Public-key infrastructure in network management
First Claim
1. A method of selectively granting a public-key certificate to a managed node in an IT network having certification capability, the managed node having an initialization time associated with the installation time of a software agent in the managed node, the method comprising:
- detecting, by a computer system, the initialization time;
after the initialization time, receiving, by the computer system, a request to grant the certificate from the managed node;
detecting, by the computer system, the time of the request by the managed node;
responding, by the computer system, to the detected times by ascertaining whether an initialization-to request time interval between the detected initialization time and the detected request time is within a maximum time interval for automatic certificate grant;
automatically granting, by the computer system, the requested certificate to the requesting managed node only if the ascertained initialization-to-request time interval is within the maximum time interval, and if the ascertained initialization-to-request time interval is outside the maximum time interval, preventing the automatic granting of the requested certificate to the requesting managed node.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of granting a public-key certificate to a managed node in an IT network is provided. A request from the managed node to grant the certificate is received at a certification server. It is ascertained whether an initialization-to-request time interval between an initialization time of the managed node and a request time assigned to the request is within a maximum time interval for automatic certificate grant. The requested certificate is automatically granted if the initialization-to-request time interval is within the maximum time interval.
46 Citations
34 Claims
-
1. A method of selectively granting a public-key certificate to a managed node in an IT network having certification capability, the managed node having an initialization time associated with the installation time of a software agent in the managed node, the method comprising:
-
detecting, by a computer system, the initialization time; after the initialization time, receiving, by the computer system, a request to grant the certificate from the managed node; detecting, by the computer system, the time of the request by the managed node; responding, by the computer system, to the detected times by ascertaining whether an initialization-to request time interval between the detected initialization time and the detected request time is within a maximum time interval for automatic certificate grant; automatically granting, by the computer system, the requested certificate to the requesting managed node only if the ascertained initialization-to-request time interval is within the maximum time interval, and if the ascertained initialization-to-request time interval is outside the maximum time interval, preventing the automatic granting of the requested certificate to the requesting managed node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A process of setting-up a management agent in a node of an IT network in which managed nodes are authenticated in management communications, the IT network having a certification capability, the authentication being based on public-key cryptography, comprising:
-
starting, by a computer system, the process; at the start of the process installing, by the computer system, the agent at the node; requesting, by the agent, the server to grant a public-key certificate, at a request time; determining, by the processor, (a) the start time of the process, (b) the request time by the agent, (c) the time interval between the determined start and request times, and automatically granting the requested certificate only in response to the determined time interval between the determined start time of the process and the determined request time is within a maximum time interval for automatic certificate grant;
or in the alternative, preventing the automatic granting of the requested certificate to the requesting managed node, in response to the determined time interval between the determined start time and the determined request time being outside the maximum time interval for automatic certificate grant. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A certification server or combined management and certification server arranged to:
-
determine (a) an initialization time associated with the installation of a software agent at a managed node and (b) a request time by a managed node in an IT network for a public-key certificate, and ascertain whether the time interval between the determined initialization time and the determined request time is within a maximum time interval for automatic certificate grant; and automatically granting the requested certificate to the managed node only if the ascertained time interval is within the maximum time interval and preventing automatic granting of the requested certificate to the managed node if the ascertained time interval exceeds the maximum time interval. - View Dependent Claims (24)
-
-
25. A managed IT network comprising:
-
a management server, a certification server and a node, or a combined management/certification server and a node, wherein the management server or the management/certification server is arranged to initiate installation of a management agent at the node at an initialization time; wherein the agent is arranged to request the certification server or the management/certification server to grant a public-key certificate, at a request time; and wherein the certification server or the combined management/certification server is arranged to (a) determine the initialization time and the request time;
(b) automatically grant the requested certificate to the managed node only if the time interval between the determined initialization time and the determined request time is within a maximum time interval for automatic certificate grant; and
(c) prevent automatic granting of the requested certificate to the managed node if the time interval between the determined initialization time and determined request time exceeds the maximum time interval. - View Dependent Claims (26)
-
-
27. A managed IT network comprising at least first and second management systems, wherein a private-public key pair is assigned to at least the first management system and the second system has certification capabilities, wherein the IT network is arranged, by a processor, to authenticate, in management communications between the first and second management facilities, at least the first management system by using the private-public key pair of the first management system;
wherein the second system is arranged, by a processor, to (a) detect initialization time associated with installation of a software agent at the first management element and a certificate request time by the first management element, (b) verify the authenticity of the first management element'"'"'s public key by automatically granting a public-key certificate to the first management element only in response to a time interval between the detected times being within a maximum time interval for automatic certificate grant, and (c) prevent automatic issuing a public-key certificate to the first management element in response to a time interval between the detected times exceeding the maximum time interval for certificate grant. - View Dependent Claims (28, 29)
-
30. A storage drive unit including program code for carrying out a method, when executed on a computer system, of granting a public key certificate to a managed node in an IT network, the managed node having an initialization time associated with the installation time of a software agent in the managed node, the program code being arranged to cause a certification server or a combined management and certification server of the computer system to:
-
receive, after the initialization time, a request to grant a certificate from the managed node; detect the initialization time; detect the time of the request; ascertain whether the time interval between the detected initialization time and the detected request time is within a maximum time interval for automatic certificate grant; automatically grant the requested certificate to the requesting managed node only if the ascertained initialization-to-request time interval is within the maximum time interval, and prevent the automatic granting of the requested certificate to the requesting managed node if the ascertained initialization-to-request time interval exceeds the maximum time interval. - View Dependent Claims (31, 32)
-
-
33. A storage drive unit including program code for carrying out a process, when executed in a managed IT network in which managed nodes are authenticated in management communications, the authentication being based on public-key cryptography, of setting-up a management agent in a node, the program code being arranged to cause the network to perform the following steps after the process has been started:
-
the agent to be installed at the node at the start of the process; the agent to request a certification server or a combined management and certificate server to grant a public-key certificate, at a request time; the server to (a) detect the start time of the process, (b) detect the request time, (c) automatically grant the requested certificate only if the time interval between the detected start of the process and the detected request time is within a maximum time interval for automatic certificate grant, and (d) to prevent the automatic granting of the requested certificate if the time interval between the detected start of the process and the detected request time is outside the maximum time interval for certificate grant. - View Dependent Claims (34)
-
Specification