WO2000025214A1 - Maintaining security in a distributed computer network - Google Patents
Maintaining security in a distributed computer network Download PDFInfo
- Publication number
- WO2000025214A1 WO2000025214A1 PCT/US1999/025455 US9925455W WO0025214A1 WO 2000025214 A1 WO2000025214 A1 WO 2000025214A1 US 9925455 W US9925455 W US 9925455W WO 0025214 A1 WO0025214 A1 WO 0025214A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- policy
- application
- client
- access
- guard
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000013475 authorization Methods 0.000 claims description 96
- 238000007726 management method Methods 0.000 claims description 43
- 238000012550 audit Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 12
- 230000008520 organization Effects 0.000 description 12
- 238000011156 evaluation Methods 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007717 exclusion Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012552 review Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000010923 batch production Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 230000001143 conditioned effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Definitions
- This invention relates generally to computer security systems, and relates more particularly to a system and method for managing and enforcing complex security requirements in a distributed computer network.
- the system may typically employ a combination of encryption, authentication, and authorization technologies. Encryption is a means of sending information between participants in a manner that prevents other parties from reading the information. Authentication is a process of verifying a party's identity. Authorization is a technique for determining what actions a participant is allowed to perform.
- Encryption and authentication are well-understood and have led to effective network security products, whereas authorization technology is not as well developed, and is often inadequate for many enterprises.
- the security approach of most companies today is to focus on the authentication of users to ensure that those users are part of the organization or a member of a select group.
- Authentication can be accomplished with a number of different approaches, from simple password or challenge response mechanisms to smart cards and biometric devices such as a fingerprint reader.
- Once users are authenticated there is still a significant problem in managing and enforcing their set of privileges, which may be unique and vary widely between users.
- the same authentication mechanism can be used for every user, but different authorization mechanisms must be developed for most applications. Therefore, reliable and efficient access control is a much more difficult problem facing enterprises today.
- Authentication mechanisms often work together with some sort of access control facility that can protect information resources from unauthorized users.
- network security products include firewalls, digital certificates, virtual private networks, and single sign-on systems. Some of these products provide limited support for resource-level authorization. For example, a firewall can screen access requests to an application or a database, but does not provide object-level authorization within an application or database.
- Single Sign-On (SSO) products for example, maintain a list of resources an authenticated user can access by managing the login process to many different applications.
- SSO Single Sign-On
- firewalls, SSO and other related products are very limited in their ability to implement a sophisticated security policy characteristic of many of today's enterprises. They are limited to attempting to manage access at a login, or "launch level", which is an all or nothing approach that inherently cannot implement a business-level policy.
- a real-world security policy within a large enterprise is a detailed and dynamic knowledge base specific to that organization.
- the authorization privileges are specific to the constantly evolving set of users, applications, partners, and global policies that the enterprise puts in place to protect its key information resources.
- a security policy within a large enterprise can consist of tens or hundreds of thousands of individual rules that cover which users are authorized to access particular applications, perform various operations, or manage the delegation and transfer of tasks. Many of these policy rules that implement the business practice of the organization have to be hard coded within custom-built applications or stored in the database.
- a real-world security policy within a large organization is a detailed and dynamic knowledge base that determines which users are authorized to access particular applications, perform various operations or manage the delegation and transfer of tasks, as well as when and under what circumstances they are permitted to do so.
- Authorization privileges depend upon a constantly evolving set of users, applications, partners, and business polices that comprise the ente ⁇ rise security policy.
- a typical ente ⁇ rise environment consists of several thousand users, hundreds of applications, and a myriad of network resources, resulting in a security policy that can consist of tens or hundreds of thousands of interrelated policy rules.
- a system and method are disclosed to manage and enforce complex security requirements for a computer system in a distributed computer network.
- the system comprises a policy manager located on a server for managing and distributing a local client policy based on a global security policy, and an application guard located on a client or server associated with one or more clients for managing access to securable components as specified by the local client policy.
- the global policy specifies access privileges of the user to securable components.
- the policy manager may then distribute a local client policy based on the global policy to the client or server.
- An application guard located on the client or server then manages authorization requests to the securable components as specified by the local client policy. Each authorization request may be recorded in an audit log to keep track of the authorization requests, whether they were granted or denied, and other useful information.
- the system and method of the present invention supports centralized management and distributed authorization.
- a central policy server stores and manages the policy rules in a centrally administered database.
- a powerful graphical user interface is used to create, manage, and customize the elements of a policy. Security rules can be specified by both novice and expert users.
- a dedicated authorization service is associated with one or more applications.
- the central policy server automatically distributes (over the network) only the relevant portion of the ente ⁇ rise policy to each remote service. This distributed architecture ensures that authorization requests are not bottlenecked at a central service point and provides unlimited scalability and maximum performance, regardless of the number of applications or policy rules involved.
- a more sophisticated security policy is possible because the application has the ability to evaluate access privileges upon every access to the information, during every transaction, and at every data request. Therefore, the present invention more efficiently and effectively manages and protects computer applications, databases, and network resources against unauthorized access in a distributed computer network.
- FIG. 1 is a block diagram of one embodiment for one system, in accordance with the present invention.
- FIG. 2 is a block diagram of one embodiment of the non-volatile memory located within the server in FIG. 1 , according to the present invention
- FIG. 3 is a block diagram of one embodiment of the non-volatile memory located within the client in FIG. 1 , according to the present invention
- FIG. 4 is a block diagram of one embodiment of the policy manager located within the non-volatile memory in FIG. 2, in accordance with the present invention
- FIG. 5 is a block diagram of one embodiment of the application guard located within the non-volatile memory in FIG. 3, according to the present invention.
- FIG. 6 is a block diagram of one embodiment of a policy loader, in accordance with the present invention.
- FIG. 7 is a flowchart of one embodiment of method steps to configure a system, in accordance with the present invention.
- FIG. 8 is a flowchart of one embodiment to manage policy in the management station, according to the present invention.
- FIG. 9 is a flowchart of one embodiment to navigate tree in the management station, according to the present invention.
- FIG. 10 is a flowchart of one embodiment to analyze policy in the management station, in accordance with the present invention
- FIG. 1 1 is a flowchart of one embodiment to edit policy in the management station, in accordance with the present invention
- FIG. 12 is a flowchart of method steps to distribute policy, according to one embodiment of the present invention.
- FIG. 13 is a flowchart of method steps for client access authorization, in accordance with one embodiment of the present invention.
- FIG. 14 is a flowchart of method steps to evaluate authorization request, according to one embodiment of the present invention.
- the present invention relates to an improvement in security techniques to protect computer systems against unauthorized access.
- the following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements. Various modifications to the preferred embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. Thus, the present invention is not intended to be limited to the embodiment shown but is to be accorded the widest scope consistent with the principles and features described herein.
- the present invention includes a system and method for managing and enforcing complex security requirements in a distributed computer network, and comprises a policy manager located on a server for managing and distributing a policy to a client, and an application guard located on the client, the application guard acting to grant or deny access to various components of the client, as specified by the policy.
- FIG. 1 a block diagram of one embodiment of a distributed computer network system 1 10 is shown, including a server 1 12 connected via a network 1 14 to a client 1 16, in accordance with the present invention.
- server 1 12 is typically connected to many clients 1 16.
- server 1 12 may preferably include a central processing unit (CPU) 1 18, a read-only memory (ROM) 120, a random-access memory (RAM) 122, a non-volatile memory 124, an input device 126, and a display 128 all connected via a bus 130.
- CPU central processing unit
- ROM read-only memory
- RAM random-access memory
- non-volatile memory 124 non-volatile memory
- input device 126 input device
- display 128 all connected via a bus 130.
- client 1 16 may preferably include a central processing unit (CPU) 132, a read-only memory (ROM) 134, a random-access memory (RAM) 136, a non-volatile memory 138, an input device 140, and a display 142 all connected via a bus 144.
- CPU central processing unit
- ROM read-only memory
- RAM random-access memory
- Server 1 12 preferably contains a program stored in non-volatile memory 124 for managing a policy or a set of rules and then distributing the policy to client 1 16 via link 1 14.
- Client 1 16 preferably contains a program stored in non-volatile memory 138 for granting or denying access to various components or resources of client 1 16, as specified by the policy distributed from server 1 12.
- various components or resources of client 1 16 can include applications, functions or procedures within an application, data structures within an application, and database or file system objects referenced by an application.
- non-volatile memory 124 includes a policy manager 210 that manages and distributes a policy.
- a policy is intended to specify the security requirements for applications and database objects.
- a policy may contain thousands of "security rules" that describe several constraints, including what applications a particular user can access, what objects (operations) within an application a user can access, and how those privileges are constrained by time, geography, or external events.
- a policy or authorization policy should constrain access to both applications and the operations within them.
- the policy may be generalized to groups and hierarchies, not just specified for individual users.
- An authorization policy preferably consists of four components, including objects, subjects, privileges, and conditions.
- Objects may be applications, or the operations within an application. Examples of objects include applications or methods, web pages, database tables or files, and menu items in a graphical user interface.
- the granularity of objects has a direct impact on the level of security achieved. The less information an object contains, it is less likely that a user has access to information not needed to perform his job function. On the other hand, the granularity of objects should be balanced against the ease of security management. The more information an object contains, the fewer objects that have to be protected, and the smaller the policy is.
- Objects are preferably organized into an object hierarchy. If an object represents an application, then its children objects might represent the methods with the application. Similarly, if an object represents a database, then its children objects might represent the tables and views within the database.
- privileges are inherited from parent to children objects. Privilege inheritance through the object hierarchy eases security management because rather than granting the same privilege to every child object, the privilege is granted once to the parent object, and if the privileges of an object change, the policy on all the children objects automatically reflect the changes made to the object.
- Subjects may be users, or roles containing users, who access protected objects. Subjects correspond to users that have access to information in a system. Users can either be internal or external to a system. Users are authorized to access information in order to perform their job functions. Such access may be controlled so that a user gets access only to the information needed to perform his job function.
- An object such as an application or a database, typically has its own list of users. These are users who can log on to the object and be authenticated by the objects, sometimes through an external authentication server.
- users are preferably maintained separately by one or more directory servers. Users are preferably extracted from objects or directory servers, and are maintained up-to-date by synchronizing with these objects and directory servers.
- Alias users may also be supported.
- An alias of a user is another user who inherits all the privileges of the user under certain conditions. Alias facilitates authorization management by providing fine granularity of control on the propagation of privileges. For example, an alias of a user can be created to perform his job function while he is absent. The inheritance of privileges takes effect only when the user is absent.
- An alias implements the business requirements of delegation, where the privileges of a user can be delegated to another user under certain conditions.
- Conditional inheritance of privileges through an alias reduces the burden of security management, because it restricts privilege propagation to situations when certain conditions are satisfied.
- Users of an object may be defined as being local to that object. In a typical system, the same user is often represented by different login identifications in different objects. This system may support the notion of a "global" user to capture this situation. Every global user is mapped to a set of local users, one per object. Global users facilitate the centralized management of users throughout the system, even if they are identified by different names in different objects.
- a privilege defines the kinds of access that may be allowed on objects.
- a privilege is the right to perform a particular action on a specific object.
- the kinds of privileges that apply to an object depend on the type of the object. Examples of privileges include the right to execute an application, the right to download a web page, the right to query a database table, or the right to view a menu item.
- Privileges are granted to users so they can accomplish tasks required for their job.
- a privilege should be granted to a user only when it is absolutely required for the user to accomplish a task. Excessive granting of unnecessary privileges may lead to compromised security.
- a user may receive a privilege in two different ways, privileges can be granted to users explicitly (for example, user SMITH can be granted the privilege to execute the payroll application), or privileges can be granted to a role (a named group of privileges), which is then granted to one or more users (for example, a role named "clerk" can be granted the privilege to execute the payroll application, and user SMITH can be granted the clerk role).
- Roles are named groups of privileges that are granted to users or other roles. Users granted to a role are the members of that role. A role is often used to represent the set of privileges needed to perform a job function. The members of a role automatically inherit all the privileges granted or denied to the role. In addition, roles may be organized into a role hierarchy, where parent roles are granted to children roles. If a parent role is granted a privilege, then the children roles are automatically granted the privilege. Similarly, if a role is denied a privilege, then the children roles are automatically denied the privilege. Roles of an object may be defined as being local to that object. In a typical system, the same role is often represented by different names in different objects. This system may support the notion of a "global" role to capture this situation. Every global role is mapped to a set of local roles, one per object. Global roles facilitate the centralized management of roles throughout the system, even if they are identified by different names in different objects.
- Role membership may be further constrained by the notion of mutual exclusion. Two roles are mutually exclusive if no single user can be granted to both roles simultaneously. Role mutual exclusion implements a business requirement of separation of duty. For example, a submit t dget role and an approve_b ⁇ dget role should be mutually exclusive, because no user should be simultaneously authorized to perform both actions.
- a grant rule states that a privilege on an object is granted to a subject under an optional constraint.
- a deny rule states that a privilege on an object is denied to a subject under an optional constraint.
- a wild card "any" may be used as a privilege, object, or subject, meaning that any legitimate value could be substituted in its place.
- An access request preferably consists of a privilege, an object, and a subject, representing the fact that the subject request authorization of the privilege on the object.
- An access request matches a grant rule if the privilege, object, and subject math those in the rule, and the constraint in the rule evaluates to "true.”
- An access request matches a deny rule if the privilege, object, and subject match those in the rule, and the constraint in the rule does not evaluate to "false.”
- An access request is denied if there is a deny rule matching the request, or there are no access rules matching the request.
- An access request is granted if there are no deny rules matching the request, and there is a grant rule matching the request.
- Conditions define the constraints on when objects and subjects can be accessed.
- the constraints in an access rule specifies further requirements on when the access rule is applicable. These requirements could be conditioned on properties of the object or the subject.
- Constraints are preferably expressions formed from conditions and Boolean operators NOT, AND, and OR.
- relational operations , ⁇ >, LIKE, NOTLIKE on strings
- the operator LIKE takes a string and a pattern and evaluates to true if the string matches the pattern, the operator NOTLIKE is the negation of LIKE
- set operations IN, NOTIN the operator IN on integers takes an integer and a set of integers and evaluates to "true” if the integer is in the set, the operator EN * on strings is similarly defined, and the operator NOTIN is the negation of IN).
- system 1 10 may declare custom evaluation functions, which are customer-defined conditions.
- System 1 10 may provide an Application Programming Interface (API) for invoking customer-supplied code to evaluate custom evaluation functions.
- API Application Programming Interface
- an evaluation function could access a remote database to validate certain properties of the object.
- Another evaluation function could invoke an external server to authenticate the subject.
- policy manager 210 preferably includes a management station program 212 to operate policy manager 210, a distributor program 214 to distribute local client policies to clients, a logger program 216 to track authorization requests, and a database management system (DBMS) 218 to maintain policy data files.
- Policy manager 210 also includes an audit log data file 220 to record authorization requests, an optimized policy data file 222, an ente ⁇ rise policy data file 224, an administrative policy data file 226, and a local administrative policy data file 228. The contents and operation of policy manager 210 are further discussed below in conjunction with FIGS. 4, 8, 9, 10, 1 1, and 12.
- non-volatile memory 138 located within client 1 16 of FIG. 1 , is shown.
- non-volatile memory 138 preferably includes an application guard 310 that grants or denies access to various components of client 1 16, as specified by a pre-determined policy.
- various components of client 1 16 can include applications, data, and/or objects.
- application guard 310 preferably includes at least one application 312, an authorization library program 314, an authorization engine program 316, and a local client policy 318. The contents and operation of application guard 310 are further discussed below in conjunction with FIGS. 5, 13, and 14.
- policy manager 210 located within non-volatile memory 124 in FIG. 2, is shown.
- policy manager 210 allows system users to implement, analyze, edit and update a centrally-managed security policy or enterprise policy 224.
- policy manager 210 preferably includes a management console or management station 212, a database management system 218, an audit facility or logger 216, and a distributor 214.
- management station 212 preferably includes a graphical user interface (GUI) 410 for creating or customizing rules by system users.
- GUI graphical user interface
- Management station 212 supports concurrent rule development by multiple users.
- Each policy rule preferably includes four basic components: 1) an object that is to be protected; 2) an access right or privilege; 3) a global or local user to which the privilege applies; and 4) conditions under which the privilege is granted or denied, including built- in access criteria such as time of day or location, as well as custom-defined access criteria.
- GUI 410 provides a user-friendly set of menu options or management services 412 to fully operate the policy manager.
- Programs controlled by the menu options may include navigation 414, search 416, distribution 418, edit 420, query 422, and log viewer 424. The operation of these programs are further discussed below in conjunction with FIGS. 8, 9, 10, 1 1, and 12.
- the management services can be operated from an application through an API that allows programs to perform the same functions as a human operator.
- management station also includes an application guard 426 to allow only authorized administrators to operate management station 212.
- Local administrative policy 228 provides a set of policy rules specifying which users are authorized to access management station 212. After the policy rules are created or modified using management station 212, they may then be distributed to appropriate clients 1 16.
- Management station 212 includes a communication interface 434 in order to pass information between various other components in system 1 10.
- a parser/type checker 428 Prior to when the policy rules are distributed, a parser/type checker 428 preferably reviews and reconstructs the policy rules to make sure that they are syntactically and semantically correct according to a predefined policy language.
- the policy rules pass through a database layer (DB layer) 430 and an open database connectivity layer (ODBC) 432 before being stored as ente ⁇ rise policy 224.
- DB layer 430 formats the policy rules into standard database storage tables, and ODBC 432 provides a common interface to various vendor-specific databases.
- Ente ⁇ rise policy 224 is then passed to distributor 214.
- An optimizer program 436 within distributor 214 determines which application guard 310 needs to receive which policy rules.
