Method and apparatus for facilitating information security policy control on a per security engine user basis

Assignee

• Entrust Technologies Limited · CA

Inventors

• Timothy Edward Moses · Gatineau, CA
• Glenn C. Langford · Gatineau, CA

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/602
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An apparatus and method facilitates information security policy control for an information security engine by utilizing security policy association data on a per security engine user basis. Security policy association data may include, for example, data representing identification information of the user of the security engine along with corresponding policy identification data. Policy user identification data may be a hash value of the disk image of an executable software application which uses the security engine, along with policy object identification data which indicates which policy (or policies) that particular application is required to use. A security engine obtains access to this information and also obtains comparison information such as generating a realtime hash value of a calling application that is requesting use of the security engine and compares the newly generated hash value to a stored hash value included as the policy association data. If the hash values match, indicating that the calling application has been previously approved by the trusted policy authority, the policy rules referenced by the policy association data are then employed by the security engine.