TREA

Policy based auditing of workflows

Follow

Information

  • Patent Grant
  • 9444786
  • Patent Number
    9,444,786
  • Date Filed
    Wednesday, May 23, 2012
    12 years ago
  • Date Issued
    Tuesday, September 13, 2016
    8 years ago
Information
Abstract
An auditing system is disclosed comprising a Policy Validation Mechanism Program (PVMP) that operates in conjunction with a Workflow Engine (WE), and a Policy Validation Server Program (PVSP) that operates on a Policy Validation Server (PVS) connected to the WE by a secure communication link. The PVMP converts a workflow to a workflow representation (WR) and sends the WR to the PVS. The PVSP compares the steps in the WR to a security policy identified for that WR and determines whether the WR is in compliance. In addition, the PVSP validates a checksum for the WR and logs the checksum for subsequent comparisons. The PVSP uses the checksum to determine whether a policy has changed during execution of the workflow.
Description
FIELD OF THE INVENTION

The present invention is directed to multi computer data transferring and computer network monitoring in general, and to auditing of workflows over a network in particular.


BACKGROUND OF THE INVENTION

As used herein, workflow means the organization of processes into a well-defined flow of operations to fulfill a business need. A process means a defined series of tasks to be completed in stages where data is forwarded to an appropriate member of a workgroup for each task resulting in a final workflow data. As used herein workgroup means a plurality of users, each having a computer connected to one or more other users within the group by a network, and where the plurality of users communicate through the network to accomplish a defined series of tasks to produce a final workflow product.


Workflow products need a mechanism to enforce a policy on a given workflow in order to ensure that the workflow consistently complies with a given standard or expectation. One example of this would be a workflow that violates organizational security policies by using credentials (user id/pass) to login to a target server instead of Secure Sockets Layer (SSL) certificates. Another example is the Global Solutions Directory (GSD) Universal Management Infrastructure (UMI) requirement to audit workflows based on a particular security policy or set of rules for items such as error handling and best coding practices. Other examples include validation of workflows based on execution of error handling, best coding or implementation practices.


Policy in workflow typically exists around what one can do to a resource within the workflow, but not to the workflow itself. The majority of current solutions manually inspect the workflows prior to making them available to the workflow engine for execution. There is, at present, no capability to automatically ensure policy enforcement immediately prior, during and at completion of a workflow execution.


Carlos Ribeiro and Paulo Guedes of IST/INESC Portugal, in “Verifying Workflow Processes against Organization Security Policies,” disclose “a static analyzer that automatically verifies the consistency between workflow specification written in WPDL (Workflow Process Definition Language) and organization security policies . . . . ” Specifically, the authors seek to show how an SPL (security language) specification can be checked against a WPDL workflow specification. (see http://www.inesc-id.pt/pt/inidadores/Ficheiros/1164.pdf). Douglas Long, Julie Baker, and Francis Fung of Odyssey Research Associates, in “A Prototype Secure Workflow Server” disclose their prototype policy editor, workflow server, and underlying Java-based implementation for workflow policies that provide “fine grained dynamic access and control.” (see http://www.atc-nycorp.com/papers/LONG_ACSAC_SecureWorkflow.pdf). The IBM Tivoli Access Manager for Business Integration provides, inter alia, centralized administration of both access control and data protection services across mainframe and distributed servers. (see http://www-306.ibm.com/software/tivoli/products/access-mgr-bus-integration).


The above solutions focus on policy driven secured access to the resources within a workflow at the time of access. Moreover, these solutions focus on security, but do not address elimination of some or all manual inspection of workflows for compliance with business policies (such as, but not limited to, error handling, best coding or implementation practice policies). Moreover, these solutions cannot verify that the workflow itself is free from tampering at any given point in execution. What is needed is a system and method to process workflows of varying formats and standards for compliance with security and business policies. What is further needed is a mechanism to provide warnings during the processing of the workflow so that remedial action can be completed as a prerequisite to validation of the workflow.


