Method ans system for pro-active credential refreshing
First Claim
1. A method of pro-actively refreshing credentials by an entity that maintains credentials, the method comprising:
- a) determining credentials that are required to access resources including resource-specific constraints that indicate when the credentials must be refreshed;
b) storing in a memory, a profile collection having at least one credential profile, each credential profile including a credential, resource-specific constraints for the credential and related information; and
c) for each credential profile in the profile collection;
i) in accordance with at least one criterion of a refresh policy and prior to a time of presentation of the credential, making a determination, from that credential profile'"'"'s resource-specific constraints, of whether that credential needs to be refreshed so that, at the time of presentation, that credential will meet the resource-specific constraints;
ii) replacing the stored credential with a new credential in the credential profile if the stored credential does need to be refreshed; and
iii) updating the related information of the new credential in the credential profile.
3 Assignments
0 Petitions
Accused Products
Abstract
The basic concept is that before a resource is accessed, the entity that has the burden of gathering the credentials, pro-actively refreshes the credentials and keeps them current. In one instance, a presenter of credentials, for example, a client, pro-actively refreshes the credentials such that at the time of presentation, the credentials meet the resource-specific constraints of a recipient of credentials, for example, a resource server. For each resource that it protects, a resource server typically establishes various constraints such as a recency requirement, which specifies how recently a credential has to have been issued to be accepted as an adequate credential. Other constraints may include maximum certificate chain length, trust level and so forth. In another instance, a recipient of credentials pro-actively gathers and refreshes credentials to prevent un-authorized access to the various resources it is protecting.
82 Citations
64 Claims
-
1. A method of pro-actively refreshing credentials by an entity that maintains credentials, the method comprising:
-
a) determining credentials that are required to access resources including resource-specific constraints that indicate when the credentials must be refreshed; b) storing in a memory, a profile collection having at least one credential profile, each credential profile including a credential, resource-specific constraints for the credential and related information; and c) for each credential profile in the profile collection; i) in accordance with at least one criterion of a refresh policy and prior to a time of presentation of the credential, making a determination, from that credential profile'"'"'s resource-specific constraints, of whether that credential needs to be refreshed so that, at the time of presentation, that credential will meet the resource-specific constraints; ii) replacing the stored credential with a new credential in the credential profile if the stored credential does need to be refreshed; and iii) updating the related information of the new credential in the credential profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
22. A processor readable medium having instructions contained therein which when executed by a processor causes the processor to execute a method of pro-actively refreshing credentials by an entity that maintains credentials, the method comprising:
-
a) determining credentials that are required to access resources including resource-specific constraints that indicate when the credentials must be refreshed; b) storing in a memory, a profile collection having at least one credential profile, each credential profile including a credential, resource-specific constraints for the credential and related information; and c) for each credential profile in the profile collection; i) in accordance with at least one criterion of a refresh policy and prior to a time of presentation of the credential, making a determination, from that credential profile'"'"'s resource-specific constraints, of whether that credential needs to be refreshed so that, at the time of presentation, that credential will meet the resource-specific constraints; ii) replacing the stored credential with a new credential in the credential profile if the stored credential needs to be refreshed; and iii) updating the related information of the new credential in the credential profile. - View Dependent Claims (23, 24, 34)
-
-
43. A system for pro-actively refreshing credentials by an entity that maintains credentials, the system comprising:
-
a mechanism that determines credentials that are required to access resources including resource-specific constraints that indicate when the credentials must be refreshed; a memory to store a profile collection having at least one credential profile, each credential profile including a credential, resource-specific constraints for the credential and related information; a circuit to read the credential profile; a refresh policy stored in the memory to determine prior to a time of presentation of the credential, if the credential needs to refreshed using the resource-specific constraints so that, at the time of presentation, that credential will meet the resource-specific constraints, wherein the circuit replaces the stored credential with a new credential in the credential profile if the stored credential needs to be refreshed and the circuit updates the related information of the new credential in the credential profile. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
Specification