Electrical computers and digital processing systems: multicomput – Remote data accessing
Reexamination Certificate
1998-08-17
2002-10-29
Banankhah, Majid (Department: 2151)
Electrical computers and digital processing systems: multicomput
Remote data accessing
C709S241000, C709S241000, C709S241000, C709S203000, C709S224000, C709S225000
Reexamination Certificate
active
06473791
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to computer systems, and more particularly to improvements in trust management for computer systems.
BACKGROUND OF THE INVENTION
Trust management is directed to the concept of controlling decisions made by system components such as applications with respect to certain potentially dangerous actions. In general, to make an appropriate decision, an application's desired action is verified against a policy. A policy for a particular action is a set of rules that determine whether that particular action is allowed or denied. By way of example, a web browser may make a decision on whether to download executable code from the Internet based on a policy comprising explicit user preferences and the validity of a digital signature on the code. Similarly, a certificate authority makes a decision whether to issue a certificate based on whether the requester complies with its policy for establishing its identity, while a secure operating system such as Microsoft Windows NT decides whether to log on a user based on a policy of whether the correct account password was supplied, the account is not locked out and whether other constraints, such as logon time and date restrictions, are not violated.
However, although in general the operation of verifying a request for action against a policy is common to trust management in applications, policy evaluation implementations are different in each application. For example, policies are represented in different ways in each application, and sometimes difficult for users to locate or recognize. Moreover, because the policies are built into the applications, the policies are essentially static and only minimally modifiable as limited by a few optional settings. As a result, there is no easy way to modify or add new policy constraints to policies used by applications to control their decisions, nor is there an easy way to enforce new domain-wide policies. Administrators of large (enterprise) networks are often forced to go to great lengths to uniformly implement policies.
SUMMARY OF THE INVENTION
Briefly, the present invention provides a system and method of using a policy to make a decision on a proposed action of a system component such as an application. In accordance with the present invention, policies are centrally maintained system resources available to any system component through an intelligent trust manager. Action information including the proposed action is received from a system component, and the action information is used to obtain a policy corresponding to the proposed action. To this end, the policy may be implemented in a COM object mapped by a policy manager to the action identified in the action information. The policy dynamically obtains variable information at the policy from a source independent of the system component, such as via state maintained in the policy, from other context, through a user interface, or from an external source such as a website. The policy makes a decision via executable code therein, based on the variable information obtained thereby, and returns the decision to the system component.
REFERENCES:
patent: 4752928 (1988-06-01), Chapman et al.
patent: 5093914 (1992-03-01), Coplien et al.
patent: 5125091 (1992-06-01), Staas, Jr. et al.
patent: 5151987 (1992-09-01), Abraham et al.
patent: 5168441 (1992-12-01), Onarheim et al.
patent: 5179702 (1993-01-01), Spix et al.
patent: 5212793 (1993-05-01), Donica et al.
patent: 5315703 (1994-05-01), Matheny et al.
patent: 5442791 (1995-08-01), Wrabetz et al.
patent: 5459837 (1995-10-01), Caccavale
patent: 5485617 (1996-01-01), Stutz et al.
patent: 5524238 (1996-06-01), Miller et al.
patent: 5574918 (1996-11-01), Hurley et al.
patent: 5577251 (1996-11-01), Hamilton et al.
patent: 5579520 (1996-11-01), Bennett
patent: 5687370 (1997-11-01), Garst et al.
patent: 5689708 (1997-11-01), Regnier et al.
patent: 5752038 (1998-05-01), Blake et al.
patent: 5765174 (1998-06-01), Bishop et al.
patent: 5790789 (1998-08-01), Suarez
patent: 5802291 (1998-09-01), Balick et al.
patent: 5838916 (1998-11-01), Domenikos et al.
patent: 5881225 (1999-03-01), Worth
patent: 5884316 (1999-03-01), Bernstein et al.
patent: 5890161 (1999-03-01), Helland et al.
patent: 5907675 (1999-05-01), Aahlad
patent: 5941947 (1999-08-01), Brown et al.
patent: 5958004 (1999-09-01), Helland et al.
patent: 5958010 (1999-09-01), Agarwal et al.
patent: 6014666 (2000-01-01), Helland et al.
patent: 6026428 (2000-02-01), Hutchison et al.
patent: 6105147 (2000-08-01), Molloy
patent: 6134594 (2000-10-01), Helland et al.
patent: 0559100 (1993-02-01), None
patent: 0623876 (1994-03-01), None
patent: 0638863 (1994-10-01), None
patent: 0738966 (1996-04-01), None
patent: 0777178 (1996-11-01), None
“An Object-Oriented Database System Jasmine: Implementation Application, and Extension”, Hiroshi Ishikawa, et al., Apr. 1996.*
Orfali et al., The Essential Distributed Objects Survival Guide, pp. 423-452, 1996.
Brockschmidt, Inside Ole, pp. 277-338, 1995.
Nance, Balance the Load with Transaction Server, Byte Magazine, pp. 1-8, 1997.
Tomsen, “Virtually Crash Proof Your Web Site with IISS4.0,”Microsoft Interactive Developer, vol. 2, No. 10, pp. 41-46, Oct., 1997.
Go, “Internet load-balancing solutions: Balance on the back end,”InfoWorld, pp. 72-86, Mar., 1998.
Lam, “Building Scalable Apps,”PC Tech Magazine, pp. 209-214, Apr., 1998.
“DCOM Technical Overview,” Microsoft Press, pp. 1-32, Apr., 1998.
Horstmann & Kirtland, “DCOM Architecture,” Microsoft Press, pp. 1-55, Apr., 1998.
U.S. application No. 09/071,594, Fox et al., filed May 1, 1998.
Jajodia, “Database Security and Privacy,” (Tucker, editor)The Computer Science and Engineering Handbook, chapter 49, pp. 1112-1124 (Dec. 1996).
Sandhu, “Authentication, Access Control, and Instrusion Detection,” (Tucker, editor)The Computer Science and Engineering Handbook, chapter 91, pp. 1929-1948 (Dec. 1996).
Moffett, J.D., Specification of Management Policies and Discretionary Access Control. In M. S. Sloman, editor, Network and Distributed Systems Management, chapter 17, pp. 455-479. Addison-Wesley, 1994.
Sloman, M. and Moffett, J.D., “Managing Distributed Systems”, Domino Project Report, Imperial College, U.K. Sep. 1989.
Wiederhold, G.: Mediators in the Architecture of Future Information Systems. IEEE Computer, 25(3), 1992.
Sloman, M.S., Policy Driven Management for Distributed Systems. Journal of Network and Systems Management, 2(4): 333-360, Plenum Press Publishing, 1994.
Moffett, J.D. and Sloman, M.S., Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communications, Special Issue on Network Management, 11(9):1404-1414, Dec. 1993.
Gile, S., Reporting Application Usage in a LAN Environment, New Centerings in Computing Services, pp. 147-159 (1990).
Moffett, J.D. and Sloman M.S., (1991b), The Representation of Policies as System Objects, Proceedings of the Conference on Organisational Computer Systems (COCS'91) Atlanta, GA, Nov. 5-8, 1991, in SIGOIS Bulletin vol. 12, Nos. 2 & 3, pp 171-184.
Barkley, “Role Based Access Control (RBAC),” Software Diagnostics and Conformance Testing National Institute of Standards and Technology, pp. 1-27, Mar. 1998.
Cugini and Ferraiolo, “Role Based Access Control Slide Set-May 1995,” National Institute of Standards and Technology, pp. 1-25, May 1995.
Ferraiolo and Barkley, “Specifying and Managing Role-Based Access Control Within a Corporate Intranet,” National Institute of Standards and Technology, pp. 1-6, 1997.
Ferraiolo and Kuhn, “Role-Based Access Control,” Reprinted fromProceedings of 15th National Computer Security Conference, pp. 1-11, 1992.
Orfali, Harkey, Edwards, “Client/Server Transaction Processing,”Essential Client/Server Survival Guide, pp. 241-288, 1994.
Limprecht, “Microsoft Transaction Server,”Compcon '97. Proceedings, IEEE, pp. 14-18, 1997.
Chappell, “The Microsoft Transaction Server (MTS)-Transactions Meet Components,” http://www.microsoft.com/Com/wpaper/mtscomp.asp, Feb. 1998.
Orfali et al., “CORBA Services: System Management and Sec
Al-Ghosein Mohsen
Gray Jan S.
Limprecht Rodney
Mital Amit
Banankhah Majid
Klarquist & Sparkman, LLP
Microsoft Corporation
LandOfFree
Object load balancing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Object load balancing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Object load balancing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2943991