AU2016419031A1 - Application centric centralized certificate management system for managing certificates across data centers - Google Patents

Application centric centralized certificate management system for managing certificates across data centers Download PDF

Info

Publication number
AU2016419031A1
AU2016419031A1 AU2016419031A AU2016419031A AU2016419031A1 AU 2016419031 A1 AU2016419031 A1 AU 2016419031A1 AU 2016419031 A AU2016419031 A AU 2016419031A AU 2016419031 A AU2016419031 A AU 2016419031A AU 2016419031 A1 AU2016419031 A1 AU 2016419031A1
Authority
AU
Australia
Prior art keywords
certificates
certificate
policy
module
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU2016419031A
Inventor
Murali Palanisamy
Anand Purusothaman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Appviewx Inc
Original Assignee
Appviewx Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Appviewx Inc filed Critical Appviewx Inc
Publication of AU2016419031A1 publication Critical patent/AU2016419031A1/en
Priority to AU2023202613A priority Critical patent/AU2023202613A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A system for managing one or more certificates on granular object level in one or more datacenters is provided. The system includes a discover module, an inventory module, a work order module, and a policy module. The discover module is configured to discover the one or more certificates. The inventory module is configured to provide details of the one or more certificates. The work order module is configured to store details of (i) a work order id of the one or more certificates, (ii) device information of the one or more certificates, (iii) a time stamp of implementation of the one or more certificates, and (iv) a status the one or more certificates. The policy module is configured to create a policy that specifies (i) usage of the one or more certificates, and (ii) practices that a certificate authority (CA) employs to manage the one or more certificates.

Description

BACKGROUND
Technical Field [001] The embodiments herein generally relate a certificate management system, and more particularly, to a system and method for managing certificates across data centers.
Description of the Related Art [002] Application delivery and certificate management in networks is critical for application owners and network administrators. Existing legacy tools are not supported by development teams, as there are multiple different tools with each of them running on independent scripts. Collaboration among the tools is essential for the efficient functioning of the system. Existing applications are also independent of each another with access restricted to concerned independent teams. Thus, an unreasonable amount of time and resources are spent on writing scripts every time a team needs to monitor applications outside its scope of access. Also there is no single-view visibility of an application to manage certificates across networking components running across multiple data centers.
[003] Device level operations on management tools makes routing traffic amongst data centers difficult and unnecessarily complex. This also amplifies the risk of errors and difficulties in setting up and altering rules to serve traffic. Monitoring applications, studying statistics, managing certificates and gauging the health of applications are highly complex in existing systems. An increased number of independent tools render migration/upgrading of
WO 2018/029508
PCT/IB2016/054784 network tools almost impossible. Also, fixing issues consumes time, which is very critical in industries like banking, healthcare, etc., where data management is critical.
[004] The most common solutions for application delivery and certificate management are provided by device vendors themselves. However, these solutions monitor the certificates and give a device-centric view of the network, which does not meet the requirements of application owners, network administrators, and CXOs to monitor network components.
[005] Accordingly, there is a need for an application centric centralized system to manage one or more certificates across data centers.
