Method and apparatus for providing access isolation of requested security related information from a security related information source

US 6,691,231 B1
Filed: 06/07/1999
Issued: 02/10/2004
Est. Priority Date: 06/07/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing requested security related information from a security related information source comprising the steps of:

receiving, from a requestor, security information request data representing a request for the security related information from the source;

isolating the requestor from the source by generating separate security information release data, to obtain the security related information from the source based on analyzed request criteria data; and

generating reply data for the requestor based on a response to the separate security information release data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method provides arbitration among a plurality of subscribers and also provides access isolation between a requester, such as a subscriber or other entity, and a security-related information source, such as a repository containing certificates and certificate revocation lists (CRLs) or other security-related information. The system and method isolates the requester from the source by generating separate security information release-data to obtain the security-related information from the source based on analyzed request criteria-data. The arbitration module generates a separate security-information release request to the repository to retrieve appropriate data from the internal repository in response to the externally generated request without allowing the request to filter directly through to the security-related information source.

Citations

36 Claims

1. A method for providing requested security related information from a security related information source comprising the steps of:
- receiving, from a requestor, security information request data representing a request for the security related information from the source;
  
  isolating the requestor from the source by generating separate security information release data, to obtain the security related information from the source based on analyzed request criteria data; and
  
  generating reply data for the requestor based on a response to the separate security information release data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 including the step of arbitrating among a plurality of received security information requests based on the request criteria data.
  - 3. The method of claim 2 wherein the step of arbitrating includes determining, based on the request criteria data, allowance of a security information request and a type of data to obtain from the security related information source.
  - 4. The method of claim 1 wherein the step of receiving includes receiving the security information request data in a first protocol based format and wherein the step of generating the separate security information release data includes generating the separate security information release data in a second protocol suitable for obtaining selected security related information from the source.
  - 5. The method of claim 1 wherein the response to the separate security information release data includes selected security related data from the source.
  - 6. The method of claim 1 including the step of obtaining the request criteria data and wherein the request criteria data includes at least one of:
    - approved requestor identification data, data representing releasable security related information from the source and conditional criteria data to facilitate the release of security related information from the source.
  - 7. The method of claim 1 wherein the reply data for the requester includes retrieved security related data obtained from the source in response to the separate security information release data.
  - 8. The method of claim 1 including the step of filtering retrieved security related data obtained from the source in response to the separate security information release data based on filter criteria data.
  - 9. The method of claim 8 wherein the filter criteria data includes data representing sensitive data that should be filtered prior to communicating the reply data for the requestor.
  - 10. The method of claim 1 including the step of customizing retrieved security related data obtained from the source in response to the separate security information release data by at least adding additional data to the retrieved security related data.
  - 11. The method of claim 10 including the step of storing customized retrieved security related data for later use in response to subsequently received security information request data.
  - 12. The method of claim 1 including the steps of validating data associated with the security information request data and generating validatable reply data, where validation of the validatable reply data includes use of at least one of:
    - digital signatures, timestamps, revocation information, policy data, and checksums.
  - 13. The method of claim 1 including the step of storing pending security information request data and associated reply data to facilitate tracking of request data and corresponding reply data.

14. A method for providing requested security related information from a security related information source comprising the steps of:
- receiving, from a requester, security information request data representing a request for the security related information from the source;
  
  arbitrating among a plurality of received security information requests based on request criteria data;
  
  obtaining the request criteria data and wherein the request criteria data includes at least one of;
  
  approved requestor identification data, data representing releasable security related information from the source and conditional criteria data to facilitate the release of security related information from the source;
  
  isolating the requestor from the source by generating separate security information release data, to obtain the security related information from the source based on analyzed request criteria data or security information release data; and
  
