Techniques for dynamically establishing and managing authentication and trust relationships

US 7,299,493 B1
Filed: 01/27/2004
Issued: 11/20/2007
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a principal, comprising:

receiving an access request from a first principal for access to a second principal;

evaluating a contract to acquire a credential for the first principal;

transmitting the credential to the first principal for use in interacting with the second principal, wherein the credential includes authentication information, aggregated attributes and aggregated policies for use by the first principal in interacting with the second principal;

receiving a new request from the first principal for establishing a trust relationship with the second principal, wherein the trust relationship is established via communications having public-private key pairs between the first principal and the second principal;

determining if the trust relationship is permissible;

receiving a dynamically generated public key from the first principal associated with a dynamically generated private key, the dynamically generated private key maintained by the first principal; and

making the dynamically generated public key accessible to the second principal.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.

Citations

10 Claims

1. A method for authenticating a principal, comprising:
- receiving an access request from a first principal for access to a second principal;
  
  evaluating a contract to acquire a credential for the first principal;
  
  transmitting the credential to the first principal for use in interacting with the second principal, wherein the credential includes authentication information, aggregated attributes and aggregated policies for use by the first principal in interacting with the second principal;
  
  receiving a new request from the first principal for establishing a trust relationship with the second principal, wherein the trust relationship is established via communications having public-private key pairs between the first principal and the second principal;
  
  determining if the trust relationship is permissible;
  
  receiving a dynamically generated public key from the first principal associated with a dynamically generated private key, the dynamically generated private key maintained by the first principal; and
  
  making the dynamically generated public key accessible to the second principal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - receiving from a third principal a static rooted public key associated with the second principal; and
      
      transmitting the static rooted public key to the first principal for use in interacting with the second principal in the trust relationship.
  - 3. The method of claim 1 further comprising, revoking the credential when an expiring event is detected.
  - 4. The method of claim 1 further comprising:
    - updating the contract in response to a permissible modification; and
      
      deriving a modified credential from the updated contract.
  - 5. The method of claim 4 further comprising, transmitting the modified credential to the first principal for use in interacting with the second principal.
  - 6. The method of claim 1 further comprising:
    - detecting an event that renders the contract stale; and
      
      revoking the credential.
  - 7. The method of claim 1 further comprising, expressing the certificate as one or more assertions.
  - 8. The method of claim 1 further comprising, accessing one or more identity stores to acquire the authentication information, the aggregated attributes, and the aggregated policies.
  - 9. The method of claim 8 further comprising, acquiring alias identity information in the credential acquired from the one or more identity stores.
  - 10. The method of claim 1 further comprising acquiring from the aggregated policies definitions for operations that are permissibly performed or not permitted during interactions between the first and the second principal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Burch, Lloyd Leon, Earl, Douglas G., Ward, Robert Mark
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
CHEN, SHIN HON

Application Number

US10/765,523
Time in Patent Office

1,393 Days
Field of Search

726/5, 705/37, 380/25, 380/28, 380/9, 709/223, 709/224, 709/2, 713/150, 713/156
US Class Current

726/5
CPC Class Codes

G06Q 40/04 Trading; Exchange, e.g. sto...

H04L 63/0815 providing single-sign-on or...

Techniques for dynamically establishing and managing authentication and trust relationships

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for dynamically establishing and managing authentication and trust relationships

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links