SUMMARY OF THE INVENTION

The invention that meets the needs described above is an auditing system comprising a Policy Validation Mechanism Program (PVMP) that operates in conjunction with a Workflow Engine (WE), and a Policy Validation Server Program (PVSP) that operates on a Policy Validation Server (PVS) connected to the WE by a secure communication link. The PVMP converts a workflow to a workflow representation (WR) and sends the WR to the PVS. The PVSP compares the steps in the WR to a security policy identified for that WR and determines whether the WR is in compliance. In addition, the PVSP validates a checksum for the WR and logs the checksum for subsequent comparisons. The PVSP uses the checksum to determine whether a policy has changed during execution of the workflow. If the WR is not in compliance, if the checksum cannot be validated, or if a policy has changed, then a failure notification is sent to the WE. Otherwise, a success notification is sent to the WR. In an embodiment with Warning Management (WM), in the event of a failure, a warning report is sent so that if approval workflows are completed and returned, a response may be changed to success. The PVMP sends the WR to the PVS at random intervals. Upon receipt of a failure notification, the PVMP suspends the workflow until corrective action can be completed, the corrected workflow converted to a WR, and the WR sent to the PVS.





BRIEF DESCRIPTION OF DRAWINGS

The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives and advantages thereof, will be understood best by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:



FIG. 1 is an illustration of a computer network used to implement the present invention;



FIG. 2A is an illustration of the memory or storage of the Workflow Engine and the Policy Validation Mechanism Program (PVMP);



FIG. 2B is an illustration of the memory or storage of the Policy Validation Server containing the Policy Validation Server Program (PVSP);



FIG. 2C is an overview of the processing of a Workflow Representation (WR);



FIG. 3 is an illustration of the logic of the Policy Validation Server Process (PVSP); and



FIG. 4 is an illustration of the logic of the Policy Validation Mechanism Program (PVMP).





DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The principles of the present invention are applicable to a variety of computer hardware and software configurations. The term “computer hardware” or “hardware,” as used herein, refers to any machine or apparatus that is capable of accepting, performing logic operations on, storing, or displaying data, and includes without limitation processors and memory; the term “computer software” or “software,” refers to any set of instructions operable to cause computer hardware to perform an operation. A “computer,” as that term is used herein, includes without limitation any useful combination of hardware and software, and a “computer program” or “program” includes without limitation any software operable to cause computer hardware to accept, perform logic operations on, store, or display data. A computer program may, and often is, comprised of a plurality of smaller programming units, including without limitation subroutines, modules, functions, methods, and procedures. Thus, the functions of the present invention may be distributed among a plurality of computers and computer programs. The invention is described best, though, as a set of computer programs that configure and enable a client computer and a server computer to implement the novel aspects of the invention. For illustrative purposes, the inventive computer programs will be referred to as the Policy Validation Mechanism Program (PVMP) and the Policy Validation Server Program (PVSP).


As used herein, checksum means a calculation performed using a formula to determine a second numerical value for an electronic message where the message contains a first numerical value that was calculated using the formula before the message was sent (so that, upon receipt, if the first and second numerical values are different, the message is known to have been changed in transit). As used herein, Final Workflow Data File (FWDF) means a data file that contains the results of the completion of the defined tasks in a workflow by a workgroup. As used herein, Policy Validation Mechanism (PVM) means a program within or interacting with the Workflow Engine that sends the Workflow Representation to the Policy Validation Server. As used herein Policy Validation Server Program (PVSP) means a program residing and operating on a policy validation server that receives a workflow representation and issues a success or failure notification. As used herein, Resource means any software or hardware available to a workgroup for use in creating a final workflow data file, but does not include the Policy Validation Server Program, or any other program residing or operating on the Policy Validation Server. As used herein, Workflow Engine (WE) means the resources available to the workgroup for a particular workflow. As used herein, Workflow Representation (WR) means a particular format to which all workflows are converted prior to transmission to the Policy Validation Server (for example, if the workflow was WebSphere Process Choreographer Flow Definition Markup Language based, and if the particular format was an open standard such as Business Process Execution Language (BPEL), then the workflow would be converted to BPEL).


Additionally, the auditing system is described below with reference to an exemplary network of hardware devices, as depicted in FIG. 1. A “network” comprises any number of hardware devices coupled to and in communication with each other through a communications medium, such as the Internet. A “communications medium” includes without limitation any physical, optical, electromagnetic, or other medium through which hardware or software can transmit data. For descriptive purposes, exemplary network 100 has only a limited number of nodes, including workstation computer 105, workstation computer 110, server computer 115, and persistent storage 120. Network connection 125 comprises all hardware, software, and communications media necessary to enable communication between network nodes 105-120. Unless otherwise indicated in context below, all network nodes use publicly available protocols or messaging services to communicate with each other through network connection 125.


