Method and apparatus for user and entity access management for code signing one or more of a plurality of devices

US 10,341,360 B2
Filed: 03/06/2017
Issued: 07/02/2019
Est. Priority Date: 03/07/2016
Status: Active Grant

First Claim

Patent Images

1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:

defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order;

an application platform entity that produces the plurality of devices, having a sole owner;

at least one project entity for each application platform entity, the project entity comprising the device family;

at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and

at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;

managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising;

an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing;

sole eligibility to authorize access the application platform entity;

eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and

eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;

at least one participant account of the application platform entity or the at least one project entity, providing;

eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises;

creating the owner account associated with the application platform entity for the sole owner of the application platform entity, andwherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises;

assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;

assigning another manager of another model entity hierarchically below the platform entity;

the method further comprises;

creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;

creating another participant account, wherein the another participant account is associated with another project entity;

authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;

authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;

wherein;

the sole owner of the owner account is a first business organization;

the at least one participant account is associated with a second business organization independent from the first business organization;

the another participant account is associated with a third business organization independent from the first business organization and the second business organization.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided for managing the eligibility of data signing in an online code signing system. The method is used by a plurality of data publishers in an online code signing system. The method includes defining, by an administrator of the system, a hierarchy of a plurality of entities, and managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts and eligibility to designate at least one of a plurality of managers via owner account to manage user access to sign data for at least one model entity.

4 Citations

View as Search Results

11 Claims

1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:
- defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order;
  
  an application platform entity that produces the plurality of devices, having a sole owner;
  
  at least one project entity for each application platform entity, the project entity comprising the device family;
  
  at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
  
  at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
  
  managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising;
  
  an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing;
  
  sole eligibility to authorize access the application platform entity;
  
  eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and
  
  eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
  
  at least one participant account of the application platform entity or the at least one project entity, providing;
  
  eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises;
  
  creating the owner account associated with the application platform entity for the sole owner of the application platform entity, andwherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises;
  
  assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;
  
  assigning another manager of another model entity hierarchically below the platform entity;
  
  the method further comprises;
  
  creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;
  
  creating another participant account, wherein the another participant account is associated with another project entity;
  
  authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;
  
  authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;
  
  wherein;
  
  the sole owner of the owner account is a first business organization;
  
  the at least one participant account is associated with a second business organization independent from the first business organization;
  
  the another participant account is associated with a third business organization independent from the first business organization and the second business organization.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the owner account further provides sole eligibility to designate at least one manager of the at least one model entity hierarchically below the application platform entity to authorize access to all configuration entities hierarchically below the at least one model entity to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity; and
      
      wherein the at least one manager can authorize access to all of the configuration entities hierarchically below the at least one model entity to only users of the plurality of users that are associated with the owner account of the application platform entity hierarchically above the model entity or the participant account of the application platform entity hierarchically above the model entity.
  - 3. The method of claim 1, wherein:
    - creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises;
      
      assigning, by an assigned administrator of the system, the at least one manager of the at least one model entity of hierarchically below the application platform entity; and
      
      authorizing, by the assigned at least one manager, users associated with the owner account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity.
  - 4. The method of claim 3, wherein managing eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, further comprises:
    - creating, by the system administrator, the at least one participant account wherein the participant account is associated with at least one of;
      
      the application platform entity; and
      
      the at least one project entity;
      
      authorizing, by the assigned manager, users associated with the participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity;
      
      wherein;
      
      the sole owner of the owner account is a first business organization;
      
      the at least one participant account is associated with a second business organization independent from the first organization.
  - 5. The method of claim 1, wherein:
    - the system comprises a back end server communicatively coupled to a front end server for controlling access to the back end server;
      
      the defining the hierarchy of the plurality of entities is performed using the back end server accessed by the front end server; and
      
      managing eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts is performed using the backend server accessed by the front end server.
  - 6. The method of claim 1, further comprising:
    - enforcing, using the backend server, the;
      
      sole eligibility to authorize access the application platform entity; and
      
      eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity;
      
      eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
      
      eligibility to authorize users associated with the participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity;
      
      performing, using the backend server, cryptographic operations to sign the data; and
      
      executing, using the front end server, a presentation layer, the presentation layer controlling user access to the backend server.