SUMMARY [006] In view of the foregoing, an embodiment herein provides an application centric centralized certificate management system for managing one or more certificates on granular object level in one or more datacenters. The application centric centralized certificate management system includes a memory unit, a display unit and a processor. The memory unit stores a database and a set of modules. The processor executes the set of modules. The set of modules includes a discover module, an inventory module, a work order module, and a policy module. The discover module, executed by the processor, is configured to discover the one or more certificates across the one or more datacenters. The inventory module, executed by the processor, is configured to provide details of the one or more certificates includes a name of a certificate group, a serial number of the one or more certificates, a profile of the one or more, a vendor of the one or more, and a name of one or more devices connected with the one or more certificates. The work order module, executed
WO 2018/029508
PCT/IB2016/054784 by the processor, is configured to store details of (i) a work order id of the one or more certificates, (ii) a device information of the one or more certificates, (iii) a time stamp of implementation of the one or more certificates, and (iv) a status of the one or more certificates. The policy module, executed by the processor, is configured to create a policy for (i) the one or more certificates, and (ii) a certificate authority (CA). The policy specifies (i) an usage of the one or more certificates, and (ii) practices that the certificate authority (CA) employs to manage the one or more certificates. The policy module (i) performs compliance check for the one or more certificates based on the policy, and (ii) generates a compliance report about at least one of the certificates. The compliance report includes (a) validity of the one or more certificates, (b) expiration status of the one or more certificates, and (c) expiration dates of the one or more certificates. The policy module generating an alert that indicates (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. The display that displays a holistic view of the one or more certificates to perform one or more actions on granular object level. The one or more actions includes (i) performing validation check on the one or more certificates, (ii) renewing the one or more certificates, (iii) revoking the one or more certificates, or (iv) pushing the one or more certificates. The one or more certificates are automatically renewed when the alert indicates the expiration status of the one or more certificates.
[007] In one embodiment, the application centric centralized certificate management system further includes a new certificate module, and a validation module. The new certificate module, executed by the processor, is configured to create a new certificate for the application centric centralized certificate management system. The validation module, executed by the processor, is configured to validate (a) the new certificate when the new
WO 2018/029508
PCT/IB2016/054784 certificate is added to the application centric centralized certificate management system, and (b) the one or more certificates. In another embodiment, the application centric centralized certificate management system includes a certificate group module, and a settings module. The certificate group module, executed by the processor, is configured to create a certificate group for the one or more certificates. The settings module, executed by the processor, is configured to manage authentication details to initiate a secured connection with a CA to perform one or more actions on the one or more certificates. In yet another embodiment, the inventory module is further configured provide an option to associate the one or more certificates to the certificate group. In yet another embodiment, the policy is applied to the one or more certificates on granular object level by associating the policy to the certificate group. In yet another embodiment, the policy module is configured to perform a compliance check against the one or more certificates based on the policy to generate compliance reports for the one or more certificates. In yet another embodiment, the discover module is configured to discover the one or more certificates based on at least one of (i) an IP range, (ii) a subnet, (iii) an URL, (iv) by uploading a certificate, and (v) managed devices. In yet another embodiment, the policy module is configured to perform at least one action. The at least one action is selected from a group includes (a) providing access control to the one or more certificates, (b) a policy enforcement on the one or more certificates, and (c) a compliance check on the one or more certificates. In yet another embodiment, the new certificate module is configured to provide an option to select a connector type for creating the new certificate.
[008] In another aspect, a non-transitory program storage device readable by computer, and includes a program of instructions executable by the computer to perform a
WO 2018/029508
PCT/IB2016/054784 method for managing one or more certificates on granular object level in one or more application specific networking components across one or more data centers is provided. The method includes following steps: (i) discovering one or more certificates in the application centric centralized certificate management system; (ii) providing details of the one or more certificates includes (a) a name of a certificate group, (b) a serial number of the one or more certificates, (c) a profile of the one or more certificates, (d) a vendor of the one or more certificates, and (e) a name of a one or more devices connected with the one or more certificates; (iii) storing the details of (a) a work order id, (b) a device information, (c) a time stamp of implementation, and (d) a status associated with the one or more certificates; (iv) creating a policy for (a) the one or more certificates, and (b) a certificate authority (CA); (v) performing compliance check for the one or more certificates based on the policy; (vi) generating a compliance report about at least one of the certificates; (vii) generating an alert that indicates (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. In one embodiment, the policy specifies (a) an usage of the one or more certificates, and (b) practices that the certificate authority (CA) employs to manage the one or more certificates. In another embodiment, the compliance report includes (i) validity of the one or more certificates, (ii) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. In yet another embodiment, the one or more certificates are automatically renewed when the alert indicates the expiration status of the one or more certificates.