Policy Validation Mechanism Program (PVMP) 300 typically is stored in a memory, represented schematically as memory 200 in FIG. 2A. The term “memory,” as used herein, includes without limitation any volatile or persistent medium, such as an electrical circuit, magnetic disk, or optical disk, in which a computer can store data or software for any duration. A single memory may encompass and be distributed across a plurality of media. Thus, FIG. 2 is included merely as a descriptive expedient and does not necessarily reflect any particular physical embodiment of memory 200. As depicted in FIG. 2A, though, memory 200 includes additional data and programs. Of particular import to Policy Validation Mechanism Program (PVMP) 300, memory 200 includes Workflow Engine (210) and Workflow Representation files 220 with which PVMP 300 interacts.


Policy Validation Mechanism Program (PVMP) 300 typically is stored in a memory, represented schematically as memory 200 in FIG. 2A. Policy Validation Server Program (PVSP) 400 typically is stored in a memory, represented schematically as memory 250 in FIG. 2B. As depicted in FIG. 2B, memory 250 includes Policy Validation Server (PVS) and Checksum Log 260 with which PVSP 400 interacts. The term “memory,” as used herein, includes without limitation any volatile or persistent medium, such as an electrical circuit, magnetic disk, or optical disk, in which a computer can store data or software for any duration. A single memory may encompass and be distributed across a plurality of media. Thus, FIG. 2A and FIG. 2B are included merely as a descriptive expedient and do not necessarily reflect any particular physical embodiment of memory 200 and memory 250.



FIG. 2C is a depiction of the overall auditing system. As will be explained in greater detail below, PVMP 300 interacts with the Workflow Engine (WE) to create a Workflow Representation (WR) (Step 1). The WR is sent by secure transmission to the Policy Validation Server (PVS) (Step 2). The PVS generates a success or failure notification and report (Step 3). The success or failure notification and report are returned to the Workflow Engine (Step 4).



FIG. 3 illustrates the logic of Policy Validation Mechanism Program (PVMP) 300. PVMP 300 starts (302) and a determination is made whether a random interval has occurred (304). (Persons skilled in the art are aware of numerous methods and devices for generating a random interval.) If not, PVMP 300 waits for the occurrence of a random interval (306). If a random interval has occurred, PVMP 300 converts the workflow to a workflow representation (WR) (308), and sends the WR to the Policy Validation Server (PVS) (310). PVMP 300 receives a response back from the PVS (312) and determines whether the WR was successfully validated (314). If the validation was not successful, PVMP 300 receives a report (320), suspends the workflow (322), takes corrective action on the Workflow based on the report (324), and returns to step 308 where the corrected workflow is converted into a new WR to be sent to the PVS. If the validation was successful, a determination is made whether the workflow is completed (316). If the workflow is not completed, the workflow execution continues (318) and PVMP goes to step 304. If the workflow is completed, PVMP stops (326).



FIG. 4 illustrates the logic of Policy Validation Server Program (PVSP) 400. PVSP 400 starts (402) and receives a WR (404). PVSP 400 identifies the WR (406), interrogates the WR (408), and determines the steps being performed in the WR (410). PVSP 400 compares the steps in the WR to the appropriate security policy for the identified WR (412). PVSP 400 determines whether the WR complies with the security policy (414). If not, PVSP goes to step 438. If the WR complies, PVSP 400 performs a checksum on the WR (416) and uses the checksum to determine what operation is being executed with the workflow (418). PVSP 400 also uses the checksum to determine a snapshot of what the workflow represents (420). PVSP 400 then validates the checksum (422). If the checksum is validated, PVSP 400 determines whether the validation is an initial verification (424). If the validation is an initial verification, PVSP 400 logs the checksum on the PVS (436) and goes to step 428. If the validation is not an initial verification, PVSP 400 logs the checksum and compares the checksum to previously logged checksums (426). PVSP determines from the comparison of checksums, whether a policy changed during execution (428). If so, PVSP goes to step 438. If not, PVSP 400 returns a success response to the WE (430) and determines whether the verification is a final verification (432). If the verification is not final, PVSP 400 stops. If the verification is final, PVSP 400 executes cleanup logic (434) and then stops (452).


At step 438 a determination is made whether warnings management has been enabled. If so, one or more warning reports are sent (440). PVSP 400 waits for a response to the warning reports (444) and receives workflow approvals (446). Based on the workflow approvals, PVSP 400 determines whether to change its response (448). If not, PVSP 400 goes to step 442 and returns a failure response to the WE, returns a report to the WE (450), and stops (452). If PVSP 400 changes its response from failure to success, PVSP 400 goes to step 430.


