Security control module
First Claim
1. A system for distributing information from a distributor to one or more security service modules, said system comprising:
- an administration server which includes the distributor and a storage medium, wherein the distributor utilizes information in the storage medium to provide a first information that includes configuration and policy information to a remote interface;
wherein the remote interface is capable of accepting the first information from the distributor;
a plurality of security service modules (SSMs) executing on a plurality of computing devices, wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM;
a plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device, and wherein the first SCM includesan extensible framework including one or more service providers, andwherein one of the service providers is a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing a second information to a local interface,wherein the second information includes only a portion of the configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device;
wherein the local interface is capable of providing the second information to the at least one SSM executing on the first computing device to which the second information is relevant; and
wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for distributing information from a first process to one or more security service modules. The system comprises a remote interface, capable of accepting first information from the first process, and a provisioning service provider (PSP) coupled to the remote interface. The PSP can obtain the first information from the remote interface, and also can provide second information to a local interface. The second information is based on the first information and is tailored for the one or more security service modules. The local interface can provide the second information to the one or more security service modules and the one or more security service modules can accept the second information and perform at least one of the following: adjust a configuration of the one or more security service modules to reflect the second information, and protect access to at least one resource based on the second information.
468 Citations
25 Claims
-
1. A system for distributing information from a distributor to one or more security service modules, said system comprising:
-
an administration server which includes the distributor and a storage medium, wherein the distributor utilizes information in the storage medium to provide a first information that includes configuration and policy information to a remote interface; wherein the remote interface is capable of accepting the first information from the distributor; a plurality of security service modules (SSMs) executing on a plurality of computing devices, wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM; a plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device, and wherein the first SCM includes an extensible framework including one or more service providers, and wherein one of the service providers is a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing a second information to a local interface, wherein the second information includes only a portion of the configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device; wherein the local interface is capable of providing the second information to the at least one SSM executing on the first computing device to which the second information is relevant; and wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for distributing information from a distributor to one or more security service modules, said method comprising the steps of:
-
utilizing information in a storage medium by the distributor to provide a first information which includes configuration and policy information to a remote interface; providing a plurality of security service modules (SSMs) executing on a plurality of computing devices; wherein the distributor and the storage medium are included in an administration server, and wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM; obtaining the first information from the distributor by a provisioning service provider coupled to the remote interface; wherein the provisioning service provider is one service provider of one or more service providers included in an extensible framework and wherein the extensible framework and the service providers are included in plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device; providing a second information to the at least one SSM executing on the first computing device by the provisioning service provider through a local interface, wherein the second information includes only configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device; and wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer readable medium having instructions stored thereon to cause a system to:
-
utilize information in a storage medium by the distributor to provide a first information which includes configuration and policy information to a remote interface; provide a plurality of security service modules (SSMs) executing on a plurality of computing devices; wherein the distributor and the storage medium are included in an administration server, and wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM; obtain the first information from the distributor by a provisioning service provider coupled to the remote interface; wherein the provisioning service provider is one service provider of one or more service providers included in an extensible framework and wherein the extensible framework and the service providers are included in plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device; provide a second information to the at least one SSM executing on the first computing device by the provisioning service provider through a local interface, wherein the second information includes only configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device; and wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification