Method and apparatus for dynamically accessing security credentials and related information

US 6,732,277 B1
Filed: 10/08/1998
Issued: 05/04/2004
Est. Priority Date: 10/08/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:

a) obtaining virtual credentials associated with a source that does not contain physical security credentials of interest, that include at least one of a data specifier and an identifier;

b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and

c) utilizing the physical security credentials to participate in the secured communication.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for dynamically accessing security credentials that are used to participate in a secure communication begins by obtaining virtual credentials of an entity, where the virtual credentials include a data specifier and/or an identifier. The data specifier functions as a pointer to a particular physical security credential, its data storage location, and the format of the physical security credential. The identifier functions as a pointer to secondary virtual credentials, which include at least one data specifier. The processing continues by generating physical security credentials based on the physical security credentials retrieved via the data specifiers. The processing then continues by utilizing the physical security credentials by an individual entity (e.g., a party, a server, an administrator, etc.) such that the individual entity may participate in a secured communication. If, during the secured communication, any of the physical security credentials change, the physical security credentials are updated in accordance with a synchronization record to maintain data synchronization.

94 Citations

View as Search Results

45 Claims

1. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) obtaining virtual credentials associated with a source that does not contain physical security credentials of interest, that include at least one of a data specifier and an identifier;
  
  b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  c) utilizing the physical security credentials to participate in the secured communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprises generating a synchronization record when at least one of the physical security credentials changed, wherein the synchronization record includes an indicator that indicates to other applications that appropriate parts of the physical security credentials are to be re-assembled.
  - 3. The method of claim 2 further comprises at least one of:
4. The method of claim 1, wherein step (a) further comprises retrieving the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
5. The method of claim 1 further comprises generating the virtual credentials upon initialization of secure communication privileges.
6. The method of claim 1 further comprises:
- receiving a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier, wherein the individual entity includes a user, a machine software process, and a group of at least one of users and machine software processes.
7. The method of claim 1, wherein the physical security credentials include individual security credentials and shared security credentials and wherein the security credentials are unprotected or protected.
8. The method of claim 1, wherein step (b) further comprises generating the physical security credentials based on the data specifiers and wherein the data specifier includes at least one of:
- data type identifier, a primary/secondary identifier, a protocol identifier, a location identifier, a format identifier, and an identifier that the data specifiers are not available.
9. The method of claim 1, wherein the physical security credentials include realized data and virtual data, wherein the virtual data references non-copy physical security credentials.
10. The method of claim 1 further comprises accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

11. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) receiving a security identifier that identifies an individual entity;
  
  b) obtaining virtual credentials, associated with a source that does not contain physical security credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 further comprises:
13. The method of claim 12 further comprises generating the synchronization record by at least one of:
- pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
  
  storing the synchronization record for subsequent updating of a data storage element.
14. The method of claim 11, wherein step (b) further comprises retrieving the virtual credentials from at least one of:
- a local computer, a network server, a hardware token, and an Internet connection.
15. The method of claim 11, wherein step (c) further comprises generating the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier that is not available.
16. The method of claim 11 further comprises accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

17. A security processing module comprises;
- a processing module; and
  
  memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
  
  (a) obtain virtual credentials, associated with a source that does not contain physical security credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  (b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials; and
  
  (c) utilize the physical security credentials to participate in the secured communication.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to generate a synchronization record when at least one of the physical security credentials changed, wherein the synchronization record includes an indicator that indicates to other applications that appropriate parts of the physical security credentials are to be reassembled.
  - 19. The security processing module of claim 18, wherein the memory further comprises programming instructions that cause the processing module to generate the synchronization record by at least one of:
20. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to:
- receive a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier.
21. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to retrieve the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
22. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
23. The security processing module of claim 17, wherein the memory further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

24. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  second storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to generate a synchronization record when at least one of the physical security credentials changed, wherein the synchronization record includes an indicator that indicates to other applications that appropriate parts of the physical security credentials are to be re-assembled.
  - 26. The digital storage medium of claim 25 further comprises programming instructions that cause the processing module to generate the synchronization record by at least one of:
27. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to:
- receive a security identifier that identifies an individual entity, wherein the obtaining of the virtual credentials is based on the security identifier.
28. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module retrieve the virtual credentials from at least one of:
- a local computer, a network server database, a hardware token, and an Internet connection.
29. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
30. The digital storage medium of claim 24 further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

31. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
  
  second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical security credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to:
33. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to generate the synchronization record by at least one of:
- pushing an updated representation of the at least one of the physical security credentials to a data storage element; and
  
  storing the synchronization record for subsequent updating of a data storage element.
34. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to retrieve the virtual credentials from at least one of:
- a local computer, a network server, a hardware token, and an Internet connection.
35. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.
36. The digital storage medium of claim 31 further comprises programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

37. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of a data specifier and an identifier;
  
  b) generating, by other than the source, physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
  
  c) utilizing the physical security credentials to participate in the secured communication; and
  
  d) accessing secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

38. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) receiving a security identifier that identifies an individual entity;
  
  b) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  d) generating the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier is not available.

39. A method for dynamically accessing security credentials that are used for participating in a secure communication, the method comprises the steps of:
- a) receiving a security identifier that identifies an individual entity;
  
  b) obtaining virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  c) generating physical security credentials, other than by the source used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  d) accessing secondary virtual credentials based on the identifier to obtain to least one secondary data specifier.

40. A security processing module comprises;
- a processing module; and
  
  memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
  
  (a) obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  (b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials;
  
  (c) utilize the physical security credentials to participate in the secured communication; and
  
  (g) generate the physical security credentials based on the data specifiers having a second identifier when the physical security credentials of the data specifiers having a primary identifier are not available.

41. A security processing module comprises;
- a processing module; and
  
  memory operably coupled to the processing module, wherein the memory stores programming instructions that, when read by the processing module, cause the processing module to;
  
  (a) obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  (b) generate physical security credentials used to participate in a secure communication based on at least a portion of the virtual credentials;
  
  (c) utilize the physical security credentials to participate in the secured communication; and
  
  (d) access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

42. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to obtain virtual credentials associated with a source that does not contain physical credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  second stage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
  
  third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication; and
  
  programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.

43. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, that include at least one of;
  
  a data specifier and an identifier;
  
  second storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials;
  
  third storage means for storing programming instruction that cause the processing module to utilize the physical security credentials to participate in the secured communication; and
  
  fourth storage means for storing programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

44. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
  
  second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  fourth storage means for storing programming instructions that cause the processing module to generate the physical security credentials based on the data specifiers having a secondary identifier when the physical security credentials of the data specifiers having a primary identifier are not available.

45. A digital storage medium that stores programming instructions that, when read by a processing module, cause the processing module to dynamically access security credentials, the digital storage medium comprises:
- first storage means for storing programming instruction that cause the processing module to receive a security identifier that identifies an individual entity;
  
  second storage means for storing programming instruction that cause the processing module to obtain virtual credentials, associated with a source that does not contain physical credentials of interest, based on the security identifier, wherein the virtual credentials include at least one of;
  
  a data specifier and an identifier;
  
  third storage means for storing programming instruction that cause the processing module to generate physical security credentials used to participate in a secured communication based on at least a portion of the virtual credentials; and
  
  fourth storage means for programming instructions that cause the processing module to access secondary virtual credentials based on the identifier to obtain at least one secondary data specifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
Entrust Technologies Limited
Inventors
Vandergeest, Ron J., Hillier, Stephen W.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/169,243
Time in Patent Office

2,035 Days
Field of Search

713/200, 713/202, 713/153, 713/156, 713/159, 713/155, 380/282, 380/286, 380/277-279, 380/270, 380/247, 705/56, 705/64, 705/65, 705/66, 705/67, 705/71, 705/72, 705/73, 705/76
US Class Current

726/19
CPC Class Codes

H04L 63/0442 wherein the sending and rec...

H04L 63/065 for group communications cr...

Method and apparatus for dynamically accessing security credentials and related information

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for dynamically accessing security credentials and related information

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links