ESTABLISHING SECURE, MUTUALLY AUTHENTICATED COMMUNICATION CREDENTIALS
First Claim
Patent Images
1. A method for establishing secure, mutually authenticated communication between trusted servers of a trusted network and an edge server of a perimeter network outside the trusted network, said method comprising:
- creating a public key and a password associated with the edge server in the perimeter network;
transferring securely the public key and the password to the trusted network;
creating an edge configuration object associated with the edge server on a distributed directory service administered within the trusted network;
placing the public key and the password on the corresponding created edge configuration object of the distributed directory service within the trusted network;
updating, by the distributed directory service, the public key and password associated with the edge server to two or more of the trusted servers on the trusted network adapted for communicating with the perimeter network, thereby identifying the edge server to each of the trusted servers adapted for communicating with the perimeter network as a registered edge server;
encrypting, by each trusted server adapted for communicating with the perimeter network, a password associated with the particular trusted server with the public key created by the edge server; and
sending, by each trusted server adapted for communicating with the perimeter network, a password associated with each particular trusted server encrypted with a private key associated with the particular trusted server to the edge server for authenticating the edge server with respect to each respective trusted server.
2 Assignments
0 Petitions
Accused Products
Abstract
Establishing secure, mutually authenticated communication between a trusted network and a perimeter network. Servers on the perimeter network may be securely and automatically configured to communicate with the trusted network. Servers not functioning properly may be stopped from communicating with the other servers. Credential information relating to a perimeter server may be automatically, and regularly, updated without intervention.
69 Citations
20 Claims
-
1. A method for establishing secure, mutually authenticated communication between trusted servers of a trusted network and an edge server of a perimeter network outside the trusted network, said method comprising:
-
creating a public key and a password associated with the edge server in the perimeter network; transferring securely the public key and the password to the trusted network; creating an edge configuration object associated with the edge server on a distributed directory service administered within the trusted network; placing the public key and the password on the corresponding created edge configuration object of the distributed directory service within the trusted network; updating, by the distributed directory service, the public key and password associated with the edge server to two or more of the trusted servers on the trusted network adapted for communicating with the perimeter network, thereby identifying the edge server to each of the trusted servers adapted for communicating with the perimeter network as a registered edge server; encrypting, by each trusted server adapted for communicating with the perimeter network, a password associated with the particular trusted server with the public key created by the edge server; and sending, by each trusted server adapted for communicating with the perimeter network, a password associated with each particular trusted server encrypted with a private key associated with the particular trusted server to the edge server for authenticating the edge server with respect to each respective trusted server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for automatically updating credential information between a trusted server residing on a trusted network and an edge server residing on a perimeter network, said trusted network administering a distributed directory service, said method comprising:
-
reading, by the trusted server, the current credential information of the edge server residing on the perimeter network; determining the expiration status of the current credential information on the edge server; propagating the replacement credential information from the distributed directory service to the edge server by any trusted server; and utilizing, by the trusted server, the replacement credential information when an attempt to utilize the current credential information fails. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for disenfranchising a server residing on a trusted network or a perimeter network from communication with other servers on the trusted network or the perimeter network, said trusted network administering a distributed directory service comprising credential information corresponding to each of the servers on the trusted network and the perimeter network, said method comprising:
-
receiving instructions from an administrator from within the trusted network instructing that one of the servers requires disenfranchisement from communicating with the other servers; and deleting credential information associated with the server requiring disenfranchisement within the distributed directory service, thereby eliminating the ability of any server on the trusted network or the perimeter network to establish communication with the server with deleted credential information. - View Dependent Claims (19, 20)
-
Specification