Trust Map Management and User Interface

US 20150242594A1
Filed: 02/21/2014
Published: 08/27/2015
Est. Priority Date: 02/21/2014
Status: Active Grant

First Claim

Patent Images

1. A method for operating a computing device, the method comprising:

obtaining a data set comprising a plurality of entities, the plurality of entities including at least one key instance, at least one system identifier, at least one client identifier and at least one server identifiers, at least one key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;

identifying a selected entity from the data set;

displaying at a hub region of a display device, a representation the selected entity;

displaying at a spoke region of the display device, at least one non-selected entity;

displaying between the hub region and the spoke region a representation of a trust relationship between the selected entity and the at least one non-selected entity;

receiving an indication of a desired action to be taken; and

executing the desired action on the computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example embodiment, a user interface is presented for interacting with a trust map identifying trust relationships between clients/users and servers/hosts. The trust relationships are defined by public/private key pairs in Secure Shell (SSH), Secure File Transfer Protocol (SFTP), Transport Layer Security/Secure Sockets Layer (TLS/SSL), Secure Multipurpose Internet Mail Extensions (S/MIME), Internet Protocol Security (IPsec), and so forth. A selected entity such as a server, client, client/server, key set, policy, and so forth is selected and displayed at the center of a hub/spoke diagram. Non-selected entities having a trust relationship with the hub entity are displayed as spokes. Similar spoke entitles may be grouped together. Trust relationships and related properties are displayed as lines between the hub and spoke entities. A user performs actions on the entities by manipulation of the hub, spoke, trust relationship and related user interface elements.

29 Citations

View as Search Results

20 Claims

1. A method for operating a computing device, the method comprising:
- obtaining a data set comprising a plurality of entities, the plurality of entities including at least one key instance, at least one system identifier, at least one client identifier and at least one server identifiers, at least one key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;
  
  identifying a selected entity from the data set;
  
  displaying at a hub region of a display device, a representation the selected entity;
  
  displaying at a spoke region of the display device, at least one non-selected entity;
  
  displaying between the hub region and the spoke region a representation of a trust relationship between the selected entity and the at least one non-selected entity;
  
  receiving an indication of a desired action to be taken; and
  
  executing the desired action on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the desired action comprises at least one of a navigation action, a status action, a policy action, and a key action.
  - 3. The method of claim 2 wherein:
    - the navigation action comprises at least one of;
      
      an indication of a new selected entity that should be placed at the hub; and
      
      an indication of retrieving additional information related to the selected entity;
      
      the status action comprises retrieving or setting a status of either the selected entity or a new selected entity;
      
      the policy action comprises at least one of;
      
      an indication to make compliant with at least one desired policy;
      
      a jail action to tie a key instance to a particular system; and
      
      a lock action to prevent changes to at least a portion of the data set; and
      
      the key action comprises at least one of;
      
      a rotate key set action;
      
      a new key set action;
      
      a new key instance action;
      
      a remove key instance action; and
      
      a remove key set action.
  - 4. The method of claim 1 wherein the representation of the trust relationship comprises an indication of:
    - a direction of the trust relationship such that a source and a target of the trust relationship may be identified; and
      
      an account type of the trust relationship.
  - 5. The method of claim 4 wherein the representation of the trust relationship further comprises an indication of at least one of:
    - an indication of permissions granted on the target to the source;
      
      an indication of forced commands associated with a key instance;
      
      an indication of source restriction associated with a key instance; and
      
      an indication of other key options.
  - 6. The method of claim 1 wherein the representation of the trust relationship comprises a representation of properties of the trust relationship.
  - 7. The method of claim 6, wherein each of the at least one non-selected entities are displayed in groups, each group having common trust relationship properties.

8. A system comprising:
- a processor;
  
  memory coupled to the processor;
  
  a display upon which the processor displays a graphical user interface, the graphical user interface comprising;
  
  a hub entity displayed at a hub region of the display;
  
  a plurality of spoke entities displayed at a hub region of the display;
  
  a representation of a trust relationship between the hub entity and the plurality of spoke entities, the trust relationship determined by at least one public/private key pair between the hub entity and each of the plurality of spoke entities, the representation comprising an annotation indicating at least one of;
  
  an indication of a direction of the trust relationship;
  
  an indication of a permission granted or denied on at least one of the hub entity and the plurality of spoke entities; and
  
  a key option associated with the public portion of the at least one public/private key pair or the private portion of the at least one public/private key pair, or both the public portion and the private portion of the at least one public/private key pair.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein the hub entity comprises at least one of:
    - a server;
      
      a client;
      
      a client/server;
      
      a key instance;
      
      a key set;
      
      a policy;
      
      a user account; and
      
      a user.
  - 10. The system of claim 8 wherein the plurality of spoke entities comprises at least one of:
    - a server;
      
      a client;
      
      a client/server;
      
      a key instance;
      
      a key set;
      
      a policy;
      
      a user account; and
      
      a user.
  - 11. The system of claim 8 wherein each of the at least one spoke entities has a plurality of characteristics and wherein the at least one spoke entity is grouped by at least one common characteristic and wherein each group is displayed in a spaced relationship to other groups in the spoke region.
  - 12. The system of claim 8 wherein the representation of the trust relationship defines a source and a target of the trust relationship and wherein the representation comprises an indication of at least one of:
    - an indication of permissions granted on the target to the source;
      
      an indication of forced commands associated with a key instance;
      
      an indication of source restriction associated with a key instance; and
      
      an indication of other key options.
  - 13. The system of claim 12 wherein the representation of the trust relationship further comprises an indication of a key characteristic.
  - 14. The system of claim 12, wherein the graphical user interface further comprises a representation of further spoke entities displayed in a relationship to the at least one spoke entity but not displayed in a relationship to the hub entity.
  - 15. The system of claim 8, wherein the graphical user interface further comprises a context window having content comprising:
    - detail information regarding the trust relationship;
      
      information regarding any policy violations; and
      
      actions that may be taken by a user with respect to the graphical user interface.
  - 16. The system of claim 8, wherein the graphical user interface further comprises a control that allows filtering of the information presented on the graphical user interface.

17. A machine readable medium having executable instructions encoded thereon, which when executed by a system, cause the system to:
- obtain a data set comprising a plurality of entities, the plurality of entities including at least one key instance, at least one system identifier, at least one client identifier and at least one server identifiers, at least one key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;
  
  identify a selected entity from the data set;
  
  display at a hub region of a display device, a representation the selected entity;
  
  display at a spoke region of the display device, at least one non-selected entity;
  
  display between the hub region and the spoke region a representation of a trust relationship between the selected entity and the at least one non-selected entity;
  
  receive an indication of a desired action to be taken; and
  
  execute the desired action on the computing device.
- View Dependent Claims (18, 19, 20)
- - 18. The machine readable medium of claim 17, wherein the executable instructions further cause the system to:
    - identify a plurality of further spoke entities;
      
      display the further spoke entities in a further spoke entity region; and
      
      display a relationship indication between the plurality of further spoke entities and at least one non-selected entity.
  - 19. The machine readable medium of claim 17, wherein the desired action comprises at least one of a navigation action, a status action, a policy action, and a key action.
  - 20. The machine readable medium of claim 19 wherein:
    - the navigation action comprises at least one of;
      
      an indication of a new selected entity that should be placed at the hub; and
      
      an indication of retrieving additional information related to the selected entity;
      
      the status action comprises retrieving or setting a status of either the selected entity or a new selected entity;
      
      the policy action comprises at least one of;
      
      an indication to make compliant with at least one desired policy;
      
      a jail action to tie a key instance to a particular system; and
      
      a lock action to prevent changes to at least a portion of the data set; and
      
      the key action comprises at least one of;
      
      a rotate key set action;
      
      a new key set action;
      
      a new key instance action;
      
      a remove key instance action; and
      
      a remove key set action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Venafi,Inc.
Original Assignee
Venafi,Inc.
Inventors
Harjula, Tero Petteri, Lence, Bryan Robert, DeBete, Daniel G.

Granted Patent

US 9,218,463 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/57   Certifying or maintaining t...

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

H04L 63/06   for supporting key manageme...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Trust Map Management and User Interface

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trust Map Management and User Interface

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links