WO2005069823A3 - Centralized transactional security audit for enterprise systems - Google Patents

Centralized transactional security audit for enterprise systems Download PDF

Info

Publication number
WO2005069823A3
WO2005069823A3 PCT/US2005/001098 US2005001098W WO2005069823A3 WO 2005069823 A3 WO2005069823 A3 WO 2005069823A3 US 2005001098 W US2005001098 W US 2005001098W WO 2005069823 A3 WO2005069823 A3 WO 2005069823A3
Authority
WO
WIPO (PCT)
Prior art keywords
audit
server
request
transaction
entry point
Prior art date
Application number
PCT/US2005/001098
Other languages
French (fr)
Other versions
WO2005069823A2 (en
Inventor
Jun Song
Original Assignee
Jun Song
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jun Song filed Critical Jun Song
Publication of WO2005069823A2 publication Critical patent/WO2005069823A2/en
Publication of WO2005069823A3 publication Critical patent/WO2005069823A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This invention provides a method to achieve centralized security audit for an authentication and authorization and access control system. At the transaction entry point, a transaction ID is created and associated with an audit-request and audit-response object. The entry point can be in a firewall (401), IDS (402), Proxy Server (403), Web Server (404) and Application Server (405). The implementation can be in hardware or software. As the request is passed downstream, a logging event occurring at any desired audit point will be added into the audit-request object during the downstream or audit-response object during the upstream. The accumulated logging event data will then be output to a persistent storage device (203) at the central location, which can be anywhere between the entry point to the end point of the transaction. This request-response based transactional auditing method is then applied to an Identity Management System in order to provide centralized secure audit for authentication, authorization, access control and single sign-on, multi-domain and multi-tiered server systems. Those multi-tiered enterprise systems can include firewall (401), IDS (402), proxy server (403), web server (404), application server (405), Web Services (414), MQ server (406) and mainframe SERVER (407). This audit method can also be applied to pass requests over a system that needs to redirect the requests over multiple external networks such as the Internet.
PCT/US2005/001098 2004-01-15 2005-01-11 Centralized transactional security audit for enterprise systems WO2005069823A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US53677604P 2004-01-15 2004-01-15
US60/536,776 2004-01-15

Publications (2)

Publication Number Publication Date
WO2005069823A2 WO2005069823A2 (en) 2005-08-04
WO2005069823A3 true WO2005069823A3 (en) 2005-09-29

Family

ID=34807051

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/001098 WO2005069823A2 (en) 2004-01-15 2005-01-11 Centralized transactional security audit for enterprise systems

Country Status (1)

