Method and apparatus for user and entity access management for code signing one or more of a plurality of devices
First Claim
1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:
- defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order;
an application platform entity that produces the plurality of devices, having a sole owner;
at least one project entity for each application platform entity, the project entity comprising the device family;
at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and
at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity;
managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising;
an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing;
sole eligibility to authorize access the application platform entity;
eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and
eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity;
at least one participant account of the application platform entity or the at least one project entity, providing;
eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity,wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises;
creating the owner account associated with the application platform entity for the sole owner of the application platform entity, andwherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises;
assigning the at least one manager of the at least one model entity hierarchically below the application platform entity;
assigning another manager of another model entity hierarchically below the platform entity;
the method further comprises;
creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity;
creating another participant account, wherein the another participant account is associated with another project entity;
authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity;
authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity;
wherein;
the sole owner of the owner account is a first business organization;
the at least one participant account is associated with a second business organization independent from the first business organization;
the another participant account is associated with a third business organization independent from the first business organization and the second business organization.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for managing the eligibility of data signing in an online code signing system. The method is used by a plurality of data publishers in an online code signing system. The method includes defining, by an administrator of the system, a hierarchy of a plurality of entities, and managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts and eligibility to designate at least one of a plurality of managers via owner account to manage user access to sign data for at least one model entity.
4 Citations
11 Claims
-
1. A method of managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, the method comprising:
-
defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order; an application platform entity that produces the plurality of devices, having a sole owner; at least one project entity for each application platform entity, the project entity comprising the device family; at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity; managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising; an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing; sole eligibility to authorize access the application platform entity; eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; and eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity; at least one participant account of the application platform entity or the at least one project entity, providing; eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity, wherein managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises; creating the owner account associated with the application platform entity for the sole owner of the application platform entity, and wherein creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises; assigning the at least one manager of the at least one model entity hierarchically below the application platform entity; assigning another manager of another model entity hierarchically below the platform entity; the method further comprises; creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity; creating another participant account, wherein the another participant account is associated with another project entity; authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity; authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity; wherein; the sole owner of the owner account is a first business organization; the at least one participant account is associated with a second business organization independent from the first business organization; the another participant account is associated with a third business organization independent from the first business organization and the second business organization. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, comprising:
-
a processor; and a memory, communicatively coupled to the processor, the memory storing instructions comprising instructions for; defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order; an application platform entity that produces the plurality of devices, having a sole owner; at least one project entity for each application platform entity, the project entity comprising the device family; at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity; managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising; an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing; sole eligibility to authorize access the application platform entity; and eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity; at least one participant account of the application platform entity or the at least one project entity, providing; eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity, wherein the instructions for managing eligibility to designate at least one of the plurality of users to access the at least one configuration entity to sign the data via the plurality of accounts comprises instructions for; creating the owner account associated with the application platform entity for the sole owner of the application platform entity, and wherein the instructions for creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises; instructions for assigning, by an assigned administrator of the system, the at least one manager of the at least one model entity of hierarchically below the application platform entity; and instructions for authorizing, by the assigned at least one manager, users associated with the owner account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity, and wherein the instructions for managing eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, further comprises instructions for; creating, by the system administrator, the at least one participant account wherein the participant account is associated with at least one of; the application platform entity; and the at least one project entity; authorizing, by the assigned manager, users associated with the participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the model entity; wherein; the sole owner of the owner account is a first business organization; the at least one participant account is associated with a second business organization independent from the first organization. - View Dependent Claims (8, 10, 11)
-
-
9. A system managing the signing of data for use with one or more of an plurality of devices of an application platform, each device a member of a device family of the application platform, the data to be installed on the one or more of the plurality of devices according to a management model of the device family, comprising:
-
a processor; and a memory, communicatively coupled to the processor, the memory storing instructions comprising instructions for; defining, by an administrator of the system, a hierarchy of a plurality of entities, the plurality entities comprising, in decreasing hierarchical order; an application platform entity that produces the plurality of devices, having a sole owner; at least one project entity for each application platform entity, the project entity comprising the device family; at least one model entity for each project entity, the model entity defining the installation of the data on devices associated with the model entity; and at least one configuration entity for each model entity, the configuration entity defining the data to be installed on devices associated with the configuration entity; managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts, the plurality of accounts comprising; an owner account of the application platform entity, the owner account issued only to the sole owner of the application platform entity, the owner account providing; sole eligibility to authorize access the application platform entity; and eligibility to permit authorization of access to any of the plurality of entities hierarchically below the application platform entity; eligibility to authorize users associated with the owner account to access at least one configuration entity hierarchically below the application platform entity to sign the data to be installed on the devices associated with the at least one configuration entity; at least one participant account of the application platform entity or the at least one project entity, providing; eligibility to authorize users associated with the participant account and no other participant account to access at least one configuration entity hierarchically below the application platform entity or the at least one project entity, respectively, to sign the data to be installed on the devices associated with the at least one configuration entity, wherein the instructions for creating the owner account associated with the application platform entity for the sole owner of the application platform entity comprises instructions for; assigning the at least one manager of the at least one model entity hierarchically below the application platform entity; assigning another manager of another model entity hierarchically below the platform entity; creating the at least one participant account, wherein the at least one participant account is associated with the at least one project entity; creating another participant account, wherein the another participant account is associated with another project entity; authorizing, by the assigned at least one manager, users associated with the at least one participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the at least one model entity; authorizing, by the assigned another manager, users associated with the another participant account and no other participant account to sign the data to be installed on the devices associated with the configuration entities hierarchically below the another model entity; wherein; the sole owner of the owner account is a first business organization; the at least one participant account is associated with a second business organization independent from the first business organization; the another participant account is associated with a third business organization independent from the first business organization and the second business organization.
-
Specification