Certificate-based authentication system for heterogeneous environments
First Claim
1. An operating system independent method for an operator of a console to manage a device with a single authentication of the operator to a core, comprising:
- obtaining a short-lived operating system independent session certificate from a core to authenticate operator identity and operator group membership;
providing the operating system independent session certificate along with a management request to a device; and
determining whether the authenticated operator has necessary access privilege to perform the management request based at least in part on comparing said operator group membership to an access control list of the device.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, methods and apparatus for an operator of a console to authenticate to a system of heterogeneous computers by logging in only once to a representative computer or “core”. After logging in, the operator acquires a session certificate (e.g., an X.509-based certificate), allowing the operator to prove identity and group membership information to other nodes on a network. The core, before signing session certificates, embeds data in an extended data area of the certificates. The extended data includes the operator'"'"'s username and groups to which the operator belongs, and possibly other information such operator context (or domain). The username, group membership, and other extended data is based on the namespace of the core computer, and other devices on the network need not belong to that namespace or even use the same network operating system. Manageable devices can authenticate and authorize access to themselves based on the extended data submitted to them by the bearer of a session certificate. Authenticity and ownership of the certificate is verified using standard public key cryptosystem methods. In some embodiments, manageable devices verify operator authorization by cross-referencing operator identity and group membership information in the certificate with an appropriate access control list (or equivalent data structure). In some embodiments, manageable devices are pre-configured to trust at least one core by giving it the public key of the core, and the core can direct the manageable device to trust other cores.
-
Citations
18 Claims
-
1. An operating system independent method for an operator of a console to manage a device with a single authentication of the operator to a core, comprising:
-
obtaining a short-lived operating system independent session certificate from a core to authenticate operator identity and operator group membership;
providing the operating system independent session certificate along with a management request to a device; and
determining whether the authenticated operator has necessary access privilege to perform the management request based at least in part on comparing said operator group membership to an access control list of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
opening a communication link to the device; and
requesting the device identify at least one core for the device;
wherein the short-lived operating system independent session certificate is obtained from a first one of the least one core for the device.
-
-
7. The method of claim 1, wherein if the short-lived operating system independent session certificate cannot be obtained from the core, the method further comprising:
-
preparing a non-authenticated session certificate including operator identity and operator group membership on the console; and
transmitting the non-authenticated session certificate to the device.
-
-
8. A storage medium having encoded thereon instructions to facilitate an operator of a console to manage a device with only one authentication of the operator to a core, said instructions capable of directing a processor to:
-
obtain a short-lived operating system independent session certificate from a core to authenticate operator identity and operator group membership;
provide the operating system independent session certificate along with a management request to a device; and
determine whether the authenticated operator has necessary access privilege to perform the management request based at least in part on comparing said operator group membership to an access control list of the device. - View Dependent Claims (9)
compare said operator identity to said access control list; and
compare said management request to a management policy restricting management requests the authenticated operator has necessary privilege to perform.
-
-
10. In a heterogeneous operating system environment, a method for a device running a first operating system to validate a management request from an operator of a console running a different operating system, comprising:
-
receiving, by the device, of an X.509 based session certificate including;
a first field encoding an identity of the operator;
a second field encoding group membership for the operator;
a third field indicating an issuer of said certificate; and
a fourth field for storing a signature by said issuer for said certificate;
receiving a request to manage the device;
confirming the issuer of said certificate is a trusted certificate authority;
verifying the trusted certificate authority signed said certificate, and if verifying fails, then ignoring the request to manage;
verifying authorization of the console operator to perform the request to manage; and
verifying the management request complies with a local policy. - View Dependent Claims (11, 12, 13, 14, 15, 16)
confirming the request is in the list of allowed management activities.
-
-
12. The method of claim 10, further comprising:
comparing the issuer to a local list of trusted certificate authorities, and if the issuer is unlisted, then ignoring the request.
-
13. A method according to claim 10 for validating the issuer of the session certificate against data maintained by a certificate store, the method further comprising:
-
retrieving an identity certificate for the issuer from a certificate store, said retrieved certificate having embedded public key P, and corresponding private key Q known to the issuer;
generating a unique data sequence X;
for an encryption function E( ), computing W=E(P, X);
transmitting W to the issuer;
receiving a data sequence Y from the issuer; and
for a decryption function D( ), computing D(P, Y); and
comparing X=D(Q, Y);
wherein the issuer is validated if the comparing is true.
-
-
14. The method of claim 13, further comprising:
-
computing Y=D(Q, W); and
transmitting E(Q, Y) to the device.
-
-
15. The method of claim 10, in which management requests have a request type, and where there is an access control list for each request type, the method further comprising:
-
opening an access control list corresponding to the management request;
searching said access control list for said identity of the operator; and
ignoring said request to manage the device if said searching fails.
-
-
16. The method of claim 15, further comprising:
-
opening an exclusion access control list maintained by the device, said exclusion list listing excluded management requests; and
verifying absence of the request to manage from said exclusion list.
-
-
17. In a heterogeneous networked operating system environment, a method for an operator of a console to manage a device, comprising:
-
creating a temporary encryption and a decryption key pairing;
identifying a core for said device to be managed;
requesting, by the operator of the console, a signed short-lived session certificate from the core identifying the operator and authorizing the operator to manage the device;
receiving, from the core, said session certificate;
submitting said received session certificate to the device to initiate a management session; and
validating, by the device, said session certificate; and
accepting, by the device, of the management session if said session complies with a management policy maintained by the device.
-
-
18. In a heterogeneous networked operating system environment, a method for an operator of a console to manage a device, comprising:
-
means for creating a temporary encryption and a decryption key pairing;
means for identifying a core for said device to be managed;
means for requesting, by the operator of the console, a signed short-lived session certificate from the core identifying the operator and authorizing the operator to manage the device;
means for receiving, from the core, said session certificate;
means for submitting said received session certificate to the device to initiate a management session; and
means for validating, by the device, said session certificate; and
means for accepting, by the device, of the management session if said session complies with a management policy maintained by the device.
-
Specification