Country Link
WO (1) WO2005069823A2 (en)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004510215A (en) 2000-05-19 2004-04-02 ネットスケープ コミュニケーションズ コーポレーション Adaptable multi-tier authentication system
US7174454B2 (en) 2002-11-19 2007-02-06 America Online, Inc. System and method for establishing historical usage-based hardware trust
US7310669B2 (en) 2005-01-19 2007-12-18 Lockdown Networks, Inc. Network appliance for vulnerability assessment auditing over multiple networks
US7810138B2 (en) 2005-01-26 2010-10-05 Mcafee, Inc. Enabling dynamic authentication with different protocols on the same port for a switch
US8520512B2 (en) 2005-01-26 2013-08-27 Mcafee, Inc. Network appliance for customizable quarantining of a node on a network
US8214887B2 (en) 2005-03-20 2012-07-03 Actividentity (Australia) Pty Ltd. Method and system for providing user access to a secure application
US8141138B2 (en) * 2005-10-17 2012-03-20 Oracle International Corporation Auditing correlated events using a secure web single sign-on login
US7950049B2 (en) 2006-10-24 2011-05-24 Avatier Corporation Hybrid meta-directory
US8931057B2 (en) 2006-10-24 2015-01-06 Avatier Corporation Apparatus and method for access validation
US7707623B2 (en) 2006-10-24 2010-04-27 Avatier Corporation Self-service resource provisioning having collaborative compliance enforcement
US8656472B2 (en) 2007-04-20 2014-02-18 Microsoft Corporation Request-specific authentication for accessing web service resources
US8572716B2 (en) 2007-04-23 2013-10-29 Microsoft Corporation Integrating operating systems with content offered by web based entities
US8364837B2 (en) 2008-01-24 2013-01-29 International Business Machines Corporation Virtual web service
US8689289B2 (en) 2008-10-02 2014-04-01 Microsoft Corporation Global object access auditing
US8006140B2 (en) 2009-05-05 2011-08-23 Oracle International Corporation Diagnostic solution for web service process flows
US8510263B2 (en) 2009-06-15 2013-08-13 Verisign, Inc. Method and system for auditing transaction data from database operations
US9460277B2 (en) 2010-12-06 2016-10-04 International Business Machines Corporation Identity based auditing in a multi-product environment
CN102739603B (en) * 2011-03-31 2015-10-21 国际商业机器公司 The method and apparatus of single-sign-on
US8726372B2 (en) 2012-04-30 2014-05-13 General Electric Company Systems and methods for securing controllers
US8964973B2 (en) 2012-04-30 2015-02-24 General Electric Company Systems and methods for controlling file execution for industrial control systems
US8959362B2 (en) 2012-04-30 2015-02-17 General Electric Company Systems and methods for controlling file execution for industrial control systems
US8973124B2 (en) 2012-04-30 2015-03-03 General Electric Company Systems and methods for secure operation of an industrial controller
US9046886B2 (en) 2012-04-30 2015-06-02 General Electric Company System and method for logging security events for an industrial control system
US8997186B2 (en) 2013-01-24 2015-03-31 General Electric Company System and method for enhanced control system security
US9398102B2 (en) 2013-03-06 2016-07-19 Netskope, Inc. Security for network delivered services
US11210380B2 (en) 2013-05-13 2021-12-28 Veridium Ip Limited System and method for authorizing access to access-controlled environments
US9003196B2 (en) 2013-05-13 2015-04-07 Hoyos Labs Corp. System and method for authorizing access to access-controlled environments
US9553867B2 (en) 2013-08-01 2017-01-24 Bitglass, Inc. Secure application access system
US9231915B2 (en) * 2013-10-29 2016-01-05 A 10 Networks, Incorporated Method and apparatus for optimizing hypertext transfer protocol (HTTP) uniform resource locator (URL) filtering
JP6426189B2 (en) 2013-12-31 2018-11-21 ヴェリディウム アイピー リミテッド System and method for biometric protocol standard
US9838388B2 (en) 2014-08-26 2017-12-05 Veridium Ip Limited System and method for biometric protocol standards
US9571495B2 (en) 2014-05-29 2017-02-14 General Electric Company Methods and systems for authorizing web service requests
US10114966B2 (en) 2015-03-19 2018-10-30 Netskope, Inc. Systems and methods of per-document encryption of enterprise information stored on a cloud computing service (CCS)
US11329980B2 (en) 2015-08-21 2022-05-10 Veridium Ip Limited System and method for biometric protocol standards
US11403418B2 (en) 2018-08-30 2022-08-02 Netskope, Inc. Enriching document metadata using contextual information
US11425169B2 (en) 2016-03-11 2022-08-23 Netskope, Inc. Small-footprint endpoint data loss prevention (DLP)
US11405423B2 (en) 2016-03-11 2022-08-02 Netskope, Inc. Metadata-based data loss prevention (DLP) for cloud resources
US10270788B2 (en) 2016-06-06 2019-04-23 Netskope, Inc. Machine learning based anomaly detection
US10469525B2 (en) 2016-08-10 2019-11-05 Netskope, Inc. Systems and methods of detecting and responding to malware on a file system
US10805352B2 (en) 2017-04-21 2020-10-13 Netskope, Inc. Reducing latency in security enforcement by a network security system (NSS)
US10834113B2 (en) 2017-07-25 2020-11-10 Netskope, Inc. Compact logging of network traffic events
US10783270B2 (en) 2018-08-30 2020-09-22 Netskope, Inc. Methods and systems for securing and retrieving sensitive data using indexable databases
CN110971429B (en) * 2018-09-29 2022-03-22 杭州阿启视科技有限公司 Management method of cloud video hardware management system
US11416641B2 (en) 2019-01-24 2022-08-16 Netskope, Inc. Incident-driven introspection for data loss prevention
US11856022B2 (en) 2020-01-27 2023-12-26 Netskope, Inc. Metadata-based detection and prevention of phishing attacks
US10867073B1 (en) 2020-06-03 2020-12-15 Netskope, Inc. Detecting organization image-borne sensitive documents and protecting against loss of the sensitive documents
US10990856B1 (en) 2020-06-03 2021-04-27 Netskope, Inc. Detecting image-borne identification documents for protecting sensitive information
CN112162832B (en) * 2020-09-08 2024-02-09 北京人大金仓信息技术股份有限公司 Method and device for realizing audit data storage under multi-version concurrency control
US11848949B2 (en) 2021-01-30 2023-12-19 Netskope, Inc. Dynamic distribution of unified policies in a cloud-based policy enforcement system
US11503038B1 (en) 2021-10-27 2022-11-15 Netskope, Inc. Policy enforcement and visibility for IaaS and SaaS open APIs

