Trust map management and user interface

US 9,218,463 B2
Filed: 02/21/2014
Issued: 12/22/2015
Est. Priority Date: 02/21/2014
Status: Active Grant

First Claim

Patent Images

1. A method for operating a computing device, the method comprising:

obtaining a data set comprising a plurality of entities, the plurality of entities including at least one cryptographic key instance, at least one system identifier, at least one client identifier and at least one server identifier, at least one cryptographic key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;

identifying a selected entity from the data set;

displaying at a hub region of a display device, a representation of the selected entity;

displaying at a spoke region of the display device, a representation of a plurality of non-selected entities, wherein the selected hub entity and the plurality of non-selected spoke entities forming a hub and spoke diagram and once the selected hub entity is identified, all other non-selected spoke entities are displayed in the spoke region arranged radially relative to the selected hub entity on a trust map with the trust relationship comprising an annotation illustrating a direction of a trust relationship;

presenting a representation of the trust relationship between the hub entity and each of the plurality of spoke entities, the trust relationship determined by at least one public/private key pair between the hub entity and each of the plurality of spoke entities;

receiving a gesture or command indicating an action to be taken; and

executing the action on the computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example embodiment, a user interface is presented for interacting with a trust map identifying trust relationships between clients/users and servers/hosts. The trust relationships are defined by public/private key pairs in Secure Shell (SSH), Secure File Transfer Protocol (SFTP), Transport Layer Security/Secure Sockets Layer (TLS/SSL), Secure Multipurpose Internet Mail Extensions (S/MIME), Internet Protocol Security (IPsec), and so forth. A selected entity such as a server, client, client/server, key set, policy, and so forth is selected and displayed at the center of a hub/spoke diagram. Non-selected entities having a trust relationship with the hub entity are displayed as spokes. Similar spoke entitles may be grouped together. Trust relationships and related properties are displayed as lines between the hub and spoke entities. A user performs actions on the entities by manipulation of the hub, spoke, trust relationship and related user interface elements.

9 Citations

View as Search Results

20 Claims

1. A method for operating a computing device, the method comprising:
- obtaining a data set comprising a plurality of entities, the plurality of entities including at least one cryptographic key instance, at least one system identifier, at least one client identifier and at least one server identifier, at least one cryptographic key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;
  
  identifying a selected entity from the data set;
  
  displaying at a hub region of a display device, a representation of the selected entity;
  
  displaying at a spoke region of the display device, a representation of a plurality of non-selected entities, wherein the selected hub entity and the plurality of non-selected spoke entities forming a hub and spoke diagram and once the selected hub entity is identified, all other non-selected spoke entities are displayed in the spoke region arranged radially relative to the selected hub entity on a trust map with the trust relationship comprising an annotation illustrating a direction of a trust relationship;
  
  presenting a representation of the trust relationship between the hub entity and each of the plurality of spoke entities, the trust relationship determined by at least one public/private key pair between the hub entity and each of the plurality of spoke entities;
  
  receiving a gesture or command indicating an action to be taken; and
  
  executing the action on the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the action comprises at least one of a navigation action, a status action, a policy action, and a key action.
  - 3. The method of claim 2 wherein:
    - the navigation action comprises at least one of;
      
      an indication of a new selected entity that should be placed at the hub; and
      
      an indication of retrieving additional information related to the selected entity;
      
      the status action comprises retrieving or setting a status of either the selected entity or a new selected entity;
      
      the policy action comprises at least one of;
      
      an indication to make compliant with at least one policy;
      
      a jail action to tie a key instance to a particular system; and
      
      a lock action to prevent changes to at least a portion of the data set; and
      
      the key action comprises at least one of;
      
      a rotate key set action;
      
      a new key set action;
      
      a new key instance action;
      
      a remove key instance action; and
      
      a remove key set action.
  - 4. The method of claim 1 wherein the representation of the trust relationship comprises an indication of:
    - a direction of the trust relationship such that a source and a target of the trust relationship may be identified; and
      
      an account type of the trust relationship.
  - 5. The method of claim 4 wherein the representation of the trust relationship further comprises an indication of at least one of:
    - an indication of permissions granted on the target to the source;
      
      an indication of forced commands associated with a key instance;
      
      an indication of source restriction associated with a key instance; and
      
      an indication of other key options.
  - 6. The method of claim 1 wherein the representation of the trust relationship comprises a representation of properties of the trust relationship.
  - 7. The method of claim 6, wherein each of the at least one non-selected entities are displayed in groups, each group having common trust relationship properties.

8. A system comprising:
- a hardware processor;
  
  memory coupled to the processor;
  
  a display of a trust map upon which the processor displays a graphical user interface, the graphical user interface comprising;
  
  a graphical user interface element representing a hub entity selected based on whether the hub entity is a server, a client, or a client/server, the hub entity displayed at a hub region of the display;
  
  a graphical user interface element representing each of a plurality of spoke entities selected based on whether each spoke entity is a server, a client, or a client/server, the plurality of spoke entities displayed at a spoke region of the display, the graphical user interface elements of the hub entity and the plurality of spoke entities forming a hub and spoke diagram and once the hub entity is selected by a user, all other non-selected spoke entities are displayed in the spoke region arranged radially relative to the selected hub entity on the trust map with the trust relationship comprising an annotation illustrating a direction of a trust relationship;
  
  a representation of the trust relationship between the hub entity and each of the plurality of spoke entities, the trust relationship determined by at least one public/private key pair between the hub entity and each of the plurality of spoke entities, the representation comprising an annotation indicating at least one of;
  
  an indication of a direction of the trust relationship anda key option associated with the public portion of the at least one public/private key pair or the private portion of the at least one public/private key pair, or both the public portion and the private portion of the at least one public/private key pair.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein the hub entity comprises at least one of:
    - a server;
      
      a client;
      
      a client/server;
      
      a key instance;
      
      a key set;
      
      a policy;
      
      a user account; and
      
      a user.
  - 10. The system of claim 8 wherein the plurality of spoke entities comprises at least one of:
    - a server;
      
      a client;
      
      a client/server;
      
      a key instance;
      
      a key set;
      
      a policy;
      
      a user account; and
      
      a user.
  - 11. The system of claim 8 wherein each of the plurality of spoke entities has a plurality of characteristics and wherein the graphical user interface element representing each of the plurality of spoke entities are grouped by at least one common characteristic and wherein each group is displayed in a spaced relationship to other groups in the spoke region.
  - 12. The system of claim 8 wherein the representation of the trust relationship defines a source and a target of the trust relationship and wherein the representation comprises an indication of at least one of:
    - an indication of permissions granted on the target to the source;
      
      an indication of forced commands associated with a key instance;
      
      an indication of source restriction associated with a key instance; and
      
      an indication of other key options.
  - 13. The system of claim 12 wherein the representation of the trust relationship further comprises an indication of a key characteristic.
  - 14. The system of claim 12, wherein the graphical user interface further comprises a representation of further spoke entities displayed in a relationship to the at least one spoke entity but not displayed in a relationship to the hub entity.
  - 15. The system of claim 8, wherein the graphical user interface further comprises a context window having content comprising:
    - detail information regarding the trust relationship;
      
      information regarding any policy violations; and
      
      actions that may be taken by a user with respect to the graphical user interface.
  - 16. The system of claim 8, wherein the graphical user interface further comprises a control that allows filtering of the information presented on the graphical user interface.

17. A machine readable storage device having executable instructions encoded thereon, which when executed by a hardware processor of a system, cause the system to:
- display a user interface allowing an administrator to view and interact with a plurality of entities through manipulation of visual representations of each of the plurality of entities; and
  
  obtain a data set comprising a plurality of entities, the plurality of entities including at least one cryptographic key instance, at least one system identifier, at least one client identifier and at least one server identifier, at least one cryptographic key instance defining at least one trust relationship between a client identified by the at least one client identifier and a server identified by the at least one server identifier;
  
  identify a selected entity from the data set;
  
  display at a hub region of a display device, a representation of the selected entity;
  
  display at a spoke region of the display device, a representation of a plurality of non-selected entities, wherein the selected hub entity and the plurality of non-selected spoke entities forming a hub and spoke diagram and once the selected hub entity is identified, all other non-selected spoke entities are displayed in the spoke region arranged radially relative to the selected hub entity on a trust map with the trust relationship comprising an annotation illustrating a direction of a trust relationship;
  
  present a representation of the trust relationship between the hub entity and each of the plurality of spoke entities, the trust relationship determined by at least one public/private key pair between the hub entity and each of the plurality of spoke entities;
  
  receive a gesture or command indicating an action to be taken; and
  
  execute the action on the computing device.
- View Dependent Claims (18, 19, 20)
- - 18. The machine readable medium of claim 17, wherein the executable instructions further cause the system to:
    - identify a plurality of further spoke entities;
      
      display the further spoke entities in a further spoke entity region; and
      
      display a relationship indication between the plurality of further spoke entities and at least one non-selected entity.
  - 19. The machine readable medium of claim 17, wherein the action comprises at least one of a navigation action, a status action, a policy action, and a key action.
  - 20. The machine readable medium of claim 19 wherein:
    - the navigation action comprises at least one of;
      
      an indication of a new selected entity that should be placed at the hub; and
      
      an indication of retrieving additional information related to the selected entity;
      
      the status action comprises retrieving or setting a status of either the selected entity or a new selected entity;
      
      the policy action comprises at least one of;
      
      an indication to make compliant with at least one policy;
      
      a jail action to tie a key instance to a particular system; and
      
      a lock action to prevent changes to at least a portion of the data set; and
      
      the key action comprises at least one of;
      
      a rotate key set action;
      
      a new key set action;
      
      a new key instance action;
      
      a remove key instance action; and
      
      a remove key set action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Venafi,Inc.
Original Assignee
Venafi,Inc.
Inventors
Harjula, Tero Petteri, Lence, Bryan Robert, DeBate, Daniel G.
Primary Examiner(s)
Chai, Longbit

Application Number

US14/186,713
Publication Number

US 20150242594A1
Time in Patent Office

669 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/57   Certifying or maintaining t...

G06F 3/04817   using icons graphical or vi...

G06F 3/04842   Selection of displayed obje...

H04L 63/06   for supporting key manageme...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Trust map management and user interface

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trust map management and user interface

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links