- a differ program 438 determines what type of changes were made to optimized policy 222, and then distributes only the changed policy rules or local client policy 318 to the appropriate application guards 310 through an ODBC layer 440 and a communication interface 442, which enforce access control to local applications and data. Since the application guards 310 can be distributed among various clients 1 16, and each application guard 310 has its own specific local client policy 318, the system provides scalability.
- Distributor 214 may also be used to optimize administrative policy 226 into an optimized administrative policy or local administrative policy 228 for use with application guard 426 in management station 212.
- Application guard 310 located within non-volatile memory 138 in FIG. 3, is shown.
- Application guard 310 may be distributed on clients 1 16 throughout an ente ⁇ rise, and is designed to reside along with each of the protected applications having an associated application guard 310.
- Application guard 310 supports transactional access control by allowing an application to be aware of the authorization service and to make authorization requests at each and every user interaction, data request, or business-level transaction.
- the design and integration of application guard 310 is fundamental to providing access control to business-level objects within an application since the authorization services have visibility to those named policy objects within the application.
- application guard 310 is preferably integrated into application 312 through a high-level application programming interface (API) or authorization library 314 that allows application 312 to request authorization services as needed through an application guard interface 512. Typically, this can be done very quickly by including authorization requests at key points in application 312 for control user interaction or database access so that each interaction is protected with a minimum of development.
- an authorization request is processed by authorization engine 316.
- a parser/type checker 514 parses local client policy 318 and stores the parsed local client policy in RAM 136.
- An evaluator 516 determines whether the authorization request should be granted or denied by evaluating the authorization request with the parsed local client policy in RAM 136.
- Plug-ins 522 in authorization engine 316 allow for additional capabilities to process and evaluate authorization requests based on customized code. Each authorization request is then recorded in an audit log 518 and transmitted to logger 216 via a communication interface 520. Users have the option of implementing application guard 310 locally to application 312, as a service running on the same system as application 312, or as a remote authorization service through a remote procedure call to another server. The advantage of the latter design would be to offload the application server from handling authorization services or allowing a single authorization server to handle a multiple number of applications. A local implementation would provide maximum performance and minimize any network traffic overhead.
- application guard 310 includes an application guard interface 512 coupled to an application 312 for requesting access to securable components.
- Application guard 310 also includes at least one authorization engine 316 for evaluating requests from application guard interface 512 as specified by local client policy 318. Multiple authorization engines 316 can be used for added performance and reliability.
- application guard interface 512 can be located on a client computer, while authorization engine 316 and local client policy 318 can be located on a client server.
- the application guard authorization service of the present invention introduces virtually no performance overhead to an existing application 312.
- the policy rules developed at policy manager 210 are compiled into an optimized form before being distributed to the target application guards 310. This optimized form only distributes attributes relevant to that application guard 310, so that access requests may be evaluated by reviewing only a few rules rather than frequently analyzing the potentially large policy rule base.
- logger 216 may then advantageously receive a client audit log 450 through a communication interface 452 and an ODBC 454 from authorization engine 316 (FIG. 5). Client audit log 450 is then formatted by message processing 456 before being stored in audit log 220. Audit log 220 may then be monitored via log viewer 424 in management station 212.
- policy rules may be entered one at a time into enterprise policy database 224 via management station 212 (FIG. 4), or the policy rules may alternatively be loaded as a batch process via policy loader 610.
- Policy loader 610 is an additional utility that bulk loads an existing set of policy rules into ente ⁇ rise policy database 224.
- An existing set of policy rules may be entered into policy loader 610 via input 612.
- a parser/type checker 614 then preferably reviews and reconstructs the policy rules to make sure that they are syntactically and semantically correct according to a predefined policy language.
- the policy rules may then be passed through a DB layer 616 and an ODBC 618 before being stored in ente ⁇ rise policy database 224.
- FIG. 7 a flowchart of method steps to configure a system in accordance with one embodiment of the present invention is shown.
- a system administrator installs policy manager 210 on a server 1 12.
- the installation may include management station 212, distributor 214, logger 216, and DBMS 218.
- the system administrator then enters a set of policy rules.
- the administrator can decide whether to use policy loader 610, or to use management station 212 to enter policy rules.
- policy rules are entered using edit function 420. However, if policy loader 610 is used, then at step 716, policy rules are entered into a file, and at step 718, the file of policy rules passes to policy loader 610.
- step 720 the system administrator installs application guards 310 onto client systems 1 16, as well as installing local client policies 318 onto client systems 1 16. Then at step 722, the system administrator registers plug-ins 522 into application guards 318 to allow for additional capabilities in order to process authorization requests based on customized code.
- FIG. 8 a flowchart of one embodiment to manage policy under management services 412 in management station 212 is shown.
- an authorized administrator logs in to policy manager 210.
- the authorized administrator chooses between administrative mode or ente ⁇ rise mode.
- the administrative mode allows the system administrator to manage administrative policy 226, and the ente ⁇ rise mode allows the system administrator to manage ente ⁇ rise policy 224.
- the system administrator is then presented with six menu options including navigate tree 814, analyze policy 816, edit policy 818, distribute policy 820, view audit log 822, and exit 824.
- View audit log 822 is a security feature that allows an administrator to view and track all authorization requests that have occurred at any application guards 310 connected to system 1 10. The system administrator can choose any of the menu options, or at step 824 the system administrator may then exit the system.
- Navigate tree 814 provides a set of options for an administrator to add, delete, and/or modify features on server 1 12 or client 1 16.
- the features that an administrator may add, delete, and/or modify include global users 910, global roles 912, directories 914, local roles 916, local users 918, applications 920, application guards 922, and declarations 924.
- the system administrator may then exit from navigate tree 814.
- Analyze policy 816 preferably allows an authorized user to analyze and view rules and policies within ente ⁇ rise policy 224.
- the user has an option to search rules, or at step 1012 to query policy.
- search rules When search rules is selected, a search can be made for all the grant rules or all the deny rules pertaining to a particular user.
- query policy When query policy is selected, a search can be made on who is granted or denied what privilege on which objects under what conditions.
- the system administrator may exit from analyze policy 816.
- Edit policy 818 allows an authorized user to add, delete, and/or modify ente ⁇ rise policy 224 features.
- the features that may be edited include rule sets 1 1 10, access 1 1 12, privilege 1 1 14, objects 1 1 16, user/role 1 1 18, and attributes 1 120.
- the system administrator may then exit edit policy 818.
- a flowchart of one embodiment of method steps of menu option distribute policy 820 is shown.
- the modified features of ente ⁇ rise policy 224 may then be distributed to appropriate application guards 310.
- distributor 214 optimizes ente ⁇ rise policy 224.
- differ 438 preferably computes any difference between the newly optimized policy and optimized policy 222.
- the newly optimized policy is then published as optimized policy 222 in DBMS 218.
- step 1216 only the changed portions of optimized policy 222 are committed to appropriate application guards 310.
- application guards 310 receive the changed policy, and then at step 1220, application guards 310 merge the changed policy into local client policy 318.
- new local client policy 318 is activated to work with application guard 310.
- FIG. 13 a flowchart of one embodiment of method steps for client access authorization is shown.
- the FIG. 13 example for using a standard application guard 310 by a user begins with a user requesting access to a securable component protected by an application guard 310.
- application guard 310 constructs and issues an authorization request.
- the authorization request is evaluated by application guard 310 according to its local client policy 318 to determine whether to allow or deny the authorization request.
- audit 518 then records the authorization request in audit log 450.
- step 1316 if there is an error in the authorization request, or if the request is not valid, then at step 1318 the user is denied access.
- step 1320 it is determined whether access should be granted. If the evaluated authorization request does not deny access for the user, then at step 1322 access is allowed. If the evaluated authorization request denies access for the user, then at step 1324 access is denied.
- step 1420 evaluator 516 first searches any deny rules in local policy 318. At step 1412, if evaluator 516 finds any deny rules, then at step 1414, an evaluation is performed on any constraints on the deny rules. If, at step 1416, the evaluation finds presently valid constraints on the deny rules, then at step 1418 access is denied.
- step 1416 the evaluation finds that the constraints on the deny rules are not presently valid, or if no deny rules are found in foregoing step 1412, then at step 1420, a search of grant rules is performed. If no grant rules are found at step 1422 that would allow access for the user, then at step 1418, access is denied. If in step 1422 grant rules are found, then at step 1424 an evaluation is performed on any constraints in the grant rules. If the evaluated constraint is presently valid, then at step 1426, a true value is passed, and at step 1428 access is allowed. However, if the evaluated constraint is not presently valid, then at step 1426, a false value is passed, and at step 1418 access is denied.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Multi Processors (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0110181A GB2360107B (en) | 1998-10-28 | 1999-10-28 | Maintaining security in a distributed computer network |
AU13315/00A AU1331500A (en) | 1998-10-28 | 1999-10-28 | Maintaining security in a distributed computer network |
JP2000578733A JP2002528815A (en) | 1998-10-28 | 1999-10-28 | Maintaining security within a distributed computer network |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10596398P | 1998-10-28 | 1998-10-28 | |
US60/105,963 | 1999-02-12 | ||
US09/248,788 US6158010A (en) | 1998-10-28 | 1999-02-12 | System and method for maintaining security in a distributed computer network |
US09/248,788 | 1999-02-12 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000025214A1 true WO2000025214A1 (en) | 2000-05-04 |
Family
ID=26803151
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1999/025455 WO2000025214A1 (en) | 1998-10-28 | 1999-10-28 | Maintaining security in a distributed computer network |
Country Status (5)
Country | Link |
---|---|
US (5) | US6158010A (en) |
JP (1) | JP2002528815A (en) |
AU (1) | AU1331500A (en) |
GB (1) | GB2360107B (en) |
WO (1) | WO2000025214A1 (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2355323A (en) * | 1999-10-05 | 2001-04-18 | Authoriszor Ltd | Information security profile and policy system |
EP1189128A3 (en) * | 2000-09-15 | 2002-08-07 | Matsushita Electric Industrial Co., Ltd. | Secure system and method for accessing files in computers using fingerprints |
US6460141B1 (en) | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
DE10146361A1 (en) * | 2001-09-20 | 2003-04-24 | Fraunhofer Ges Forschung | Device and method for establishing a security policy in a distributed system |
EP1308823A2 (en) | 2001-10-31 | 2003-05-07 | Asgent, Inc. | Creating security policies automatically |
GB2386710A (en) * | 2002-03-18 | 2003-09-24 | Hewlett Packard Co | Controlling access to data or documents |
US6704874B1 (en) | 1998-11-09 | 2004-03-09 | Sri International, Inc. | Network-based alert management |
WO2004051929A1 (en) * | 2002-12-03 | 2004-06-17 | Nanjing Golden Eagle International Group Software System Co., Ltd. | Audit platform system for application process based on components |
EP1591860A1 (en) * | 2003-02-04 | 2005-11-02 | Fujitsu Limited | Software maintenance service providing system, software maintenance service method, and program for causing computer to execute the method |
EP1746764A3 (en) * | 2005-07-21 | 2007-02-07 | Huawei Technologies Co., Ltd. | Universal security management system, device and method for network management |
EP1897019A1 (en) * | 2005-05-13 | 2008-03-12 | Cryptomill | Cryptographic control for mobile storage means |
US7917393B2 (en) | 2000-09-01 | 2011-03-29 | Sri International, Inc. | Probabilistic alert correlation |
EP1542426A3 (en) * | 2003-12-05 | 2011-12-14 | Microsoft Corporation | Security-related programming interface |
EP2405607A1 (en) * | 2009-05-22 | 2012-01-11 | ZTE Corporation | Privilege management system and method based on object |
WO2012056099A1 (en) * | 2010-10-29 | 2012-05-03 | Nokia Corporation | Method and apparatus for providing distributed policy management |
EP2507736A2 (en) * | 2009-11-30 | 2012-10-10 | Absolute Software Corporation | Approaches for a location aware client |
EP2529300A1 (en) * | 2010-01-27 | 2012-12-05 | Varonis Systems, Inc. | Time dependent access permissions |
EP2591438A2 (en) * | 2010-07-06 | 2013-05-15 | Ipsiti, Inc. | Systems and methods for establishing trust between entities in support of transactions |
US8464354B2 (en) | 2005-05-13 | 2013-06-11 | Cryptomill Inc. | Content cryptographic firewall system |
US9027121B2 (en) | 2000-10-10 | 2015-05-05 | International Business Machines Corporation | Method and system for creating a record for one or more computer security incidents |
US9191369B2 (en) | 2009-07-17 | 2015-11-17 | Aryaka Networks, Inc. | Application acceleration as a service system and method |
US11159575B2 (en) | 2019-04-02 | 2021-10-26 | Trinomial Global Ltd | Remote management of a user device |
GB2598552A (en) * | 2020-08-25 | 2022-03-09 | Advanced Risc Mach Ltd | Network security |
Families Citing this family (589)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0825506B1 (en) | 1996-08-20 | 2013-03-06 | Invensys Systems, Inc. | Methods and apparatus for remote process control |
US6947580B1 (en) * | 1996-09-30 | 2005-09-20 | Dalton Patrick Enterprises, Inc. | Pointing device with biometric sensor |
US6408336B1 (en) | 1997-03-10 | 2002-06-18 | David S. Schneider | Distributed administration of access to information |
US7821926B2 (en) * | 1997-03-10 | 2010-10-26 | Sonicwall, Inc. | Generalized policy server |
US7912856B2 (en) * | 1998-06-29 | 2011-03-22 | Sonicwall, Inc. | Adaptive encryption |
US8914410B2 (en) | 1999-02-16 | 2014-12-16 | Sonicwall, Inc. | Query interface to policy server |
US6249868B1 (en) * | 1998-03-25 | 2001-06-19 | Softvault Systems, Inc. | Method and system for embedded, automated, component-level control of computer systems and other complex systems |
US6339826B2 (en) | 1998-05-05 | 2002-01-15 | International Business Machines Corp. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
US7673323B1 (en) | 1998-10-28 | 2010-03-02 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US6324578B1 (en) | 1998-12-14 | 2001-11-27 | International Business Machines Corporation | Methods, systems and computer program products for management of configurable application programs on a network |
US6510466B1 (en) * | 1998-12-14 | 2003-01-21 | International Business Machines Corporation | Methods, systems and computer program products for centralized management of application programs on a network |
IL128720A (en) | 1999-02-25 | 2009-06-15 | Cidway Technologies Ltd | Method for certification of over the phone transactions |
JP2000278290A (en) * | 1999-03-29 | 2000-10-06 | Matsushita Electric Ind Co Ltd | Network managing system |
US7370071B2 (en) | 2000-03-17 | 2008-05-06 | Microsoft Corporation | Method for serving third party software applications from servers to client computers |
US6408326B1 (en) * | 1999-04-20 | 2002-06-18 | Microsoft Corporation | Method and system for applying a policy to binary data |
US8099758B2 (en) * | 1999-05-12 | 2012-01-17 | Microsoft Corporation | Policy based composite file system and method |
WO2000070838A2 (en) * | 1999-05-14 | 2000-11-23 | Pivia, Inc. | Client-server independent intermediary mechanism |
