Managing relationships in a computer system
First Claim
Patent Images
1. A method in a computer network system, the method comprising:
- obtaining information on trust relationships between entities in the computer network system,determining transitive reachability information for a selected entity based on the information on trust relationships,generating a transitive reachability graph describing at least one access relation of the selected entity based on the transitive reachability information,displaying the generated transitive reachability graph,performing a management action based on the displayed transitive reachability graph, and further comprising at least one of;
displaying all access relationships of the selected entity,displaying all accounts and/or hosts that can be reached from each account and/or host in the computer network system,displaying entities that can access one or more accounts and/or hosts in the computer network system, ordisplaying entities that can access root accounts and/or privileged accounts in the computer network system.
1 Assignment
0 Petitions
Accused Products
Abstract
Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
-
Citations
20 Claims
-
1. A method in a computer network system, the method comprising:
-
obtaining information on trust relationships between entities in the computer network system, determining transitive reachability information for a selected entity based on the information on trust relationships, generating a transitive reachability graph describing at least one access relation of the selected entity based on the transitive reachability information, displaying the generated transitive reachability graph, performing a management action based on the displayed transitive reachability graph, and further comprising at least one of; displaying all access relationships of the selected entity, displaying all accounts and/or hosts that can be reached from each account and/or host in the computer network system, displaying entities that can access one or more accounts and/or hosts in the computer network system, or displaying entities that can access root accounts and/or privileged accounts in the computer network system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising at least one processor, and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to:
-
obtain information on trust relationships between entities in a computer network system, determine transitive reachability information for a selected entity based on the information on trust relationships, generate a transitive reachability graph describing at least one access relation of the selected entity based on the transitive reachability information, cause a display of the generated transitive reachability graph, cause a management action based on the displayed transitive reachability graph, and cause at least one of; a display of all access relationships of the selected entity, a display of all accounts and/or hosts that can be reached from each account and/or host in the computer network system, a display of entities that can access one or more accounts and/or hosts in the computer network system, or a display of entities that can access root accounts and/or privileged accounts in the computer network system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable media comprising program code for causing a processor to perform instructions for a method in a computer network system, the method performed comprising:
-
obtaining information on trust relationships between entities in the computer network system, determining transitive reachability information for a selected entity based on the information on trust relationships, generating a transitive reachability graph describing at least one access relation of the selected entity based on the transitive reachability information, displaying the generated transitive reachability graph, performing a management action based on the displayed transitive reachability graph, and the method performed further comprising at least one of; displaying all access relationships of the selected entity, displaying all accounts and/or hosts that can be reached from each account and/or host in the computer network system; displaying entities that can access one or more accounts and/or hosts in the computer network system, or displaying entities that can access root accounts and/or privileged accounts in the computer network system. - View Dependent Claims (19, 20)
-
Specification