Computer system, management system and recording medium

US 9,071,614 B2
Filed: 11/19/2009
Issued: 06/30/2015
Est. Priority Date: 11/19/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system comprising:

client computers, each of which is configured to execute a security management program using a merged security policy information;

a plurality of management computers, each of which is configured to send a security policy information to respective at least one of the client computers controlled by each of the management computers defined by an administrator of the respective management computer; and

a highest-level management computer configured to send highest-level security policy information to all of the client computers, and configured to send, to each of the client computers, merge rule information which makes it possible to ensure the minimum security unless defined by the security policy information by the administrator of the respective management computer,wherein each of the client computers is configured to create said merged security policy information, on the basis of the merge rule information, the security policy information and the highest-level security policy information,wherein only the highest-level management computer is configured to receive input from a highest-level administrator to create the highest-level security policy information and the merge rule information,wherein the highest-level management computer comprises a merge rule registration display comprising at least one of;

a log file size option, a monitor process boot time option and an inhibit print release password option.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention prevents the deterioration of security while maintaining usability in a case where a plurality of policies are applied to a client computer. Policies created by respective management servers 10 (Ma through Md) and by a highest-level management server 10 (Msa) are set in a client computer 20. The highest-level management server delivers, to the client computer, a merge rule for creating one policy from a plurality of policies. The client computer creates a new policy from a plurality of policies and the merge rule, and manages a security function.

30 Citations

View as Search Results

12 Claims

1. A computer system comprising:
- client computers, each of which is configured to execute a security management program using a merged security policy information;
  
  a plurality of management computers, each of which is configured to send a security policy information to respective at least one of the client computers controlled by each of the management computers defined by an administrator of the respective management computer; and
  
  a highest-level management computer configured to send highest-level security policy information to all of the client computers, and configured to send, to each of the client computers, merge rule information which makes it possible to ensure the minimum security unless defined by the security policy information by the administrator of the respective management computer,wherein each of the client computers is configured to create said merged security policy information, on the basis of the merge rule information, the security policy information and the highest-level security policy information,wherein only the highest-level management computer is configured to receive input from a highest-level administrator to create the highest-level security policy information and the merge rule information,wherein the highest-level management computer comprises a merge rule registration display comprising at least one of;
  
  a log file size option, a monitor process boot time option and an inhibit print release password option.
- View Dependent Claims (2, 3, 4)
- - 2. A computer system according to claim 1,wherein each the client computers respectively is configured to detect a difference between the merged security policy information and the security policy information and configured to send the difference to the respective management computer controlling the each of the client computers by sending the respective security policy information, andwherein the respective management computer receiving the difference is configured to output the difference.
  - 3. A computer system according to claim 1,wherein the merge rule information enables the respective client computer to create the merged security policy information which is intermediate between the security policy information and the highest-level security policy information, in case where, the security policy information and the highest-level security policy information conflict.
  - 4. A computer system according to claim 1,wherein one of the security policy information and highest-level security policy information permits a certain operation, and another one of the the security policy information and highest-level security policy information prohibits the certain operation, andwherein the merged rule information enables the respective client computer to permit the certain operation with a prescribed condition denoted in the merged rule information.

5. A management system for managing client computers, comprising:
- a plurality of management computers, each of which is configured to send a security policy information to respective at least one of the client computers controlled by each of the management computers defined by an administrator of the respective management computer, each of client computers being configured to execute a security management program using a merged security policy information; and
  
  a highest-level management computer configured to send highest-level security policy information to all of the client computers, and configured to send, to each of the client computers, merge rule information which makes it possible to ensure the minimum security unless defined by the security policy information by the administrator of the respective management computer,wherein each of the client computers is configured to create said merged security policy information, on the basis of the merge rule information, the security policy information and the highest-level security policy information,wherein only the highest-level management computer is configured to receive input from a highest-level administrator to create the highest-level security policy information and the merge rule information,wherein the highest-level management computer comprises a merge rule registration display comprising at least one of;
  
  a log file size option, a monitor process boot time option and an inhibit print release password option.
- View Dependent Claims (6, 7, 8, 9)
- - 6. A management system according to claim 5,wherein each the client computers respectively is configured to detect a difference between the merged security policy information and the security policy information and configured to send the difference to the respective management computer controlling the each of the client computers by sending the respective security policy information, andwherein the respective management computer receiving the difference is configured to output the difference.
  - 7. A management system according to claim 5,wherein the merge rule information enables the respective client computer to create the merged security policy information which is intermediate between the security policy information and the highest-level security policy information, in case where, the security policy information and the highest-level security policy information conflict.
  - 8. A management system according to claim 5,wherein one of the security policy information and highest-level security policy information permits a certain operation, and another one of the the security policy information and highest-level security policy information prohibits the certain operation, andwherein the merged rule information enables the respective client computer to permit the certain operation with a prescribed condition denoted in the merged rule information.
  - 9. A non-transistory computer-readable recording medium according to claim 5,wherein one of the security policy information and highest-level security policy information permits a certain operation, and another one of the the security policy information and highest-level security policy information prohibits the certain operation, andwherein the merged rule information enables the respective client computer to permit the certain operation with a prescribed condition denoted in the merged rule information.

10. A non-transistory computer-readable recording medium, which stores a computer program for causing a highest-level management computer of a plurality of management computers of a computer system to perform steps, the computer system comprising the highest-level management computer coupled to client computers, each of which is configured to execute a security management program using a merged security policy information, where each of the plurality of management computers is configured to send a security policy information to respective at least one of the client computers controlled by each of the management computers defined by an administrator of the respective management computer, the steps comprising:
- sending highest-level security policy information to all of the client computers, and sending, to each of the client computers, merge rule information which makes it possible to ensure the minimum security unless defined by the security policy information by the administrator of the respective management computer, wherein each of the client computers is configured to create said merged security policy information, on the basis of the merge rule information, the security policy information and the highest-level security policy information;
  
  receiving input from a highest-level administrator to create the highest-level security policy information and the merge rule information, wherein only the highest-level management computer is configured to receive input from a highest-level administrator to create the highest-level security policy information and the merge rule information; and
  
  displaying, via a merge rule registration display of the highest-level management computer, at least one of;
  
  a log file size option, a monitor process boot time option and an inhibit print release password option.
- View Dependent Claims (11, 12)
- - 11. A non-transistory computer-readable recording medium according to claim 10,wherein each the client computers respectively is configured to detect a difference between the merged security policy information and the security policy information and configured to send the difference to the respective management computer controlling the each of the client computers by sending the respective security policy information, andwherein the respective management computer receiving the difference is configured to output the difference.
  - 12. A non-transistory computer-readable recording medium according to claim 10,wherein the merge rule information enables the respective client computer to create the merged security policy information which is intermediate between the security policy information and the highest-level security policy information, in case where, the security policy information and the highest-level security policy information conflict.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Suzuki, Yoshiyuki
Primary Examiner(s)
GOLDBERG, ANDREW C

Application Number

US12/672,990
Publication Number

US 20120017258A1
Time in Patent Office

2,049 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2115   Third party

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

H04L 63/104   Grouping of entities

Computer system, management system and recording medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system, management system and recording medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links