TRUSTED HOST PLATFORM

US 20070204166A1
Filed: 01/04/2007
Published: 08/30/2007
Est. Priority Date: 01/04/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of provisioning a secured storage device for use with a trusted host platform that enables the trusted host platform to access both a first secured network and a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform otherwise unsecure from both the first security network and the second security network, the method comprising:

determining a first enrollment agent for a first security domain, the first enrollment agent authorized to access the first security domain;

determining a second enrollment agent for a second security domain, the second enrollment agent authorized to access the second security domain;

requesting, by the first enrollment agent through the trusted host platform, authentication and authorization materials from a first certificate authority associated with the first security domain;

requesting, by the second enrollment agent through trusted host platform, authentication and authorization materials from a second certificate authority associated with the second security domain;

receiving, at the trusted host platform, the authentication and authorization materials from the first certificate authority, the authentication and authorization materials for providing access to the first secured network;

receiving, at the trusted host platform, the authentication and authorization materials from the second certificate authority, the authentication and authorization materials for providing access to the second secured network;

storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform;

storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform;

storing at least a portion of the received authentication and authorization materials from the first certificate authority onto the secured storage device operably coupled to the trusted host platform; and

storing at least a portion of the received authentication and authorization materials from the second certificate authority onto the secured storage device operably coupled to the trusted host platform.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of provisioning a secured storage device for use with a trusted host platform enables the trusted host platform to access both a first secured network operating in a first security domain and a second secured network operating in a second security domain without exposing the first and second security domains to one another. An enrollment agent provides access to a certificate authority associated with the first security domain to obtain authentication and authorization materials for a user authorized to access the first secured network. Likewise, an enrollment agent provides access to a certificate authority associated with the second security domain to obtain authentication and authorization materials for the user when the user is authorized to access the second secured network. According to various embodiments of the invention, a portion of the authentication and authorization materials from each of the respective security domains is stored on the trusted host platform and a portion of the authentication and authorization materials from each of the respective security domains is stored on a secure storage device associated with the user and operable with the trusted host platform.

Citations

9 Claims

1. A method of provisioning a secured storage device for use with a trusted host platform that enables the trusted host platform to access both a first secured network and a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform otherwise unsecure from both the first security network and the second security network, the method comprising:
- determining a first enrollment agent for a first security domain, the first enrollment agent authorized to access the first security domain;
  
  determining a second enrollment agent for a second security domain, the second enrollment agent authorized to access the second security domain;
  
  requesting, by the first enrollment agent through the trusted host platform, authentication and authorization materials from a first certificate authority associated with the first security domain;
  
  requesting, by the second enrollment agent through trusted host platform, authentication and authorization materials from a second certificate authority associated with the second security domain;
  
  receiving, at the trusted host platform, the authentication and authorization materials from the first certificate authority, the authentication and authorization materials for providing access to the first secured network;
  
  receiving, at the trusted host platform, the authentication and authorization materials from the second certificate authority, the authentication and authorization materials for providing access to the second secured network;
  
  storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform;
  
  storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform;
  
  storing at least a portion of the received authentication and authorization materials from the first certificate authority onto the secured storage device operably coupled to the trusted host platform; and
  
  storing at least a portion of the received authentication and authorization materials from the second certificate authority onto the secured storage device operably coupled to the trusted host platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising locating the trusted host platform in a physically secured location.
  - 3. The method of claim 1, further comprising locating the hosted host platform in a physically unsecured location.
  - 4. The method of claim 1, further comprising:
    - receiving, at the trusted host platform, user information pertaining to a user authorized to access the first secured network and the second secured network; and
      
      storing the user information on the secured storage device.
  - 5. The method of claim 4, wherein requesting, by the trusted host platform, the authentication and authorization materials from a first certificate authority associated with the first security domain comprises providing user information to the first certificate authority, the user information sufficient to identify the user as authorized to access the first security domain.
  - 6. The method of claim 1, further comprising:
    - providing, by the trusted host platform, authentication information associated with the trusted host platform to the first secured network; and
      
      providing, by the trusted host platform, authentication information associated with the trusted host platform to the second secured network.
  - 7. The method of claim 1, further comprising:
    - providing, by the trusted host platform, authentication information associated with the first enrollment agent to the first secured network; and
      
      providing, by the trusted host platform, authentication information associated with the second enrollment agent to the second secured network.
  - 8. The method of claim 1, wherein storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform comprises storing at least a portion of the received authentication and authorization materials on a first virtual machine on the trusted host platform, and wherein storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform comprises storing at least a portion of the received authentication and authorization materials on a second virtual machine on the trusted host platform.
  - 9. The method of claim 1, wherein storing at least a portion of the received authentication and authorization materials from the first certificate authority on the trusted host platform comprises storing at least a portion of the received authentication and authorization materials within a configuration of the trusted host platform, and wherein storing at least a portion of the received authentication and authorization materials from the second certificate authority on the trusted host platform comprises storing at least a portion of the received authentication and authorization materials within the configuration of the trusted host platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nytor Technologies
Original Assignee
Nytor Technologies
Inventors
Ginter, Karl, Ruof, Kenneth, Tome, Agustin, Smalser, Paul, Riddock, Cary

Application Number

US11/620,011
Publication Number

US 20070204166A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

TRUSTED HOST PLATFORM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED HOST PLATFORM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links