Claims
- 1. A method for distributing a security policy change within a security system distributed over a computer network, the method comprising:
generating a command to include the security policy change in response to a request received from the central server; determining users that are to be affected by the security policy change; effectuating the security policy change in a state message for a user among the users when the user is not logged in the system, wherein the state message is to be pulled to the user whenever the user is logged in the system; and delivering the command to the user when the user is currently logged in the system.
- 2. The method of claim 1, wherein the security policy change alters access privilege of the user to secured items in the system.
- 3. The method of claim 2, wherein the security policy change is to affect a system policy originally placed for the user.
- 4. The method of claim 2, wherein each of the secured items includes first and second portions, the first portion including security information and the second portion being an encrypted data portion, wherein the security information controls restrictive access to the second portion.
- 5. The method of claim 4, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules.
- 6. The method of claim 5, wherein the access rules are subsequently measured against the access privilege of the user.
- 7. The method of claim 1, wherein the request is received from the central server, and the request is generated manually by an operator of the central server or in accordance with an event to alter access privilege of the user.
- 8. The method of claim 1, wherein the request is generated in the central server, and wherein the generating of the command comprises:
determining what the request is intended to do; effectuating the request locally, if the request is not intended to the users; and selecting the command suitably to carry out the security policy change, if the request is to affect the users.
- 9. The method of claim 1 further comprising:
identifying the command or the security policy change by an identifier; and deleting the command once the security policy change has been effectuated.
- 10. The method of claim 1, wherein the delivering of the security policy change to the user comprising:
pushing the command to the user; and effectuating the security policy change locally with respect to the user such that access privilege of the user is altered.
- 11. A method for distributing a security policy change within a security system distributed over a computer network, the method comprising:
receiving a request from a central server to carry out the security policy change to alter access privilege of a user to secured items in the system; determining a first local server that services the user; generating a command in a second local server in response to the request when it is determined that the first local server is not operative, both the first and second local servers coupled to the central server; delivering the command to the user when the user is currently logged with the second local server; and effectuating the security policy change in a state message for the user when the user is not logged in the system, wherein the state message is delivered to one of the first and second local servers whenever the user is logged with the one of the first and second local servers, wherein the state message is subsequently pulled to the user.
- 12. The method of claim 11 further comprising:
identifying the command or the security policy change by an identifier; and deleting the command once the security policy change has been effectuated.
- 13. The method of claim 11 further comprising routing the user to the second local server when the user intends to log with the first local server.
- 14. An architecture for distributing a security policy change within a security system distributed over a computer network, the architecture comprising:
a central server providing access control management in the system; at least a first local server and a second local server, each carrying out some or all of the access control management for a plurality of users; wherein the central server initiates a request to alter access privilege of a user managed by the first local server and sends the request to the second local server upon detecting that the first local server is not operative, in response to the request, the second local server pushes a command to the user to carry out the security policy change if the user is logged with the second local server; and wherein the central server effectuates the security policy change in a state message for the user when the user is not logged in the system, the state message is delivered to one of the first and second local servers whenever the user is logged with the one of the first and second local servers, the state message is subsequently pulled to the user.
- 15. A computer readable medium including at least computer program code for distributing a security policy change within a security system, the computer readable medium comprising:
program code for generating a command to include the security policy change in response to a request received from the central server; program code for determining users that are to be affected by the security policy change; program code for effectuating the security policy change in a state message for a user among the users when the user is not logged in the system, wherein the state message is to be pulled to the user whenever the user is logged in the system; and program code for delivering the command to the user when the user is currently logged in the system.
- 16. The computer readable medium of claim 15, wherein the security policy change alters access privilege of the user to secured items in the system.
- 17. The computer readable medium of claim 16, wherein the security policy change is to affect a system policy originally placed for the user.
- 18. The computer readable medium of claim 16, wherein each of the secured items includes first and second portions, the first portion including security information and the second portion being an encrypted data portion, wherein the security information controls restrictive access to the second portion.
- 19. The computer readable medium of claim 18, wherein the security information includes at least a first key and a second key, the second key is used to encrypt the first key, the second key is encrypted and the encrypted second key is guarded by access rules.
- 20. The computer readable medium of claim 19, wherein the access rules are subsequently measured against the access privilege of the user.
- 21. The computer readable medium of claim 15, wherein the request is generated in the central server, and wherein the program code for generating the command comprises:
program code for determining what the request is intended to do; program code effectuating the request locally, if the request is not intended to the users; and program code for selecting the command suitably to carry out the security policy change, if the request is to affect the users.
- 22. The computer readable medium of claim 15 further comprising:
program code for identifying the command or the security policy change by an identifier; and program code deleting the command once the security policy change has been effectuated.
- 23. The computer readable medium of claim 15, wherein the program code for delivering the security policy change to the user comprising:
program code for pushing the command to the user; and program code for effectuating the security policy change locally with respect to the user such that access privilege of the user is altered.
- 24. A computer readable medium including at least computer program code for distributing a security policy change within a security system, the computer readable medium comprising:
program code for receiving a request from a central server to carry out the security policy change to alter access privilege of a user to secured items in the system; program code for determining a first local server that services the user; program code for generating a command in a second local server in response to the request when it is determined that the first local server is not operative, both the first and second local servers coupled to the central server; program code for delivering the command to the user when the user is currently logged with the second local server; and program code for effectuating the security policy change in a state message for the user when the user is not logged in the system, wherein the state message is delivered to one of the first and second local servers whenever the user is logged with the one of the first and second local servers, wherein the state message is subsequently pulled to the user.
- 25. The computer readable medium of claim 24 further comprising:
program code for identifying the command or the security policy change by an identifier; and program code for deleting the command once the security policy change has been effectuated.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is a continuation-in-part application of U.S. patent application Ser. No. 10/074,194, filed Feb. 12, 2002, and entitled “SYSTEM AND METHOD FOR PROVIDING MULTI-LOCATION ACCESS MANAGEMENT TO SECURED ITEMS,” which is hereby incorporated by reference for all purposes. This application also claims the benefits of U.S. Provisional Application No. 60/339,634, filed Dec. 12, 2001, and entitled “PERVASIVE SECURITY SYSTEMS,” which is hereby incorporated by reference for all purposes.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60339634 |
Dec 2001 |
US |
Continuation in Parts (1)
|
Number |
Date |
Country |
Parent |
10075194 |
Feb 2002 |
US |
Child |
10186204 |
Jun 2002 |
US |