Method for providing a security facility for a network of management servers utilizing a database of trust relations to verify mutual trust relations between management servers
First Claim
1. A method for providing security for a data processing network having a plurality of management servers including at least an originating management server for providing a point of submission for a management operation to be performed from a user and a final management server coupled to a host designated to perform a function described in said management operation, and a database for storing data identifying the host designated to perform the function described in said management operation and containing a list of a plurality of links between said plurality of management sewers on a path from said originating management server to said final management sewer which forms a trusted path from said originating management server to said final management server for communicating management operations from said originating management server to said final management server, said method comprising the steps of:
- receiving by a first one of said management servers on said trusted path between said originating management server and said final management server a management operation to be performed;
querying said database of trusted relations by said first management server to identify a second one of said management servers on said trusted path between said originating management server and said final management server that has a trusted relation to said first management server for sending said management operation by said first management server to said second management server;
mutually authenticating between said first management server and said second management server the identities of said first management server and said second management server;
querying said database of trusted relations by said second trusted management server to verify the existence of a mutual trusted relation with said first management server for receiving said management operation by said second trusted management server from said first management server; and
sending said management operation to be management server to said second trusted management server.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention consists of a method for providing security for distributing management operations among components of a computer network using a network of mutually trusting, mutually authenticating management services to dispatch operations to selected host systems. Mutual authentication and trust are established on every transmission link from a point of submission to a designated management server which invokes a service provider to perform management operations on a selected host.
-
Citations
10 Claims
-
1. A method for providing security for a data processing network having a plurality of management servers including at least an originating management server for providing a point of submission for a management operation to be performed from a user and a final management server coupled to a host designated to perform a function described in said management operation, and a database for storing data identifying the host designated to perform the function described in said management operation and containing a list of a plurality of links between said plurality of management sewers on a path from said originating management server to said final management sewer which forms a trusted path from said originating management server to said final management server for communicating management operations from said originating management server to said final management server, said method comprising the steps of:
-
receiving by a first one of said management servers on said trusted path between said originating management server and said final management server a management operation to be performed; querying said database of trusted relations by said first management server to identify a second one of said management servers on said trusted path between said originating management server and said final management server that has a trusted relation to said first management server for sending said management operation by said first management server to said second management server; mutually authenticating between said first management server and said second management server the identities of said first management server and said second management server; querying said database of trusted relations by said second trusted management server to verify the existence of a mutual trusted relation with said first management server for receiving said management operation by said second trusted management server from said first management server; and sending said management operation to be management server to said second trusted management server.
-
-
2. A method for providing security for a data processing network having a plurality of management servers including at least an originating management server for providing a point of submission for a management operation to be performed from a user and a final management server coupled to a host designated to perform a function described in said management operation, and a database for storing data identifying the host designated to perform the function described in said management operation and containing a list of a plurality of links between said plurality Of management servers on a path from said originating management server to said final management server which forms a trusted path from said originating management server to said final management server, said method comprising the steps of:
-
receiving by said originating management server said management operation to be performed; querying said database by said originating management server to identify said final management server and a first one of said plurality of management servers on said trusted path from said originating management server to said final management server for sending said management operation by said originating management server to said first management server; mutually authenticating between said originating management server and said first management server the identities of said originating management server and said first management server; querying said database of trusted relations by said first management server to verify the existence Of a mutual trusted relation with said originating management server for receiving said management operation by said first management server from said originating management server; transferring said management operation from said originating management server to said first management server; querying said database of trusted relations by said first management server to identify a second of said plurality of management servers on said trusted path from said first management server to said final management server for sending said management operation by said first management server to said second management server; mutually authenticating between said first management server and said second management server the identities of said first management server and said second management server; querying said database of trusted relations by said second management server to verify the existence of a mutual trusted relation with said first management server for receiving said management operation by said second management server from said first management server; transferring said management operation from said first management server to said second management server; querying said database of trusted relations by said second management server to identify said final management server on said trusted path from said first management server to said final management server for sending said management operation by said second management server to said final management server; mutually authenticating between said second management server and said final management server the identities of said second management server and said final management server; querying said database by said final management server to verify the existence of a mutual trusted relation with said originating management server for receiving said management operation by said final management server from said second management server; and transferring said management operation on the path between said second management server and said final management server. - View Dependent Claims (3, 4, 5)
-
-
6. A method for providing security for a dam processing network having a plurality of management servers including at least an originating management server for providing a point of submission for a management operation to be performed from a user, a final management server coupled to a host designated to perform a function described in said management operation, at least one communicatively coupled intermediate management server linking said originating management server and said final management server, and a database for storing data identifying said host designated to perform said function described in said management operation and a list of links comprising a trusted path from said originating management server to said final management server, said method comprising the steps of:
-
receiving by said originating management server said management operation to be performed; querying said database by said originating management server to identify said final management server and said trusted path from said originating management server to said final management server; identifying by said originating management server an intermediate management server on said trusted path from said originating management server to said final management server for sending said management operation by said originating management server to said intermediate management server; mutually authenticating between said originating management server and said intermediate management server the identities of said of said originating management server and said intermediate management server; querying said database by said intermediate management server to verify the existence of a mutual trusted relation with said originating management server for receiving said management operation by said intermediate management server from said originating management server; transferring said operation on a trusted link between said originating management server and said intermediate management server in accord with said trusted relations contained within said database; querying said database by said intermediate management server to identify said final management server on said trusted path from said originating management server to said final management server for sending said management operation by said intermediate management server to said final management server; mutually authenticating between said intermediate management server and said final management server the identities of said intermediate management server and said final management server; querying said database by said final management server to verify the existence of a mutual trusted relation with said intermediate management server for receiving said management operation by said final management server from said intermediate management server; and transferring said operation on a trusted link between said intermediate management server to said final management server in accord with said trusted relations contained within said database. - View Dependent Claims (7, 8, 9, 10)
-
Specification