
  - 27. The non-transitory computer readable storage medium as recited in claim 25, wherein the instructions further comprise:
    - instructions to test the behavior of the security system during the staging by operating the security system in accordance with the altered access information.

28. A non-transitory computer readable storage medium having instructions stored thereon, the instructions comprising:
- initializing a staging server with initial access limitations derived from active access limitations, wherein a security system operates to restrict access to secured electronic data based on the access limitations, wherein the access limitations include or reference one or more of access rules or access policies including at least when and where the secured electronic data can be accessed by one or more users or user groups, and wherein the active access limitations are stored in a database operatively connected to the security system;
  
  instructions for modifying the initial access limitations to provide a staged environment;
  
  instructions for verifying operation of the security system in the staged environment while utilizing the modified access limitations; and
  
  instructions for deploying-the staged environment as an active environment of the security system so as to synchronize the active access limitations stored in the database with the modified access limitations.
- View Dependent Claims (29)
- - 29. The non-transitory computer readable storage medium as recited in claim 28, wherein the deploying comprises:
    - archiving the access limitations of the security system; and
      
      replacing the access limitations of the security system with the modified access limitations.

30. A non-transitory computer readable storage medium having instructions stored thereon, the instructions comprising:
- instructions to obtain access information for staging with respect to a security system, wherein the security system operates to restrict access to secured electronic data based on access information, and wherein the access information includes or references one or more of access rules or access policies including at least when and where the secured electronic data can be accessed by a plurality of users, and wherein the active access is stored in a database operatively connected to the security system;
  
  testing the behavior of the security system during the staging by operating the security system in accordance with the access information;
  
  instructions to alter the access information to modify the behavior of the security system during the staging; and
  
  instructions to deploy the access information to be used as the access information for normal operational use of the security system in restricting access to the secured electronic data so as to synchronize the active access information stored in the database with the altered access information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC (Intellectual Ventures LLC)
Inventors
Ouye, Michael Michio, Vainstein, Klimenty
Primary Examiner(s)
Pearson; David J

Application Number

US10/327,320
Time in Patent Office

2,979 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/604   Tools and structures for ma...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Security system with staging capabilities

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Security system with staging capabilities

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links