최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0186204 (2002-06-26) |
등록번호 | US-7478418 (2009-01-13) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 45 인용 특허 : 305 |
Improved approaches for communicating changes to security policies (or rules) in a distributed security system are disclosed. Depending on the status of an affected user in the system, the changes can be delivered to the user if the user is logged in the system or effectuated in a state message in
Improved approaches for communicating changes to security policies (or rules) in a distributed security system are disclosed. Depending on the status of an affected user in the system, the changes can be delivered to the user if the user is logged in the system or effectuated in a state message in a local server and the state message is delivered to the user next time the user is logged in the system. If a local server is not operative at the time that a change request is received for a user of the local server, the change request is redirected to another local server. The user is directed to the another local server to affect the change request. As a result, various changes are guaranteed to be delivered to the affected users without compromising the network efficiency.
We claim: 1. A method for distributing a security policy change within a security system distributed over a computer network, the method comprising: generating a command to include the security policy change in response to a request received from a central server; determining, before delivering the
We claim: 1. A method for distributing a security policy change within a security system distributed over a computer network, the method comprising: generating a command to include the security policy change in response to a request received from a central server; determining, before delivering the command, users that are to be affected by the security policy change; effectuating the security policy change in a state message for a user among the users when the user is not logged in the system, wherein the state message is to be pulled to the user whenever the user is logged in the system; and delivering the command to the user when the user is currently logged in the system, wherein the security policy change occurs regardless of which of the users is affected. 2. The method of claim 1, wherein the security policy change alters access privilege of the user to secured items in the system. 3. The method of claim 2, wherein the security policy change is to affect a system policy originally placed for the user. 4. The method of claim 2, wherein each of the secured items includes first and second portions, the first portion including security information and the second portion being an encrypted data portion, wherein the security information controls restrictive access to the second portion. 5. The method of claim 4, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules. 6. The method of claim 5, wherein the access rules are subsequently measured against the access privilege of the user. 7. The method of claim 1, wherein the request is received from the central server, and the request is generated manually by an operator of the central server or in accordance with an event to alter access privilege of the user. 8. The method of claim 1, wherein the request is generated in the central server, and wherein the generating of the command comprises: determining what the request is intended to do; effectuating the request locally, if the request is not intended to the users; and selecting the command suitably to carry out the security policy change, if the request is to affect the users. 9. The method of claim 1 further comprising identifying the command or the security policy change by an identifier; and deleting the command once the security policy change has been effectuated. 10. The method of claim 1, wherein the delivering of the security policy change to the user comprises: pushing the command to the user; and effectuating the security policy change locally with respect to the user such that access privilege of the user is altered. 11. A computer readable tangible storage medium having computer program code recorded thereon, that when executed by a processor, causes the processor to distribute a security policy change within a security system by a method, the method comprising: generating a command to include the security policy change in response to a request received from a central server; determining, before delivering the command, users that are to be affected by the security policy change; effectuating the security policy change in a state message for a user among the users when the user is not logged in the system, wherein the state message is to be pulled to the user whenever the user is logged in the system; and delivering the command to the user when the user is currently logged in the system, wherein the security policy change occurs regardless of which of the users is affected. 12. The computer readable tangible storage medium of claim 11, wherein the security policy change alters access privilege of the user to secured items in the system. 13. The computer readable tangible storage medium of claim 12, wherein the security policy change is to affect a system policy originally placed for the user. 14. The computer readable tangible storage medium of claim 12, wherein each of the secured items includes first and second portions, the first portion including security information and the second portion being an encrypted data portion, wherein the security information controls restrictive access to the second portion. 15. The computer readable tangible storage medium of claim 14, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules. 16. The computer readable tangible storage medium of claim 15, wherein the access rules are subsequently measured against the access privilege of the user. 17. The computer readable tangible storage medium of claim 11, wherein the request is generated in the central server, and wherein the generating the command comprises: determining what the request is intended to do; effectuating the request locally, if the request is not intended to the users, and selecting the command suitably to carry out the security policy change, if the request is to affect the users. 18. The computer readable tangible storage medium of claim 11, wherein the method further comprises: identifying the command or the security policy change by an identifier; and deleting the command once the security policy change has been effectuated. 