Method and system for implementing changes to security policies in a distributed security system

US 8,266,674 B2
Filed: 06/19/2009
Issued: 09/11/2012
Est. Priority Date: 12/12/2001
Status: Active Grant

First Claim

Patent Images

1. A security system for securing files from unauthorized access within a distributed computer network, the security system comprising:

a processor; and

a memory storing a plurality of client modules, comprising at least computer program code stored on a computer readable medium, the plurality of client modules configured to operate on respective user computers, and configured to control access to secured files having access rules in a header portion thereof, wherein some or all of at least a portion of security policy information that governs a type, a location, a duration, and an extent of access to the secured files that are permitted by users via the respective user computers is received at respective ones of the plurality of client modules from a central service module via a local service module comprising a delivery queue for temporarily storing security policy change messages to be delivered to client modules determined to be inactive and affected by a security colic change received at the central service module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for effectuating changes to security policies in a distributed security system are disclosed. The changes to security policies are distributed to those users (e.g., user and/or computers) in the security system that are affected. The distribution of such changes to security policies can be deferred for those affected users that are not activated (e.g., logged-in or on-line) with the security system.

701 Citations

19 Claims

1. A security system for securing files from unauthorized access within a distributed computer network, the security system comprising:
- a processor; and
  
  a memory storing a plurality of client modules, comprising at least computer program code stored on a computer readable medium, the plurality of client modules configured to operate on respective user computers, and configured to control access to secured files having access rules in a header portion thereof, wherein some or all of at least a portion of security policy information that governs a type, a location, a duration, and an extent of access to the secured files that are permitted by users via the respective user computers is received at respective ones of the plurality of client modules from a central service module via a local service module comprising a delivery queue for temporarily storing security policy change messages to be delivered to client modules determined to be inactive and affected by a security colic change received at the central service module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The security system as recited in claim 1, wherein if a security policy change is received at the central service module, the central service module is configured to update the portion of the security policy information at the local service module based on the security policy change.
  - 3. The security system as recited in claim 2, wherein after the local service module has been updated, the central service module is configured to identify those of the plurality of client modules that are affected by the security policy change, and configured to thereafter inform affected client modules.
  - 4. The security system as recited in claim 3, wherein the affected client modules are configured to thereafter update security information at the client modules that are affected.
  - 5. The security system as recited in claim 2, wherein after the central service module has been updated, the central service module is configured to identify those of the affected diem modules and then determine which of the affected client modules are active, and configured to thereafter inform active client modules of the security policy change.
  - 6. The security system as recited in claim 5, wherein the local service module is further configured to defer informing the affected client modules that are not active of the security policy change.
  - 7. The security system as recited in claim 6, wherein each of the affected but not active client modules are subsequently informed of the security policy change by the local service module if the corresponding one of the client modules becomes active.
  - 8. The security system as recited in claim 1, wherein the security policy change messages in the delivery queue are subsequently delivered to the client modules if the affected client modules become active, and wherein the subsequently delivered security policy change messages inform the client modules of the security policy change in a deferred manner.
  - 9. The security system as recited in claim 1 wherein in storing the security policy change messages in the delivery queue, one or more of the security policy change messages being stored or those security policy change messages previously stored arc modified or consolidated.
  - 10. The security system as recited in claim 9, wherein the security policy change messages in the delivery queue are subsequently delivered to the client modules if the affected client modules become active, thereby informing such client modules of the security policy change in a deferred manner.
  - 11. The security system as recited in claim 1, wherein in storing the security policy change messages in the delivery queue, the local service module is configured to determine whether one or more of the security policy change messages being stored in the delivery queue are affected by any other security policy change messages residing in the delivery queue, and configured to then modify at least one of the security policy change messages being stored or those security policy change messages previously stored.
  - 12. The security system as recited in claim 11, wherein the security policy change messages in the delivery queue are subsequently delivered to the client modules if the affected client modules become active, thereby informing such client modules of the security policy change in a deferred manner.

13. A security system for securing files from unauthorized access within a distributed computer network, the security system comprising:
- a processor; and
  
  a memory storing a server module comprising at least computer program code stored on a computer readable medium and configured to operate on a server computer and configured to control access to secured files having access rules in a header portion thereof, wherein at least a portion of security policy information that governs a type, a location, a duration, and an extent of access to the secured files that are permitted by users via the server computer is received at the server module from a central service module via a local service module comprising a delivery queue for temporarily storing security policy change messages to he delivered to client modules determined to be inactive and affected by a security policy change received at the central service module.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The security system as recited in claim 13, wherein if a security policy change is received at the central service module, the central service module is configured to update the portion of the security policy information at the local service module based on the security policy change.
  - 15. The security system as recited in claim 14, wherein after the local service module has been updated, the central service module is configured to identify the server module that is affected by the security policy change, and configured to thereafter inform an affected server module.
  - 16. The security system as recited in claim 15, wherein the affected server module is configured to thereafter update security information at the affected server module.
  - 17. The security system as recited in claim 14, wherein after the central service module has been updated, the central service module is configured to identify those of the affected server module and then determine if the affected server module is active, and configured to thereafter inform an active server module of the security policy change.
  - 18. The security system as recited in claim 17, wherein the local service module is further configured to defer informing the affected server module that is not active of the security policy change.
  - 19. The security system as recited in claim 18, wherein the affected but not the active server module is subsequently informed of the security policy change by the local service module if the server module becomes active.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Guardian Data Storage LLC
Inventors
Huang, Weiqing, Supramaniam, Senthilvasan, Vainstein, Klimenty
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US12/487,796
Publication Number

US 20090254972A1
Time in Patent Office

1,180 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Method and system for implementing changes to security policies in a distributed security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

701 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing changes to security policies in a distributed security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

701 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links