Establishment of security federations

US 8,104,069 B2
Filed: 03/19/2008
Issued: 01/24/2012
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of deriving a trust realm, the method comprising:

modeling, on a computing device having one or more processors and coupled to a server over a network, a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity and coupled to the server, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior;

receiving, from a repository included within the server over the network, candidate role information associated with candidate administrative domains of candidate entities;

dynamically resolving, using the one or more processors, appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information;

automatically deriving, using the one or more processors, one or more trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and

effecting, over the network, the one or more secure interactions among the appropriate administrative domains through the one or more trust realms.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure interactions between administrative domains are modeled. The modeled process specifies role information for each of the administrative domains and interaction between the administrative domains. Role information associated with candidate administrative domains is received, and appropriate administrative domains from the candidate administrative domains are dynamically resolved based on the modeled process and the received role information. Trust realms between the dynamically resolved appropriate administrative domains are automatically derived based on the role information and the interactions from the modeled process. The secure interaction between the dynamically resolved appropriate administrative domains is effected through the automatically derived trust realms.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method of deriving a trust realm, the method comprising:
- modeling, on a computing device having one or more processors and coupled to a server over a network, a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity and coupled to the server, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior;
  
  receiving, from a repository included within the server over the network, candidate role information associated with candidate administrative domains of candidate entities;
  
  dynamically resolving, using the one or more processors, appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information;
  
  automatically deriving, using the one or more processors, one or more trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and
  
  effecting, over the network, the one or more secure interactions among the appropriate administrative domains through the one or more trust realms.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the one or more secure interactions further comprise an issuance of security tokens at each of the administrative domains and a format conversion of the security tokens.
  - 3. The method of claim 1, wherein modeling the process further comprises defining an order, a message format, and parameters of the one or more secure interactions.
  - 4. The method of claim 1, further comprising:
    - determining that a collaboration between any two of the appropriate administrative domains has ended; and
      
      terminating a respective trust realm between the two appropriate administrative domains based on the determining that the collaboration has ended.
  - 5. The method of claim 1, wherein dynamically resolving the appropriate administrative domains further comprises:
    - generating a list of the candidate administrative domains that satisfy the generic role information specified by the process model; and
      
      selecting the appropriate administrative domains from the list of the candidate administrative domains.
  - 6. The method of claim 5, further comprising transmitting an invitation to each of the candidate administrative domains on the list of the candidate administrative domains, wherein the appropriate administrative domains are selected based on receiving an acceptance to the invitation.
  - 7. The method of claim 6, wherein effecting the one or more secure interactions among the appropriate administrative domains further comprises:
    - accessing trust information associated with the appropriate administrative domains;
      
      signaling, to the appropriate administrative domains, the initiation of one or more collaborations represented by the process model;
      
      sending the trust information to the appropriate administrative domains such that the one or more secure interactions among the appropriate administrative domains are effected.
  - 8. The method of claim 1, wherein effecting the one or more secure interactions among the appropriate administrative domains further comprises:
    - signaling, to the appropriate administrative domains, the initiation of one or more collaborations represented by the process model;
      
      allowing access to the trust information associated with the appropriate administrative domains such that the trust information is downloadable by other appropriate administrative domains.
  - 9. The method of claim 8, wherein allowing access to the trust information comprises the one or more secure interactions among the appropriate administrative domains such that the appropriate administrative domains exchange the trust information with each other.
  - 10. The method of claim 7, wherein the trust information comprises keys and a name associated with each of the appropriate administrative domains.
  - 11. The method of claim 1, wherein the observable behavior is exhibited by a first administrative domain in order to collaborate with a second administrative domain.
  - 12. The method of claim 11, wherein the generic role information specified by the process model designates the first administrative domain as a buyer role and the second administrative domain as a seller role.
  - 13. The method of claim 11, wherein the generic role information specified by the process model identifies a first behavior that must be satisfied by the first administrative domain and a second behavior that must be satisfied by the second administrative domain.
  - 14. The method of claim 13, wherein one or both of the first behavior and the second behavior comprise a purchasing behavior or a customer management behavior.
  - 15. The method of claim 1, further comprising invoking the process using the appropriate administrative domains.
  - 16. The method of claim 1, wherein the process is a composite services process among hierarchically organized administrative domains.
  - 17. The method of claim 1, wherein:
    - the process is a collaborative engineering process, andthe one or more secure interactions among the administrative domains are peer-to-peer interactions.
  - 18. The method of claim 1, wherein dynamically resolving appropriate administrative domains and automatically deriving one or more trust realms are performed in response to determining that the process is to be executed.

19. A computer-readable storage medium coupled to one or more processing devices and having instructions stored thereon which, when executed by the one or more processing devices, cause the one or more processing devices to perform operations comprising:
- modeling a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior;
  
  receiving candidate role information associated with candidate administrative domains of candidate entities;
  
  dynamically resolving appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information;
  
  automatically deriving trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and
  
  effecting one or more secure interactions among the appropriate administrative domains through the one or more trust realms.

20. A device comprising:
- a processor configured to;
  
  model a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior,receive candidate role information associated with candidate administrative domains of candidate entities,dynamically resolve appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information,automatically derive trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model, andeffect one or more secure interactions among the appropriate administrative domains through the one or more trust realms; and
  
  a repository configured to;
  
  store the candidate role information associated with each of the candidate administrative domains and relationship types associated with each of the candidate administrative domains, andtransmit the candidate role information and the relationship types to the processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Thurm, Bernhard, Hu, Ji
Primary Examiner(s)
Zee, Edward

Application Number

US12/051,557
Publication Number

US 20090241166A1
Time in Patent Office

1,406 Days
Field of Search

726/1, 726/5, 726/6, 726/7, 726/9
US Class Current

726/1
CPC Class Codes

G06Q 10/10 Office automation; Time man...

Establishment of security federations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishment of security federations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links