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010867A1 (en) * 2000-01-19 2002-01-24 Schaefer Robert G. Performance path method and apparatus for exchanging data among systems using different data formats
US20030084350A1 (en) * 2001-11-01 2003-05-01 International Business Machines Corporation System and method for secure configuration of sensitive web services
US20030217290A1 (en) * 2002-05-15 2003-11-20 Dick Richard S. Managing data in compliance with regulated privacy, security, and electronic transaction standards

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010867A1 (en) * 2000-01-19 2002-01-24 Schaefer Robert G. Performance path method and apparatus for exchanging data among systems using different data formats
US20030084350A1 (en) * 2001-11-01 2003-05-01 International Business Machines Corporation System and method for secure configuration of sensitive web services
US20030217290A1 (en) * 2002-05-15 2003-11-20 Dick Richard S. Managing data in compliance with regulated privacy, security, and electronic transaction standards

Also Published As

Publication number Publication date
WO2005069823A2 (en) 2005-08-04

Similar Documents

Publication Publication Date Title
WO2005069823A3 (en) Centralized transactional security audit for enterprise systems
US10810515B2 (en) Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment
US10742546B2 (en) Traffic on-boarding for acceleration through out-of-band security authenticators
US7127607B1 (en) PKI-based client/server authentication
US7111323B1 (en) Method and apparatus to facilitate a global timeout in a distributed computing environment
US8607322B2 (en) Method and system for federated provisioning
DE69835416T2 (en) METHOD FOR SAFELY CARRYING OUT A TELECOMMUNICATION COMMAND
DE60130037T2 (en) PROCESS AND SYSTEM FOR WEB-BASED CROSS-DOMAIN AUTHORIZATION WITH UNIQUE REGISTRATION
US8683607B2 (en) Method of web service and its apparatus
US8196177B2 (en) Digital rights management (DRM)-enabled policy management for a service provider in a federated environment
US7657924B2 (en) Method and system for implementing authorization policies for web services
US20100268932A1 (en) System and method of verifying the origin of a client request
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
EP2359576A2 (en) Domain based authentication scheme
CN109495486B (en) Single-page Web application integration CAS method based on JWT
US7822976B2 (en) Network data security system and protecting method thereof
CN108667761B (en) Method for protecting single sign-on by using session of secure socket layer
Chan Weakest link attack on single sign-on and its case in saml v2. 0 web sso
James Web single sign-on systems
CN116155631B (en) Enterprise-level forward and reverse cascading authentication method and system
Popa Securing a REST Web Service
JP5724017B1 (en) Authentication linkage system for multiple computer systems
CN115473683A (en) Interactive web verification optimization method and system
CN114024763A (en) Multi-system single-point authentication method based on kong
CN114374862A (en) EPG webpage security access system and method based on IPTV

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase