Remote authorization for operations

US 8,327,417 B2
Filed: 08/30/2010
Issued: 12/04/2012
Est. Priority Date: 03/29/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A machine-implemented method to execute on a machine, comprising:

detecting, by the machine, a request for initiating a secure operation;

evaluating, by the machine, a policy associated with authorizing the secure operation for initiation, the policy drives a processing flow and procedures that must be used to acquire one or more access keys and content for the one or more access keys that are expected before the request is authenticated and initiated, the processing flow and procedures randomly generated via the policy evaluation;

making, by the machine, a request to an authorization acquisition service to acquire the one or more access keys pursuant to the policy from one or more remote authorization principals; and

receiving and verifying, by the machine, the one more access keys, which are received from the authorization acquisition service in response to one or more secrets obtained from the one or more remote authorization principals.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network.

56 Citations

View as Search Results

12 Claims

1. A machine-implemented method to execute on a machine, comprising:
- detecting, by the machine, a request for initiating a secure operation;
  
  evaluating, by the machine, a policy associated with authorizing the secure operation for initiation, the policy drives a processing flow and procedures that must be used to acquire one or more access keys and content for the one or more access keys that are expected before the request is authenticated and initiated, the processing flow and procedures randomly generated via the policy evaluation;
  
  making, by the machine, a request to an authorization acquisition service to acquire the one or more access keys pursuant to the policy from one or more remote authorization principals; and
  
  receiving and verifying, by the machine, the one more access keys, which are received from the authorization acquisition service in response to one or more secrets obtained from the one or more remote authorization principals.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein making further includes supplying one or more identifiers for the one or more access keys or supplying a procedure for acquiring the one or more access keys with the request to the authorization acquisition service.
  - 3. The method of claim 1 further comprising, periodically synchronizing, by the machine, with a secret store to ensure the secret store has the one or more access keys, and wherein the secret store is accessed by the authorization acquisition service in response to one or more secrets obtained from the one or more remote authorization principals.
  - 4. The method of claim 1 further comprising, supplying, by the machine, the one or more access keys successfully received from the authorization acquisition service to a secure loader, wherein the secure loader initiates the secure operation.
  - 5. The method of claim 1, wherein detecting further includes detecting an attempt to boot up a particular device or particular service associated with a security system, which raises the request.
  - 6. The method of claim 1, wherein detecting further includes detecting an attempt to shutdown a running service, which raises the request.
  - 7. The method of claim 1, wherein making further includes voiding the one or more access keys when the authorization acquisition service fails to deliver the one or more access keys within a defined period of time included in the policy.

8. A machine-implemented method to execute on a machine, comprising:
- receiving, by the machine, a request to initiate a secure operation within a secure system;
  
  acquiring, by the machine, multiple keys from multiple different certified crypto officers, each crypto officer having one of the multiple keys and each crypto officer remotely communicating his/her key from a remote geographic location from that geographical location associated with the secure system and each crypto officer given different instructions on how each of his/her keys are to be communicated and the instructions change with every subsequent request to initiate the secure operation and the instructions are randomly generated, wherein acquiring further includes identifying each of the certified crypto officers via a policy associated with the secure operation of the secure system;
  
  using, by the machine, the multiple keys to acquire a secret from a secret store to initiate the secure operation; and
  
  initiating, by the machine, the secure operation via the secret.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein acquiring further includes interacting with one crypto officers via a phone using voice instructions and interacting with another crypto officer via a phone using text messages to acquire the multiple keys.
  - 10. The method of claim 8, wherein acquiring further includes using a policy that defines a particular mechanism for each certified crypto officer to deliver his/her key.
  - 11. The method of claim 8, wherein acquiring further includes using a policy to instruct each of the certified crypto officers on how and where to obtain his/her key.
  - 12. The method of claim 8, wherein using further includes randomly changing the secret within the secret store and configuring the secure operation to accept the changing secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R, Burch, Lloyd Leon
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US12/871,163
Publication Number

US 20100325693A1
Time in Patent Office

827 Days
Field of Search

726/14, 726/21, 726 1- 6, 713/1, 713/2, 713/100, 713/168, 713182-185
US Class Current

726/1
CPC Class Codes

G06F 21/33   using certificates

H04L 2463/081   applying self-generating cr...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Remote authorization for operations

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Remote authorization for operations

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links