Method and system for providing a circle of trust on a network

US 20050021964A1
Filed: 07/25/2003
Published: 01/27/2005
Est. Priority Date: 07/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method of providing a circle of trust comprising:

receiving a first certificate of a first affiliated entity by a second affiliated entity;

storing said first certificate of said first affiliated entity in a first trusted partner list accessible by said second affiliated entity;

receiving a second certificate of said second affiliated entity by said first affiliated entity; and

storing said second certificate of said second affiliated entity in a second trusted partner list accessible by said second affiliated entity;

wherein access to a resource is controlled as a function of said first trusted partner list or said second trusted partner list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a circle of trust on a network. The circle of trust is configured by exchanging credential of a first and a second affiliated entity. The credentials of the first affiliated entity is stored in a trusted partner list of the second affiliated entity. The credentials of the second affiliated entity is stored in a trusted partner list of the first affiliated entity. Thereafter, a circle of trust session may be provided when a client device initiates use of a resource on a relying party device by providing an authentication assertion reference. The identity of the issuing party of the authentication is determined as a function of the authentication assertion reference. The relying party sends an authentication query containing its credential to the issuing party. The issuing party determines if the relying party is a trusted entity based upon whether the relying party'"'"'s credential is contained in the trusted partner list of the issuing party.

51 Citations

View as Search Results

32 Claims

1. A method of providing a circle of trust comprising:
- receiving a first certificate of a first affiliated entity by a second affiliated entity;
  
  storing said first certificate of said first affiliated entity in a first trusted partner list accessible by said second affiliated entity;
  
  receiving a second certificate of said second affiliated entity by said first affiliated entity; and
  
  storing said second certificate of said second affiliated entity in a second trusted partner list accessible by said second affiliated entity;
  
  wherein access to a resource is controlled as a function of said first trusted partner list or said second trusted partner list.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1 further comprising:
    - initiating use of a resource on a relying party device by a client device, wherein an authentication assertion reference is provided by a client device;
      
      determining an identity of an issuing party as a function of said authentication assertion reference;
      
      sending an authentication request containing a certificate of said relying party to said issuing party;
      
      determining if said certificate is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said certificate is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said certificate is not contained in said trusted partner list of said issuing party; and
      
      providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
  - 3. The method according to claim 2, further comprising:
    - logging-on to said issuing party utilizing said client device; and
      
      authenticating said client device by said issuing party.
  - 4. The method according to claim 1, further comprising:
    - receiving a first network address of said first affiliated entity by said second affiliated entity;
      
      storing said first network address of said first affiliated entity in said first trusted partner list accessible by said second affiliated entity;
      
      receiving a second network address of said second affiliated entity by said first affiliated entity; and
      
      storing said second network address of said second affiliated entity in said second trusted partner list accessible by said second affiliated entity.
  - 5. The method according to claim 4, further comprising:
    - initiating user of a resource on a relying party device by a client device, wherein an authentication assertion reference is provided by a client device;
      
      determining an identity of an issuing party as a function of said authentication assertion reference;
      
      sending an authentication request from a relying party to an issuing party;
      
      determining a network address of said relying party from said authentication request;
      
      determining if said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said network address is not contained in said trusted partner list of said issuing party; and
      
      providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
  - 6. The method according to claim 4, wherein said first network address and said second network address comprises a first and second internet protocol (IP) address respectively.
  - 7. The method according to claim 1, further comprising:
    - receiving a first network address of a third affiliated entity by said first affiliated entity;
      
      storing said first network address of said third affiliate entity in said second trusted partner list accessable by said first affiliated entity;
      
      receiving a second network address of said first affiliated entity by said third affiliated entity; and
      
      storing said second network address of said first affiliated entity in a third trusted partner list accessable by said third affiliated entity.

8. A method of providing a circle of trust comprising:
- initiating user of a resource on a relying party device by a client device, wherein an authentication assertion reference is provided by a client device;
  
  determining an identity of an issuing party as a function of said authentication assertion reference;
  
  sending an authentication request containing a certificate of said relying party to said issuing party;
  
  determining if said certificate is contained in a trusted partner list of said issuing party;
  
  sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said certificate is contained in a trusted partner list of said issuing party;
  
  sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said certificate is not contained in said trusted partner list of said issuing party; and
  
  providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
- View Dependent Claims (9, 10, 11)
- - 9. The method according to claim 8, further comprising:
    - sending an authentication request from said relying party to said issuing party;
      
      determining a network address of said relying party from said authentication request;
      
      determining if said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said network address is not contained in said trusted partner list of said issuing party; and
      
      providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
  - 10. The method according to claim 9, wherein said first network address and said second network address comprise a first and second internet protocol (IP) address respectively.
  - 11. The method according to claim 8, further comprising:
    - logging-on to an issuing party utilizing said client device; and
      
      authenticating said client device by said issuing party.

