Distributed enterprise security system

US 20050251852A1
Filed: 10/08/2004
Published: 11/10/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for distributed enterprise security, comprising:

a first process capable of providing a second set of information derived from a first set of information, wherein the first set of information includes one or more of;

a policy and configuration information;

a security control module (SCM) capable of accepting the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information;

a security service module (SSM) capable of accepting the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM;

wherein the SSM is capable of controlling access to one or more resources based on the third set of information; and

wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for a distributed enterprise security, comprising, a first process capable of providing a second set of information derived from a first set of information, wherein the first set of information includes one or more of: a policy and configuration information, a security control module (SCM) capable of accepting the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information, a security service module (SSM) capable of accepting the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM, wherein the SSM is capable of controlling access to one or more resources based on the third set of information, and wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.

108 Citations

View as Search Results

29 Claims

1. A system for distributed enterprise security, comprising:
- a first process capable of providing a second set of information derived from a first set of information, wherein the first set of information includes one or more of;
  
  a policy and configuration information;
  
  a security control module (SCM) capable of accepting the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information;
  
  a security service module (SSM) capable of accepting the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM;
  
  wherein the SSM is capable of controlling access to one or more resources based on the third set of information; and
  
  wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein:
    - a policy can determine one of;
      
      access to a resource, access to a resource attribute, and who can be in a role.
  - 3. The system of claim 1 wherein:
    - the first process can update the first set of information.
  - 4. The system of claim 1 wherein:
    - one or more of the following contain only information that has changed since a given point in time;
      
      the second information and the third information.
  - 5. The system of claim 1, further comprising:
    - a security service module.
  - 6. The system of claim 1 wherein:
    - the SCM and the SSM execute on the same computing device.
  - 7. The system of claim 1 wherein:
    - information is transmitted over a secure communication link.
  - 8. The system of claim 1 wherein:
    - the SSM can be part of one of;
      
           1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 9. The system of claim 1 wherein:
    - the SSM can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 10. The system of claim 1 wherein:
    - the one or more resources are part of a resource hierarchy.

11. A method for distributed enterprise security, comprising:
- providing by a first process a second set of information derived from a first set of information, wherein the first set of information includes one or more of;
  
  a policy and configuration information;
  
  accepting by a security control module (SCM) the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information;
  
  accepting by a security service module (SSM) the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM;
  
  wherein the SSM is capable of controlling access to one or more resources based on the third set of information; and
  
  wherein the SMM is capable of configuring security services based on the third set of information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising:
    - updating the first set of information.
  - 13. The method of claim 11 wherein:
    - one or more of the following contain only information that has changed since a given point in time;
      
      the second information and the third information.
  - 14. The method of claim 11 wherein:
    - a security service module.
  - 15. The method of claim 11 wherein:
    - the SCM and the SSM execute on the same computing device.
  - 16. The method of claim 11, further comprising:
    - transmitting information over a secure communication link.
  - 17. The method of claim 11 wherein:
    - the SSM can be part of one of;
      
           1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 18. The method of claim 11 wherein:
    - the SSM can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 19. The method of claim 11 wherein:
    - the one or more resources are part of a resource hierarchy.

20. A machine readable medium having instructions stored thereon to cause a system to:
- provide by a first process a second set of information derived from a first set of information, wherein the first set of information includes one or more of;
  
  a policy and configuration information;
  
  accept by a security control module (SCM) the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information;
  
  accept by a security service module (SSM) the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM;
  
  wherein the SSM is capable of controlling access to one or more resources based on the third set of information; and
  
  wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The machine readable medium of claim 20, further comprising:
    - update the first set of information.
  - 22. The machine readable medium of claim 20 wherein:
    - one or more of the following contain only information that has changed since a given point in time;
      
      the second information and the third information.
  - 23. The machine readable medium of claim 20 wherein:
    - a security service module.
  - 24. The machine readable medium of claim 21 wherein:
    - the SCM and the SSM execute on the same computing device.
  - 25. The machine readable medium of claim 20, further comprising:
    - transmit information over a secure communication link.
  - 26. The machine readable medium of claim 20 wherein:
    - the SSM can be part of one of;
      
           1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 27. The machine readable medium of claim 20 wherein:
    - the SSM can perform at least one of;
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 28. The machine readable medium of claim 20 wherein:
    - the one or more resources is part of a resource hierarchy.

29. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for providing by a first process a second set of information derived from a first set of information, wherein the first set of information includes one or more of;
  
  a policy and configuration information;
  
  a code segment including instructions for accepting by a security control module (SCM) the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information;
  
  a code segment including instructions for accepting by a security service module (SSM) the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM;
  
  wherein the SSM is capable of controlling access to one or more resources based on the third set of information; and
  
  wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/962,106
Publication Number

US 20050251852A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Distributed enterprise security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed enterprise security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links