US7272815B1 (en) * | 1999-05-17 | 2007-09-18 | Invensys Systems, Inc. | Methods and apparatus for control configuration with versioning, security, composite blocks, edit selection, object swapping, formulaic values and other aspects |
US7089530B1 (en) | 1999-05-17 | 2006-08-08 | Invensys Systems, Inc. | Process control configuration system with connection validation and configuration |
AU5025600A (en) | 1999-05-17 | 2000-12-05 | Foxboro Company, The | Process control configuration system with parameterized objects |
US6678835B1 (en) * | 1999-06-10 | 2004-01-13 | Alcatel | State transition protocol for high availability units |
US7032022B1 (en) | 1999-06-10 | 2006-04-18 | Alcatel | Statistics aggregation for policy-based network |
US6788980B1 (en) * | 1999-06-11 | 2004-09-07 | Invensys Systems, Inc. | Methods and apparatus for control using control devices that provide a virtual machine environment and that communicate via an IP network |
US6765864B1 (en) | 1999-06-29 | 2004-07-20 | Cisco Technology, Inc. | Technique for providing dynamic modification of application specific policies in a feedback-based, adaptive data network |
US6745332B1 (en) * | 1999-06-29 | 2004-06-01 | Oracle International Corporation | Method and apparatus for enabling database privileges |
US6539379B1 (en) * | 1999-08-23 | 2003-03-25 | Oblix, Inc. | Method and apparatus for implementing a corporate directory and service center |
US20030115246A1 (en) * | 1999-08-24 | 2003-06-19 | Hewlett-Packard Company And Intel Corporation | Policy management for host name mapped to dynamically assigned network address |
US6587876B1 (en) * | 1999-08-24 | 2003-07-01 | Hewlett-Packard Development Company | Grouping targets of management policies |
US6990591B1 (en) * | 1999-11-18 | 2006-01-24 | Secureworks, Inc. | Method and system for remotely configuring and monitoring a communication device |
US6581110B1 (en) * | 1999-12-07 | 2003-06-17 | International Business Machines Corporation | Method and system for reading and propagating authenticated time throughout a worldwide enterprise system |
US7209980B2 (en) * | 1999-12-17 | 2007-04-24 | Gateway Inc. | Method and system for interpreting device control commands |
US6826695B1 (en) * | 2000-01-04 | 2004-11-30 | International Business Machines Corporation | Method and system for grouping of systems in heterogeneous computer network |
US6779120B1 (en) | 2000-01-07 | 2004-08-17 | Securify, Inc. | Declarative language for specifying a security policy |
US6684244B1 (en) | 2000-01-07 | 2004-01-27 | Hewlett-Packard Development Company, Lp. | Aggregated policy deployment and status propagation in network management systems |
US8074256B2 (en) * | 2000-01-07 | 2011-12-06 | Mcafee, Inc. | Pdstudio design system and method |
US20020162008A1 (en) * | 2000-01-28 | 2002-10-31 | Vincent Hill | Method and system for controlling access to a telecommunication or internet system |
US7251666B2 (en) * | 2000-02-01 | 2007-07-31 | Internet Business Information Group | Signature loop authorizing method and apparatus |
FR2805626B1 (en) * | 2000-02-29 | 2004-08-06 | Inovatel | METHOD AND SYSTEM FOR GRANTING PRIVILEGES BY AN ACCESS MANAGER WITHIN A COMMUNICATION NETWORK |
EP1132797A3 (en) * | 2000-03-08 | 2005-11-23 | Aurora Wireless Technologies, Ltd. | Method for securing user identification in on-line transaction systems |
US6880005B1 (en) * | 2000-03-31 | 2005-04-12 | Intel Corporation | Managing policy rules in a network |
US6925443B1 (en) * | 2000-04-26 | 2005-08-02 | Safeoperations, Inc. | Method, system and computer program product for assessing information security |
FI20001311A (en) | 2000-05-31 | 2001-12-01 | Nokia Corp | Wireless local area network |
US7024556B1 (en) * | 2000-06-02 | 2006-04-04 | 3Com Corporation | Distributed system authentication |
US6854016B1 (en) * | 2000-06-19 | 2005-02-08 | International Business Machines Corporation | System and method for a web based trust model governing delivery of services and programs |
US7219304B1 (en) * | 2000-06-19 | 2007-05-15 | International Business Machines Corporation | System and method for developing and administering web applications and services from a workflow, enterprise, and mail-enabled web application server and platform |
US7346848B1 (en) * | 2000-06-21 | 2008-03-18 | Microsoft Corporation | Single window navigation methods and systems |
US7155667B1 (en) * | 2000-06-21 | 2006-12-26 | Microsoft Corporation | User interface for integrated spreadsheets and word processing tables |
US6948135B1 (en) | 2000-06-21 | 2005-09-20 | Microsoft Corporation | Method and systems of providing information to computer users |
US7191394B1 (en) * | 2000-06-21 | 2007-03-13 | Microsoft Corporation | Authoring arbitrary XML documents using DHTML and XSLT |
US7000230B1 (en) * | 2000-06-21 | 2006-02-14 | Microsoft Corporation | Network-based software extensions |
US7624356B1 (en) * | 2000-06-21 | 2009-11-24 | Microsoft Corporation | Task-sensitive methods and systems for displaying command sets |
AU2001264895A1 (en) * | 2000-06-21 | 2002-01-02 | Microsoft Corporation | System and method for integrating spreadsheets and word processing tables |
US6883168B1 (en) * | 2000-06-21 | 2005-04-19 | Microsoft Corporation | Methods, systems, architectures and data structures for delivering software via a network |
EP1168752A1 (en) | 2000-06-23 | 2002-01-02 | Matra Nortel Communications | Access control in client-sever systems |
US8380630B2 (en) * | 2000-07-06 | 2013-02-19 | David Paul Felsher | Information record infrastructure, system and method |
US7464162B2 (en) * | 2000-07-10 | 2008-12-09 | Oracle International Corporation | Systems and methods for testing whether access to a resource is authorized based on access information |
US9038170B2 (en) * | 2000-07-10 | 2015-05-19 | Oracle International Corporation | Logging access system events |
US8204999B2 (en) * | 2000-07-10 | 2012-06-19 | Oracle International Corporation | Query string processing |
US7080077B2 (en) * | 2000-07-10 | 2006-07-18 | Oracle International Corporation | Localized access |
US7134137B2 (en) * | 2000-07-10 | 2006-11-07 | Oracle International Corporation | Providing data to applications from an access system |
US7194764B2 (en) * | 2000-07-10 | 2007-03-20 | Oracle International Corporation | User authentication |
US7249369B2 (en) | 2000-07-10 | 2007-07-24 | Oracle International Corporation | Post data processing |
US8661539B2 (en) * | 2000-07-10 | 2014-02-25 | Oracle International Corporation | Intrusion threat detection |
US7124203B2 (en) | 2000-07-10 | 2006-10-17 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
US7801905B1 (en) * | 2003-11-25 | 2010-09-21 | Prabhdeep Singh | Knowledge archival and recollection systems and methods |
US6823462B1 (en) * | 2000-09-07 | 2004-11-23 | International Business Machines Corporation | Virtual private network with multiple tunnels associated with one group name |
GB2366948B (en) * | 2000-09-15 | 2004-01-21 | Roke Manor Research | LAN user protocol |
US7660902B2 (en) * | 2000-11-20 | 2010-02-09 | Rsa Security, Inc. | Dynamic file access control and management |
US8255791B2 (en) | 2000-11-29 | 2012-08-28 | Dov Koren | Collaborative, flexible, interactive real-time displays |
US6782379B2 (en) * | 2000-12-22 | 2004-08-24 | Oblix, Inc. | Preparing output XML based on selected programs and XML templates |
US7711818B2 (en) | 2000-12-22 | 2010-05-04 | Oracle International Corporation | Support for multiple data stores |
US7937655B2 (en) | 2000-12-22 | 2011-05-03 | Oracle International Corporation | Workflows with associated processes |
US7213249B2 (en) | 2000-12-22 | 2007-05-01 | Oracle International Corporation | Blocking cache flush requests until completing current pending requests in a local server and remote server |
US7475151B2 (en) | 2000-12-22 | 2009-01-06 | Oracle International Corporation | Policies for modifying group membership |
US7349912B2 (en) * | 2000-12-22 | 2008-03-25 | Oracle International Corporation | Runtime modification of entries in an identity system |
US6816871B2 (en) * | 2000-12-22 | 2004-11-09 | Oblix, Inc. | Delivering output XML with dynamically selectable processing |
US7380008B2 (en) * | 2000-12-22 | 2008-05-27 | Oracle International Corporation | Proxy system |
US7802174B2 (en) * | 2000-12-22 | 2010-09-21 | Oracle International Corporation | Domain based workflows |
US8015600B2 (en) | 2000-12-22 | 2011-09-06 | Oracle International Corporation | Employing electronic certificate workflows |
US7415607B2 (en) | 2000-12-22 | 2008-08-19 | Oracle International Corporation | Obtaining and maintaining real time certificate status |
US7363339B2 (en) | 2000-12-22 | 2008-04-22 | Oracle International Corporation | Determining group membership |
US7085834B2 (en) * | 2000-12-22 | 2006-08-01 | Oracle International Corporation | Determining a user's groups |
US7581011B2 (en) | 2000-12-22 | 2009-08-25 | Oracle International Corporation | Template based workflow definition |
US7765580B2 (en) * | 2000-12-22 | 2010-07-27 | Entrust, Inc. | Method and apparatus for providing user authentication using a back channel |
US7062649B2 (en) * | 2001-01-12 | 2006-06-13 | Hewlett-Packard Development Company, L.P. | System and method for categorizing security profile rules within a computer system |
US7181618B2 (en) * | 2001-01-12 | 2007-02-20 | Hewlett-Packard Development Company, L.P. | System and method for recovering a security profile of a computer system |
US7065644B2 (en) * | 2001-01-12 | 2006-06-20 | Hewlett-Packard Development Company, L.P. | System and method for protecting a security profile of a computer system |
US8069116B2 (en) | 2001-01-17 | 2011-11-29 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights associated with an item repository |
US6754642B2 (en) * | 2001-05-31 | 2004-06-22 | Contentguard Holdings, Inc. | Method and apparatus for dynamically assigning usage rights to digital works |
US7131000B2 (en) * | 2001-01-18 | 2006-10-31 | Bradee Robert L | Computer security system |
FI20010256A0 (en) * | 2001-02-12 | 2001-02-12 | Stonesoft Oy | Handling of packet data contact information in a security gateway element |
US7213146B2 (en) * | 2001-02-20 | 2007-05-01 | Hewlett-Packard Development Company, L.P. | System and method for establishing security profiles of computers |
US7185364B2 (en) | 2001-03-21 | 2007-02-27 | Oracle International Corporation | Access system interface |
US7290256B2 (en) * | 2001-02-26 | 2007-10-30 | International Business Machines Corporation | Separations-of-duties analysis tool for object-oriented integrated enterprise wide computing applications |
US7062563B1 (en) | 2001-02-28 | 2006-06-13 | Oracle International Corporation | Method and system for implementing current user links |
US7440962B1 (en) * | 2001-02-28 | 2008-10-21 | Oracle International Corporation | Method and system for management of access information |
US7171411B1 (en) | 2001-02-28 | 2007-01-30 | Oracle International Corporation | Method and system for implementing shared schemas for users in a distributed computing system |
US7350229B1 (en) | 2001-03-07 | 2008-03-25 | Netegrity, Inc. | Authentication and authorization mapping for a computer network |
FR2822256B1 (en) * | 2001-03-13 | 2003-05-30 | Gemplus Card Int | VERIFICATION OF CONFORMITY OF ACCESS TO OBJECTS IN A DATA PROCESSING SYSTEM WITH A SECURITY POLICY |
US7882555B2 (en) * | 2001-03-16 | 2011-02-01 | Kavado, Inc. | Application layer security method and system |
US6920558B2 (en) * | 2001-03-20 | 2005-07-19 | Networks Associates Technology, Inc. | Method and apparatus for securely and dynamically modifying security policy configurations in a distributed system |
US20050177640A1 (en) * | 2001-03-20 | 2005-08-11 | Alan Rubinstein | Method for selectively providing access to voice and data networks by use of intelligent hardware |
US7181017B1 (en) | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US20060242072A1 (en) * | 2001-03-28 | 2006-10-26 | Vidius, Inc | Method and system for creation, management and analysis of distribution syndicates |
US20030217333A1 (en) * | 2001-04-16 | 2003-11-20 | Greg Smith | System and method for rules-based web scenarios and campaigns |
US7499948B2 (en) | 2001-04-16 | 2009-03-03 | Bea Systems, Inc. | System and method for web-based personalization and ecommerce management |
US6914517B2 (en) * | 2001-04-17 | 2005-07-05 | Dalton Patrick Enterprises, Inc. | Fingerprint sensor with feature authentication |
US20030236977A1 (en) * | 2001-04-25 | 2003-12-25 | Levas Robert George | Method and system for providing secure access to applications |
US7003578B2 (en) * | 2001-04-26 | 2006-02-21 | Hewlett-Packard Development Company, L.P. | Method and system for controlling a policy-based network |
US7036148B2 (en) | 2001-05-08 | 2006-04-25 | International Business Machines Corporation | Method of operating an intrusion detection system according to a set of business rules |
US8141144B2 (en) * | 2001-05-10 | 2012-03-20 | Hewlett-Packard Development Company, L.P. | Security policy management for network devices |
US7099663B2 (en) | 2001-05-31 | 2006-08-29 | Qualcomm Inc. | Safe application distribution and execution in a wireless environment |
US7145900B2 (en) | 2001-05-31 | 2006-12-05 | Go2Call.Com, Inc. | Packet-switched telephony call server |
US20020188572A1 (en) * | 2001-06-08 | 2002-12-12 | International Business Machines Corporation | Interface for creating privacy policies for the P3P specification |
US7392546B2 (en) | 2001-06-11 | 2008-06-24 | Bea Systems, Inc. | System and method for server security and entitlement processing |
US7231661B1 (en) | 2001-06-21 | 2007-06-12 | Oracle International Corporation | Authorization services with external authentication |
EP1410557A4 (en) | 2001-06-22 | 2009-11-18 | Wonderware Corp | A security architecture for a process control platform executing applications |
US7197764B2 (en) * | 2001-06-29 | 2007-03-27 | Bea Systems Inc. | System for and methods of administration of access control to numerous resources and objects |
US6851113B2 (en) * | 2001-06-29 | 2005-02-01 | International Business Machines Corporation | Secure shell protocol access control |
US7191337B2 (en) * | 2001-06-30 | 2007-03-13 | International Business Machines Corporation | Apparatus for wildcarded security policy and method therefor |
GB2377287B (en) * | 2001-07-06 | 2005-07-13 | Livedevices Ltd | Improvements relating to internet-connected devices |
US7546629B2 (en) * | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
US7590684B2 (en) * | 2001-07-06 | 2009-09-15 | Check Point Software Technologies, Inc. | System providing methodology for access control with cooperative enforcement |
US20040107360A1 (en) * | 2002-12-02 | 2004-06-03 | Zone Labs, Inc. | System and Methodology for Policy Enforcement |
US7904454B2 (en) * | 2001-07-16 | 2011-03-08 | International Business Machines Corporation | Database access security |
US7243369B2 (en) * | 2001-08-06 | 2007-07-10 | Sun Microsystems, Inc. | Uniform resource locator access management and control system and method |
NZ531131A (en) * | 2001-08-13 | 2005-12-23 | Qualcomm Inc | Using permissions to allocate device resources to an application |
CN101447011B (en) * | 2001-08-15 | 2012-02-15 | 高通股份有限公司 | Test enabled application execution |
JP4205323B2 (en) * | 2001-08-16 | 2009-01-07 | 日本電気株式会社 | Distribution system, distribution server and distribution method, distribution program |
US20030046583A1 (en) * | 2001-08-30 | 2003-03-06 | Honeywell International Inc. | Automated configuration of security software suites |
US7331061B1 (en) | 2001-09-07 | 2008-02-12 | Secureworks, Inc. | Integrated computer security management system and method |
ATE368900T1 (en) * | 2001-09-21 | 2007-08-15 | Koninkl Kpn Nv | COMPUTER SYSTEM, DATA TRANSMISSION NETWORK, COMPUTER PROGRAM AND DATA CARRIER, ALL FOR FILTERING MESSAGES INCLUDING CONTENT ACCORDING TO A MARKING LANGUAGE |
US8776230B1 (en) | 2001-10-02 | 2014-07-08 | Mcafee, Inc. | Master security policy server |
EP1303097A3 (en) | 2001-10-16 | 2005-11-30 | Microsoft Corporation | Virtual distributed security system |
US7676540B2 (en) | 2001-10-16 | 2010-03-09 | Microsoft Corporation | Scoped referral statements |
US8015204B2 (en) | 2001-10-16 | 2011-09-06 | Microsoft Corporation | Scoped access control metadata element |
US7536712B2 (en) | 2001-10-16 | 2009-05-19 | Microsoft Corporation | Flexible electronic message security mechanism |
US7194553B2 (en) | 2001-10-16 | 2007-03-20 | Microsoft Corporation | Resolving virtual network names |
US20030074568A1 (en) * | 2001-10-17 | 2003-04-17 | Kinsella David J. | Methods and apparatuses for performing secure transactions without transmitting biometric information |
US7472342B2 (en) * | 2001-10-24 | 2008-12-30 | Bea Systems, Inc. | System and method for portal page layout |
US8904270B2 (en) | 2006-11-29 | 2014-12-02 | Omtool Ltd. | Methods and apparatus for enterprise document distribution |
US8732566B2 (en) | 2006-11-29 | 2014-05-20 | Omtool, Ltd. | Methods and apparatus for digital content handling |
US7412720B1 (en) * | 2001-11-02 | 2008-08-12 | Bea Systems, Inc. | Delegated authentication using a generic application-layer network protocol |
US8041820B2 (en) * | 2001-11-16 | 2011-10-18 | Verizon Business Global Llc | Dial-up access manager |
US7899047B2 (en) | 2001-11-27 | 2011-03-01 | Microsoft Corporation | Virtual network with adaptive dispatcher |
US7225256B2 (en) | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
US20030126464A1 (en) * | 2001-12-04 | 2003-07-03 | Mcdaniel Patrick D. | Method and system for determining and enforcing security policy in a communication session |
US7380120B1 (en) | 2001-12-12 | 2008-05-27 | Guardian Data Storage, Llc | Secured data format for access control |
US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
US7178033B1 (en) | 2001-12-12 | 2007-02-13 | Pss Systems, Inc. | Method and apparatus for securing digital assets |
US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US7260555B2 (en) | 2001-12-12 | 2007-08-21 | Guardian Data Storage, Llc | Method and architecture for providing pervasive security to digital assets |
US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
US7921450B1 (en) | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
