METHODS AND SYSTEMS FOR MANAGING IDENTITY MANAGEMENT SECURITY DOMAINS

US 20070288747A1
Filed: 08/04/2006
Published: 12/13/2007
Est. Priority Date: 06/07/2006
Status: Active Grant

First Claim

Patent Images

1. A security domain manager comprising:

a first module configured to provide a digital certificate; and

a second module configured to provide a registry of security domains to which root certificate authorities belong.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide identity management security domains that may be used in an enterprise security system. A security domain provides a centralized registry of services provided by the enterprise security system. For example, certificate authorities and other services, such as key archives, and the like, in the enterprise security system may register information about themselves in the security domain. Authorized users can then discover the location of these services. In some embodiments, the security domain may provide an interface that indicates a topology between services of the enterprise security system. The security domain may also serve as a distribution point for security policies. A security policy may comprise information that indicates, for example, a set of trusted certificate authorities, certificate templates, certificate revocation lists, and the locations of the services in the enterprise security system.

Citations

13 Claims

1. A security domain manager comprising:
- a first module configured to provide a digital certificate; and
  
  a second module configured to provide a registry of security domains to which root certificate authorities belong.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The security domain manager of claim 1, wherein the registry indicates the root certificate authorities that are trusted by members of the security domain.
  - 3. The security domain manager of claim 1, wherein the registry indicates a data recovery manager that is trusted by the root certificate authorities and other members of the security domain.
  - 4. The security domain manager of claim 1, wherein the registry indicates a token key service module that is trusted by the root certificate authorities and other members of the security domain.
  - 5. The security domain manager of claim 1, wherein the registry indicates a security policy for one of the security domains.
  - 6. The security domain manager of claim 1, wherein the registry indicates a set of certificate revocation lists for one of the security domains.
  - 7. The security domain manager of claim 1, wherein the registry indicates templates for certificates provided by the certificate authority for one of the security domains.
  - 8. The security domain manager of claim 1, wherein the second module is configured to provide information to an application that indicates a topology of the security domain, wherein the topology shows how each member is connected to each other, and how each member is trusted to each other.

9. A method for distributing a certificate revocation list by a security domain, said method comprising:
- retrieving destinations for the certificate revocation list from a security domain; and
  
  distributing the security policies comprising trusted certificate authorities and certificate revocation list to the destinations from the security domain.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein retrieving destinations for the security policies and certificate revocation list comprises submitting a LDAP-compliant request to the security domain.
  - 11. The method of claim 9, wherein retrieving destinations for the security policies and certificate revocation list comprises submitting a XML request to the security domain.
  - 12. A security domain manager for distributing a security policy comprising trusted certificate authories and certificate revocation list comprising means configured to perform the method of claim 9.
  - 13. A computer readable medium comprising executable instructions to perform the method of claim 9.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
PARKINSON, Steven William, KANNAN, Chandrasekar, KWAN, Nang Kon, HO, Shuk Yee

Granted Patent

US 8,707,024 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3268   using certificate validatio...

METHODS AND SYSTEMS FOR MANAGING IDENTITY MANAGEMENT SECURITY DOMAINS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR MANAGING IDENTITY MANAGEMENT SECURITY DOMAINS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links