19. The computer readable tangible storage medium of claim 11, wherein the delivering the security policy change to the user comprises: pushing the command to the user; and effectuating the security policy change locally with respect to the user such that access privilege of the user is altered. 20. A method, comprising: receiving a request at a second local server to carry out a command for a security policy change, for a user that is determined to be affected by the security policy change, upon a determination that a first local server cannot carry out the security policy change; delivering the command to the user when the user is currently logged onto the second local server; and storing the security policy change for the user when the user is not logged onto the second server, wherein the command is delivered to the user whenever the user is logged onto the second local server. 21. The method of claim 20, wherein the security policy change alters access privilege of the user to a secured item. 22. The method of claim 21, wherein a secured item includes first and second portions, the first portion including security information and the second portion being an encrypted data portion. 23. The method of claim 22, wherein the security information includes a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules. 24. The method of claim 23, wherein the access rules are subsequently measured against the access privilege of the user. 25. The method of claim 20, wherein the security policy change affects a previous system policy. 26. The method of claim 20, wherein the request is generated in accordance with an event to alter access privilege of the user. 27. The method of claim 20, further comprising identifying the command by an identifier; and deleting the command once the security policy change has been effectuated. 28. A computer-readable storage medium containing instructions that, when executed by a processor, causes the processor to: receive a request at a second local server to carry out a command for a security policy change, for a user that is determined to be affected by the security policy change, upon a determination that a first local server cannot carry out the security policy change; upon determining the user is currently logged onto the second local server, deliver the command to the user; and upon determining the user is not logged onto the second server, storing store the security policy change for the user, upon determining the user is logged onto the second local server, deliver the command to the user. 29. The computer-readable storage medium of claim 28, wherein the security policy change alters access privilege of the user to a secured item. 30. The computer-readable storage medium of claim 29, wherein a secured item includes first and second portions, the first portion including security information and the second portion being an encrypted data portion. 31. The computer-readable storage medium of claim 30, wherein the security information includes a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules. 32. The computer-readable storage medium of claim 31, wherein the access rules are subsequently measured against the access privilege of the user. 33. The computer-readable storage medium of claim 28, wherein the security policy change affects a previous system policy. 34. The computer-readable storage medium of claim 28, wherein the request is generated in accordance with an event to alter access privilege of the user. 35. The computer-readable storage medium of claim 28, further comprises: identify the command by an identifier; and delete the command once the security policy change has been effectuated. 36. A system, comprising: a first local server configured (a) to carry out a command for a security policy change received from a central server, the central server previously determining a user to be affected by the security policy change, and (b) to store the security policy change for the user in a state message when the user is not logged in, wherein upon logging in the state message is delivered to the user; wherein upon determining the user is logged in, the first local server is configured to deliver the command to the user. 37. The system of claim 36, wherein the security policy change alters access privilege of the user to a secured item. 38. The system of claim 37, wherein a secured item includes first and second portions, the first portion including security information and the second portion being an encrypted data portion. 39. The system of claim 38, wherein the security information includes a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules. 40. The system of claim 39, wherein the access rules are subsequently measured against the access privilege of the user. 41. The system of claim 36, wherein the security policy change affects a previous system policy. 42. The system of claim 36, wherein the request is generated in accordance with an event to alter access privilege of the user. 43. The system of claim 36, wherein the first local server is configured to identify the command by an identifier and delete the command once the security policy change has been effectuated. 44. A computer-readable storage medium having computer program code recorded thereon, that when executed by a processor, causes the processor to perform a method, the method comprising: transmitting a request to a second local server from a central server to carry out a command for a security policy change, for a user that is determined to be affected by the security policy change, upon a determination that a first local server cannot carry out the security policy change; delivering the command to the user when the user is currently logged onto the second local server; and upon determining the user is not logged onto the second server, storing the security policy change for the user, upon determining the use is logged onto the second local server, delivering the command to the user. 45. A computer-readable storage medium having computer program code recorded thereon, that when executed by a processor, causes the processor to perform a method, the method comprising: transmitting a request from a central server to a first local server to carry out a command for a security policy change, the central server previously determining a user to be affected by the security policy change; upon determining the user is currently logged in delivering the command to the user; and upon determining the user is not currently logged in storing the security policy change for the user, wherein upon logging in the state message is delivered to the user.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.