US7783765B2 (en) | 2001-12-12 | 2010-08-24 | Hildebrand Hal S | System and method for providing distributed access control to secured documents |
US7565683B1 (en) | 2001-12-12 | 2009-07-21 | Weiqing Huang | Method and system for implementing changes to security policies in a distributed security system |
US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
US7478418B2 (en) * | 2001-12-12 | 2009-01-13 | Guardian Data Storage, Llc | Guaranteed delivery of changes to security policies in a distributed system |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
US7350226B2 (en) | 2001-12-13 | 2008-03-25 | Bea Systems, Inc. | System and method for analyzing security policies in a distributed computer network |
US7051341B2 (en) | 2001-12-14 | 2006-05-23 | International Business Machines Corporation | Method, system, and program for implementing a remote method call |
ATE273591T1 (en) * | 2001-12-18 | 2004-08-15 | Stonesoft Corp | CHECKING THE CONFIGURATION OF A FIREWALL |
US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
US20030131245A1 (en) * | 2002-01-04 | 2003-07-10 | Michael Linderman | Communication security system |
US7088823B2 (en) * | 2002-01-09 | 2006-08-08 | International Business Machines Corporation | System and method for secure distribution and evaluation of compressed digital information |
US7287053B2 (en) * | 2002-01-15 | 2007-10-23 | International Business Machines Corporation | Ad hoc data sharing in virtual team rooms |
US7246230B2 (en) * | 2002-01-29 | 2007-07-17 | Bea Systems, Inc. | Single sign-on over the internet using public-key cryptography |
US7174566B2 (en) * | 2002-02-01 | 2007-02-06 | Intel Corporation | Integrated network intrusion detection |
US7855972B2 (en) * | 2002-02-08 | 2010-12-21 | Enterasys Networks, Inc. | Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules |
US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
US6807636B2 (en) | 2002-02-13 | 2004-10-19 | Hitachi Computer Products (America), Inc. | Methods and apparatus for facilitating security in a network |
GB2386713B (en) * | 2002-03-22 | 2005-08-31 | Hewlett Packard Co | Apparatus for distributed access control |
US20030182559A1 (en) * | 2002-03-22 | 2003-09-25 | Ian Curry | Secure communication apparatus and method for facilitating recipient and sender activity delegation |
US7603452B1 (en) | 2002-03-26 | 2009-10-13 | Symantec Corporation | Networked computer environment assurance system and method |
EP1349316A1 (en) * | 2002-03-27 | 2003-10-01 | BRITISH TELECOMMUNICATIONS public limited company | Policy based system management |
EP1488363A2 (en) * | 2002-03-27 | 2004-12-22 | BRITISH TELECOMMUNICATIONS public limited company | Policy based system management |
GB0208408D0 (en) * | 2002-04-12 | 2002-05-22 | Inte Vexis Ltd | Application engine |
US6975914B2 (en) | 2002-04-15 | 2005-12-13 | Invensys Systems, Inc. | Methods and apparatus for process, factory-floor, environmental, computer aided manufacturing-based or other control system with unified messaging interface |
US8613102B2 (en) | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
WO2003093964A1 (en) * | 2002-05-01 | 2003-11-13 | Bea Systems, Inc. | Enterprise application platform |
US7725560B2 (en) | 2002-05-01 | 2010-05-25 | Bea Systems Inc. | Web service-enabled portlet wizard |
IL149583A0 (en) * | 2002-05-09 | 2003-07-06 | Kavado Israel Ltd | Method for automatic setting and updating of a security policy |
US7840658B2 (en) * | 2002-05-15 | 2010-11-23 | Oracle International Corporation | Employing job code attributes in provisioning |
US7216163B2 (en) * | 2002-05-15 | 2007-05-08 | Oracle International Corporation | Method and apparatus for provisioning tasks using a provisioning bridge server |
US20030217032A1 (en) * | 2002-05-16 | 2003-11-20 | Dick Fritzler | System and method for providing business strategy and compliance information |
US7532895B2 (en) | 2002-05-20 | 2009-05-12 | Air Defense, Inc. | Systems and methods for adaptive location tracking |
US7042852B2 (en) * | 2002-05-20 | 2006-05-09 | Airdefense, Inc. | System and method for wireless LAN dynamic channel change with honeypot trap |
US7277404B2 (en) * | 2002-05-20 | 2007-10-02 | Airdefense, Inc. | System and method for sensing wireless LAN activity |
US7086089B2 (en) * | 2002-05-20 | 2006-08-01 | Airdefense, Inc. | Systems and methods for network security |
US20040203764A1 (en) * | 2002-06-03 | 2004-10-14 | Scott Hrastar | Methods and systems for identifying nodes and mapping their locations |
US7383577B2 (en) * | 2002-05-20 | 2008-06-03 | Airdefense, Inc. | Method and system for encrypted network management and intrusion detection |
US7058796B2 (en) | 2002-05-20 | 2006-06-06 | Airdefense, Inc. | Method and system for actively defending a wireless LAN against attacks |
JP4018450B2 (en) * | 2002-05-27 | 2007-12-05 | キヤノン株式会社 | Document management system, document management apparatus, authentication method, computer readable program, and storage medium |
US7322044B2 (en) | 2002-06-03 | 2008-01-22 | Airdefense, Inc. | Systems and methods for automated network policy exception detection and correction |
US20030229501A1 (en) * | 2002-06-03 | 2003-12-11 | Copeland Bruce Wayne | Systems and methods for efficient policy distribution |
US7367044B2 (en) * | 2002-06-14 | 2008-04-29 | Clink Systems, Ltd. | System and method for network operation |
AU2002368019A1 (en) * | 2002-06-18 | 2003-12-31 | Computer Associates Think, Inc. | Methods and systems for managing enterprise assets |
US7441264B2 (en) * | 2002-06-24 | 2008-10-21 | International Business Machines Corporation | Security objects controlling access to resources |
US7356836B2 (en) * | 2002-06-28 | 2008-04-08 | Microsoft Corporation | User controls for a computer |
US7467142B2 (en) * | 2002-07-11 | 2008-12-16 | Oracle International Corporation | Rule based data management |
US8375113B2 (en) | 2002-07-11 | 2013-02-12 | Oracle International Corporation | Employing wrapper profiles |
US7478407B2 (en) | 2002-07-11 | 2009-01-13 | Oracle International Corporation | Supporting multiple application program interfaces |
US7114037B2 (en) * | 2002-07-11 | 2006-09-26 | Oracle International Corporation | Employing local data stores to maintain data during workflows |
US7512585B2 (en) * | 2002-07-11 | 2009-03-31 | Oracle International Corporation | Support for multiple mechanisms for accessing data stores |
US7428523B2 (en) * | 2002-07-11 | 2008-09-23 | Oracle International Corporation | Portal bridge |
US7206851B2 (en) * | 2002-07-11 | 2007-04-17 | Oracle International Corporation | Identifying dynamic groups |
US7428592B2 (en) * | 2002-07-11 | 2008-09-23 | Oracle International Corporation | Securely persisting network resource identifiers |
US7447701B2 (en) * | 2002-07-11 | 2008-11-04 | Oracle International Corporation | Automatic configuration of attribute sets |
US6678828B1 (en) * | 2002-07-22 | 2004-01-13 | Vormetric, Inc. | Secure network file access control system |
US7340513B2 (en) * | 2002-08-13 | 2008-03-04 | International Business Machines Corporation | Resource management method and system with rule based consistency check |
US7469409B2 (en) * | 2002-08-13 | 2008-12-23 | International Business Machines Corporation | Adaptive resource management method |
AU2003260071A1 (en) | 2002-08-27 | 2004-03-19 | Td Security, Inc., Dba Trust Digital, Llc | Enterprise-wide security system for computer devices |
US7647410B2 (en) * | 2002-08-28 | 2010-01-12 | Procera Networks, Inc. | Network rights management |
US7512810B1 (en) | 2002-09-11 | 2009-03-31 | Guardian Data Storage Llc | Method and system for protecting encrypted files transmitted over a network |
TW583559B (en) * | 2002-09-11 | 2004-04-11 | Hon Hai Prec Ind Co Ltd | Authorization and security management system and method |
US20040064724A1 (en) * | 2002-09-12 | 2004-04-01 | International Business Machines Corporation | Knowledge-based control of security objects |
US20040054791A1 (en) * | 2002-09-17 | 2004-03-18 | Krishnendu Chakraborty | System and method for enforcing user policies on a web server |
US7448066B2 (en) * | 2002-09-19 | 2008-11-04 | International Business Machines Corporation | Application server object-level security for distributed computing domains |
US7665125B2 (en) * | 2002-09-23 | 2010-02-16 | Heard Robert W | System and method for distribution of security policies for mobile devices |
US7437752B2 (en) * | 2002-09-23 | 2008-10-14 | Credant Technologies, Inc. | Client architecture for portable device with security policies |
US20060190984A1 (en) * | 2002-09-23 | 2006-08-24 | Credant Technologies, Inc. | Gatekeeper architecture/features to support security policy maintenance and distribution |
US7665118B2 (en) * | 2002-09-23 | 2010-02-16 | Credant Technologies, Inc. | Server, computer memory, and method to support security policy maintenance and distribution |
JP4400059B2 (en) * | 2002-10-17 | 2010-01-20 | 株式会社日立製作所 | Policy setting support tool |
US6850943B2 (en) * | 2002-10-18 | 2005-02-01 | Check Point Software Technologies, Inc. | Security system and methodology for providing indirect access control |
US7305432B2 (en) * | 2002-10-23 | 2007-12-04 | Aol Llc | Privacy preferences roaming and enforcement |
US7546633B2 (en) * | 2002-10-25 | 2009-06-09 | Microsoft Corporation | Role-based authorization management framework |
US20040083386A1 (en) * | 2002-10-28 | 2004-04-29 | Bertrand Marquet | Non-repudiable distributed security policy synchronization |
GB0225143D0 (en) * | 2002-10-29 | 2002-12-11 | British Telecomm | Conflict detection in rule sets |
US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
EP1424618B1 (en) * | 2002-11-29 | 2012-01-04 | Sap Ag | Method and computer system for protecting electronic documents |
US20040107274A1 (en) * | 2002-12-03 | 2004-06-03 | Mastrianni Steven J. | Policy-based connectivity |
JP4346898B2 (en) * | 2002-12-09 | 2009-10-21 | Necインフロンティア株式会社 | Maintenance interface user authentication method and apparatus in client-server distributed system |
US20040123105A1 (en) * | 2002-12-19 | 2004-06-24 | International Business Machines Corporation | Security object with CPU attributes |
US7890990B1 (en) * | 2002-12-20 | 2011-02-15 | Klimenty Vainstein | Security system with staging capabilities |
US9503470B2 (en) | 2002-12-24 | 2016-11-22 | Fred Herz Patents, LLC | Distributed agent based model for security monitoring and response |
US8327442B2 (en) * | 2002-12-24 | 2012-12-04 | Herz Frederick S M | System and method for a distributed application and network security system (SDI-SCAM) |
US7421500B2 (en) * | 2003-01-10 | 2008-09-02 | Hewlett-Packard Development Company, L.P. | Grid computing control system |
US20040143749A1 (en) * | 2003-01-16 | 2004-07-22 | Platformlogic, Inc. | Behavior-based host-based intrusion prevention system |
FR2850503B1 (en) * | 2003-01-23 | 2005-04-08 | Everbee Networks | METHOD AND DYNAMIC SYSTEM FOR SECURING A COMMUNICATION NETWORK USING PORTABLE AGENTS |
US9818136B1 (en) | 2003-02-05 | 2017-11-14 | Steven M. Hoffberg | System and method for determining contingent relevance |
US20040158733A1 (en) | 2003-02-11 | 2004-08-12 | Thaddeus Bouchard | Method and system for secure facsimile delivery and registration |
US7591000B2 (en) | 2003-02-14 | 2009-09-15 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
US6917975B2 (en) * | 2003-02-14 | 2005-07-12 | Bea Systems, Inc. | Method for role and resource policy management |
US7653930B2 (en) | 2003-02-14 | 2010-01-26 | Bea Systems, Inc. | Method for role and resource policy management optimization |
US8831966B2 (en) | 2003-02-14 | 2014-09-09 | Oracle International Corporation | Method for delegated administration |
US7562298B2 (en) * | 2003-02-20 | 2009-07-14 | Bea Systems, Inc. | Virtual content repository browser |
US7415478B2 (en) * | 2003-02-20 | 2008-08-19 | Bea Systems, Inc. | Virtual repository complex content model |
US7293286B2 (en) | 2003-02-20 | 2007-11-06 | Bea Systems, Inc. | Federated management of content repositories |
US7483904B2 (en) * | 2003-02-20 | 2009-01-27 | Bea Systems, Inc. | Virtual repository content model |
US7840614B2 (en) | 2003-02-20 | 2010-11-23 | Bea Systems, Inc. | Virtual content repository application program interface |
US20040167871A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Content mining for virtual content repositories |
US7437441B1 (en) * | 2003-02-28 | 2008-10-14 | Microsoft Corporation | Using deltas for efficient policy distribution |
US20040230917A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for navigating a graphical hierarchy |
US7810036B2 (en) | 2003-02-28 | 2010-10-05 | Bea Systems, Inc. | Systems and methods for personalizing a portal |
US20040230557A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for context-sensitive editing |
US7150044B2 (en) * | 2003-03-10 | 2006-12-12 | Mci, Llc | Secure self-organizing and self-provisioning anomalous event detection systems |
US7275216B2 (en) * | 2003-03-24 | 2007-09-25 | Microsoft Corporation | System and method for designing electronic forms and hierarchical schemas |
US7370066B1 (en) | 2003-03-24 | 2008-05-06 | Microsoft Corporation | System and method for offline editing of data files |
US7415672B1 (en) | 2003-03-24 | 2008-08-19 | Microsoft Corporation | System and method for designing electronic forms |
US7913159B2 (en) | 2003-03-28 | 2011-03-22 | Microsoft Corporation | System and method for real-time validation of structured data files |
US7296017B2 (en) * | 2003-03-28 | 2007-11-13 | Microsoft Corporation | Validation of XML data files |
US8136155B2 (en) * | 2003-04-01 | 2012-03-13 | Check Point Software Technologies, Inc. | Security system with methodology for interprocess communication control |
US7783672B2 (en) * | 2003-04-09 | 2010-08-24 | Microsoft Corporation | Support mechanisms for improved group policy management user interface |
US8612590B1 (en) | 2003-04-11 | 2013-12-17 | International Business Machines Corporation | Method and apparatus for access management |
US7370344B2 (en) * | 2003-04-14 | 2008-05-06 | Sas Institute Inc. | Computer-implemented data access security system and method |
CN1542610A (en) * | 2003-04-14 | 2004-11-03 | ���µ�����ҵ��ʽ���� | Device, method and program for multiple user access management |
US7522908B2 (en) | 2003-04-21 | 2009-04-21 | Airdefense, Inc. | Systems and methods for wireless network site survey |
US7355996B2 (en) * | 2004-02-06 | 2008-04-08 | Airdefense, Inc. | Systems and methods for adaptive monitoring with bandwidth constraints |
US7359676B2 (en) | 2003-04-21 | 2008-04-15 | Airdefense, Inc. | Systems and methods for adaptively scanning for wireless communications |
US7324804B2 (en) | 2003-04-21 | 2008-01-29 | Airdefense, Inc. | Systems and methods for dynamic sensor discovery and selection |
US7496953B2 (en) * | 2003-04-29 | 2009-02-24 | International Business Machines Corporation | Single sign-on method for web-based applications |
US7900038B2 (en) * | 2003-04-29 | 2011-03-01 | Wells Fargo Bank, N.A. | Method and apparatus for a broker entity |
US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
US7299492B2 (en) * | 2003-06-12 | 2007-11-20 | International Business Machines Corporation | Multi-level multi-user web services security system and method |
CA2432667A1 (en) * | 2003-06-17 | 2004-12-17 | Ibm Canada Limited - Ibm Canada Limitee | Method and system for granting user privileges in electronic commerce security domains |
US20040267897A1 (en) * | 2003-06-24 | 2004-12-30 | Sychron Inc. | Distributed System Providing Scalable Methodology for Real-Time Control of Server Pools and Data Centers |
US20040268229A1 (en) * | 2003-06-27 | 2004-12-30 | Microsoft Corporation | Markup language editing with an electronic form |
US7451392B1 (en) * | 2003-06-30 | 2008-11-11 | Microsoft Corporation | Rendering an HTML electronic form by applying XSLT to XML using a solution |
US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
US7788726B2 (en) * | 2003-07-02 | 2010-08-31 | Check Point Software Technologies, Inc. | System and methodology providing information lockbox |
US20050028008A1 (en) * | 2003-07-29 | 2005-02-03 | Kumar Anil N. | System for accessing digital assets |
US7406660B1 (en) | 2003-08-01 | 2008-07-29 | Microsoft Corporation | Mapping between structured data and a visual surface |
US7334187B1 (en) | 2003-08-06 | 2008-02-19 | Microsoft Corporation | Electronic form aggregation |
US7895234B2 (en) * | 2003-09-22 | 2011-02-22 | Rockwell Automation Technologies, Inc. | Systems and methods for sharing portal configurations |
US7349966B2 (en) * | 2003-09-30 | 2008-03-25 | International Business Machines Corporation | Method, system, and storage medium for providing context-based dynamic policy assignment in a distributed processing environment |
US7703140B2 (en) | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US7904487B2 (en) | 2003-10-09 | 2011-03-08 | Oracle International Corporation | Translating data access requests |
US7340447B2 (en) * | 2003-10-09 | 2008-03-04 | Oracle International Corporation | Partitioning data access requests |
US7882132B2 (en) | 2003-10-09 | 2011-02-01 | Oracle International Corporation | Support for RDBMS in LDAP system |
US20050097353A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy analysis tool |
US7603547B2 (en) * | 2003-10-10 | 2009-10-13 | Bea Systems, Inc. | Security control module |
US7644432B2 (en) * | 2003-10-10 | 2010-01-05 | Bea Systems, Inc. | Policy inheritance through nested groups |
US20050251851A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Configuration of a distributed security system |
US20050257245A1 (en) * | 2003-10-10 | 2005-11-17 | Bea Systems, Inc. | Distributed security system with dynamic roles |
US20050262362A1 (en) * | 2003-10-10 | 2005-11-24 | Bea Systems, Inc. | Distributed security system policies |
US20050097352A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Embeddable security service module |
WO2005050378A2 (en) * | 2003-11-18 | 2005-06-02 | Burke Robert M Ii | System for regulating access to and distributing content in a network |
US7533413B2 (en) * | 2003-12-05 | 2009-05-12 | Microsoft Corporation | Method and system for processing events |