A preferred form of the invention has been shown in the drawings and described above, but variations in the preferred form will be apparent to those skilled in the art. The preceding description is for illustration purposes only, and the invention should not be construed as limited to the specific form shown and described. The scope of the invention should be limited only by the language of the following claims.

Claims
  • 1. A method, comprising: a computer receiving from a workflow engine a workflow representation of a workflow, the workflow representation including a first numerical value that was calculated using a formula prior to a transmission of the workflow representation to the computer, the workflow representation being a format to which the workflow was converted prior to the transmission;the computer performing a post-transmission checksum calculation on the workflow representation, the performing comprising using the formula to determine a second numerical value for the workflow representation; andthe computer, using the post-transmission checksum, determining a snapshot of what the workflow represents;wherein a difference between the first numerical value and the second numerical value is indicative of a policy change to the workflow representation during the transmission;the method further comprising: the computer transmitting a failure response in response to the difference indicating a policy change; andthe computer transmitting a success response in response to the difference indicating no policy change.
  • 2. The method of claim 1, further comprising: before the computer, using the post-transmission checksum, determining the snapshot of what the workflow represents, the computer determining, using the post-transmission checksum, what operation is being executed with the workflow representation.
  • 3. The method of claim 1, further comprising: the computer identifying the workflow representation;the computer interrogating the workflow representation;the computer determining a plurality of steps being performed by the workflow representation;the computer comparing the plurality of steps to a security policy for the workflow representation;before the computer performing the post-transmission checksum on the workflow representation, the computer determining a compliance of the workflow representation with the security policy;after the computer performing the post-transmission checksum on the workflow representation, the computer using the post-transmission checksum to determine what operation is being executed with the workflow representation;the computer validating the post-transmission checksum;the computer logging the post-transmission checksum;the computer comparing the post-transmission checksum to a plurality of previously logged checksums; andafter the computer comparing the post-transmission checksum to the plurality of previously logged checksums, the computer determining whether a policy changed during execution of the workflow.
  • 4. A computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable tangible storage devices;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to receive a workflow representation of a workflow from a workflow engine, the workflow representation including a first numerical value that was calculated using a formula prior to a transmission of the workflow representation to the computer system, the workflow representation being a format to which the workflow was converted prior to the transmission;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform a post-transmission checksum on the workflow representation, wherein the program instructions to perform the post-transmission checksum use the formula to determine a second numerical value for the workflow representation; andprogram instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine, using the post-transmission checksum, a snapshot of what the workflow represent;wherein a difference between the first numerical value and the second numerical value is indicative of a policy change to the workflow representation during the transmission;the computer system further comprising:program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to: transmit a failure response in response to the difference indicating a policy change; andtransmit a success response in response to the difference indicating no policy change.
  • 5. The computer system of claim 4, further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, before determining, using the post-transmission checksum, the snapshot of what the workflow represents, to:determine, using the post-transmission checksum, what operation is being executed with the workflow representation.
  • 6. The computer system of claim 4, further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to identify the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to interrogate the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine a plurality of steps being performed by the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to compare the plurality of steps to a security policy for the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, before performing the post-transmission checksum on the workflow representation, to determine a compliance of the workflow representation with the security policy;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, after performing the post-transmission checksum on the workflow representation, to determine, using the post-transmission checksum, what operation is being executed with the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to validate the post-transmission checksum;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to log the post-transmission checksum;program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to compare the post-transmission checksum to a plurality of previously logged checksums; andprogram instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, after comparing the post-transmission checksum to the plurality of previously logged checksums, to determine whether a policy changed during execution of the workflow.
  • 7. A computer program product, comprising: one or more computer-readable tangible storage devices;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to receive, at a computer and from a workflow engine, a workflow representation of a workflow, the workflow representation including a first numerical value that was calculated using a formula prior to a transmission of the workflow representation to the computer, the workflow representation being a format to which the workflow was converted prior to the transmission;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to perform a post-transmission checksum on the workflow representation, wherein the program instructions to perform the post-transmission checksum use the formula to determine a second numerical value for the workflow representation; andprogram instructions, stored on at least one of the one or more computer-readable tangible storage devices, to determine, using the post-transmission checksum, a snapshot of what the workflow represents;wherein a difference between the first numerical value and the second numerical value is indicative of a policy change to the workflow representation during the transmission;the compute program product further comprising:program instructions, stored on at least one of the one or more computer-readable tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to: transmit a failure response in response to the difference indicating a policy change; andtransmit a success response in response to the difference indicating no policy change.
  • 8. The computer program product of claim 7, further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices, before determining, using the post-transmission checksum, the snapshot of what the workflow represents, to: determine, using the post-transmission checksum, what operation is being executed with the workflow representation.
  • 9. The computer program product of claim 7, further comprising: program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to identify the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to interrogate the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to determine a plurality of steps being performed by the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to compare the plurality of steps to a security policy for the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, before performing the post-transmission checksum on the workflow representation, to determine a compliance of the workflow representation with the security policy;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, after performing the post-transmission checksum on the workflow representation, to determine, using the post-transmission checksum, what operation is being executed with the workflow representation;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to validate the post-transmission checksum;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to log the post-transmission checksum;program instructions, stored on at least one of the one or more computer-readable tangible storage devices, to compare the post-transmission checksum to a plurality of previously logged checksums; andprogram instructions, stored on at least one of the one or more computer-readable tangible storage devices, after comparing the post-transmission checksum to the plurality of previously logged checksums, to determine whether a policy changed during execution of the workflow.
  • 10. A computer system comprising one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices and program instructions which are stored on at least one of the one or more computer-readable storage devices for execution by at least one of the one or more processors via at least one of the one or more memories and when executed by at least one of the one or more processors perform the method of claim 1.
  • 11. A computer program product comprising one or more computer-readable tangible storage devices and computer-readable program instructions which are stored on at least one of the one or more storage devices and when executed by at least one of one or more processors, perform the method of claim 1.
Parent Case Info

