System and method for implementing a distributed keystore within an enterprise network
First Claim
1. A method comprising:
- receiving a request from a user and/or an application component to view keystore data;
implementing a first set of security restrictions associated with the request to view the keystore data, the keystore data comprising a full set of keys and/or certificates;
providing a limited view of the keystore data to the requesting user and/or application component based on the results of the first set of security restrictions, wherein the limited view of the keystore data comprises a subset of the full set of keys and/or certificates, and wherein the subset is specific to the user and/or application component;
detecting an attempt by the user and/or application component to access specified portions of the keystore data provided in the view;
implementing a second set of security restrictions associated with the attempt to access the specified portions of the keystore data; and
providing limited access to the keystore data to the user and/or application component based on the results of the second set of security restrictions.
2 Assignments
0 Petitions
Accused Products
Abstract
A keystore is described which provides unique views of certificates and keys to particular application components and/or users. Upon receiving a request from a user and/or an application component to view keystore data, the keystore system implements a first set of security restrictions associated with the request and provides a limited view of the keystore data to the requesting user and/or application component based on the results of the first set of security restrictions. Then, upon detecting an attempt by the user and/or application component to access specified portions of the keystore data provided in the view, the keystore system implements a second set of security restrictions associated with the attempt to access the specified portions of the keystore data, and provides access to the keystore data to the user and/or application component based on the results of the second set of security restrictions.
38 Citations
20 Claims
-
1. A method comprising:
-
receiving a request from a user and/or an application component to view keystore data; implementing a first set of security restrictions associated with the request to view the keystore data, the keystore data comprising a full set of keys and/or certificates; providing a limited view of the keystore data to the requesting user and/or application component based on the results of the first set of security restrictions, wherein the limited view of the keystore data comprises a subset of the full set of keys and/or certificates, and wherein the subset is specific to the user and/or application component; detecting an attempt by the user and/or application component to access specified portions of the keystore data provided in the view; implementing a second set of security restrictions associated with the attempt to access the specified portions of the keystore data; and providing limited access to the keystore data to the user and/or application component based on the results of the second set of security restrictions. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a plurality of server nodes communicatively coupled on an enterprise network, the plurality of server nodes to serve applications over the enterprise network to a plurality of clients; a keystore to store security data on one or more of the server nodes; and a keystore provider service executed on one or more of the server nodes, the keystore provider service to; implement a first set of security restrictions associated with a request from a user and/or an application component to view keystore data, the keystore data comprising a full set of keys and/or certificates; provide a limited view of the keystore data to the requesting user and/or application component based on the results of the first set of security restrictions, wherein the limited view of the keystore data comprises a subset of the full set of keys and/or certificates, and wherein the subset is specific to the requesting user and/or application component; detect an attempt by the user and/or application component to access specified portions of the keystore data provided in the view; implement a second set of security restrictions associated with the attempt to access the specified portions of the keystore data; and provide limited access to the keystore data to the user and/or application component based on the results of the second set of security restrictions. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An article of manufacture including a non-transitory machine-readable medium for storing program code which, when executed by a machine, causes the machine to perform the operations of:
-
receiving a request from a user and/or an application component to view keystore data; implementing a first set of security restrictions associated with the request to view the keystore data, the keystore data comprising a full set of keys and/or certificates; providing a limited view of the keystore data to the requesting user and/or application component based on the results of the first set of security restrictions, wherein the limited view of the keystore data comprises a subset of the full set of keys and/or certificates, and wherein the subset is specific to the user and/or application component; detecting an attempt by the user and/or application component to access specified portions of the keystore data provided in the view; implementing a second set of security restrictions associated with the attempt to access the specified portions of the keystore data; and providing limited access to the keystore data to the user and/or application component based on the results of the second set of security restrictions. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification