Distributed enterprise security system

US 7,594,224 B2
Filed: 10/08/2004
Issued: 09/22/2009
Est. Priority Date: 10/10/2003
Status: Active Grant

First Claim

Patent Images

1. A system for distributed enterprise security, comprising:

a server operable to update information, wherein the information can include one or more of a policy and configuration information;

wherein a policy includes at least one of authentication policy, role policy, authorization policy, and auditing policy;

wherein configuration information includes at least one of security providers, locations of directory servers, and databases;

a plurality of security control managers (SCMs), each executing on a different computer distributed throughout an enterprise, including a first security control manager (SCM), executing on a first computer wherein the first computer includes a computer readable medium and processor operating thereon, operable to accept the information from the server and distribute the information;

a plurality of security service modules (SSMs) executing on the first computer, wherein each SSM is operable to accept the information from the first SCM and wherein each SSM is deployed to a component on the first computer and provides security services to the component based on the information; and

wherein the information accepted by the SCM is relevant to one or more of the plurality of SSMs.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration information, a security control module (SCM) operable to accept the information, at least one security service module (SSM) operable to accept the information from the SCM, and herein the information accepted by the SCM is relevant to one or more of the at least one SSMs.

489 Citations

25 Claims

1. A system for distributed enterprise security, comprising:
- a server operable to update information, wherein the information can include one or more of a policy and configuration information;
  
  wherein a policy includes at least one of authentication policy, role policy, authorization policy, and auditing policy;
  
  wherein configuration information includes at least one of security providers, locations of directory servers, and databases;
  
  a plurality of security control managers (SCMs), each executing on a different computer distributed throughout an enterprise, including a first security control manager (SCM), executing on a first computer wherein the first computer includes a computer readable medium and processor operating thereon, operable to accept the information from the server and distribute the information;
  
  a plurality of security service modules (SSMs) executing on the first computer, wherein each SSM is operable to accept the information from the first SCM and wherein each SSM is deployed to a component on the first computer and provides security services to the component based on the information; and
  
  wherein the information accepted by the SCM is relevant to one or more of the plurality of SSMs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising:
    - a modular and dynamically configurable security service module coupled to the at least one SSM.
  - 3. The system of claim 2 wherein:
    - the at least one SSM can accept security service module configuration information from the SCM.
  - 4. The system of claim 1 wherein:
    - information is provided and accepted over at least one secure communication link.
  - 5. The system of claim 1 wherein:
    - the SCM is operable to provide only policies and configuration information that have changed.
  - 6. The system of claim 1 wherein each component is one of:
    - 1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 7. The system of claim 1 wherein:
    - the at least one SSM can perform at least one of
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 8. The system of claim 1, wherein the SCM further comprises:
    - a cache for the information.
  - 9. The system of claim 1 wherein:
    - the SCM provides the information for the at least one SSMs on a given computing device.
  - 10. The system of claim 1 wherein:
    - a policy is delegated.

11. A method for providing distributed enterprise security, comprising:
- distributing information to a first security control manager (SCM) from a plurality of SCMs each executing on a different computer distributed throughout an enterprise, wherein the first SCM executes on a first computer including a computer readable medium and processor operating thereon and wherein the information can include one or more of a policy and configuration information;
  
  wherein a policy includes at least one of authentication policy, role policy, authorization policy, and auditing policy;
  
  wherein configuration information includes at least one of security providers, locations of directory servers, and databases;
  
  distributing the information from the first SCM to a plurality of security service modules (SSMs) executing on the first computer; and
  
  wherein the information distributed to the first SCM is relevant to one or more of the plurality of SSMs and wherein each of the plurality of SSMs is deployed to a component and provides security services to the component on the first computer based on the information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11 wherein:
    - the at least one SSM can accept security service module configuration information from the first SCM.
  - 13. The method of claim 11 wherein:
    - the first SCM is operable to provide only policies and configuration information that have changed.
  - 14. The method of claim 11 wherein the component is one of:
    - 1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 15. The method of claim 11 wherein:
    - the at least one SSM can perform at least one of
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 16. The method of claim 11, wherein the first SCM further comprises:
    - using a cache for the information.
  - 17. The method of claim 11 wherein:
    - a policy is delegated.
  - 18. The method of claim 11 wherein:
    - the information is distributed over a communication link.

19. A computer readable medium having instructions stored thereon to cause a system to:
- distribute information to a first security control manager (SCM) from a plurality of SCMs each executing on a different computer distributed throughout an enterprise, wherein the first SCM executes on a first computer including a computer readable medium and processor operating thereon and wherein the information can include one or more of a policy and configuration information;
  
  wherein a policy includes at least one of authentication policy, role policy, authorization policy, and auditing policy;
  
  wherein configuration information includes at least one of security providers, locations of directory servers, and databases;
  
  distribute the information from the first SCM to a plurality of security service modules (SSMs) executing on the first computer; and
  
  wherein the information distributed to the first SCM is relevant to one or more of the plurality of SSMs and wherein each of the plurality of SSMs is deployed to a component and provides security services to the component on the first computer based on the information.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computer readable medium of claim 19 wherein:
    - the at least one SSM can accept security service module configuration information from the first SCM.
  - 21. The computer readable medium of claim 19 wherein:
    - the first SCM is operable to provide only policies and configuration information that have changed.
  - 22. The computer readable medium of claim 19 wherein the component is one of:
    - 1) a web application server;
      
           2) an application;
      
           3) a network firewall;
      
           4) a web server;
      
           5) a data store; and
      
           6) an operating system.
  - 23. The computer readable medium of claim 19 wherein:
    - the at least one SSM can perform at least one of
      
           1) authentication;
      
           2) authorization;
      
           3) role mapping;
      
           4) auditing; and
      
           5) credential mapping.
  - 24. The computer readable medium of claim 19 wherein:
    - a policy is delegated.
  - 25. The computer readable medium of claim 19 wherein:
    - the information is distributed over a communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US10/961,595
Publication Number

US 20050081062A1
Time in Patent Office

1,810 Days
Field of Search

717/172
US Class Current

717/172
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Distributed enterprise security system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

489 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Distributed enterprise security system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

489 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others