US7661123B2 (en) * | 2003-12-05 | 2010-02-09 | Microsoft Corporation | Security policy update supporting at least one security service provider |
US7454496B2 (en) * | 2003-12-10 | 2008-11-18 | International Business Machines Corporation | Method for monitoring data resources of a data processing network |
US7284000B2 (en) * | 2003-12-19 | 2007-10-16 | International Business Machines Corporation | Automatic policy generation based on role entitlements and identity attributes |
WO2005064498A1 (en) | 2003-12-23 | 2005-07-14 | Trust Digital, Llc | System and method for enforcing a security policy on mobile devices using dynamically generated security profiles |
US7506371B1 (en) * | 2004-01-22 | 2009-03-17 | Guardium, Inc. | System and methods for adaptive behavior based access control |
US8156175B2 (en) * | 2004-01-23 | 2012-04-10 | Tiversa Inc. | System and method for searching for specific types of people or information on a peer-to-peer network |
US8819072B1 (en) | 2004-02-02 | 2014-08-26 | Microsoft Corporation | Promoting data from structured data files |
US20050182958A1 (en) * | 2004-02-17 | 2005-08-18 | Duc Pham | Secure, real-time application execution control system and methods |
US7761923B2 (en) * | 2004-03-01 | 2010-07-20 | Invensys Systems, Inc. | Process control methods and apparatus for intrusion detection, protection and network hardening |
US7774601B2 (en) * | 2004-04-06 | 2010-08-10 | Bea Systems, Inc. | Method for delegated administration |
US7475091B2 (en) | 2004-04-13 | 2009-01-06 | Bea Systems, Inc. | System and method for viewing a virtual content repository |
US20050251503A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for content and schema versioning |
US7580953B2 (en) * | 2004-04-13 | 2009-08-25 | Bea Systems, Inc. | System and method for schema lifecycles in a virtual content repository that integrates a plurality of content repositories |
US20050228784A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for batch operations in a virtual content repository |
US20050251512A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for searching a virtual content repository |
US8335909B2 (en) * | 2004-04-15 | 2012-12-18 | Raytheon Company | Coupling processors to each other for high performance computing (HPC) |
US8190714B2 (en) * | 2004-04-15 | 2012-05-29 | Raytheon Company | System and method for computer cluster virtualization using dynamic boot images and virtual disk |
US9178784B2 (en) | 2004-04-15 | 2015-11-03 | Raytheon Company | System and method for cluster management based on HPC architecture |
US8336040B2 (en) | 2004-04-15 | 2012-12-18 | Raytheon Company | System and method for topology-aware job scheduling and backfilling in an HPC environment |
US7496837B1 (en) * | 2004-04-29 | 2009-02-24 | Microsoft Corporation | Structural editing with schema awareness |
US7774620B1 (en) | 2004-05-27 | 2010-08-10 | Microsoft Corporation | Executing applications at appropriate trust levels |
US7271721B2 (en) * | 2004-05-28 | 2007-09-18 | Lockheed Martin Corporation | Protected distribution system |
US7650627B1 (en) * | 2004-05-28 | 2010-01-19 | Sap Ag | Abstract configuration files for efficient implementation of security services |
US7707427B1 (en) | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
US7353390B2 (en) | 2004-08-20 | 2008-04-01 | Microsoft Corporation | Enabling network devices within a virtual network to communicate while the networks's communications are restricted due to security threats |
US8098158B2 (en) * | 2004-09-01 | 2012-01-17 | Microsoft Corporation | RFID server internals design |
US7382260B2 (en) * | 2004-09-01 | 2008-06-03 | Microsoft Corporation | Hot swap and plug-and-play for RFID devices |
US8217756B2 (en) | 2004-09-01 | 2012-07-10 | Microsoft Corporation | Rule-based filtering and alerting |
US7333800B1 (en) * | 2004-09-08 | 2008-02-19 | Airtight Networks, Inc. | Method and system for scheduling of sensor functions for monitoring of wireless communication activity |
EP1800220A4 (en) * | 2004-09-24 | 2009-12-30 | Encomia L P | A method and system for building audit rule sets for electronic auditing of documents |
US7692636B2 (en) * | 2004-09-30 | 2010-04-06 | Microsoft Corporation | Systems and methods for handwriting to a screen |
US7516399B2 (en) * | 2004-09-30 | 2009-04-07 | Microsoft Corporation | Structured-document path-language expression methods and systems |
US20060074933A1 (en) * | 2004-09-30 | 2006-04-06 | Microsoft Corporation | Workflow interaction |
US7421739B2 (en) * | 2004-10-04 | 2008-09-02 | American Express Travel Related Services Company, Inc. | System and method for monitoring and ensuring data integrity in an enterprise security system |
US7752671B2 (en) * | 2004-10-04 | 2010-07-06 | Promisec Ltd. | Method and device for questioning a plurality of computerized devices |
US20060143231A1 (en) * | 2004-10-08 | 2006-06-29 | Boccasam Prashanth V | Systems and methods for monitoring business processes of enterprise applications |
US8196199B2 (en) | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
US7698731B2 (en) * | 2004-10-25 | 2010-04-13 | Panasonic Corporation | Security architecture and mechanism to access and use security components in operating system |
US8487879B2 (en) * | 2004-10-29 | 2013-07-16 | Microsoft Corporation | Systems and methods for interacting with a computer through handwriting to a screen |
US8078707B1 (en) * | 2004-11-12 | 2011-12-13 | Juniper Networks, Inc. | Network management using hierarchical domains |
US20060107224A1 (en) * | 2004-11-15 | 2006-05-18 | Microsoft Corporation | Building a dynamic action for an electronic form |
US7584417B2 (en) * | 2004-11-15 | 2009-09-01 | Microsoft Corporation | Role-dependent action for an electronic form |
US7712022B2 (en) | 2004-11-15 | 2010-05-04 | Microsoft Corporation | Mutually exclusive options in electronic forms |
US7721190B2 (en) | 2004-11-16 | 2010-05-18 | Microsoft Corporation | Methods and systems for server side form processing |
US7509353B2 (en) * | 2004-11-16 | 2009-03-24 | Microsoft Corporation | Methods and systems for exchanging and rendering forms |
US7433931B2 (en) | 2004-11-17 | 2008-10-07 | Raytheon Company | Scheduling in a high-performance computing (HPC) system |
US8244882B2 (en) | 2004-11-17 | 2012-08-14 | Raytheon Company | On-demand instantiation in a high-performance computing (HPC) system |
US7904801B2 (en) * | 2004-12-15 | 2011-03-08 | Microsoft Corporation | Recursive sections in electronic forms |
US7437376B2 (en) * | 2004-12-20 | 2008-10-14 | Microsoft Corporation | Scalable object model |
US7603494B2 (en) * | 2005-01-05 | 2009-10-13 | At&T Intellectual Property I, L.P. | Home networking resource management |
US7620974B2 (en) * | 2005-01-12 | 2009-11-17 | Symantec | Distributed traffic scanning through data stream security tagging |
US7788497B2 (en) * | 2005-01-13 | 2010-08-31 | Bea Systems, Inc. | Credential mapping of WebLogic and database user ids |
US7937651B2 (en) * | 2005-01-14 | 2011-05-03 | Microsoft Corporation | Structural editing operations for network forms |
US8495700B2 (en) | 2005-02-28 | 2013-07-23 | Mcafee, Inc. | Mobile data security system and methods |
US7725834B2 (en) * | 2005-03-04 | 2010-05-25 | Microsoft Corporation | Designer-created aspect for an electronic form template |
JP4704780B2 (en) * | 2005-03-24 | 2011-06-22 | 株式会社日立製作所 | Computer system, storage device, computer software, and administrator authentication method in storage control |
US8086615B2 (en) * | 2005-03-28 | 2011-12-27 | Oracle International Corporation | Security data redaction |
US20060224628A1 (en) * | 2005-03-29 | 2006-10-05 | Bea Systems, Inc. | Modeling for data services |
US7644086B2 (en) | 2005-03-29 | 2010-01-05 | Sas Institute Inc. | Computer-implemented authorization systems and methods using associations |
US7673228B2 (en) * | 2005-03-30 | 2010-03-02 | Microsoft Corporation | Data-driven actions for network forms |
US8010515B2 (en) * | 2005-04-15 | 2011-08-30 | Microsoft Corporation | Query to an electronic form |
ITTO20050289A1 (en) * | 2005-04-29 | 2006-10-30 | Garelli Francesco | SYSTEM AND METHOD FOR THE ACTIVE PROTECTION OF DATA IN AN INFORMATION SYSTEM AFTER A REQUEST FOR ACCESS TO A RESOURCE AVAILABLE IN THE IT SYSTEM ITSELF |
US7748027B2 (en) * | 2005-05-11 | 2010-06-29 | Bea Systems, Inc. | System and method for dynamic data redaction |
US20060277594A1 (en) * | 2005-06-02 | 2006-12-07 | International Business Machines Corporation | Policy implementation delegation |
US7483896B2 (en) * | 2005-06-06 | 2009-01-27 | Oracle International Corporation | Architecture for computer-implemented authentication and authorization |
US7793333B2 (en) * | 2005-06-13 | 2010-09-07 | International Business Machines Corporation | Mobile authorization using policy based access control |
US20070011665A1 (en) * | 2005-06-21 | 2007-01-11 | Microsoft Corporation | Content syndication platform |
US7543228B2 (en) * | 2005-06-27 | 2009-06-02 | Microsoft Corporation | Template for rendering an electronic form |
US8200975B2 (en) * | 2005-06-29 | 2012-06-12 | Microsoft Corporation | Digital signatures for network forms |
US20070101424A1 (en) * | 2005-07-25 | 2007-05-03 | Nec Laboratories America, Inc. | Apparatus and Method for Improving Security of a Bus Based System Through Communication Architecture Enhancements |
US7970788B2 (en) * | 2005-08-02 | 2011-06-28 | International Business Machines Corporation | Selective local database access restriction |
US7613996B2 (en) * | 2005-08-15 | 2009-11-03 | Microsoft Corporation | Enabling selection of an inferred schema part |
US20070036433A1 (en) * | 2005-08-15 | 2007-02-15 | Microsoft Corporation | Recognizing data conforming to a rule |
US20070061706A1 (en) * | 2005-09-14 | 2007-03-15 | Microsoft Corporation | Mapping property hierarchies to schemas |
US20070061467A1 (en) * | 2005-09-15 | 2007-03-15 | Microsoft Corporation | Sessions and session states |
US7483893B2 (en) | 2005-09-26 | 2009-01-27 | Bae Systems, Inc. | System and method for lightweight loading for managing content |
US7953734B2 (en) | 2005-09-26 | 2011-05-31 | Oracle International Corporation | System and method for providing SPI extensions for content management system |
US7917537B2 (en) | 2005-09-26 | 2011-03-29 | Oracle International Corporation | System and method for providing link property types for content management |
US7818344B2 (en) | 2005-09-26 | 2010-10-19 | Bea Systems, Inc. | System and method for providing nested types for content management |
US7752205B2 (en) | 2005-09-26 | 2010-07-06 | Bea Systems, Inc. | Method and system for interacting with a virtual content repository |
US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
US7647625B2 (en) * | 2005-10-04 | 2010-01-12 | Disney Enterprises, Inc. | System and/or method for class-based authorization |
US20070079357A1 (en) * | 2005-10-04 | 2007-04-05 | Disney Enterprises, Inc. | System and/or method for role-based authorization |
US8166404B2 (en) | 2005-10-04 | 2012-04-24 | Disney Enterprises, Inc. | System and/or method for authentication and/or authorization |
US8997246B2 (en) * | 2005-10-04 | 2015-03-31 | Disney Enterprises, Inc. | System and/or method for authentication and/or authorization via a network |
US7725737B2 (en) * | 2005-10-14 | 2010-05-25 | Check Point Software Technologies, Inc. | System and methodology providing secure workspace environment |
US8141138B2 (en) * | 2005-10-17 | 2012-03-20 | Oracle International Corporation | Auditing correlated events using a secure web single sign-on login |
US7484173B2 (en) * | 2005-10-18 | 2009-01-27 | International Business Machines Corporation | Alternative key pad layout for enhanced security |
US7802267B2 (en) * | 2005-11-03 | 2010-09-21 | Microsoft Corporation | Compliance interface for compliant applications |
US7933923B2 (en) * | 2005-11-04 | 2011-04-26 | International Business Machines Corporation | Tracking and reconciling database commands |
US7693838B2 (en) * | 2005-11-12 | 2010-04-06 | Intel Corporation | Method and apparatus for securely accessing data |
JP5637660B2 (en) * | 2005-11-17 | 2014-12-10 | コーニンクレッカ フィリップス エヌ ヴェ | System that manages access control |
US8045958B2 (en) * | 2005-11-21 | 2011-10-25 | Research In Motion Limited | System and method for application program operation on a wireless device |
US8024794B1 (en) * | 2005-11-30 | 2011-09-20 | Amdocs Software Systems Limited | Dynamic role based authorization system and method |
US8001459B2 (en) * | 2005-12-05 | 2011-08-16 | Microsoft Corporation | Enabling electronic documents for limited-capability computing devices |
US20070136197A1 (en) * | 2005-12-13 | 2007-06-14 | Morris Robert P | Methods, systems, and computer program products for authorizing a service request based on account-holder-configured authorization rules |
US7577424B2 (en) | 2005-12-19 | 2009-08-18 | Airdefense, Inc. | Systems and methods for wireless vulnerability analysis |
US8544058B2 (en) * | 2005-12-29 | 2013-09-24 | Nextlabs, Inc. | Techniques of transforming policies to enforce control in an information management system |
US8407240B2 (en) * | 2006-01-03 | 2013-03-26 | International Business Machines Corporation | Autonomic self-healing network |
US8688813B2 (en) | 2006-01-11 | 2014-04-01 | Oracle International Corporation | Using identity/resource profile and directory enablers to support identity management |
US7715800B2 (en) | 2006-01-13 | 2010-05-11 | Airdefense, Inc. | Systems and methods for wireless intrusion detection using spectral analysis |
US8214296B2 (en) * | 2006-02-14 | 2012-07-03 | Microsoft Corporation | Disaggregated secure execution environment |
DE602006006787D1 (en) | 2006-02-27 | 2009-06-25 | Research In Motion Ltd | Method for personalizing a standardized IT policy |
US7970899B2 (en) * | 2006-03-03 | 2011-06-28 | Barracuda Networks Inc | Integrated data flow packet admission and traffic management apparatus |
US20070220009A1 (en) * | 2006-03-15 | 2007-09-20 | Morris Robert P | Methods, systems, and computer program products for controlling access to application data |
US7971251B2 (en) | 2006-03-17 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless security using distributed collaboration of wireless clients |
US7860857B2 (en) | 2006-03-30 | 2010-12-28 | Invensys Systems, Inc. | Digital data processing apparatus and methods for improving plant performance |
US20070279262A1 (en) * | 2006-04-27 | 2007-12-06 | Snocap, Inc. | Automated right-holders registration system, method and computer program product for facilitating e-commerce involving digital assets |
US20070282714A1 (en) * | 2006-04-27 | 2007-12-06 | Snocap, Inc. | System, method and computer program product for providing an e-commerce interface on a web page to facilitate e-commerce involving digital assets |
US20070268163A1 (en) * | 2006-04-27 | 2007-11-22 | Snocap, Inc. | System, method and computer program product for facilitating e-commerce involving digital assets |
US8671013B2 (en) | 2006-05-01 | 2014-03-11 | Infor (Us), Inc. | System and method for managing controls within a heterogeneous enterprise environment |
US7631168B1 (en) | 2006-05-10 | 2009-12-08 | The Math Works, Inc. | Graphical interface for grouping concurrent computing units executing a concurrent computing process |
US9405564B2 (en) | 2006-05-10 | 2016-08-02 | The Mathworks, Inc. | System and method for targeting commands to concurrent computing units executing a concurrent computing process |
US20070294404A1 (en) * | 2006-06-15 | 2007-12-20 | International Business Machines Corporation | Method and system for authorization and access control delegation in an on demand grid environment |
US7970013B2 (en) | 2006-06-16 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless network content filtering |
US8086635B1 (en) * | 2006-06-20 | 2011-12-27 | Verizon Business Global Llc | Compliance monitoring |
JP4539613B2 (en) * | 2006-06-28 | 2010-09-08 | 富士ゼロックス株式会社 | Image forming apparatus, image generation method, and program |
US20080034412A1 (en) * | 2006-08-02 | 2008-02-07 | Informed Control Inc. | System to prevent misuse of access rights in a single sign on environment |
US8484718B2 (en) * | 2006-08-03 | 2013-07-09 | Citrix System, Inc. | Systems and methods for enabling assured records using fine grained auditing of virtual private network traffic |
US8281392B2 (en) | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US20080216142A1 (en) * | 2006-08-17 | 2008-09-04 | Goldberg Brett M | System and method of digital media distribution |
US20080077982A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Credential vault encryption |
US7761468B2 (en) * | 2006-10-04 | 2010-07-20 | International Business Machines Corporation | Supporting multiple security mechanisms in a database driver |
US8463852B2 (en) | 2006-10-06 | 2013-06-11 | Oracle International Corporation | Groupware portlets for integrating a portal with groupware systems |
US8259568B2 (en) | 2006-10-23 | 2012-09-04 | Mcafee, Inc. | System and method for controlling mobile device access to a network |
JP2008108844A (en) * | 2006-10-24 | 2008-05-08 | Toyota Central R&D Labs Inc | Group iii nitride semiconductor device having trench or mesa-structure, and manufacturing method thereof |
US20080126287A1 (en) * | 2006-11-03 | 2008-05-29 | Motorola, Inc. | Method for management of policy conflict in a policy continuum |
US7672336B2 (en) * | 2006-12-01 | 2010-03-02 | Sonus Networks, Inc. | Filtering and policing for defending against denial of service attacks on a network |
US7804774B2 (en) | 2006-12-01 | 2010-09-28 | Sonus Networks, Inc. | Scalable filtering and policing mechanism for protecting user traffic in a network |
CA2671451A1 (en) * | 2006-12-01 | 2008-06-12 | Sonus Networks, Inc. | Filtering and policing for defending against denial of service attacks on a network |
US7940657B2 (en) * | 2006-12-01 | 2011-05-10 | Sonus Networks, Inc. | Identifying attackers on a network |
US8141100B2 (en) | 2006-12-20 | 2012-03-20 | International Business Machines Corporation | Identifying attribute propagation for multi-tier processing |
US8869233B2 (en) * | 2006-12-22 | 2014-10-21 | Verizon Patent And Licensing Inc. | Policy management within a network management system |
US20080177790A1 (en) * | 2007-01-19 | 2008-07-24 | Mangesh Krishnarao Honwad | Distributed records management system |
US8635307B2 (en) * | 2007-02-08 | 2014-01-21 | Microsoft Corporation | Sensor discovery and configuration |
US8095517B2 (en) * | 2007-02-08 | 2012-01-10 | Blue Coat Systems, Inc. | Method and system for policy-based protection of application data |
US8495367B2 (en) | 2007-02-22 | 2013-07-23 | International Business Machines Corporation | Nondestructive interception of secure data in transit |
US20080263678A1 (en) * | 2007-04-20 | 2008-10-23 | Thomas Kroll | Path Protection |
CN102006334B (en) * | 2007-06-11 | 2013-01-02 | 华为技术有限公司 | Method, system and device for installing software component |
JP2009038739A (en) * | 2007-08-03 | 2009-02-19 | Brother Ind Ltd | Color converting apparatus, color converting program and color converting method |
US8245271B2 (en) * | 2007-08-15 | 2012-08-14 | Oracle International Corporation | Scope-centric access control model |
US8539568B1 (en) | 2007-10-03 | 2013-09-17 | Courion Corporation | Identity map creation |
WO2009076447A1 (en) * | 2007-12-10 | 2009-06-18 | Courion Corporaton | Policy enforcement using esso |
US20090157686A1 (en) * | 2007-12-13 | 2009-06-18 | Oracle International Corporation | Method and apparatus for efficiently caching a system-wide access control list |
US20090178131A1 (en) * | 2008-01-08 | 2009-07-09 | Microsoft Corporation | Globally distributed infrastructure for secure content management |
US8296820B2 (en) * | 2008-01-18 | 2012-10-23 | International Business Machines Corporation | Applying security policies to multiple systems and controlling policy propagation |
US20090249493A1 (en) * | 2008-03-27 | 2009-10-01 | Computer Associates Think, Inc. | Method and System for Determining Software License Compliance |
US8725647B2 (en) * | 2008-03-27 | 2014-05-13 | Ca, Inc. | Method and system for determining software license compliance |
US7930760B2 (en) * | 2008-04-01 | 2011-04-19 | Microsoft Corporation | Centralized enforcement of name-based computer system security rules |
US8261326B2 (en) * | 2008-04-25 | 2012-09-04 | International Business Machines Corporation | Network intrusion blocking security overlay |
US8910255B2 (en) * | 2008-05-27 | 2014-12-09 | Microsoft Corporation | Authentication for distributed secure content management system |
US8863278B2 (en) * | 2008-05-28 | 2014-10-14 | International Business Machines Corporation | Grid security intrusion detection configuration mechanism |
US9489647B2 (en) | 2008-06-19 | 2016-11-08 | Csc Agility Platform, Inc. | System and method for a cloud computing abstraction with self-service portal for publishing resources |
EP2316071A4 (en) | 2008-06-19 | 2011-08-17 | Servicemesh Inc | Cloud computing gateway, cloud computing hypervisor, and methods for implementing same |
US9069599B2 (en) | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US10411975B2 (en) | 2013-03-15 | 2019-09-10 | Csc Agility Platform, Inc. | System and method for a cloud computing abstraction with multi-tier deployment policy |
CN104407518B (en) | 2008-06-20 | 2017-05-31 | 因文西斯系统公司 | The system and method interacted to the reality and Simulation Facility for process control |
US8646027B2 (en) * | 2008-06-27 | 2014-02-04 | Microsoft Corporation | Workflow based authorization for content access |
US7921089B2 (en) * | 2008-07-24 | 2011-04-05 | Zscaler, Inc. | Feature based data management |
US8095972B1 (en) | 2008-10-06 | 2012-01-10 | Southern Company Services, Inc. | Secure authentication for web-based applications |
WO2010054258A1 (en) | 2008-11-06 | 2010-05-14 | Trust Digital | System and method for mediating connections between policy source servers, corporate repositories, and mobile devices |
US20100125891A1 (en) * | 2008-11-17 | 2010-05-20 | Prakash Baskaran | Activity Monitoring And Information Protection |
US9026456B2 (en) * | 2009-01-16 | 2015-05-05 | Oracle International Corporation | Business-responsibility-centric identity management |
US8555378B2 (en) * | 2009-03-11 | 2013-10-08 | Sas Institute Inc. | Authorization caching in a multithreaded object server |
US9705888B2 (en) | 2009-03-31 | 2017-07-11 | Amazon Technologies, Inc. | Managing security groups for data instances |
US8713060B2 (en) | 2009-03-31 | 2014-04-29 | Amazon Technologies, Inc. | Control service for relational data management |
US9207984B2 (en) | 2009-03-31 | 2015-12-08 | Amazon Technologies, Inc. | Monitoring and automatic scaling of data volumes |
US8463964B2 (en) | 2009-05-29 | 2013-06-11 | Invensys Systems, Inc. | Methods and apparatus for control configuration with enhanced change-tracking |
US8127060B2 (en) | 2009-05-29 | 2012-02-28 | Invensys Systems, Inc | Methods and apparatus for control configuration with control objects that are fieldbus protocol-aware |
US8966017B2 (en) * | 2009-07-09 | 2015-02-24 | Novell, Inc. | Techniques for cloud control and management |
US20110022518A1 (en) * | 2009-07-22 | 2011-01-27 | Ayman Hammad | Apparatus including data bearing medium for seasoning a device using data obtained from multiple transaction environments |
US9396465B2 (en) | 2009-07-22 | 2016-07-19 | Visa International Service Association | Apparatus including data bearing medium for reducing fraud in payment transactions using a black list |
US8250628B2 (en) * | 2009-08-28 | 2012-08-21 | International Business Machines Corporation | Dynamic augmentation, reduction, and/or replacement of security information by evaluating logical expressions |
US9135283B2 (en) | 2009-10-07 | 2015-09-15 | Amazon Technologies, Inc. | Self-service configuration for data environment |
US8676753B2 (en) | 2009-10-26 | 2014-03-18 | Amazon Technologies, Inc. | Monitoring of replicated data instances |
US20110113474A1 (en) * | 2009-11-11 | 2011-05-12 | International Business Machines Corporation | Network system security managment |
US8875128B2 (en) * | 2009-11-30 | 2014-10-28 | Red Hat Israel, Ltd. | Controlling permissions in virtualization environment using hierarchical labeling |
US20110213711A1 (en) * | 2010-03-01 | 2011-09-01 | Entrust, Inc. | Method, system and apparatus for providing transaction verification |
US8868728B2 (en) * | 2010-03-11 | 2014-10-21 | Accenture Global Services Limited | Systems and methods for detecting and investigating insider fraud |
US8935384B2 (en) | 2010-05-06 | 2015-01-13 | Mcafee Inc. | Distributed data revocation using data commands |
US8856300B2 (en) | 2010-05-18 | 2014-10-07 | At&T Intellectual Property I, L.P. | End-to-end secure cloud computing |
US9069954B2 (en) * | 2010-05-25 | 2015-06-30 | Hewlett-Packard Development Company, L.P. | Security threat detection associated with security events and an actor category model |
WO2011149773A2 (en) * | 2010-05-25 | 2011-12-01 | Hewlett-Packard Development Company, L.P. | Security threat detection associated with security events and an actor category model |
US8474053B2 (en) | 2010-06-07 | 2013-06-25 | International Business Machines Corporation | Data security in a multi-nodal environment |
US9095002B2 (en) | 2010-07-12 | 2015-07-28 | Invensys Systems, Inc. | Methods and apparatus for process control with improved communication links |
US8331855B2 (en) | 2010-07-12 | 2012-12-11 | Invensys Systems, Inc. | Methods and apparatus for process control with improved communication links |
KR101016617B1 (en) * | 2010-07-26 | 2011-02-22 | 알서포트 주식회사 | Real time telemonitoring method for browsers connected to web server |
US20120072972A1 (en) * | 2010-09-20 | 2012-03-22 | Microsoft Corporation | Secondary credentials for batch system |
US20120079278A1 (en) * | 2010-09-28 | 2012-03-29 | Microsoft Corporation | Object security over network |
US9049236B2 (en) * | 2010-10-22 | 2015-06-02 | Hewlett-Packard Development Company, L. P. | Distributed network instrumentation system |
US9032013B2 (en) | 2010-10-29 | 2015-05-12 | Microsoft Technology Licensing, Llc | Unified policy over heterogenous device types |
US9237155B1 (en) * | 2010-12-06 | 2016-01-12 | Amazon Technologies, Inc. | Distributed policy enforcement with optimizing policy transformations |
WO2012100092A2 (en) * | 2011-01-19 | 2012-07-26 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US20120204248A1 (en) * | 2011-02-09 | 2012-08-09 | Verizon Patent And Licensing Inc. | Provisioner for single sign-on and non-single sign-on sites, applications, systems, and sessions |
US20120265879A1 (en) * | 2011-04-15 | 2012-10-18 | Microsoft Corporation | Managing servicability of cloud computing resources |
US8627442B2 (en) | 2011-05-24 | 2014-01-07 | International Business Machines Corporation | Hierarchical rule development and binding for web application server firewall |
US8769642B1 (en) | 2011-05-31 | 2014-07-01 | Amazon Technologies, Inc. | Techniques for delegation of access privileges |
US20120310984A1 (en) * | 2011-06-01 | 2012-12-06 | International Business Machines Corporation | Data security for a database in a multi-nodal environment |
JP5751029B2 (en) * | 2011-06-03 | 2015-07-22 | 株式会社リコー | Authentication device, program, and recording medium |
US8756651B2 (en) * | 2011-09-27 | 2014-06-17 | Amazon Technologies, Inc. | Policy compliance-based secure data access |
US9143530B2 (en) | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
US9280377B2 (en) | 2013-03-29 | 2016-03-08 | Citrix Systems, Inc. | Application with multiple operation modes |
US8806570B2 (en) | 2011-10-11 | 2014-08-12 | Citrix Systems, Inc. | Policy-based application management |
US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
US20140053234A1 (en) | 2011-10-11 | 2014-02-20 | Citrix Systems, Inc. | Policy-Based Application Management |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US9329784B2 (en) * | 2011-10-13 | 2016-05-03 | Microsoft Technology Licensing, Llc | Managing policies using a staging policy and a derived production policy |
US9009857B2 (en) | 2011-10-28 | 2015-04-14 | Absolute Software Corporation | Temporally controlling access to software assets on user devices |
US8935804B1 (en) * | 2011-12-15 | 2015-01-13 | United Services Automobile Association (Usaa) | Rules-based data access systems and methods |
AU2012100460B4 (en) | 2012-01-04 | 2012-11-08 | Uniloc Usa, Inc. | Method and system implementing zone-restricted behavior of a computing device |
AU2012100462B4 (en) | 2012-02-06 | 2012-11-08 | Uniloc Usa, Inc. | Near field authentication through communication of enclosed content sound waves |
US9256743B2 (en) * | 2012-02-29 | 2016-02-09 | Google Inc. | Remote enterprise policy/client configuration installation for computing devices |
US9444840B2 (en) * | 2012-03-13 | 2016-09-13 | Alcatel Lucent | Method and apparatus for a distributed security service in a cloud network |
US9027141B2 (en) * | 2012-04-12 | 2015-05-05 | Netflix, Inc. | Method and system for improving security and reliability in a networked application environment |
US9747581B2 (en) * | 2012-07-02 | 2017-08-29 | International Business Machines Corporation | Context-dependent transactional management for separation of duties |
US20140108558A1 (en) | 2012-10-12 | 2014-04-17 | Citrix Systems, Inc. | Application Management Framework for Secure Data Sharing in an Orchestration Framework for Connected Devices |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US20140109171A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
US8910239B2 (en) | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
US20140109176A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
US20140109072A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Application wrapping for application management framework |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US8990893B2 (en) * | 2012-11-12 | 2015-03-24 | International Business Machines Corporation | Enterprise application session control and monitoring in a large distributed environment |
US9100421B2 (en) | 2012-11-12 | 2015-08-04 | International Business Machines Corporation | Enterprise application session control and monitoring in a large distributed environment |
US8990883B2 (en) * | 2013-01-02 | 2015-03-24 | International Business Machines Corporation | Policy-based development and runtime control of mobile applications |
US9430116B2 (en) * | 2013-02-12 | 2016-08-30 | International Business Machines Corporation | Visualization of runtime resource policy attachments and applied policy details |
US9413736B2 (en) | 2013-03-29 | 2016-08-09 | Citrix Systems, Inc. | Providing an enterprise application store |
US8813179B1 (en) | 2013-03-29 | 2014-08-19 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US8910264B2 (en) | 2013-03-29 | 2014-12-09 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9355223B2 (en) | 2013-03-29 | 2016-05-31 | Citrix Systems, Inc. | Providing a managed browser |
US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US8850049B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing mobile device management functionalities for a managed browser |
US9088543B2 (en) | 2013-06-03 | 2015-07-21 | International Business Machines Corporation | Coordinated network security management |
US20150026760A1 (en) * | 2013-07-20 | 2015-01-22 | Keith Lipman | System and Method for Policy-Based Confidentiality Management |
US10171483B1 (en) | 2013-08-23 | 2019-01-01 | Symantec Corporation | Utilizing endpoint asset awareness for network intrusion detection |
US9860216B2 (en) * | 2013-09-16 | 2018-01-02 | Axis Ab | Anonymous decisions in an access control system |
US9471798B2 (en) * | 2013-09-20 | 2016-10-18 | Oracle International Corporation | Authorization policy objects sharable across applications, persistence model, and application-level decision-combining algorithm |
KR101670496B1 (en) * | 2014-08-27 | 2016-10-28 | 주식회사 파수닷컴 | Data management method, Computer program for the same, Recording medium storing computer program for the same, and User Client for the same |
US9298899B1 (en) | 2014-09-11 | 2016-03-29 | Bank Of America Corporation | Continuous monitoring of access of computing resources |
US10171437B2 (en) | 2015-04-24 | 2019-01-01 | Oracle International Corporation | Techniques for security artifacts management |
US10142371B2 (en) | 2015-04-24 | 2018-11-27 | Oracle International Corporation | Authorization policy customization and authorization policy lockdown |
US10104086B2 (en) | 2015-04-24 | 2018-10-16 | Oracle International Corporation | Techniques for fine grained protection of resources in an access management environment |
US9462013B1 (en) | 2015-04-29 | 2016-10-04 | International Business Machines Corporation | Managing security breaches in a networked computing environment |
US9923908B2 (en) | 2015-04-29 | 2018-03-20 | International Business Machines Corporation | Data protection in a networked computing environment |
US9954870B2 (en) | 2015-04-29 | 2018-04-24 | International Business Machines Corporation | System conversion in a networked computing environment |
US9736259B2 (en) | 2015-06-30 | 2017-08-15 | Iheartmedia Management Services, Inc. | Platform-as-a-service with proxy-controlled request routing |
US10395042B2 (en) | 2015-07-02 | 2019-08-27 | Oracle International Corporation | Data encryption service |
US10462183B2 (en) * | 2015-07-21 | 2019-10-29 | International Business Machines Corporation | File system monitoring and auditing via monitor system having user-configured policies |
US10742681B2 (en) * | 2015-08-21 | 2020-08-11 | PushPull Technology Limited | Data collaboration |
JP6655914B2 (en) * | 2015-09-02 | 2020-03-04 | インフォサイエンス株式会社 | Authority information management system and authority information management program |
US10776520B2 (en) * | 2015-09-14 | 2020-09-15 | Northwestern University | System and method for proxy-based data access mechanism in enterprise mobility management |
US10694352B2 (en) | 2015-10-28 | 2020-06-23 | Activision Publishing, Inc. | System and method of using physical objects to control software access |
US10044764B2 (en) * | 2015-12-28 | 2018-08-07 | Quest Software Inc. | Context-aware delegation engine |
US9888039B2 (en) * | 2015-12-28 | 2018-02-06 | Palantir Technologies Inc. | Network-based permissioning system |
US9674202B1 (en) | 2015-12-29 | 2017-06-06 | Imperva, Inc. | Techniques for preventing large-scale data breaches utilizing differentiated protection layers |
US9674201B1 (en) | 2015-12-29 | 2017-06-06 | Imperva, Inc. | Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets |
US20170205968A1 (en) | 2016-01-19 | 2017-07-20 | Regwez, Inc. | Multimode user interface |
US20170208125A1 (en) * | 2016-01-19 | 2017-07-20 | Hope Bay Technologies, Inc | Method and apparatus for data prefetch in cloud based storage system |
US10430600B2 (en) * | 2016-01-20 | 2019-10-01 | International Business Machines Corporation | Mechanisms for need to know and leak avoidance |
WO2017142970A1 (en) * | 2016-02-16 | 2017-08-24 | Illumio, Inc. | Enforcing label-based rules on a per-user basis in a distributed network management system |
GB2561621A (en) * | 2016-06-30 | 2018-10-24 | Mtk Ip Ltd | Content management system |
JP6772655B2 (en) * | 2016-08-15 | 2020-10-21 | 富士通株式会社 | Information processing system and information processing method |
US10778650B2 (en) * | 2016-08-17 | 2020-09-15 | Dell Products L.P. | Systems and methods for management domain attestation service |
US10289854B1 (en) * | 2016-09-23 | 2019-05-14 | Amdocs Development Limited | Apparatus, computer program, and method for generating an intermediate entitlement specification for controlling access to service or content |
US10419488B2 (en) * | 2017-03-03 | 2019-09-17 | Microsoft Technology Licensing, Llc | Delegating security policy management authority to managed accounts |
US10511632B2 (en) | 2017-03-03 | 2019-12-17 | Microsoft Technology Licensing, Llc | Incremental security policy development for an enterprise network |
US10467551B2 (en) | 2017-06-12 | 2019-11-05 | Ford Motor Company | Portable privacy management |
US11170116B2 (en) | 2017-10-19 | 2021-11-09 | 3D Bridge Solutions Inc. | Systems, devices and methods for protecting and exchanging electronic computer files |
US11032280B1 (en) * | 2017-12-13 | 2021-06-08 | Amazon Technologies, Inc. | Proxy for controlling access to services |
