Techniques for establishing and managing a distributed credential store

US 20050171872A1
Filed: 01/29/2004
Published: 08/04/2005
Est. Priority Date: 01/29/2004
Status: Active Grant

First Claim

Patent Images

1. A method for managing a distributed credential store, comprising:

associating portions of an enterprise credential store to a principal credential store;

selectively synchronizing changes between the portions and the principal credential store; and

managing conflicts and the changes according to a policy.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for establishing and managing a distributed credential store. An identity service aggregates identity information from one or more identity stores and maintains the information as a remote credential store. Initially, the remote credential store, or portions thereof, is transmitted to a principal service as an initial configuration of a local credential store. A principal interacts with the principal service for defining or modifying a policy that identifies portions of the remote credential store which are to be synchronized with the local credential store. In some embodiments, the principal interacts with the principal service for defining a local policy that identifies portions of the local credential store which are not synchronized with the remote credential store. The interactions between the credential stores are trusted and secured.

Citations

27 Claims

1. A method for managing a distributed credential store, comprising:
- associating portions of an enterprise credential store to a principal credential store;
  
  selectively synchronizing changes between the portions and the principal credential store; and
  
  managing conflicts and the changes according to a policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the associating further includes:
    - aggregating the portions from the enterprise credential store, wherein the portions are identified by the policy; and
      
      transmitting the portions to a principal as an initial instance of the principal credential store.
  - 3. The method of claim 1 further comprising:
    - inserting personal identity information into the principal credential store; and
      
      preventing the personal identity information from being synchronized with the enterprise credential store.
  - 4. The method of claim 1 further comprising:
    - detecting an insertion of new identity information into the principal credential store; and
      
      updating the enterprise credential store with the new identity information.
  - 5. The method of claim 1 further comprising:
    - detecting an insertion of new identity information into the enterprise credential store;
      
      determining via the policy that the new identity information is included within the portions; and
      
      updating the principal credential store with the new identity information.
  - 6. The method of claim 1 further comprising:
    - receiving modifications to the policy from a principal; and
      
      adjusting the synchronization between the portions and the principal credential store based on the modifications.
  - 7. The method of claim 1 further comprising using a trust specification to ensure interactions between the entity credential store and the principal credential store are initially and remain trusted during the interactions.

8. A method for managing a distributed credential store, comprising:
- establishing a trust relationship with a remote credential store;
  
  receiving changes associated with one or more entries in the remote credential store into a local credential store; and
  
  transmitting changes associated with one or more entries in the local credential store to the remote credential store.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 further comprising maintaining selective sets of the one or more entries within the local credential store for separate unique principals.
  - 10. The method of claim 8 further comprising identifying for the remote credential store the one or more entries in the remote credential store which are to be received as the changes.
  - 11. The method of claim 10 further comprising managing one or more personal identity information entries within the local credential store which are not transmitted as the changes associated with the one or more entries in the local credential store to the remote credential store.
  - 12. The method of claim 8 further comprising managing portions of the local credential store from memory and managing other portions from storage.
  - 13. The method of claim 8 further comprising managing the trust relationship between the local credential store and the remote credential store using a trust specification.
  - 14. The method of claim 8 further comprising managing the received changes and the transmitted changes using a synchronization policy.

15. A distributed credential management system, comprising:
- a trust specification;
  
  a local credential store; and
  
  a remote credential store;
  
  wherein the local credential store and the remote credential store interact with one another according to the trust specification, and wherein portions of the remote credential store are synchronized with portions of the local credential store and vice versa.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The distributed credential management system of claim 15 further comprising a remote synchronization policy that determines which of the portions of the remote credential store are synchronized with the portions of the local credential store, and wherein the synchronization policy is accessible to the remote credential store.
  - 17. The distributed credential management system of claim 16 further comprising a local synchronization policy that determines which portions of the local credential store are synchronized with the portions of the remote credential store.
  - 18. The distributed credential management system of claim 16 wherein the remote synchronization policy is defined by and modified by the local credential store.
  - 19. The distributed credential management system of claim 15 wherein the local credential store resides within a local processing environment of a principal.
  - 20. The distributed credential management system of claim 15 wherein the local credential store is managed from a server and includes multiple records, wherein each record is associated with a different principal, and wherein each record is uniquely encrypted for each different principal.

21. A distributed credential store, residing in a computer-readable medium, the distributed credential store used to acquire credentialing information associated with a principal, the distributed credential store comprising:
- a principal identifier field capable of housing a principal identifier value that identifies a particular principal; and
  
  a credentialing information record associated with the principal identifier field and capable of housing credentialing information associated with the principal identifier value for the particular principal;
  
  wherein the distributed credential store is initially generated by an identity service.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The distributed credential store of claim 21 the credential data store is maintained remotely by the identity service and maintained locally by a principal service.
  - 23. The distributed credential store of claim 22 wherein some portions of the credentialing information which are maintained locally are not also maintained remotely.
  - 24. The distributed credential store of claim 22 wherein portions of the credentialing information which are synchronized and maintained both remotely and locally are defined by a policy which can be dynamically modified and initially set by the principal service.
  - 25. The distributed credential store of claim 21 wherein the identity service uses the principal identifier field to construct multiple unique local credential stores, each unique local credential store associated with a unique instance of the distributed credential store.
  - 26. The distributed credential store of claim 21 wherein the identity service populates the credential information of the credential record by aggregating identity information from one or more identity stores associated with the particular principal.
  - 27. The distributed credential store of claim 21 wherein the identity service and a principal service cooperate to selectively synchronize portions of the credential information between one another.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Burch, Lloyd Leon, Earl, Douglas G.

Granted Patent

US 7,647,256 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/29
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06Q 10/0875   Itemisation or classificati...

H04L 63/0815   providing single-sign-on or...

H04L 67/10   in which an application is ...

H04L 67/1095   Replication or mirroring of...

Techniques for establishing and managing a distributed credential store

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for establishing and managing a distributed credential store

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links