Techniques for preserving and managing identities in an audit log

US 7,647,624 B2
Filed: 11/30/2005
Issued: 01/12/2010
Est. Priority Date: 11/30/2005
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method to process on a machine, comprising:

obtaining, by the machine, a transaction identity;

generating, by the machine, an index entry into an index structure for referencing the transaction identity;

identifying, by the machine, a message digest for the transaction identity;

emitting, by the machine, a log entry within a log that identifies the index entry and the message digest for the transaction identity;

associating, by the machine, a time-to-live (TTL) attribute to the transaction identity; and

adding, by the machine, the TTL attribute to the log entry;

detecting, by the machine, a renewal of the transaction identity;

adding, by the machine, a new TTL attribute to a new log entry of the log; and

including, by the machine, the index entry and a new reference to the message digest in the new log entry of the log.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for preserving and managing identities within an audit log. Initial entries into a log do not include an explicit and direct reference to an agent that performs a transaction; rather, the agent acquires a temporary transaction identity for the transaction and an indirect reference to the transaction identity is written to the log while the transaction is pending. Once the transaction completes a direct reference to the transaction identity is written to the log, the identity of agent remains transparent until the identity of the agent expires, if at all.

14 Citations

View as Search Results

8 Claims

1. A machine-implemented method to process on a machine, comprising:
- obtaining, by the machine, a transaction identity;
  
  generating, by the machine, an index entry into an index structure for referencing the transaction identity;
  
  identifying, by the machine, a message digest for the transaction identity;
  
  emitting, by the machine, a log entry within a log that identifies the index entry and the message digest for the transaction identity;
  
  associating, by the machine, a time-to-live (TTL) attribute to the transaction identity; and
  
  adding, by the machine, the TTL attribute to the log entry;
  
  detecting, by the machine, a renewal of the transaction identity;
  
  adding, by the machine, a new TTL attribute to a new log entry of the log; and
  
  including, by the machine, the index entry and a new reference to the message digest in the new log entry of the log.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - detecting, by the machine, expiration of the transaction identity; and
      
      writing, by the machine, the transaction identity to the log as a final log entry.
  - 3. The method of claim 1 further comprising, including, by the machine, an encryption key with the log entry of the log, wherein the encrypted transaction identity if decrypted identifies the transaction identity.

4. A machine-implemented method to process on a machine, comprising:
- obtaining, by the machine, a transaction identity;
  
  generating, by the machine, an index entry into an index structure for referencing the transaction identity;
  
  identifying, by the machine, a message digest for the transaction identity;
  
  emitting, by the machine, a log entry within a log that identifies the index entry and the message digest for the transaction identity;
  
  including, by the machine, an encryption key with the log entry of the log, wherein the encrypted transaction identity if decrypted identifies the transaction identity; and
  
  associating, by the machine, a time-to-live (TTL) attribute with the encryption key, wherein the TTL attribute is in response to a policy.
- View Dependent Claims (5)
- - 5. The method of claim 4 wherein obtaining further includes acquiring the transaction identity from an identity service in response to an identity of an agent who performs the transaction and in response to one or more additional identities associated with resources involved in the transaction.

6. A machine-implemented method to process on a machine, comprising:
- obtaining, by the machine, a transaction identity;
  
  generating, by the machine, an index entry into an index structure for referencing the transaction identity;
  
  identifying, by the machine, a message digest for the transaction identity;
  
  emitting, by the machine, a log entry within a log that identifies the index entry and the message digest for the transaction identity; and
  
  processing, by the machine, at least one of;
  
  recording the index entry and the message digest in one or more other log entries, wherein the transaction identity is associated with two or more transactions; and
  
  associating a new index entry and new message digest with a changed transaction identity within the log for a single transaction, and which is also associated with the original transaction identity.

7. A machine-implemented system, comprising:
- an identity service implemented in a machine-readable medium and to execute on a machine;
  
  a logging service implemented in a machine-readable medium and to execute on the machine, wherein the identity service is to supply a transaction identity for a transaction, and wherein the logging service is to generate entries into the log that does not identify the transaction identity while the transaction is pending and remains active; and
  
  index data residing in a machine-readable medium and accessed via the machine;
  
  wherein the index data includes the transaction identity and a number of the entries include an index key into the index data to acquire the transaction identity, and wherein access to the index data is maintained securely by the logging service, wherein one or more of the entries includes an encryption key, and wherein the key identifies at least one of the index data and the transaction identity, and wherein a time-to-live (TTL) attribute is associated with at least one of the transaction identity and the encryption key.
- View Dependent Claims (8)
- - 8. The system of claim 7 further comprising, a message digest maintained by the logging service for the transaction identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Burch, Lloyd Leon, Earl, Douglas G.
Primary Examiner(s)
Song; Hosuk

Application Number

US11/290,971
Publication Number

US 20070124820A1
Time in Patent Office

1,504 Days
Field of Search

726 1- 4, 726/10, 713178-181, 713189-190, 705/50, 705/64, 705 75- 76
US Class Current

726/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/552   involving long-term monitor...

G06F 21/6263   during internet communicati...

H04L 63/0807   using tickets, e.g. Kerbero...

Techniques for preserving and managing identities in an audit log

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Techniques for preserving and managing identities in an audit log

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others