US10785190B2 (en) * | 2017-12-13 | 2020-09-22 | Adaptiv Networks Inc. | System, apparatus and method for providing a unified firewall manager |
US10979439B1 (en) | 2018-03-02 | 2021-04-13 | Amazon Technologies, Inc. | Identity management for coordinated devices in a networked environment |
US10872142B1 (en) * | 2018-03-02 | 2020-12-22 | Amazon Technologies, Inc. | Localized identity management in limited communication networks |
US10838710B2 (en) | 2018-05-15 | 2020-11-17 | International Business Machines Corporation | Dynamically updating security preferences in an Internet of Things (IoT) environment |
US10158545B1 (en) * | 2018-05-31 | 2018-12-18 | Tempered Networks, Inc. | Monitoring overlay networks |
US11636220B2 (en) | 2019-02-01 | 2023-04-25 | Intertrust Technologies Corporation | Data management systems and methods |
US11372995B2 (en) * | 2020-01-17 | 2022-06-28 | Snowflake Inc. | Container-centric access control on database objects |
US10911418B1 (en) | 2020-06-26 | 2021-02-02 | Tempered Networks, Inc. | Port level policy isolation in overlay networks |
US11070594B1 (en) | 2020-10-16 | 2021-07-20 | Tempered Networks, Inc. | Applying overlay network policy based on users |
US10999154B1 (en) | 2020-10-23 | 2021-05-04 | Tempered Networks, Inc. | Relay node management for overlay networks |
US20230015697A1 (en) * | 2021-07-13 | 2023-01-19 | Citrix Systems, Inc. | Application programming interface (api) authorization |
US11669527B1 (en) * | 2021-11-23 | 2023-06-06 | Sap Se | Optimized policy data structure for distributed authorization systems |
US11934543B1 (en) | 2022-11-17 | 2024-03-19 | Snowflake Inc. | Transient object references |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557747A (en) * | 1993-06-22 | 1996-09-17 | Rogers; Lawrence D. | Network policy implementation system for performing network control operations in response to changes in network state |
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
US5983270A (en) * | 1997-03-11 | 1999-11-09 | Sequel Technology Corporation | Method and apparatus for managing internetwork and intranetwork activity |
Family Cites Families (168)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5265221A (en) * | 1989-03-20 | 1993-11-23 | Tandem Computers | Access restriction facility method and apparatus |
JPH087709B2 (en) * | 1989-05-15 | 1996-01-29 | インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン | Access privilege control method and system |
US5335345A (en) | 1990-04-11 | 1994-08-02 | Bell Communications Research, Inc. | Dynamic query optimization using partial information |
US5173939A (en) | 1990-09-28 | 1992-12-22 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using compound principals |
US5426747A (en) | 1991-03-22 | 1995-06-20 | Object Design, Inc. | Method and apparatus for virtual memory mapping and transaction management in an object-oriented database system |
US5237614A (en) | 1991-06-07 | 1993-08-17 | Security Dynamics Technologies, Inc. | Integrated network security system |
US5347653A (en) | 1991-06-28 | 1994-09-13 | Digital Equipment Corporation | System for reconstructing prior versions of indexes using records indicating changes between successive versions of the indexes |
US5577209A (en) | 1991-07-11 | 1996-11-19 | Itt Corporation | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
US5481700A (en) | 1991-09-27 | 1996-01-02 | The Mitre Corporation | Apparatus for design of a multilevel secure database management system based on a multilevel logic programming system |
US5355474A (en) | 1991-09-27 | 1994-10-11 | Thuraisngham Bhavani M | System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification |
US5361359A (en) * | 1992-08-31 | 1994-11-01 | Trusted Information Systems, Inc. | System and method for controlling the use of a computer |
US5450593A (en) * | 1992-12-18 | 1995-09-12 | International Business Machines Corp. | Method and system for controlling access to objects in a data processing system based on temporal constraints |
JPH0798669A (en) | 1993-08-05 | 1995-04-11 | Hitachi Ltd | Distributed data base management system |
US5369702A (en) | 1993-10-18 | 1994-11-29 | Tecsec Incorporated | Distributed cryptographic object method |
US5455953A (en) * | 1993-11-03 | 1995-10-03 | Wang Laboratories, Inc. | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
US5835726A (en) * | 1993-12-15 | 1998-11-10 | Check Point Software Technologies Ltd. | System for securing the flow of and selectively modifying packets in a computer network |
US5544322A (en) | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5627886A (en) | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
CA2138302C (en) * | 1994-12-15 | 1999-05-25 | Michael S. Fortinsky | Provision of secure access to external resources from a distributed computing environment |
US5872928A (en) | 1995-02-24 | 1999-02-16 | Cabletron Systems, Inc. | Method and apparatus for defining and enforcing policies for configuration management in communications networks |
US6035399A (en) * | 1995-04-07 | 2000-03-07 | Hewlett-Packard Company | Checkpoint object |
US5889953A (en) * | 1995-05-25 | 1999-03-30 | Cabletron Systems, Inc. | Policy management and conflict resolution in computer networks |
US5757669A (en) | 1995-05-31 | 1998-05-26 | Netscape Communications Corporation | Method and apparatus for workgroup information replication |
US6009507A (en) | 1995-06-14 | 1999-12-28 | Avid Technology, Inc. | System and method for distributing processing among one or more processors |
US5956521A (en) | 1995-06-26 | 1999-09-21 | Wang; Kevin Kuan-Pin | System for universal electronic mail delivery where messaging devices are notified using a particular dialing, ringing, and hanging-up pattern |
EP0752652B1 (en) * | 1995-07-03 | 1998-12-16 | Sun Microsystems, Inc. | System and method for implementing a hierarchical policy for computer system administration |
US5774551A (en) | 1995-08-07 | 1998-06-30 | Sun Microsystems, Inc. | Pluggable account management interface with unified login and logout and multiple user authentication services |
US5941947A (en) | 1995-08-18 | 1999-08-24 | Microsoft Corporation | System and method for controlling access to data entities in a computer network |
US5859966A (en) * | 1995-10-10 | 1999-01-12 | Data General Corporation | Security system for computer systems |
US5825883A (en) * | 1995-10-31 | 1998-10-20 | Interval Systems, Inc. | Method and apparatus that accounts for usage of digital applications |
JP3023949B2 (en) | 1995-12-12 | 2000-03-21 | 株式会社村田製作所 | Dielectric filter |
US5809230A (en) | 1996-01-16 | 1998-09-15 | Mclellan Software International, Llc | System and method for controlling access to personal computer system resources |
US5826000A (en) | 1996-02-29 | 1998-10-20 | Sun Microsystems, Inc. | System and method for automatic configuration of home network computers |
US5826268A (en) | 1996-04-12 | 1998-10-20 | Ontos, Inc. | Secure multilevel object oriented database management system |
US6466947B2 (en) * | 1998-03-20 | 2002-10-15 | Sun Microsystems, Inc. | Apparatus and method for dynamically verifying information in a distributed system |
US5848396A (en) | 1996-04-26 | 1998-12-08 | Freedom Of Information, Inc. | Method and apparatus for determining behavioral profile of a computer user |
US6216231B1 (en) | 1996-04-30 | 2001-04-10 | At & T Corp. | Specifying security protocols and policy constraints in distributed systems |
US5987469A (en) | 1996-05-14 | 1999-11-16 | Micro Logic Corp. | Method and apparatus for graphically representing information stored in electronic media |
US5918210A (en) | 1996-06-07 | 1999-06-29 | Electronic Data Systems Corporation | Business query tool, using policy objects to provide query responses |
US6088451A (en) | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US5956400A (en) | 1996-07-19 | 1999-09-21 | Digicash Incorporated | Partitioned information storage systems with controlled retrieval |
US6055515A (en) | 1996-07-30 | 2000-04-25 | International Business Machines Corporation | Enhanced tree control system for navigating lattices data structures and displaying configurable lattice-node labels |
US5889952A (en) * | 1996-08-14 | 1999-03-30 | Microsoft Corporation | Access check system utilizing cached access permissions |
US5841869A (en) * | 1996-08-23 | 1998-11-24 | Cheyenne Property Trust | Method and apparatus for trusted processing |
US5950195A (en) | 1996-09-18 | 1999-09-07 | Secure Computing Corporation | Generalized security policy management system and method |
US6055637A (en) | 1996-09-27 | 2000-04-25 | Electronic Data Systems Corporation | System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential |
US6029182A (en) | 1996-10-04 | 2000-02-22 | Canon Information Systems, Inc. | System for generating a custom formatted hypertext document by using a personal profile to retrieve hierarchical documents |
US6453345B2 (en) | 1996-11-06 | 2002-09-17 | Datadirect Networks, Inc. | Network security and surveillance system |
US6154844A (en) | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
US6292900B1 (en) | 1996-12-18 | 2001-09-18 | Sun Microsystems, Inc. | Multilevel security attribute passing methods, apparatuses, and computer program products in a stream |
US5987611A (en) | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6241608B1 (en) | 1997-01-15 | 2001-06-05 | Lawrence J. Torango | Progressive wagering system |
US6233686B1 (en) | 1997-01-17 | 2001-05-15 | At & T Corp. | System and method for providing peer level access control on a network |
WO1998033151A1 (en) | 1997-01-24 | 1998-07-30 | Sony Corporation | Device, method, and medium for generating graphic data |
WO1998040992A2 (en) * | 1997-03-10 | 1998-09-17 | Internet Dynamics, Inc. | Methods and apparatus for controlling access to information |
US6408336B1 (en) * | 1997-03-10 | 2002-06-18 | David S. Schneider | Distributed administration of access to information |
US6178505B1 (en) | 1997-03-10 | 2001-01-23 | Internet Dynamics, Inc. | Secure delivery of information in a network |
US6105027A (en) | 1997-03-10 | 2000-08-15 | Internet Dynamics, Inc. | Techniques for eliminating redundant access checking by access filters |
US6226745B1 (en) | 1997-03-21 | 2001-05-01 | Gio Wiederhold | Information sharing system and method with requester dependent sharing and security rules |
US5867667A (en) | 1997-03-24 | 1999-02-02 | Pfn, Inc. | Publication network control system using domain and client side communications resource locator lists for managing information communications between the domain server and publication servers |
US6275941B1 (en) | 1997-03-28 | 2001-08-14 | Hiatchi, Ltd. | Security management method for network system |
US6029246A (en) * | 1997-03-31 | 2000-02-22 | Symantec Corporation | Network distributed system for updating locally secured objects in client machines |
US5991877A (en) * | 1997-04-03 | 1999-11-23 | Lockheed Martin Corporation | Object-oriented trusted application framework |
US6335972B1 (en) | 1997-05-23 | 2002-01-01 | International Business Machines Corporation | Framework-based cryptographic key recovery system |
US6029196A (en) | 1997-06-18 | 2000-02-22 | Netscape Communications Corporation | Automatic client configuration system |
US6185587B1 (en) | 1997-06-19 | 2001-02-06 | International Business Machines Corporation | System and method for building a web site with automated help |
US6684369B1 (en) * | 1997-06-19 | 2004-01-27 | International Business Machines, Corporation | Web site creator using templates |
US6029144A (en) | 1997-08-29 | 2000-02-22 | International Business Machines Corporation | Compliance-to-policy detection method and system |
US6005571A (en) | 1997-09-30 | 1999-12-21 | Softline, Inc. | Graphical user interface for managing security in a database system |
US6006194A (en) | 1997-10-01 | 1999-12-21 | Merel; Peter A. | Computer-implemented system for controlling resources and policies |
US5954798A (en) | 1997-10-06 | 1999-09-21 | Ncr Corporation | Mechanism for dependably managing web synchronization and tracking operations among multiple browsers |
US5991879A (en) | 1997-10-23 | 1999-11-23 | Bull Hn Information Systems Inc. | Method for gradual deployment of user-access security within a data processing system |
US6317868B1 (en) | 1997-10-24 | 2001-11-13 | University Of Washington | Process for transparently enforcing protection domains and access control as well as auditing operations in software components |
US6014666A (en) * | 1997-10-28 | 2000-01-11 | Microsoft Corporation | Declarative and programmatic access control of component-based server applications using roles |
US5999978A (en) | 1997-10-31 | 1999-12-07 | Sun Microsystems, Inc. | Distributed system and method for controlling access to network resources and event notifications |
US6157924A (en) | 1997-11-07 | 2000-12-05 | Bell & Howell Mail Processing Systems Company | Systems, methods, and computer program products for delivering information in a preferred medium |
US6070244A (en) | 1997-11-10 | 2000-05-30 | The Chase Manhattan Bank | Computer network security management system |
US6202066B1 (en) | 1997-11-19 | 2001-03-13 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role/group permission association using object access type |
US6272492B1 (en) * | 1997-11-21 | 2001-08-07 | Ibm Corporation | Front-end proxy for transparently increasing web server functionality |
US6385627B1 (en) | 1997-11-24 | 2002-05-07 | International Business Machines Corporation | Method, apparatus and computer program product for providing document user role indication |
IL122314A (en) | 1997-11-27 | 2001-03-19 | Security 7 Software Ltd | Method and system for enforcing a communication security policy |
US6088679A (en) | 1997-12-01 | 2000-07-11 | The United States Of America As Represented By The Secretary Of Commerce | Workflow management employing role-based access control |
US6654747B1 (en) | 1997-12-02 | 2003-11-25 | International Business Machines Corporation | Modular scalable system for managing data in a heterogeneous environment with generic structure for control repository access transactions |
US5966707A (en) | 1997-12-02 | 1999-10-12 | International Business Machines Corporation | Method for managing a plurality of data processes residing in heterogeneous data repositories |
US6202157B1 (en) * | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
US6360363B1 (en) | 1997-12-31 | 2002-03-19 | Eternal Systems, Inc. | Live upgrade process for object-oriented programs |
US6035423A (en) | 1997-12-31 | 2000-03-07 | Network Associates, Inc. | Method and system for providing automated updating and upgrading of antivirus applications using a computer network |
US6230271B1 (en) | 1998-01-20 | 2001-05-08 | Pilot Network Services, Inc. | Dynamic policy-based apparatus for wide-range configurable network service authentication and access control using a fixed-path hardware configuration |
US6055636A (en) | 1998-01-27 | 2000-04-25 | Entrust Technologies, Limited | Method and apparatus for centralizing processing of key and certificate life cycle management |
US6202207B1 (en) | 1998-01-28 | 2001-03-13 | International Business Machines Corporation | Method and a mechanism for synchronized updating of interoperating software |
CA2228687A1 (en) | 1998-02-04 | 1999-08-04 | Brett Howard | Secured virtual private networks |
US6484261B1 (en) | 1998-02-17 | 2002-11-19 | Cisco Technology, Inc. | Graphical network security policy management |
US6108687A (en) | 1998-03-02 | 2000-08-22 | Hewlett Packard Company | System and method for providing a synchronized display to a plurality of computers over a global computer network |
US6304881B1 (en) | 1998-03-03 | 2001-10-16 | Pumatech, Inc. | Remote data access and synchronization |
US6178504B1 (en) * | 1998-03-12 | 2001-01-23 | Cheyenne Property Trust C/O Data Securities International, Inc. | Host system elements for an international cryptography framework |
US6321336B1 (en) | 1998-03-13 | 2001-11-20 | Secure Computing Corporation | System and method for redirecting network traffic to provide secure communication |
US6141686A (en) | 1998-03-13 | 2000-10-31 | Deterministic Networks, Inc. | Client-side application-classifier gathering network-traffic statistics and application and user names using extensible-service provider plugin for policy-based network control |
US6182226B1 (en) | 1998-03-18 | 2001-01-30 | Secure Computing Corporation | System and method for controlling interactions between networks |
US6324685B1 (en) * | 1998-03-18 | 2001-11-27 | Becomm Corporation | Applet server that provides applets in various forms |
US6073242A (en) * | 1998-03-19 | 2000-06-06 | Agorics, Inc. | Electronic authority server |
US6052531A (en) | 1998-03-25 | 2000-04-18 | Symantec Corporation | Multi-tiered incremental software updating |
US6618806B1 (en) | 1998-04-01 | 2003-09-09 | Saflink Corporation | System and method for authenticating users in a computer network |
US6285985B1 (en) | 1998-04-03 | 2001-09-04 | Preview Systems, Inc. | Advertising-subsidized and advertising-enabled software |
US6295607B1 (en) | 1998-04-06 | 2001-09-25 | Bindview Development Corporation | System and method for security control in a data processing system |
US6182277B1 (en) | 1998-04-15 | 2001-01-30 | Oracle Corporation | Methods and apparatus for declarative programming techniques in an object oriented environment |
US6965999B2 (en) * | 1998-05-01 | 2005-11-15 | Microsoft Corporation | Intelligent trust management method and system |
US6339826B2 (en) | 1998-05-05 | 2002-01-15 | International Business Machines Corp. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
US6148333A (en) * | 1998-05-13 | 2000-11-14 | Mgi Software Corporation | Method and system for server access control and tracking |
US6338064B1 (en) * | 1998-05-14 | 2002-01-08 | International Business Machines Corporation | Method for enabling a web server running a “closed” native operating system to impersonate a user of a web client to obtain a protected file |
US6122647A (en) | 1998-05-19 | 2000-09-19 | Perspecta, Inc. | Dynamic generation of contextual links in hypertext documents |