12. A system for providing a circle of trust comprising:
- a first affiliated entity comprising;
  
  a first administration module; and
  
  a first trusted partner list communicatively coupled to said first administration module; and
  
  said second affiliated entity comprising;
  
  a second administration module; and
  
  a second trusted partner list communicatively coupled to said second administration module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system for providing a circle of trust according to claim 12, wherein said first administration module receives said credential of said second affiliated entity.
  - 14. The system for providing a circle of trust according to claim 13, wherein said first administration module stores said credential of said second affiliated entity in a trusted partner list.
  - 15. The system for providing a circle of trust according to claim 14, wherein said credential comprises a certificate.
  - 16. The system for providing a circle of trust according to claim 14, wherein said credential comprises a network address.
  - 17. The system for providing a circle of trust according to claim 13, further comprising:
    - a client device;
      
      a first affiliated entity communicatively coupled to said client device and a second affiliated entity, comprising;
      
      a first session module; and
      
      a first authentication module; and
      
      said second affiliated entity communicatively coupled to said client device and said first affiliated entity, comprising;
      
      a second session module; and
      
      a second trusted partner list.
  - 18. The system for providing a circle of trust according to claim 17, wherein said second session module determines the identity of an issuing party as a function of an authentication assertion reference received from said client device.
  - 19. The system for providing a circle of trust according to claim 17, wherein said first session module determines a trusted status of said second affiliated entity as a function of a certificate received from said second session module.
  - 20. The system for providing a circle of trust according to claim 17, wherein said first session module determines a trusted status of said second affiliated entity as a function of a network address of said second session module.

21. A system for providing a circle of trust comprising:
- a client device;
  
  a first affiliated entity communicatively coupled to said client device and a second affiliated entity, comprising;
  
  a first session module; and
  
  a first authentication module; and
  
  said second affiliated entity communicatively coupled to said client device and said first affiliated entity, comprising;
  
  a second session module; and
  
  a second trusted partner list.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The system for providing a circle of trust according to claim 21, wherein said first session module provides for secure transfer of information for authenticating a user on said client device.
  - 23. The system for providing a circle of trust according to claim 22, wherein said first session module generates and processes SAML requests and assertions contained in SOAP envelopes.
  - 24. The system for providing a circle of trust according to claim 21, wherein said second session module determines the identity of an issuing party as a function of an authentication assertion reference received from said client device.
  - 25. The system for providing a circle of trust according to claim 21, wherein said first session module determines a trusted status of said second affiliated entity as a function of a certificate received from said second session module.
  - 26. The system for providing a circle of trust according to claim 21, wherein said first session module determines a trusted status of said second affiliated entity as a function of a network address of said second session module.
  - 27. The system for providing a circle of trust according to claim 21, wherein said first session module determines said network address of said session module from an HTTP header.

28. A computer readable-medium containing a plurality of instructions which when executed cause a network device to implement a method of providing a circle of trust comprising:
- receiving a first network address of a first affiliated entity by a second affiliated entity;
  
  storing said first network address of said first affiliated entity in a first trusted partner list accessable by said second affiliated entity;
  
  receiving a second network address of said second affiliated entity by said first affiliated entity; and
  
  storing said second network address of said second affiliated entity in a second trusted partner list accessable by said second affiliated entity.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The computer readable-medium according to claim 28, further comprising initiating use of a resource on a relying party device by a client device, wherein an authentication assertion reference is provided by a client device;
    - determining an identity of an issuing party as a function of said authentication assertion reference;
      
      sending an authentication request from a relying party to an issuing party;
      
      determining a network address of said relying party from said authentication request;
      
      determining if said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said network address is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said network address is not contained in said trusted partner list of said issuing party; and
      
      providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
  - 30. The computer readable-medium according to claim 28, further comprising:
    - receiving a first certificate of a first affiliated entity by a second affiliated entity;
      
      storing said first certificate of said first affiliated entity in said first trusted partner list accessable by said second affiliated entity;
      
      receiving a second certificate of said second affiliated entity by said first affiliated entity; and
      
      storing said second certificate of said second affiliated entity in said second trusted partner list accessable by said second affiliated entity.
  - 31. The computer readable-medium according to claim 30, further comprising:
    - sending an authentication request containing a certificate of said relying party to said issuing party;
      
      determining if said certificate is contained in a trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has been authenticated, from said issuing party to said relying party when said certificate is contained in said trusted partner list of said issuing party;
      
      sending an authentication assertion, indicating that said client has not been authenticated, from said issuing party to said relying party when said certificate is not contained in said trusted partner list of said issuing party; and
      
      providing said requested resource to said client device by said relying party when said authentication assertion indicates that said client has been authenticated.
  - 32. The computer readable-medium according to claim 31, further comprising:
    - logging-on to said issuing party utilizing said client device; and
      
      authenticating said client device by said issuing party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Sun, Wei, Xu, Hong, Ranganathan, Aravindan, Luo, Ping, Bhat, Shivaram, Cheng, Qingwen, Bhatnagar, Bhavna

Granted Patent

US 7,716,469 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

Method and system for providing a circle of trust on a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing a circle of trust on a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links