REMOTE AUTHORIZATION FOR OPERATIONS

US 20100325693A1
Filed: 08/30/2010
Published: 12/23/2010
Est. Priority Date: 03/29/2006
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method to execute on a machine, comprising:

receiving, by the machine, a request for a secret from a remote authorization acquisition service, the secret is used to initiate an operation with a security system;

acquiring, by the machine, the secret from one or more sources; and

causing, by the machine, the secret to be communicated to the remote authorization acquisition service.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network.

Citations

20 Claims

1. A machine-implemented method to execute on a machine, comprising:
- receiving, by the machine, a request for a secret from a remote authorization acquisition service, the secret is used to initiate an operation with a security system;
  
  acquiring, by the machine, the secret from one or more sources; and
  
  causing, by the machine, the secret to be communicated to the remote authorization acquisition service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein receiving further includes identifying the one or more sources or identifying techniques to be used with the one or more sources from instructions that are included with the request.
  - 3. The method of claim 1, wherein receiving further includes receiving the request via at least one of an event notification from a service activated by the remote authorization acquisition service, a text message sent from the remote authorization acquisition service, an email message sent from the remote authorization acquisition service, and a voice message sent from the remote authorization acquisition service.
  - 4. The method of claim 1, wherein acquiring further includes interfacing a device having the secret to a network to acquire the secret.
  - 5. The method of claim 1, wherein acquiring further includes accessing a random secret generation device or service to acquire the secret.
  - 6. The method of claim 1 further comprising, processing the method on the machine that is a voice-enabled communication device that interacts with an authorization principal.

7. A machine-implemented method to execute on a machine, comprising:
- detecting, by the machine, a request for initiating a secure operation;
  
  evaluating, by the machine, a policy associated with authorizing the secure operation for initiation; and
  
  making, by the machine, a request to an authorization acquisition service to acquire one or more access keys pursuant to the policy from one or more remote authorization principals.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7 further comprising, receiving and verifying, by the machine, the one more access keys, which are received from the authorization acquisition service in response to one or more secrets obtained from the one or more remote authorization principals.
  - 9. The method of claim 7, wherein making further includes supplying one or more identifiers for the one or more access keys or supplying a procedure for acquiring the one or more access keys with the request to the authorization acquisition service.
  - 10. The method of claim 7 further comprising, periodically synchronizing, by the machine, with a secret store to ensure the secret store has the one or more access keys, and wherein the secret store is accessed by the authorization acquisition service in response to one or more secrets obtained from the one or more remote authorization principals.
  - 11. The method of claim 7 further comprising, supplying, by the machine, the one or more access keys successfully received from the authorization acquisition service to a secure loader, wherein the secure loader initiates the secure operation.
  - 12. The method of claim 7, wherein detecting further includes detecting an attempt to boot up a particular device or particular service associated with a security system, which raises the request.
  - 13. The method of claim 7, wherein detecting further includes detecting an attempt to shutdown a running service, which raises the request.
  - 14. The method of claim 7, wherein making further includes voiding the one or more access keys when the authorization acquisition service fails to deliver the one or more access keys within a defined period of time included in the policy.

15. A machine-implemented method to execute on a machine, comprising:
- receiving, by the machine, a request to initiate a secure operation within a secure system;
  
  acquiring, by the machine, multiple keys from multiple different certified crypto officers, each crypto officer having one of the multiple keys and each crypt officer remotely communicating his/her key from a remote geographic location from that geographical location associated with the secure system;
  
  using, by the machine, the multiple keys to acquire a secret from a secret store to initiate the secure operation; and
  
  initiating, by the machine, the secure operation via the secret.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein acquiring further includes interacting with one crypto officers via a phone using voice instructions and interacting with another crypto officer via a phone using text messages to acquire the multiple keys.
  - 17. The method of claim 15, wherein acquiring further includes identifying each of the certified crypto officers via a policy associated with the secure operation of the secure system.
  - 18. The method of claim 15, wherein acquiring further includes using a policy that defines a particular mechanism for each certified crypto officer to deliver his/her key.
  - 19. The method of claim 15, wherein acquiring further includes using a policy to instruct each of the certified crypt officers on how and where to obtain his/her key.
  - 20. The method of claim 15, wherein using further includes randomly changing the secret within the secret store and configuring the secure operation to accept the changing secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Burch, Lloyd Leon

Granted Patent

US 8,327,417 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/33   using certificates

H04L 2463/081   applying self-generating cr...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

REMOTE AUTHORIZATION FOR OPERATIONS

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

REMOTE AUTHORIZATION FOR OPERATIONS

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links