US6167407A (en) | 1998-06-03 | 2000-12-26 | Symantec Corporation | Backtracked incremental updating |
US6083276A (en) | 1998-06-11 | 2000-07-04 | Corel, Inc. | Creating and configuring component-based applications using a text-based descriptive attribute grammar |
US6253321B1 (en) | 1998-06-19 | 2001-06-26 | Ssh Communications Security Ltd. | Method and arrangement for implementing IPSEC policy management using filter code |
US6285366B1 (en) | 1998-06-30 | 2001-09-04 | Sun Microsystems, Inc. | Hierarchy navigation system |
US6615218B2 (en) | 1998-07-17 | 2003-09-02 | Sun Microsystems, Inc. | Database for executing policies for controlling devices on a network |
US6170009B1 (en) | 1998-07-17 | 2001-01-02 | Kallol Mandal | Controlling devices on a network through policies |
US6141010A (en) | 1998-07-17 | 2000-10-31 | B. E. Technology, Llc | Computer interface method and apparatus with targeted advertising |
US6209101B1 (en) | 1998-07-17 | 2001-03-27 | Secure Computing Corporation | Adaptive security system having a hierarchy of security servers |
US6539414B1 (en) * | 1998-07-30 | 2003-03-25 | Compaq Computer Corporation | Incorporating collateral and concurrent activity in a data processing transaction |
WO2000008573A1 (en) | 1998-08-04 | 2000-02-17 | Rulespace, Inc. | Method and system for deriving computer users' personal interests |
US6397222B1 (en) | 1998-08-07 | 2002-05-28 | Paul Zellweger | Method and apparatus for end-user management of a content menu on a network |
US6473791B1 (en) * | 1998-08-17 | 2002-10-29 | Microsoft Corporation | Object load balancing |
US6397231B1 (en) | 1998-08-31 | 2002-05-28 | Xerox Corporation | Virtual documents generated via combined documents or portions of documents retrieved from data repositories |
US6377973B2 (en) | 1998-09-30 | 2002-04-23 | Emrys Technologies, Ltd. | Event management in a system with application and graphical user interface processing adapted to display predefined graphical elements resides separately on server and client machine |
US6341352B1 (en) | 1998-10-15 | 2002-01-22 | International Business Machines Corporation | Method for changing a security policy during processing of a transaction request |
US6427229B1 (en) * | 1998-10-22 | 2002-07-30 | International Business Machines Corporation | Object oriented mechanism and method for maintaining elements on a flexibly constrained collection that may use any suitable object as a key |
US6167445A (en) * | 1998-10-26 | 2000-12-26 | Cisco Technology, Inc. | Method and apparatus for defining and implementing high-level quality of service policies in computer networks |
US6460141B1 (en) | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
JP3856969B2 (en) | 1998-11-02 | 2006-12-13 | 株式会社日立製作所 | Object analysis design support method |
US6530024B1 (en) | 1998-11-20 | 2003-03-04 | Centrax Corporation | Adaptive feedback security system and method |
US6393474B1 (en) | 1998-12-31 | 2002-05-21 | 3Com Corporation | Dynamic policy management apparatus and method using active network devices |
US6668354B1 (en) | 1999-01-05 | 2003-12-23 | International Business Machines Corporation | Automatic display script and style sheet generation |
US6412077B1 (en) | 1999-01-14 | 2002-06-25 | Cisco Technology, Inc. | Disconnect policy for distributed computing systems |
US6154741A (en) | 1999-01-29 | 2000-11-28 | Feldman; Daniel J. | Entitlement management and access control system |
US6308163B1 (en) | 1999-03-16 | 2001-10-23 | Hewlett-Packard Company | System and method for enterprise workflow resource management |
US6154766A (en) | 1999-03-23 | 2000-11-28 | Microstrategy, Inc. | System and method for automatic transmission of personalized OLAP report output |
US6260050B1 (en) | 1999-03-23 | 2001-07-10 | Microstrategy, Inc. | System and method of adapting automatic output of service related OLAP reports to disparate output devices |
US6678827B1 (en) * | 1999-05-06 | 2004-01-13 | Watchguard Technologies, Inc. | Managing multiple network security devices from a manager device |
US6519647B1 (en) | 1999-07-23 | 2003-02-11 | Microsoft Corporation | Methods and apparatus for synchronizing access control in a web server |
US6934934B1 (en) * | 1999-08-30 | 2005-08-23 | Empirix Inc. | Method and system for software object testing |
EP1247165B1 (en) | 1999-10-01 | 2006-05-03 | Infoglide Corporation | System and method for transforming a relational database to a hierarchical database |
US6418448B1 (en) | 1999-12-06 | 2002-07-09 | Shyam Sundar Sarkar | Method and apparatus for processing markup language specifications for data and metadata used inside multiple related internet documents to navigate, query and manipulate information from a plurality of object relational databases over the web |
US6587849B1 (en) | 1999-12-10 | 2003-07-01 | Art Technology Group, Inc. | Method and system for constructing personalized result sets |
US6584454B1 (en) | 1999-12-31 | 2003-06-24 | Ge Medical Technology Services, Inc. | Method and apparatus for community management in remote system servicing |
US6484177B1 (en) | 2000-01-13 | 2002-11-19 | International Business Machines Corporation | Data management interoperability methods for heterogeneous directory structures |
US6694336B1 (en) * | 2000-01-25 | 2004-02-17 | Fusionone, Inc. | Data transfer and synchronization system |
US20040230546A1 (en) * | 2000-02-01 | 2004-11-18 | Rogers Russell A. | Personalization engine for rules and knowledge |
US7278153B1 (en) * | 2000-04-12 | 2007-10-02 | Seachange International | Content propagation in interactive television |
US6779002B1 (en) * | 2000-06-13 | 2004-08-17 | Sprint Communications Company L.P. | Computer software framework and method for synchronizing data across multiple databases |
US6477575B1 (en) | 2000-09-12 | 2002-11-05 | Capital One Financial Corporation | System and method for performing dynamic Web marketing and advertising |
US6754672B1 (en) | 2000-09-13 | 2004-06-22 | American Management Systems, Inc. | System and method for efficient integration of government administrative and program systems |
US7647387B2 (en) | 2000-12-01 | 2010-01-12 | Oracle International Corporation | Methods and systems for rule-based distributed and personlized content delivery |
US7882555B2 (en) * | 2001-03-16 | 2011-02-01 | Kavado, Inc. | Application layer security method and system |
US6904454B2 (en) * | 2001-03-21 | 2005-06-07 | Nokia Corporation | Method and apparatus for content repository with versioning and data modeling |
US7062490B2 (en) * | 2001-03-26 | 2006-06-13 | Microsoft Corporation | Serverless distributed file system |
US20020173971A1 (en) | 2001-03-28 | 2002-11-21 | Stirpe Paul Alan | System, method and application of ontology driven inferencing-based personalization systems |
US6970876B2 (en) * | 2001-05-08 | 2005-11-29 | Solid Information Technology | Method and arrangement for the management of database schemas |
ATE260487T1 (en) * | 2001-05-17 | 2004-03-15 | Peter Pressmar | VIRTUAL DATABASE OF HETEROGENEOUS DATA STRUCTURES |
US20020178119A1 (en) * | 2001-05-24 | 2002-11-28 | International Business Machines Corporation | Method and system for a role-based access control model with active roles |
US6922695B2 (en) * | 2001-09-06 | 2005-07-26 | Initiate Systems, Inc. | System and method for dynamically securing dynamic-multi-sourced persisted EJBS |
AU2002334721B2 (en) * | 2001-09-28 | 2008-10-23 | Oracle International Corporation | An index structure to access hierarchical data in a relational database system |
US6795242B2 (en) * | 2002-02-06 | 2004-09-21 | Lightwaves 2020, Inc. | Miniature circulator devices and methods for making the same |
US7254581B2 (en) * | 2002-11-13 | 2007-08-07 | Jerry Johnson | System and method for creation and maintenance of a rich content or content-centric electronic catalog |
US20060085412A1 (en) * | 2003-04-15 | 2006-04-20 | Johnson Sean A | System for managing multiple disparate content repositories and workflow systems |
US20050050184A1 (en) * | 2003-08-29 | 2005-03-03 | International Business Machines Corporation | Method, system, and storage medium for providing life-cycle management of grid services |
WO2006044798A2 (en) * | 2004-10-15 | 2006-04-27 | Protegrity Corporation | Cooperative processing and escalation in a multi-node application-layer security system and method |
-
1999
- 1999-02-12 US US09/248,788 patent/US6158010A/en not_active Expired - Lifetime
- 1999-10-28 JP JP2000578733A patent/JP2002528815A/en active Pending
- 1999-10-28 AU AU13315/00A patent/AU1331500A/en not_active Abandoned
- 1999-10-28 GB GB0110181A patent/GB2360107B/en not_active Expired - Lifetime
- 1999-10-28 WO PCT/US1999/025455 patent/WO2000025214A1/en active Application Filing
-
2000
- 2000-11-22 US US09/721,557 patent/US7506357B1/en not_active Expired - Lifetime
-
2001
- 2001-01-22 US US09/767,610 patent/US6941472B2/en not_active Expired - Lifetime
-
2005
- 2005-06-30 US US11/171,104 patent/US7318237B2/en not_active Expired - Fee Related
-
2009
- 2009-03-10 US US12/401,540 patent/US20090178111A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5557747A (en) * | 1993-06-22 | 1996-09-17 | Rogers; Lawrence D. | Network policy implementation system for performing network control operations in response to changes in network state |
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
US5983270A (en) * | 1997-03-11 | 1999-11-09 | Sequel Technology Corporation | Method and apparatus for managing internetwork and intranetwork activity |
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6460141B1 (en) | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
US7694115B1 (en) | 1998-11-09 | 2010-04-06 | Sri International | Network-based alert management system |
US6704874B1 (en) | 1998-11-09 | 2004-03-09 | Sri International, Inc. | Network-based alert management |
US6708212B2 (en) | 1998-11-09 | 2004-03-16 | Sri International | Network surveillance |
US6711615B2 (en) | 1998-11-09 | 2004-03-23 | Sri International | Network surveillance |
US7594260B2 (en) | 1998-11-09 | 2009-09-22 | Sri International | Network surveillance using long-term and short-term statistical profiles to determine suspicious network activity |
US9407509B2 (en) | 1998-11-09 | 2016-08-02 | Sri International | Network surveillance |
GB2355323A (en) * | 1999-10-05 | 2001-04-18 | Authoriszor Ltd | Information security profile and policy system |
US7917393B2 (en) | 2000-09-01 | 2011-03-29 | Sri International, Inc. | Probabilistic alert correlation |
EP1189128A3 (en) * | 2000-09-15 | 2002-08-07 | Matsushita Electric Industrial Co., Ltd. | Secure system and method for accessing files in computers using fingerprints |
US6910132B1 (en) | 2000-09-15 | 2005-06-21 | Matsushita Electric Industrial Co., Ltd. | Secure system and method for accessing files in computers using fingerprints |
US9027121B2 (en) | 2000-10-10 | 2015-05-05 | International Business Machines Corporation | Method and system for creating a record for one or more computer security incidents |
DE10146361A1 (en) * | 2001-09-20 | 2003-04-24 | Fraunhofer Ges Forschung | Device and method for establishing a security policy in a distributed system |
DE10146361B4 (en) * | 2001-09-20 | 2007-02-01 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Distributed system |
EP1308823A3 (en) * | 2001-10-31 | 2009-02-25 | Asgent, Inc. | Creating security policies automatically |
EP1308823A2 (en) | 2001-10-31 | 2003-05-07 | Asgent, Inc. | Creating security policies automatically |
GB2386710A (en) * | 2002-03-18 | 2003-09-24 | Hewlett Packard Co | Controlling access to data or documents |
WO2004051929A1 (en) * | 2002-12-03 | 2004-06-17 | Nanjing Golden Eagle International Group Software System Co., Ltd. | Audit platform system for application process based on components |
EP1591860A1 (en) * | 2003-02-04 | 2005-11-02 | Fujitsu Limited | Software maintenance service providing system, software maintenance service method, and program for causing computer to execute the method |
EP1591860A4 (en) * | 2003-02-04 | 2010-10-13 | Fujitsu Ltd | Software maintenance service providing system, software maintenance service method, and program for causing computer to execute the method |
EP1542426A3 (en) * | 2003-12-05 | 2011-12-14 | Microsoft Corporation | Security-related programming interface |
EP1897019A4 (en) * | 2005-05-13 | 2011-10-05 | Cryptomill Technologies Ltd | Cryptographic control for mobile storage means |
US8464354B2 (en) | 2005-05-13 | 2013-06-11 | Cryptomill Inc. | Content cryptographic firewall system |
US8689347B2 (en) | 2005-05-13 | 2014-04-01 | Cryptomill Inc. | Cryptographic control for mobile storage means |
EP1897019A1 (en) * | 2005-05-13 | 2008-03-12 | Cryptomill | Cryptographic control for mobile storage means |
EP1746764A3 (en) * | 2005-07-21 | 2007-02-07 | Huawei Technologies Co., Ltd. | Universal security management system, device and method for network management |
EP2405607A4 (en) * | 2009-05-22 | 2014-03-19 | Zte Corp | Privilege management system and method based on object |
EP2405607A1 (en) * | 2009-05-22 | 2012-01-11 | ZTE Corporation | Privilege management system and method based on object |
US9191369B2 (en) | 2009-07-17 | 2015-11-17 | Aryaka Networks, Inc. | Application acceleration as a service system and method |
US9832170B2 (en) | 2009-07-17 | 2017-11-28 | Aryaka Networks, Inc. | Application acceleration as a service system and method |
EP2507736A2 (en) * | 2009-11-30 | 2012-10-10 | Absolute Software Corporation | Approaches for a location aware client |
EP2507736A4 (en) * | 2009-11-30 | 2014-07-02 | Absolute Software Corp | Approaches for a location aware client |
EP2529300A1 (en) * | 2010-01-27 | 2012-12-05 | Varonis Systems, Inc. | Time dependent access permissions |
EP2529300A4 (en) * | 2010-01-27 | 2017-05-03 | Varonis Systems, Inc. | Time dependent access permissions |
EP2591438A4 (en) * | 2010-07-06 | 2015-04-22 | Ipsiti Inc | Systems and methods for establishing trust between entities in support of transactions |
EP2591438A2 (en) * | 2010-07-06 | 2013-05-15 | Ipsiti, Inc. | Systems and methods for establishing trust between entities in support of transactions |
US8893215B2 (en) | 2010-10-29 | 2014-11-18 | Nokia Corporation | Method and apparatus for providing distributed policy management |
US9654509B2 (en) | 2010-10-29 | 2017-05-16 | Nokia Technologies Oy | Method and apparatus for providing distributed policy management |
WO2012056099A1 (en) * | 2010-10-29 | 2012-05-03 | Nokia Corporation | Method and apparatus for providing distributed policy management |
US11159575B2 (en) | 2019-04-02 | 2021-10-26 | Trinomial Global Ltd | Remote management of a user device |
US11503080B2 (en) | 2019-04-02 | 2022-11-15 | Trinomial Global Ltd | Remote management of a user device |
GB2598552A (en) * | 2020-08-25 | 2022-03-09 | Advanced Risc Mach Ltd | Network security |
GB2598552B (en) * | 2020-08-25 | 2023-01-04 | Advanced Risc Mach Ltd | Network security |
Also Published As
Publication number | Publication date |
---|---|
US20090178111A1 (en) | 2009-07-09 |
US7506357B1 (en) | 2009-03-17 |
AU1331500A (en) | 2000-05-15 |
GB2360107B (en) | 2003-11-12 |
US6941472B2 (en) | 2005-09-06 |
GB2360107A (en) | 2001-09-12 |
US20010007133A1 (en) | 2001-07-05 |
JP2002528815A (en) | 2002-09-03 |
US7318237B2 (en) | 2008-01-08 |
GB0110181D0 (en) | 2001-06-20 |
US6158010A (en) | 2000-12-05 |
US20050257247A1 (en) | 2005-11-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6158010A (en) | System and method for maintaining security in a distributed computer network | |
US7363650B2 (en) | System and method for incrementally distributing a security policy in a computer network | |
US7350226B2 (en) | System and method for analyzing security policies in a distributed computer network | |
US9058471B2 (en) | Authorization system for heterogeneous enterprise environments | |
US7555645B2 (en) | Reactive audit protection in the database (RAPID) | |
US9049195B2 (en) | Cross-domain security for data vault | |
US7593942B2 (en) | Mandatory access control base | |
US7827598B2 (en) | Grouped access control list actions | |
US7814075B2 (en) | Dynamic auditing | |
US8918839B2 (en) | System and method for providing multi-location access management to secured items | |
JP3546787B2 (en) | Access control system, access control method, and storage medium | |
US20080010233A1 (en) | Mandatory access control label security | |
Delessy et al. | Patterns for access control in distributed systems | |
GB2385969A (en) | Security manager with policy specifying access and customizable code | |
KR100657353B1 (en) | Security system and method for supporting a variety of access control policies, and recordable medium thereof | |
CN115422526A (en) | Role authority management method, device and storage medium | |
Bednar et al. | Oracle Database Security Guide 11g Release 2 (11.2) E16543-14 | |
Badkar et al. | Oracle Database Security Guide 11g Release 2 (11.2) E16543-01 | |
Badkar et al. | Oracle Database Security Guide 11g Release 2 (11.2) E10574-04 | |
Badkar et al. | Oracle Database Security Guide 11g Release 1 (11.1) B28531-11 | |
Badkar et al. | Oracle Database Security Guide 11g Release 1 (11.1) B28531-15 | |
Badkar et al. | Oracle Database Security Guide 11g Release 2 (11.2) E10574-03 | |
Badkar et al. | Oracle Database Security Guide 11g Release 1 (11.1) B28531-12 | |
Badkar et al. | Oracle Database Security Guide 11g Release 2 (11.2) E10574-02 | |
Moore | Oracle Database Security Guide, 10g Release 1 (10.1) Part No. B10773-01 Copyright© 2003 Oracle Corporation. All rights reserved. Primary Authors: Laurel P. Hale, Jeffrey Levinger Contributing Authors: Ruth Baylis, Michele Cyran, John Russell |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref country code: AU Ref document number: 2000 13315 Kind code of ref document: A Format of ref document f/p: F |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref country code: GB Ref document number: 200110181 Kind code of ref document: A Format of ref document f/p: F |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2000 578733 Kind code of ref document: A Format of ref document f/p: F |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase |