System and method to package security credentials for later use
First Claim
1. A computer implemented system that facilitates processing credentials between remote entities, comprising:
- a computer memory having stored thereon the following components executable by a processor;
a wrapper that packages credentials associated with resources of a service, wherein the service is a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account; and
a cryptographic wrapping key generated from a pass-phrase, the cryptographic wrapping key is utilized to generate a the wrapper that encapsulates the credentials, the pass-phrase employed to facilitate access to the credentials, the credentials employed to provide encrypted communication between a remote user and the service that facilitates access to the resources of the service, and the pass-phrase distributed separately from the credentials.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a system and methodology to facilitate communications security in a distributed computing and applications environment. A pass-phrase is generated to wrap a strong set of security credentials that are employed to establish trusted relationships between entities such as a service provider and one or more partners seeking access to the provider. The pass-phrase is generally constructed from weaker cryptographic material and is generally transported or communicated separately from the wrapped security credentials. When the partner desires to access service resources, the pass-phrase is employed to unlock the strong set of security credentials contained within the wrapper. The unlocked security credentials are then utilized to establish encrypted communications channels between the service provider and the partner.
-
Citations
19 Claims
-
1. A computer implemented system that facilitates processing credentials between remote entities, comprising:
-
a computer memory having stored thereon the following components executable by a processor; a wrapper that packages credentials associated with resources of a service, wherein the service is a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account; and a cryptographic wrapping key generated from a pass-phrase, the cryptographic wrapping key is utilized to generate a the wrapper that encapsulates the credentials, the pass-phrase employed to facilitate access to the credentials, the credentials employed to provide encrypted communication between a remote user and the service that facilitates access to the resources of the service, and the pass-phrase distributed separately from the credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method to facilitate a security connection between remote entities, comprising:
-
generating a strong password via a random generation function associated with a standard platform; generating a human-readable pass-phrase;
deriving a wrapping key from the pass-phrase;wrapping the password cryptographically via the pass-phrase, wherein the wrapping key facilitates in encapsulating the password in a wrapper; storing the wrapped password in an executable; transmitting the executable and the pass-phrase to a remote user system separately via different communications mediums, wherein the remote user employs the pass-phrase to unlock the strong password stored in the executable, the strong password employed to establish a trust relationship with an entity; and requesting a Secure Sockets Layer (SSL) connection, presenting an SSL certificate in response to the request, verifying an SSL certificate, requesting a Universal Resource Locator (URL) from a listener, presenting authentication credentials to a receiver, or logging in a caller to an account. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer implemented system that facilitates a security relationship between parties, comprising:
-
a computer processor for executing the following means stored in computer memory; means for generating credentials comprising at least a password; means for generating a pass-phrase; means for generating a package of credentials by wrapping the credentials with a cryptographic wrapping key derived from the pass-phrase, wherein the credentials are encapsulated by the wrapper, the credentials are associated with resources of a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account; means for transmitting the package and the pass-phrase to a system via different communications mediums; and means for storing the credentials separate from the pass-phrase.
-
Specification