Group security
First Claim
1. A system for providing security to a graph of interconnected nodes, the system comprising:
- a grouping multiplexing layer configured to monitor calls to the system;
a graphing dynamic link layer configured to transmit data to and from the graph; and
a group security manager coupled to the grouping multiplexing layer and coupled to the graphing dynamic link layer, the group security manager configured to perform security-related acts via interacting with a group database to propagate security-related information to members of a group within the graph by controlling interactions between group members and a plurality of actions governing the group members.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing security to a graph of interconnected nodes includes a grouping multiplexing layer configured to monitor calls to the system, a graphing dynamic link layer configured to transmit and receive data to and from the graph, and a group security manager coupled to the grouping multiplexing layer and coupled to the graphing dynamic link layer; the group security manager is configured to perform security-related acts via interacting with a group database to propagate security-related information to members of a group within the graph. The group security manager is configured to provide role-based authorization on publication of one or more records and provide membership control for admission to a graph of interconnected nodes. The group security manager provides membership control by providing credentials to potential members of the graph to enable a connection and by providing a governed system for renewal and revocation of members.
-
Citations
47 Claims
-
1. A system for providing security to a graph of interconnected nodes, the system comprising:
-
a grouping multiplexing layer configured to monitor calls to the system;
a graphing dynamic link layer configured to transmit data to and from the graph; and
a group security manager coupled to the grouping multiplexing layer and coupled to the graphing dynamic link layer, the group security manager configured to perform security-related acts via interacting with a group database to propagate security-related information to members of a group within the graph by controlling interactions between group members and a plurality of actions governing the group members. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for a member in a group within a graph of interconnected peer nodes to renew a certificate granting privileges, the method comprising:
-
connecting to a second member in the group;
requesting authorization from an administrator for renewing the certificate, the renewing based on the authorization from the administrator or based on one or more security policies. - View Dependent Claims (21)
-
-
22. A method for a member in a group within a graph of interconnected peer nodes to renew a certificate granting privileges, the method comprising:
-
receiving a request to renew the certificate that was published in a graph database; and
performing renewal according to an authorization from an administrator or based on one or more security policies. - View Dependent Claims (23, 24, 25)
-
-
26. A method for ensuring that a publisher of information in a record to a secure group in a graph of interconnected nodes has authority to publish to the secure group, the method comprising:
-
creating a token for the publisher, the token containing information located in a role assigned to the publisher, the role identifying privileges of the publisher; and
matching the token against a security descriptor for the record to be published, the security descriptor providing a list of rights associated with each role. - View Dependent Claims (27, 28)
-
-
29. A method for revoking a member of a group of interconnected nodes within a graph, the method comprising:
-
publishing a revocation record to the group, the revocation record identifying the member; and
revoking any records published by the member according to the revocation record. - View Dependent Claims (30, 31)
-
-
32. A method for revoking one or more members of a group of interconnected nodes within a graph, the method comprising:
-
identifying one or more bits in a revocation bit map, the bits associated with one or more serial numbers, the one or more serial numbers identifying the one or more members of the group; and
altering the one or more bits in the revocation bit map, the altering revoking the one or more members of the group. - View Dependent Claims (33)
-
-
34. A computer-readable medium having computer-executable instructions to perform acts for a member in a group within a graph of interconnected peer nodes to renew a certificate granting privileges, the computer-executable instructions performing acts comprising:
- connecting to a second member in the group;
requesting authorization from an administrator for renewing the certificate, the renewing based on the authorization from the administrator or based on one or more security policies. - View Dependent Claims (35)
- connecting to a second member in the group;
-
36. A computer-readable medium having computer-executable instructions to perform acts for a member in a group within a graph of interconnected peer nodes to renew a certificate granting privileges, the computer-executable instructions performing acts comprising:
-
receiving a request to renew the certificate that was published in a graph database; and
performing renewal according to an authorization from an administrator or based on one or more security policies. - View Dependent Claims (37, 38, 39)
-
-
40. A computer-readable medium having computer-executable instructions to perform acts for ensuring that a publisher of information in a record to a secure group in a graph of interconnected nodes has authority to publish to the secure group, the computer-executable instructions performing acts comprising:
-
creating a token for the publisher, the token containing information located in a role assigned to the publisher, the role identifying privileges of the publisher; and
matching the token against a security descriptor for the record to be published, the security descriptor providing a list of rights associated with each role. - View Dependent Claims (41, 42)
-
-
43. A computer-readable medium having computer-executable instructions to perform acts for revoking a member of a group of interconnected nodes within a graph, the computer-executable instructions performing acts comprising:
-
publishing a revocation record to the group, the revocation record identifying the member; and
revoking any records published by the member according to the revocation record. - View Dependent Claims (44, 45)
-
-
46. A computer-readable medium having computer-executable instructions to perform acts for revoking one or more members of a group of interconnected nodes within a graph, the computer-executable instructions performing acts comprising:
-
identifying one or more bits in a revocation bit map, the bits associated with one or more serial numbers, the one or more serial numbers identifying the one or more members of the group; and
altering the one or more bits in the revocation bit map, the altering revoking the one or more members of the group. - View Dependent Claims (47)
-
Specification