Just In Time Trust Establishment and Propagation

US 20110066847A1
Filed: 09/15/2009
Published: 03/17/2011
Est. Priority Date: 09/15/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:

attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system;

determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain;

responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain;

propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and

determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Trust relationships in an online service system are established at a domain level, and propagated to components of domains as they attempt cross domain communication. In attempting to communicate across domains, a first component in a first domain attempts to validate a certificate of a second component in a second domain. Where the attempt to validate the certificate indicates that a trust relationship does not exist between the first component and the second domain, the first component determines whether a domain level trust relationship exists between the two domains. The first component propagates the trust status between the first and second domains to itself. If there is an existing trust relationship between the first and second domains, the first component validates the certificate of the second component in response. The second component executes the same process to complete the connection.

30 Citations

View as Search Results

20 Claims

1. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:
- attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system;
  
  determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain;
  
  responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain;
  
  propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and
  
  determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain further comprises:
    - determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and a public key infrastructure system of the second domain.
  - 3. The method of claim 1 wherein determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - determining, by the first computer system, whether a trust relationship exists between a public key infrastructure system of the first domain and a public key infrastructure system of the second domain.
  - 4. The method of claim 1 wherein determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - receiving, by the first computer system, trust relationships of a public key infrastructure system of the first domain; and
      
      determining whether a trust relationship with the second domain is among the received trust relationships of the public key infrastructure system of the first domain.
  - 5. The method of claim 1 wherein determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - querying, by the first computer system, a public key infrastructure system of the first domain as to whether it has a trust relationship with the second domain.
  - 6. The method of claim 1 wherein propagating, by the first computer system, the trust status between the first domain and the second domain to the first computer system in the first domain further comprises:
    - receiving, by the first computer system, trust relationships of a public key infrastructure system of the first domain; and
      
      extending, by the first computer system, the received trust relationships of the public key infrastructure system of the first domain to the first computer system in the first domain.
  - 7. The method of claim 1 wherein propagating, by the first computer system, the trust status between the first domain and the second domain to the first computer system in the first domain further comprises:
    - receiving, by the first computer system, an indication from a public key infrastructure system of the first domain that the public key infrastructure system of the first domain has a trust relationship with the second domain; and
      
      extending, by the first computer system, the trust relationship of the public key infrastructure system of the first domain with the second domain to the first computer system in the first domain.
  - 8. The method of claim 1 wherein determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status further comprises:
    - responsive to extending a trust relationship of a public key infrastructure system of the first domain with the second domain to the first computer system in the first domain, validating, by the first computer in the first domain, the certificate of the second computer system in the second domain.
  - 9. The method of claim 1 wherein determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status further comprises:
    - responsive to not detecting a trust relationship of a public key infrastructure system of the first domain with the second domain, not validating, by the first computer in the first domain, the certificate of the second computer system in the second domain.
  - 10. The method of claim 1 wherein:
    - the first domain is of a first online service system and the second domain is of a second online service system.

11. At least one computer readable storage medium storing a computer program product for propagating trust relationships between components across multiple domains in at least one online service system, the computer program product comprising:
- program code for attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system;
  
  program code for determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain;
  
  program code for, responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain;
  
  program code for propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and
  
  program code for determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer program product of claim 11 wherein the program code for determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain further comprises:
    - program code for determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and a public key infrastructure system of the second domain.
  - 13. The computer program product of claim 11 wherein the program code for determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - program code for determining, by the first computer system, whether a trust relationship exists between a public key infrastructure system of the first domain and a public key infrastructure system of the second domain.
  - 14. The computer program product of claim 11 wherein the program code for determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - program code for receiving, by the first computer system, trust relationships of a public key infrastructure system of the first domain; and
      
      program code for determining whether a trust relationship with the second domain is among the received trust relationships of the public key infrastructure system of the first domain.
  - 15. The computer program product of claim 11 wherein the program code for determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain further comprises:
    - program code for querying, by the first computer system, a public key infrastructure system of the first domain as to whether it has a trust relationship with the second domain.
  - 16. The computer program product of claim 11 wherein the program code for propagating, by the first computer system, the trust status between the first domain and the second domain to the first computer system in the first domain further comprises:
    - program code for receiving, by the first computer system, trust relationships of a public key infrastructure system of the first domain; and
      
      program code for extending, by the first computer system, the received trust relationships of the public key infrastructure system of the first domain to the first computer system in the first domain.
  - 17. The computer program product of claim 11 wherein the program code for propagating, by the first computer system, the trust status between the first domain and the second domain to the first computer system in the first domain further comprises:
    - program code for receiving, by the first computer system, an indication from a public key infrastructure system of the first domain that the public key infrastructure system of the first domain has a trust relationship with the second domain; and
      
      program code for extending, by the first computer system, the trust relationship of the public key infrastructure system of the first domain with the second domain to the first computer system in the first domain.
  - 18. The computer program product of claim 11 wherein the program code for determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status further comprises:
    - program code for, responsive to extending a trust relationship of a public key infrastructure system of the first domain with the second domain to the first computer system in the first domain, validating, by the first computer in the first domain, the certificate of the second computer system in the second domain.
  - 19. The computer program product of claim 11 wherein the program code for determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status further comprises:
    - program code for, responsive to not detecting a trust relationship of a public key infrastructure system of the first domain with the second domain, not validating, by the first computer in the first domain, the certificate of the second computer system in the second domain.

20. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:
- establishing trust relationships at a domain for each of a plurality of domains, by at least one computer;
  
  responsive to attempts by components in different domains to communicate across the different domains, propagating domain level established trust relationships to the components, by at least one computer; and
  
  executing cross domain communication between components in different domains across the different domains, responsive to domain level trust relationships between the different domains being propagated to the components, by at least one computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Christensen, Aaron, Anand, Jatheen, Vadapalli, Sreekanth, Browning, William, Khanna, Gaurav

Granted Patent

US 8,904,169 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 9/006 involving public key infras...

H04L 9/3263 involving certificates, e.g...

Just In Time Trust Establishment and Propagation

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Just In Time Trust Establishment and Propagation

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links