Method and apparatus for dynamically accessing security credentials and related information
First Claim
1. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) obtaining virtual credentials associated with a source that does not contain physical security credentials of interest, that include at least one of a data specifier and an identifier;
b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
c) utilizing the physical security credentials to participate in the secured communication.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for dynamically accessing security credentials that are used to participate in a secure communication begins by obtaining virtual credentials of an entity, where the virtual credentials include a data specifier and/or an identifier. The data specifier functions as a pointer to a particular physical security credential, its data storage location, and the format of the physical security credential. The identifier functions as a pointer to secondary virtual credentials, which include at least one data specifier. The processing continues by generating physical security credentials based on the physical security credentials retrieved via the data specifiers. The processing then continues by utilizing the physical security credentials by an individual entity (e.g., a party, a server, an administrator, etc.) such that the individual entity may participate in a secured communication. If, during the secured communication, any of the physical security credentials change, the physical security credentials are updated in accordance with a synchronization record to maintain data synchronization.
-
Citations
45 Claims
-
1. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
-
a) obtaining virtual credentials associated with a source that does not contain physical security credentials of interest, that include at least one of a data specifier and an identifier;
b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
c) utilizing the physical security credentials to participate in the secured communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
storing the synchronization record for subsequent updating of a data storage element.
-
-
4. The method of claim 1, wherein step (a) further comprises retrieving the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
-
5. The method of claim 1 further comprises generating the virtual credentials upon initialization of secure communication privileges.
-
6. The method of claim 1 further comprises:
receiving a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier, wherein the individual entity includes a user, a machine software process, and a group of at least one of users and machine software processes.
-
7. The method of claim 1, wherein the physical security credentials include individual security credentials and shared security credentials and wherein the security credentials are unprotected or protected.
-
8. The method of claim 1, wherein step (b) further comprises generating the physical security credentials based on the data specifiers and wherein the data specifier includes at least one of:
- data type identifier, a primary/secondary identifier, a protocol identifier, a location identifier, a format identifier, and an identifier that the data specifiers are not available.
-
9. The method of claim 1, wherein the physical security credentials include realized data and virtual data, wherein the virtual data references non-copy physical security credentials.
-
10. The method of claim 1 further comprises accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
11. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
-
a) receiving a security identifier that identifies an individual entity;
b) obtaining virtual credentials, associated with a source that does not contain physical security credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials. - View Dependent Claims (12, 13, 14, 15, 16)
utilizing the physical security credentials to participate in the secured communication; and
generating a synchronization record when at least one of the physical security credentials changed during the second communication.
-
-
13. The method of claim 12 further comprises generating the synchronization record by at least one of:
-
pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
storing the synchronization record for subsequent updating of a data storage element.
-
-
14. The method of claim 11, wherein step (b) further comprises retrieving the virtual credentials from at least one of:
- a local computer, a network server, a hardware token, and an Internet connection.
-
15. The method of claim 11, wherein step (c) further comprises generating the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier that is not available.
-
16. The method of claim 11 further comprises accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
17. A security processing module comprises;
-
a processing module; and
memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
(a) obtain virtual credentials, associated with a source that does not contain physical security credentials of interest, that include at least one of;
a data specifier and an identifier;
(b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials; and
(c) utilize the physical security credentials to participate in the secured communication.- View Dependent Claims (18, 19, 20, 21, 22, 23)
pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
storing the synchronization record for subsequent updating of a data storage element.
-
-
20. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to:
receive a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier.
-
21. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to retrieve the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
-
22. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
23. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
24. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
a data specifier and an identifier;
second storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication. - View Dependent Claims (25, 26, 27, 28, 29, 30)
pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
storing the synchronization record for subsequent updating of a data storage element.
-
-
27. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to:
receive a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier.
-
28. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module retrieve the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
-
29. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
30. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
31. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical security credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials. - View Dependent Claims (32, 33, 34, 35, 36)
utilize the physical security credentials to participate in the secured communication; and
generate a synchronization record when at least one of the physical security credentials changed during the secured communication.
-
-
33. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to generate the synchronization record by at least one of:
-
pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
storing the synchronization record for subsequent updating of a data storage element.
-
-
34. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to retrieve the virtual credentials from at least one of:
- a local computer, a network server, a hardware token, and an Internet connection.
-
35. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
36. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
37. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
-
a) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of a data specifier and an identifier;
b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
c) utilizing the physical security credentials to participate in the secured communication; and
d) accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
-
38. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
-
a) receiving a security identifier that identifies an individual entity;
b) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials; and
d) generating the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier is not available.
-
-
39. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
-
a) receiving a security identifier that identifies an individual entity;
b) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials; and
d) accessing secondary virtual credentials based on the identifier to obtain to least one secondary data specifier.
-
-
40. A security processing module comprises;
-
a processing module; and
memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
(a) obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
a data specifier and an identifier;
(b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials;
(c) utilize the physical security credentials to participate in the secured communication; and
(g) generate the physical security credentials based on the data specifiers having a second identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
-
41. A security processing module comprises;
-
a processing module; and
memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
(a) obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
a data specifier and an identifier;
(b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials;
(c) utilize the physical security credentials to participate in the secured communication; and
(d) access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
-
42. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to obtain virtual credentials associated with a source that does not contain physical credentials of interest, that include at least one of;
a data specifier and an identifier;
second stage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication; and
programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
-
43. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
a data specifier and an identifier;
second storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication; and
fourth storage means for storing programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
-
44. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
fourth storage means for storing programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
-
-
45. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
-
first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
a data specifier and an identifier;
third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
fourth storage means for programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.
-
Specification