This application is a continuation of application Ser. No. 11/109,087, filed Apr. 19, 2005, now U.S. Pat. No. 8,230,042 issued Jul. 24, 2012.

US Referenced Citations (56)
Number Name Date Kind
5627764 Schutzman et al. May 1997 A
5768506 Randell Jun 1998 A
5774661 Chatterjee et al. Jun 1998 A
6029144 Barrett et al. Feb 2000 A
6073242 Hardy et al. Jun 2000 A
6279009 Smirnov et al. Aug 2001 B1
6347374 Drake et al. Feb 2002 B1
6438468 Muxlow et al. Aug 2002 B1
6456955 Andrews et al. Sep 2002 B1
6484261 Wiegel Nov 2002 B1
6499023 Dong et al. Dec 2002 B1
6546364 Smirnov et al. Apr 2003 B1
6658568 Ginter et al. Dec 2003 B1
6748401 Blackburn et al. Jun 2004 B2
6769118 Garrison et al. Jul 2004 B2
6845503 Carlson et al. Jan 2005 B1
6862488 Mansour-Awad Mar 2005 B2
6874008 Eason et al. Mar 2005 B1
6874025 Hoogenboom et al. Mar 2005 B2
6938240 Charisius et al. Aug 2005 B2
6986043 Andrew et al. Jan 2006 B2
7114152 Hogstrom et al. Sep 2006 B2
7124438 Judge et al. Oct 2006 B2
7386529 Kiessig et al. Jun 2008 B2
7415485 Brooks et al. Aug 2008 B2
7451167 Bali et al. Nov 2008 B2
7475151 Delany et al. Jan 2009 B2
7668864 Benson et al. Feb 2010 B2
7769807 Childress et al. Aug 2010 B2
7783972 Camps et al. Aug 2010 B2
8230042 Childress et al. Jul 2012 B2
20020019935 Andrew et al. Feb 2002 A1
20020078432 Charisius et al. Jun 2002 A1
20020080967 Abdo Jun 2002 A1
20020091939 Garrison et al. Jul 2002 A1
20020116399 Camps et al. Aug 2002 A1
20020156879 Delany et al. Oct 2002 A1
20030005406 Lin et al. Jan 2003 A1
20030055668 Saran et al. Mar 2003 A1
20030061506 Cooper et al. Mar 2003 A1
20030069894 Cotter et al. Apr 2003 A1
20030074341 Blackburn et al. Apr 2003 A1
20030162541 Schwarzbauer Aug 2003 A1
20030172302 Judge et al. Sep 2003 A1
20030191769 Crisan et al. Oct 2003 A1
20040006403 Bognanno Jan 2004 A1
20040025048 Porcari et al. Feb 2004 A1
20040078105 Moon et al. Apr 2004 A1
20040107398 Johnson Jun 2004 A1
20040143597 Benson et al. Jul 2004 A1
20050257045 Bushman et al. Nov 2005 A1
20060070025 Mauceri, Jr. et al. Mar 2006 A1
20060235964 Childress et al. Oct 2006 A1
20060235977 Wunderlich Oct 2006 A1
20070061358 Brooks et al. Mar 2007 A1
20090019123 Childress et al. Jan 2009 A1
Non-Patent Literature Citations (28)
Entry
Microsoft Computer Dictionary; 2002; Microsoft Press, 5th edition.
Georgakopoulos et al., “An Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure,” Distributed and Parallel Databases, 3:119-153, 1995.
Karamanolis et al., “Model Checking of Workflow Schemas,” EDOC '00 Proceedings of the 4th International Conference on Enterprise Distributed Object Computing, Makuhari, Japan, Sep. 25-28, 2000, pp. 170-181.
Kim et al., “On-Line Integrity Monitoring of Microprocessor Control Logic,” Microelectronics Journal, 32:999-1007, 2001.
Long et al., “A Prototype Secure Workflow Server,” ACSAC '99 Proceedings of the 15th Annual Computer Security Applications, Phoenix, Arizona, Dec. 6-10, 1999, 5 pages.
Ribeiro et al., “Verifying Workflow Processes Against Organization Security Policies,” IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Palo Alto, California, Jun. 16-18, 1999, 5 pages.
Salah et al., “An Architecture for the Interoperability of Workflow Models,” IHIS '05—1st International ACM Workshop on Interoperability of Heterogeneous Information Systems, Bremen, Germany, Nov. 4, 2005, pp. 31-38 pages.
Office Action regarding U.S. Appl. No. 11/109,087, dated Dec. 11, 2008, 12 pages.
Response to Office Action regarding U.S. App. No. 11/109,087, dated Mar. 11, 2009, 9 pages.
Final Office Action regarding U.S. Appl. No. 11/109,087, dated Jul. 14, 2009, 13 pages.
Appeal Brief regarding U.S. Appl. No. 11/109,087, dated Oct. 22, 2009, 17 pages.
Office Action regarding U.S. Appl. No. 11/109,087, dated Jan. 25, 2010, 10 pages.
Response to Office Action regarding U.S. Appl. No. 11/109,087, dated Apr. 26, 2010, 10 pages.
Final Office Action regarding U.S. Appl. No. 11/109,087, dated Jun. 25, 2010, 7 pages.
Amendment Pursuant to Request for Continued Examination regarding U.S. Appl. No. 11/109,087, dated Sep. 27, 2010, 9 pages.
Office Action regarding U.S. Appl. No. 11/109,087, dated Nov. 10, 2010, 17 pages.
Response to Office Action regarding U.S. Appl. No. 11/109,087, dated Feb. 8, 2011, 19 pages.
Final Office Action regarding U.S. Appl. No. 11/109,087, dated Apr. 27, 2011, 17 pages.
Amendment Pursuant to Request for Continued Examination regarding U.S. Appl. No. 11/109,087, dated May 27, 2011, 13 pages.
Supplemental Amendment regarding U.S. Appl. No. 11/109,087, dated Jun. 27, 2011, 9 pages.
Office Action regarding U.S. Appl. No. 11/109,087, dated Jul. 11, 2011, 15 pages.
Response to Office Action regarding U.S. Appl. No. 11/109,087, dated Oct. 11, 2011, 18 pages.
Final Office Action regarding U.S. Appl. No. 11/109,087, dated Dec. 30, 2011, 15 pages.
Response to Final Office Action regarding U.S. Appl. No. 11/109,087, dated Feb. 24, 2012, 9 pages.
Notice of Allowance regarding U.S. Appl. No. 11/109,087, dated Mar. 14, 2012, 14 pages.
Office Action regarding U.S. Appl. No. 12/176,101, dated Aug. 11, 2009, 28 pages.
Response to Office Action regarding U.S. Appl. No. 12/176,101, dated Nov. 4, 2009, 19 pages.
Notice of Allowance regarding U.S. Appl. No. 12/176,101, dated Mar. 22, 2010, 18 pages.
Related Publications (1)
Number Date Country
20120240187 A1 Sep 2012 US
Continuations (1)
Number Date Country
Parent 11109087 Apr 2005 US
Child 13478951 US