7. A system managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, comprising:
- a processor; and
  
  a memory, communicatively coupled to the processor, the memory storing instructions comprising instructions for;
  
  defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order;
  
  an application platform entity that produces the plurality of devices, having a sole owner;
  
  at least one project entity for each application platform entity, the project entity comprising the device family;
  
  at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
  
  at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
  
  managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising;
  
  an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing;
  
  sole eligibility to authorize access the application platform entity; and
  
  eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity;
  
  eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
  
  at least one participant account of the application platform entity or the at least one project entity, providing;
  
  eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,wherein the instructions for managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises instructions for;
  
  creating the owner account associated with the application platform entity for the sole owner of the application platform entity, andwherein the instructions for creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises;
  
  instructions for assigning, by an assigned administrator of the system, the at least one manager of the at least one model entity of hierarchically below the application platform entity; and
  
  instructions for authorizing, by the assigned at least one manager, users associated with the owner account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity, andwherein the instructions for managing eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, further comprises instructions for;
  
  creating, by the system administrator, the at least one participant account wherein the participant account is associated with at least one of;
  
  the application platform entity; and
  
  the at least one project entity;
  
  authorizing, by the assigned manager, users associated with the participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity;
  
  wherein;
  
  the sole owner of the owner account is a first business organization;
  
  the at least one participant account is associated with a second business organization independent from the first organization.
- View Dependent Claims (8, 10, 11)
- - 8. The system of claim 7, wherein:
    - the owner account further provides sole eligibility to designate at least one manager of the at least one model entity hierarchically below the application platform entity to authorize access to all configuration entities hierarchically below the at least one model entity to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity; and
      
      wherein the at least one manager can authorize access to all of the configuration entities hierarchically below the at least one model entity to only users of the plurality of users that are associated with the owner account of the application platform entity hierarchically above the model entity or the participant account of the application platform entity hierarchically above the model entity.
  - 10. The system of claim 7, wherein:
    - the system comprises a back end server communicatively coupled to a front end server for controlling access to the back end server;
      
      the instructions for defining the hierarchy of the plurality of entities is performed using the back end server accessed by the front end server; and
      
      the instructions for managing eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts is performed using the backend server accessed by the front end server.
  - 11. The system of claim 7, wherein the instructions further comprise instructions for:
    - enforcing, using the backend server, the;
      
      sole eligibility to authorize access the application platform entity; and
      
      eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity;
      
      eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
      
      eligibility to authorize users associated with the participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity;
      
      performing, using the backend server, cryptographic operations to sign the data; and
      
      executing, using the front end server, a presentation layer, the presentation layer controlling user access to the backend server.

9. A system managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, comprising:
- a processor; and
  
  a memory, communicatively coupled to the processor, the memory storing instructions comprising instructions for;
  
  defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order;
  
  an application platform entity that produces the plurality of devices, having a sole owner;
  
  at least one project entity for each application platform entity, the project entity comprising the device family;
  
  at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
  
  at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
  
  managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising;
  
  an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing;
  
  sole eligibility to authorize access the application platform entity; and
  
  eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity;
  
  eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
  
  at least one participant account of the application platform entity or the at least one project entity, providing;
  
  eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,wherein the instructions for creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises instructions for;
  
  assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;
  
  assigning another manager of another model entity hierarchically below the platform entity;
  
  creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;
  
  creating another participant account, wherein the another participant account is associated with another project entity;
  
  authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;
  
  authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;
  
  wherein;
  
  the sole owner of the owner account is a first business organization;
  
  the at least one participant account is associated with a second business organization independent from the first business organization;
  
  the another participant account is associated with a third business organization independent from the first business organization and the second business organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Original Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Inventors
Yao, Ting, Qiu, Xin, Zheng, Jinsong, Dizon, Patrick, Myint, Aye, Kuramoto, Annie C., Shahabuddin, Reshma, Barbour, Thomas J.
Primary Examiner(s)
Lagor, Alexander

Application Number

US15/450,424
Publication Number

US 20170257380A1
Time in Patent Office

848 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/645   using a third party

G06F 8/61   Installation

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

Method and apparatus for user and entity access management for code signing one or more of a plurality of devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for user and entity access management for code signing one or more of a plurality of devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links