Security control module

US 7,603,547 B2
Filed: 10/08/2004
Issued: 10/13/2009
Est. Priority Date: 10/10/2003
Status: Active Grant

First Claim

Patent Images

1. A system for distributing information from a distributor to one or more security service modules, said system comprising:

an administration server which includes the distributor and a storage medium, wherein the distributor utilizes information in the storage medium to provide a first information that includes configuration and policy information to a remote interface;

wherein the remote interface is capable of accepting the first information from the distributor;

a plurality of security service modules (SSMs) executing on a plurality of computing devices, wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM;

a plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device, and wherein the first SCM includesan extensible framework including one or more service providers, andwherein one of the service providers is a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing a second information to a local interface,wherein the second information includes only a portion of the configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device;

wherein the local interface is capable of providing the second information to the at least one SSM executing on the first computing device to which the second information is relevant; and

wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for distributing information from a first process to one or more security service modules. The system comprises a remote interface, capable of accepting first information from the first process, and a provisioning service provider (PSP) coupled to the remote interface. The PSP can obtain the first information from the remote interface, and also can provide second information to a local interface. The second information is based on the first information and is tailored for the one or more security service modules. The local interface can provide the second information to the one or more security service modules and the one or more security service modules can accept the second information and perform at least one of the following: adjust a configuration of the one or more security service modules to reflect the second information, and protect access to at least one resource based on the second information.

468 Citations

25 Claims

1. A system for distributing information from a distributor to one or more security service modules, said system comprising:
- an administration server which includes the distributor and a storage medium, wherein the distributor utilizes information in the storage medium to provide a first information that includes configuration and policy information to a remote interface;
  
  wherein the remote interface is capable of accepting the first information from the distributor;
  
  a plurality of security service modules (SSMs) executing on a plurality of computing devices, wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM;
  
  a plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device, and wherein the first SCM includesan extensible framework including one or more service providers, andwherein one of the service providers is a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing a second information to a local interface,wherein the second information includes only a portion of the configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device;
  
  wherein the local interface is capable of providing the second information to the at least one SSM executing on the first computing device to which the second information is relevant; and
  
  wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein:
    - at least one of the first information and the second information includes only information that has changed.
  - 3. The system of claim 1 wherein:
    - the policy information controls access to one of;
      
      the at least one resource, a resource attribute and a role.
  - 4. The system of claim 1 wherein a security service module includes:
    - a dynamically configurable services layer.
  - 5. The system of claim 1, further comprising:
    - a cache capable of caching the first information.
  - 6. The system of claim 1, further comprising:
    - a cache capable of caching the second information.
  - 7. The system of claim of 1 wherein:
    - the second information is automatically provided to the one or more security service modules.
  - 8. The system of claim 1 wherein:
    - the second information is provided to the one or more security service modules when the one or more security service modules requests the second information.
  - 9. The system of claim 1, further comprising:
    - a secure communication link capable of securely transporting at least one of;
      
      the first information and the second information.

10. A method for distributing information from a distributor to one or more security service modules, said method comprising the steps of:
- utilizing information in a storage medium by the distributor to provide a first information which includes configuration and policy information to a remote interface;
  
  providing a plurality of security service modules (SSMs) executing on a plurality of computing devices;
  
  wherein the distributor and the storage medium are included in an administration server, and wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM;
  
  obtaining the first information from the distributor by a provisioning service provider coupled to the remote interface;
  
  wherein the provisioning service provider is one service provider of one or more service providers included in an extensible framework and wherein the extensible framework and the service providers are included in plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device;
  
  providing a second information to the at least one SSM executing on the first computing device by the provisioning service provider through a local interface, wherein the second information includes only configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device; and
  
  wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 wherein:
    - at least one of the first information and the second information includes only information that has changed.
  - 12. The method of claim 10 wherein:
    - the policy information controls access to one of;
      
      the at least one resource, a resource attribute and a role.
  - 13. The method of claim 10 wherein a security service module includes:
    - a dynamically configurable services layer.
  - 14. The method of claim 10, further comprising:
    - caching of one or more of;
      
      the first information and the second information.
  - 15. The method of claim of 10 wherein, further comprising:
    - providing the second information to the one or more security service modules when the one or more security service modules requests the second information.
  - 16. The method of claim 10 wherein:
    - the first information is transported over a secure communication link.
  - 17. The method of claim 10 wherein:
    - the second information is transported over a secure communication link.

18. A computer readable medium having instructions stored thereon to cause a system to:
- utilize information in a storage medium by the distributor to provide a first information which includes configuration and policy information to a remote interface;
  
  provide a plurality of security service modules (SSMs) executing on a plurality of computing devices;
  
  wherein the distributor and the storage medium are included in an administration server, and wherein each SSM includes an information query client and a services layer and wherein each SSM manages security for and is integrated with one of an application, a network hardware component, an application server, a web server, and a proxy server executing on a computing device with that SSM;
  
  obtain the first information from the distributor by a provisioning service provider coupled to the remote interface;
  
  wherein the provisioning service provider is one service provider of one or more service providers included in an extensible framework and wherein the extensible framework and the service providers are included in plurality of security control managers (SCMs) each executing on a different computing device, including a first SCM executing on a first computing device with at least one SSM, wherein the first SCM provisions information only to SSMs executing on the first computing device;
  
  provide a second information to the at least one SSM executing on the first computing device by the provisioning service provider through a local interface, wherein the second information includes only configuration and policy information from the first information that is relevant to one of the at least one SSM executing on the first computing device; and
  
  wherein each SSM is capable of accepting information from the local interface and updating its configuration and policy information based thereon including dynamically configuring at least one security provider based on the information.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The computer readable medium of claim 18 wherein:
    - at least one of the first information and the second information includes only information that has changed.
  - 20. The computer readable medium of claim 18 wherein:
    - the policy controls access to one of;
      
      the at least one resource, a resource attribute and a role.
  - 21. The computer readable medium of claim 18 wherein a security service module includes:
    - a dynamically configurable services layer.
  - 22. The computer readable medium of claim 18, further comprising:
    - caching of one or more of;
      
      the first information and the second information.
  - 23. The computer readable medium of claim of 18 wherein, further comprising instructions to cause the system to:
    - providing the second information to the one or more security service modules when the one or more security service modules requests the second information.
  - 24. The computer readable medium of claim 18 wherein:
    - the first information is transported over a secure communication link.
  - 25. The computer readable medium of claim 18 wherein:
    - the second information is transported over a secure communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Incorporated (BAE Systems Plc), Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.
Primary Examiner(s)
Sheikh; Ayaz R
Assistant Examiner(s)
Su; Sarah

Application Number

US10/961,674
Publication Number

US 20050097350A1
Time in Patent Office

1,831 Days
Field of Search

713/152, 713/150, 713/151
US Class Current

713/152
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Security control module

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

468 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Security control module

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

468 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links