Information security – Access control or authentication – Network
Reexamination Certificate
2006-09-08
2010-10-12
Moazzami, Nasser (Department: 2436)
Information security
Access control or authentication
Network
C726S001000, C726S005000, C726S006000, C726S021000, C713S155000, C713S167000, C713S182000, C713S185000, C717S114000, C717S117000
Reexamination Certificate
active
07814534
ABSTRACT:
The auditing of authorization decisions is facilitated by integrating or coupling an audit policy to access control decisions. In an example implementation, an audit policy of an auditing scheme is coupled to a semantic framework of an access control scheme such that the audit policy is specified using at least a portion of the semantic framework. In another example implementation, audit policy rules include audit content rules that specify what audit information from any of the inputs, the outputs, or the internal data of authorization decisions is to be included in an audit record. In yet another example implementation, a semantic of an audit trigger rule comports with a semantic framework of an access request and of a logical evaluation for an authorization decision.
REFERENCES:
patent: 5649099 (1997-07-01), Theimer et al.
patent: 5765153 (1998-06-01), Benantar et al.
patent: 6189103 (2001-02-01), Nevarez et al.
patent: 6216231 (2001-04-01), Stubblebine
patent: 6256734 (2001-07-01), Blaze et al.
patent: 6484261 (2002-11-01), Wiegel
patent: 6779120 (2004-08-01), Valente et al.
patent: 6931530 (2005-08-01), Pham et al.
patent: 7290138 (2007-10-01), Freeman et al.
patent: 7426635 (2008-09-01), Parkhil et al.
patent: 7506364 (2009-03-01), Vayman
patent: 7509489 (2009-03-01), Kostal et al.
patent: 7533265 (2009-05-01), Ballinger et al.
patent: 7644284 (2010-01-01), Stubblebine
patent: 2001/0018675 (2001-08-01), Blaze et al.
patent: 2002/0087859 (2002-07-01), Weeks et al.
patent: 2003/0083877 (2003-05-01), Sugimoto
patent: 2003/0120955 (2003-06-01), Bartal et al.
patent: 2003/0149714 (2003-08-01), Casati et al.
patent: 2003/0225697 (2003-12-01), DeTreville
patent: 2003/0229781 (2003-12-01), Fox et al.
patent: 2004/0034770 (2004-02-01), Kaler et al.
patent: 2004/0064707 (2004-04-01), McCann et al.
patent: 2004/0122958 (2004-06-01), Wardrop
patent: 2004/0123154 (2004-06-01), Lippman et al.
patent: 2004/0128393 (2004-07-01), Blakley, III et al.
patent: 2004/0128546 (2004-07-01), Blakley, III et al.
patent: 2004/0139352 (2004-07-01), Shewchuk et al.
patent: 2004/0181665 (2004-09-01), Houser
patent: 2004/0243835 (2004-12-01), Terzis et al.
patent: 2004/0250112 (2004-12-01), Valente et al.
patent: 2005/0055363 (2005-03-01), Mather
patent: 2005/0066198 (2005-03-01), Gelme et al.
patent: 2005/0079866 (2005-04-01), Chen et al.
patent: 2005/0097060 (2005-05-01), Lee et al.
patent: 2005/0132220 (2005-06-01), Chang et al.
patent: 2005/0138357 (2005-06-01), Swenson et al.
patent: 2005/0187877 (2005-08-01), Tadayon et al.
patent: 2005/0220304 (2005-10-01), Lenoir et al.
patent: 2006/0005227 (2006-01-01), Samuelsson et al.
patent: 2006/0015728 (2006-01-01), Ballinger et al.
patent: 2006/0026667 (2006-02-01), Bhide et al.
patent: 2006/0041929 (2006-02-01), Della-Libera et al.
patent: 2006/0048216 (2006-03-01), Hinton et al.
patent: 2006/0075469 (2006-04-01), Vayman
patent: 2006/0106856 (2006-05-01), Bermender et al.
patent: 2006/0129817 (2006-06-01), Borneman et al.
patent: 2006/0136990 (2006-06-01), Hinton et al.
patent: 2006/0156391 (2006-07-01), Salowey
patent: 2006/0195690 (2006-08-01), Kostal et al.
patent: 2006/0200664 (2006-09-01), Whitehead et al.
patent: 2006/0206707 (2006-09-01), Kostal et al.
patent: 2006/0206925 (2006-09-01), Dillaway et al.
patent: 2006/0206931 (2006-09-01), Dillaway et al.
patent: 2006/0225055 (2006-10-01), Tieu
patent: 2006/0230432 (2006-10-01), Lee et al.
patent: 2006/0236382 (2006-10-01), Hinton et al.
patent: 2006/0242688 (2006-10-01), Paramasivam et al.
patent: 2006/0259776 (2006-11-01), Johnson et al.
patent: 2007/0043607 (2007-02-01), Howard et al.
patent: 2007/0055887 (2007-03-01), Cross et al.
patent: 2007/0143835 (2007-06-01), Cameron et al.
patent: 2007/0199059 (2007-08-01), Takehi
patent: 2007/0283411 (2007-12-01), Paramasivam et al.
patent: 2007/0300285 (2007-12-01), Fee et al.
patent: 2008/0066158 (2008-03-01), Dillaway et al.
patent: 2008/0066159 (2008-03-01), Dillaway et al.
patent: 2008/0066160 (2008-03-01), Becker et al.
patent: 2008/0066169 (2008-03-01), Dillaway et al.
patent: 2008/0097748 (2008-04-01), Haley et al.
patent: 2008/0127320 (2008-05-01), De Lutiis et al.
patent: 2008/0172721 (2008-07-01), Noh et al.
patent: WO0056027 (2000-09-01), None
J. G. Cederquist et al, “An Audit Logic for Accountability”, pp. 1-10, IEEE, 2005.
John DeTreville, “Binder, a logic-based security language”, pp. 1-9, IEEE, 2002.
John Hughes et al, Security Assertion Markup Language (SAML) 2.0 Technical Overview, pp. 1-36, OASIS, 2004.
“Logic Based Authorization Policy Engineering”, Jie Dai et al, pp. 1-9, 2001.
“By reason and Authority: A system for Authorization of Proof-Carrying Code”, Nathan Whitehead et al, pp. 1-15, IEEE, 2004.
“System Description: Twelf—A Meta-Logical Framework for Deductive Systems”, Frank Pfenning et al, pp. 1-5, 1999.
Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0, Oasis Standard , Mar. 15, 2005.
“Security Assertion Markup Language (SAML) 2.0 Technical Overview”, OASIS, Working Draft 01, Jul. 22, 2004, pp. 1-36.
Ardagna, at al., “XML-based Access Control Languages”, Universita degli Studi di Milano, Italy, available at <<http://seclab.dti.unimi.it/Papers/RI-3.pdf, pp. 1-14.
Becker, et al., “Cassandra: Distributed Access Control Policies with Tunable Expressiveness”, IEEE 5th International Workshop on Policies for Distributed Systems and Networks, 2004, pp. 159-168.
Becker, et al., “Cassandra: Flexible Trust Management, Applied to Electronic Health Records”, IEEE Computer Security Foundations Workshop, 2004, pp. 139-154.
Blaze, et al., “Decentralized Trust Management”, IEEE Symposium on Security and Privacy, 1996, pp. 164-173.
Blaze, et al., “The Role of Trust Management in Distributed Systems Security”, Secure Internet Programming, 1999, pp. 185-210.
“eXtensible rights Markup Language (XrML) 2.0 Specificaton Part II: Core Schema”, ContentGuard, available at <<www.xrml.org>> Nov. 20, 2001, 46 pages.
Damianou, et al., “Ponder: A Language for Specifying Security and Management Policies for Distributed Systems”, Imperial College of Science, Technology and Medicine, London, U.K, Oct. 20, 2000, available at <<http://www.doc.ic.ac.uk/˜ncd/policies/files/PonderSpec.pdf, pp. 1-49.
DeTreville, “Binder, A Logic-Based Security Language”, IEEE Symposium on Security and Privacy, 2002, pp. 105-113.
Ellison, et al., “RFC 2693—SPKI Certificate Theory”, available at <<http://www.ietf.org/rfc/rfc2693.txt>>, accessed on Sep. 27, 2006, 38 pages.
Halpern, et al., “Using First-Order Logic to Reason About Policies”, IEEE Computer Security Foundations Workshop, 2003, available at <<http://arxiv.org/PS—cache/cs/pdf/0601/0601034.pdf>>, pp. 187-201.
Jim, “SD3: A Trust Management System with Certified Evaluation”, Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001, available at <<http://www.research.att.com/˜trevor/papers/JimOakland2001.pdf#search=%22%22SD3%3A%20A%20Trust%20Management%20System%20with%20Certified%20Evaluation%22%22>>, pp. 106-115.
Li, et al, “A Practically Implementable and Tractable Delegation Logic”, IEEE Symposium on Security and Privacy, 2000, available at <<http://www.cs.purdue.edu/homes
inghui/papers/dl—oakland00.pdf>>, pp. 27-42.
Li, et al., “Datalog with Constraints: A Foundation For Trust Management Languages”, Proc. PADL, 2003, available at <<http://www.cs.purdue.edu/homes
inghui/papers/cdatalog—padl03.pdf#search=%22%22Datalog%20with%20Constraints%3A%20A%20Foundation%For%20Trust%20Management%20Languages%22%22>>, pp. 58-73.
Li, et al., “Design of a Role-Based Trust Management Framework”, Proceedings of the 2002 IEEE Symposium on Security and
Abedin Shanto M
Lee & Hayes PLLC
Microsoft Corporation
Moazzami Nasser
LandOfFree
Auditing authorization decisions does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Auditing authorization decisions, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Auditing authorization decisions will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4217221