  generating reply data for the requester based on a response to the separate security information release data wherein the reply data for the requestor includes retrieved security related data obtained from the source in response to the separate security information release data.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14 wherein the step of arbitrating includes determining, based on the request criteria data, allowance of a security information request and a type of data to obtain from the security related information source.
  - 16. The method of claim 15 wherein the step of receiving includes receiving the security information request data in a first protocol based format and wherein the step of generating the separate security information release data includes generating the separate security information release data in a second protocol suitable for obtaining selected security related information from the source.
  - 17. The method of claim 15 wherein the response to the separate security information release data includes selected security related data from the source.
  - 18. The method of claim 15 including the step of filtering retrieved security related data obtained from the source in response to the separate security information release data based on filter criteria data.
  - 19. The method of claim 18 wherein the filter criteria data includes data representing sensitive data that should be filtered prior to communicating the reply data for the requestor.
  - 20. The method of claim 19 including the step of customizing retrieved security related data obtained from the source in response to the separate security information release data by at least adding additional data to the retrieved security related data.
  - 21. The method of claim 20 including the step of storing customized retrieved security related data for later use in response to subsequently received security information request data.
  - 22. The method of claim 21 including the steps of validating data associated with the security information request data and generating validatable reply data, where validation of the validatable reply data includes use of at least one of:
    - digital signatures, timestamps, revocation information, policy data, and checksums.
  - 23. The method of claim 22 including the step of storing pending security information request data and associated reply data to facilitate tracking of request data and corresponding reply data.

24. An apparatus for providing requested security related information from a security related information source comprising:
- a security information request analyzer that receives, from a requestor, security information request data representing a request for the security related information from the source and isolates the requestor from the source by generating separate security information release data, to obtain the security related information from the source based on analyzed request criteria data; and
  
  a reply data generator, operatively coupled to the security information request analyzer, that generates reply data for the requestor based on a response from the source to the separate security information release data.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 25. The apparatus of claim 24 including an arbitor operative to arbitrate among a plurality of received security information requests based on the request criteria data.
  - 26. The apparatus of claim 25 wherein the arbitor determines, based on the request criteria data, allowance of a security information request and a type of data to obtain from the security related information source.
  - 27. The apparatus of claim 24 wherein the security information request analyzer receives the security information request data in a first protocol based format and generates the separate security information release data in a second protocol suitable for obtaining selected security related information from the source.
  - 28. The apparatus of claim 24 wherein the response to the separate security information release data includes selected security related data from the source.
  - 29. The apparatus of claim 24 where in the security information request analyzer obtains the request criteria data and wherein the request criteria data includes at least one of:
    - approved requestor identification data, data representing releasable security related information from the source and conditional criteria data to facilitate the release of security related information from the source.
  - 30. The apparatus of claim 24 wherein the reply data for the requester includes retrieved security related data obtained from the source in response to the separate security information release data.
  - 31. The apparatus of claim 24 including an information filter operatively coupled to filter retrieved security related data obtained from the source in response to the separate security information release data based on filter criteria data.
  - 32. The apparatus of claim 31 wherein the filter criteria data includes data representing sensitive data that should be filtered prior to communicating the reply data for the requestor.
  - 33. The apparatus of claim 24 including a data customizer operatively coupled to customize retrieved security related data obtained from the source in response to the separate security information release data by at least adding additional data to the retrieved security related data.
  - 34. The apparatus of claim 33 including a storage device containing customized retrieved security related data for later use in response to subsequently received security information request data.
  - 35. The apparatus of claim 24 including a digital signature verifier operative to verify a digital signature associated with the security information request data and generating a verifiable digital signature for the reply data.
  - 36. The apparatus of claim 24 including a storage device containing pending security information request data and associated reply data to facilitate tracking of request data and corresponding reply data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
Entrust Technologies Limited
Inventors
Vandergeest, Ronald J., Boeyen, Sharon M., Lloyd, James Steven
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/325,650
Time in Patent Office

1,709 Days
Field of Search

713/201,200,189,164,165,166,167
US Class Current

726/5
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Method and apparatus for providing access isolation of requested security related information from a security related information source

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing access isolation of requested security related information from a security related information source

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links