Logging access system events

US 9,038,170 B2
Filed: 02/26/2001
Issued: 05/19/2015
Est. Priority Date: 07/10/2000
Status: Active Grant

First Claim

Patent Images

1. A method for logging access system events, comprising:

detecting an access system event which includes accessing a resource and access information;

testing whether access to the resource is authorized based on the access information without granting authorization to the resource, wherein the testing includes accessing an authorization rule for the resource and accessing an identity profile for a first user to determine whether at least a portion of the authorization rule is satisfied based on information in the identity profile;

reporting whether access to the resource is authorized based on the testing by;

creating in an audit log a log entry for said access system event which includes an indication of whether access to the resource is authorized based on the testing,storing the authorization rule for the resource and used during said testing in said log entry, andstoring information from the identity profile for the first user in said log entry, the information from the identity profile stored in the log entry comprising one or more attributes of the identity profile for the first user, the attributes identified by an audit rule associated with the resource;

monitoring the audit log with an audit log sensor for events associated with at least one of one or more event types associated with the access system event;

accessing instructions for an event type associated with the access system event, wherein the instructions specify that a value of one or more attributes of the attributes in the identity profile is to be added to the audit log entry;

accessing the identity profile for the user in response to the instructions;

adding the value of one or more attributes of the plurality of attributes in the identity profile of the user to the audit log entry in accordance with the instructions; and

storing the audit log entry including the one or more attribute values in an application server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is disclosed that logs access system events. When an access system event occurs, a log entry is created for the access system event. Information from an identity profile is stored in the log entry. The identity profile pertains to a first user. The first user is the entity who caused or was involved with the access system event. In one embodiment, the access system includes identity management and access management functionality.

Citations

32 Claims

1. A method for logging access system events, comprising:
- detecting an access system event which includes accessing a resource and access information;
  
  testing whether access to the resource is authorized based on the access information without granting authorization to the resource, wherein the testing includes accessing an authorization rule for the resource and accessing an identity profile for a first user to determine whether at least a portion of the authorization rule is satisfied based on information in the identity profile;
  
  reporting whether access to the resource is authorized based on the testing by;
  
  creating in an audit log a log entry for said access system event which includes an indication of whether access to the resource is authorized based on the testing,storing the authorization rule for the resource and used during said testing in said log entry, andstoring information from the identity profile for the first user in said log entry, the information from the identity profile stored in the log entry comprising one or more attributes of the identity profile for the first user, the attributes identified by an audit rule associated with the resource;
  
  monitoring the audit log with an audit log sensor for events associated with at least one of one or more event types associated with the access system event;
  
  accessing instructions for an event type associated with the access system event, wherein the instructions specify that a value of one or more attributes of the attributes in the identity profile is to be added to the audit log entry;
  
  accessing the identity profile for the user in response to the instructions;
  
  adding the value of one or more attributes of the plurality of attributes in the identity profile of the user to the audit log entry in accordance with the instructions; and
  
  storing the audit log entry including the one or more attribute values in an application server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, wherein:
    - said access system event is an authorization success event.
  - 3. The method according to claim 1, wherein:
    - said access system event is an authorization failure event.
  - 4. The method according to claim 1, wherein:
    - said access system event is an authentication success event.
  - 5. The method according to claim 1, wherein:
    - said access system event is an authentication failure event.
  - 6. The method according to claim 1, further comprising:
    - storing an identification of a resource in said log entry, said access system event pertains to said resource.
  - 7. The method according to claim 1, further comprising:
    - storing an identification of said access system event in said log entry.
  - 8. The method according to claim 1, further comprising:
    - storing an identification of a time of said access system event in said log entry.
  - 9. The method according to claim 1, wherein:
    - said detecting an access event consists of denying authorization for said first user to access a resource.
  - 10. The method according to claim 1, further comprising:
    - accessing said identity profile in an LDAP directory.
  - 11. The method according to claim 1, further:
    - receiving configuration information for said log entry, said configuration information includes an identification of a type of access system event to log.
  - 12. The method according to claim 1, further:
    - receiving configuration information for said log entry, said configuration information includes an identification of one or more identity profile attributes to store in said log entry.
  - 13. The method according to claim 1, further comprising:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      denying authorization for said first user to access said resource.
  - 14. The method according to claim 1, further comprising:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      allowing said first user to access said resource.
  - 15. The method according to claim 1, further:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is not in said subset of said set of resources, said step of creating a log entry is performed according to said default audit rule.
  - 16. The method according to claim 1, further comprising:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is in said subset of said set of resources, said step of creating a log entry is performed according to said specific audit rule.

17. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
- detecting an access system event which includes accessing a resource and access information;
  
  testing whether access to the resource is authorized based on the access information without granting authorization to the resource, wherein the testing includes accessing an authorization rule for the resource and accessing an identity profile for a first user to determine whether at least a portion of the authorization rule is satisfied based on information in the identity profile;
  
  reporting whether access to the resource is authorized based on the testing by;
  
  creating a log entry for said access system event which includes an indication of whether access to the resource is authorized based on the testing,storing the authorization rule for the resource and used during said testing in said log entry, andstoring information from the identity profile for the first user in said log entry, the information from the identity profile stored in the log entry comprising one or more attributes of the identity profile for the first user, the attributes identified by an audit rule associated with the resource;
  
  monitoring the audit log with an audit log sensor for events associated with at least one of one or more event types associated with the access system event;
  
  accessing instructions for an event type associated with the access system event, wherein the instructions specify that a value of one or more attributes of the attributes in the identity profile is to be added to the audit log entry;
  
  accessing the identity profile for the user in response to the instructions;
  
  adding the value of one or more attributes of the plurality of attributes in the identity profile of the user to the audit log entry in accordance with the instructions; and
  
  storing the audit log entry including the one or more attribute values in an application server.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - accessing said identity profile in an LDAP directory.
  - 19. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - receiving configuration information for said log entry, said configuration information includes an identification of a type of access system event to log.
  - 20. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      denying authorization for said first user to access said resource.
  - 21. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      allowing said first user to access said resource.
  - 22. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is not in said subset of said set of resources, said step of creating a log entry is performed according to said default audit rule.
  - 23. The one or more processor readable storage devices according to claim 17, wherein said method further comprises:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is in said subset of said set of resources, said step of creating a log entry is performed according to said specific audit rule.

24. An access system, comprising:
- a communication interface;
  
  one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors programmed to perform a method comprising;
  
  detecting an access system event which includes accessing a resource and access information,testing whether access to the resource is authorized based on the access information without granting authorization to the resource, wherein the testing includes accessing an authorization rule for the resource and accessing an identity profile for a first user to determine whether at least a portion of the authorization rule is satisfied based on information in the identity profile;
  
  reporting whether access to the resource is authorized based on the testing by;
  
  creating a log entry for said access system event which includes an indication of whether access to the resource is authorized based on the testing,storing the authorization rule for the resource and used during said testing in said log entry,storing information from the identity profile for the first user in said log entry, the information from the identity profile stored in the log entry comprising one or more attributes of the identity profile for the first user, the attributes identified by an audit rule associated with the resources;
  
  monitoring the audit log with an audit log sensor for events associated with at least one of one or more event types associated with the access system event;
  
  accessing instructions for an event type associated with the access system event, wherein the instructions specify that a value of one or more attributes of the attributes in the identity profile is to be added to the audit log entry;
  
  accessing the identity profile for the user in response to the instructions;
  
  adding the value of one or more attributes of the plurality of attributes in the identity profile of the user to the audit log entry in accordance with the instructions; and
  
  storing the audit log entry including the one or more attribute values in an application server.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The access system according to claim 24, wherein said method further comprises:
    - accessing said identity profile in an LDAP directory.
  - 26. The access system according to claim 24, wherein said method further comprises:
    - receiving configuration information for said log entry, said configuration information includes an identification of a type of access system event to log.
  - 27. The access system according to claim 24, wherein said method further comprises:
    - receiving configuration information for said log entry, said configuration information includes an identification of one or more identity profile attributes to store in said log entry.
  - 28. The access system according to claim 24, wherein said method further comprises:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      denying authorization for said first user to access said resource.
  - 29. The access system according to claim 24, wherein said method further comprises:
    - receiving a request to access a resource from said first user, said access system event pertains to said resource;
      
      attempting to authorize said first user to access said resource; and
      
      allowing said first user to access said resource.
  - 30. The access system according to claim 24, wherein said method further comprises:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is not in said subset of said set of resources, said step of creating a log entry is performed according to said default audit rule.
  - 31. The access system according to claim 24, wherein said method further comprises:
    - receiving a default audit rule for a set of resources;
      
      receiving a specific audit rule for a subset of said set of resources;
      
      receiving a request to access a first resource from said first user; and
      
      determining that said first resource is in said subset of said set of resources, said step of creating a log entry is performed according to said specific audit rule.
  - 32. The access system according to claim 24, wherein:
    - said access system includes an identity management system and an access management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Joshi, Vrinda S., Ramamurthy, Srinivasagapala
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US09/792,915
Publication Number

US 20020116642A1
Time in Patent Office

5,195 Days
Field of Search

713/201, 713/183, 713/200, 713/202, 713/153, 713/165, 713/168, 726/3, 726/11, 726/13, 726/22, 709/224, 709/225
US Class Current

726/22
CPC Class Codes

G06F 16/9535   Search customisation based ...

G06F 16/955   using information identifie...

G06F 21/62   Protecting access to data v...

H04L 2463/102   applying security measure f...

H04L 61/4523   using lightweight directory...

H04L 63/0823   using certificates cryptogr...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Logging access system events

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Logging access system events

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links