[009] In one embodiment, the method further includes the step of displaying a holistic view of the one or more certificates to perform one or more actions on granular object level. In another embodiment, the one or more actions includes (i) performing
WO 2018/029508
PCT/IB2016/054784 validation check on the one or more certificates, (ii) renewing the one or more certificates, (iii) revoking the one or more certificates, or (iv) pushing the one or more certificates. In another embodiment, the policy is applied to the one or more certificates on granular object level by associating the policy to the certificate group. In yet another embodiment, the method further includes the steps of (i) creating a group to categorize the one or more certificates; (ii) managing authentication details to initiate a secured connection with a certificate authority to perform one or more actions on the one or more certificates; (iii) creating a new certificate; and (iv) validating (a) the new certificate when the new certificate is added to the application centric centralized certificate management system, (b) the one or more certificates.
[0010] In yet another aspect, a computer implemented method for managing one or more certificates on granular object level in one or more application specific networking components across one or more data centers using an application centric centralized certificate management system is provided. The method includes following steps: (i) discovering one or more certificates in the application centric centralized certificate management system; (ii) providing details of the discovered one or more certificates includes (i) a name of a certificate group, (ii) a serial number of the one or more certificates, (iii) a profile of the one or more certificates, (iv) a vendor of the one or more certificates, and (v) a name of one or more devices connected with the one or more certificates; (iii) receiving and storing the details of (a) a work order id, (b) a device information, (c) a time stamp of implementation, and (d) a status associated with the one or more certificates; (iv) creating a policy for (a) the one or more certificates, and (b) a certificate authority (CA); (v) performing compliance check for the one or more certificates based on the policy; (vi) generating a
WO 2018/029508
PCT/IB2016/054784 compliance report about at least one of the certificates; and (vii) generating an alert that indicates (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. In one embodiment, the policy specifies (a) usage of the one or more certificates, and (b) practices that the certificate authority (CA) employs to manage the one or more certificates. In another embodiment, the compliance report includes (i) validity of the one or more certificates, (ii) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. In yet another embodiment, the one or more certificates are automatically renewed when the alert indicates the expiration status of the one or more certificates.
[0011] In one embodiment, the method further includes the step of displaying a holistic view of the one or more certificates to perform one or more actions on granular object level. In another embodiment, the one or more actions includes (i) performing validation check on the one or more certificates, (ii) renewing the one or more certificates, (iii) revoking the one or more certificates, or (iv) pushing the one or more certificates. In yet another embodiment, the policy is applied to the one or more certificates on granular object level by associating the policy to the certificate group. In yet another embodiment, the method further includes the steps of (i) creating a new certificate; and (ii) validating (a) the new certificate when the new certificate is added to the application centric centralized certificate management system, and (b) the one or more certificates. In yet another embodiment, the method further includes the steps of (i) creating a group to categorize the one or more certificates; and (ii) managing authentication details to initiate a secured connection with the certificate authority to perform one or more actions on the one or more certificates.
WO 2018/029508
PCT/IB2016/054784 [0012] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
BRIEF DESCRIPTION OF THE DRAWINGS [0013] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0014] FIG. 1 illustrates a system view of one or more users communicating with a user system to manage one or more certificates using an application centric centralized certificate management system according to an embodiment herein;
[0015] FIG. 2 illustrates an exploded view of the application centric centralized certificate management system of FIG. 1 according to an embodiment herein;
[0016] FIG. 3 illustrates a user interface view of the application centric centralized certificate management system of FIG. 1 according to an embodiment herein;
[0017] FIG. 4 illustrates a user interface view of a discover module of FIG. 3 according to an embodiment herein;
[0018] FIG. 5 illustrates a user interface view of an inventory module of FIG. 3 according to an embodiment herein;
WO 2018/029508
PCT/IB2016/054784 [0019] FIG. 6A illustrates a user interface view of a new certificate module of FIG. 3 according to an embodiment herein;
[0020] FIG. 6B illustrates a user interface view that provides a holistic view of the one or more certificates according to an embodiment herein;
[0021] FIG. 7A illustrates a user interface view of a policy module of FIG. 3 according to an embodiment herein;
[0022] FIGS. 7B and 7C illustrate user interface views of a settings module of FIG. 3 according to an embodiment herein;
[0023] FIG. 8 is a flow diagram illustrating a computer implemented method for managing one or more certificates in one or more application specific networking components across one or more data centers according to an embodiment herein;
[0024] FIG. 9 illustrates an exploded view of a receiver according to an embodiment herein; and [0025] FIG. 10 illustrates a schematic diagram of a computer architecture used according to an embodiment herein.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS [0026] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended
WO 2018/029508
PCT/IB2016/054784 merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein.
Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0027] Various embodiments of the methods and systems disclosed herein provide an application centric centralized certificate management system that manages one or more certificates on granular object level across datacenters. The application centric centralized certificate management system performs various actions on the one or more certificates on granular object level, such as, discovering certificates, issuing certificates, ordering certificates, renewing certificates, pushing certificates, automatic renewal/pushing of the certificates, and compliance reporting of the certificates. Referring now to the drawings, and more particularly to FIGS. 1 through 10, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments.
[0028] FIG. 1 illustrates a system view 100 of one or more users 102A-N communicating with a user system 104 to manage one or more certificates of one or more Application Specific Networking Components (ASNC) 112A1-Nn operating in one or more datacenters 110A-N on granular object level using an application centric centralized certificate management system 106 according to an embodiment herein. The application centric centralized certificate management system 106 provides a user interface to the one or more users 102A-N to manage the one or more certificates of the ASNC's 112A1-Nn operating in the one or more datacenters 110A-N on granular object level. The granular object level may include object attributes for authorized functions, and/or access control for
WO 2018/029508
PCT/IB2016/054784 individual object property of a device (i.e. ASNC 112). In one embodiment, the ASNC's
112A1-Nn include a BIG IP device from F5 networks, ACE—Application Control Engine from Cisco, and Net scaler from Citrix etc. The one or more datacenters 110A-N include one or more IP servers 114A1-Nn. In one embodiment, the one or more IP servers 114A1-Nn also called as domain server.
[0029] FIG. 2 illustrates an exploded view of the application centric centralized certificate management system 106 of FIG. 1 according to an embodiment herein. The application centric centralized certificate management system 106 includes a database 202, a discover module 204, an inventory module 206, a new certificate module 208, a work order module 210, a policy module 212, a certificate group module 214, a validation module 216, and a settings module 218. The discover module 204 is configured to discover one or more certificates of ASNC's 112A1-Nn. The inventory module 206 is configured to provide details of the one or more certificates such as certificate group of the one or more certificates, a serial number of the one or more certificates, profile of the one or more certificates, a vendor of the one or more certificates, and to which devices the one or more certificates is connected. The inventory module 206 provides a status of the one or more certificates (e.g. a managed certificate, a new certificate). In one embodiment, the inventory module 206 associates the one or more certificates to a certificate group by clicking an associate certificate group field. In order to associate the one or more certificates, the inventory module 206 provides an option to select the one or more certificates which need to be associated. In another embodiment, the inventory module 206 provides a certificate group name, an application id, and selects under which parent group the one or more certificates need to be associated. The new certificate module 208 is configured to create one or more
WO 2018/029508
PCT/IB2016/054784 new certificates. The work order module 210 is configured to store details of (i) a work order id, (ii) device information, (iii) a time stamp of implementation, and (iv) a status of the one or more certificates. The policy module 212 creates a policy (i.e. a set of protocols/rules) that specifies (i) the usage of the one or more certificates, and (ii) the practices that a certificate authority (CA) employs to manage the one or more certificates. The policy is applied to the one or more certificates on granular object level by associating the policy to certificate groups that includes common security requirements. The policy module 212 performs a compliance check against the one or more certificates based on the policy, and generate compliance reports. In one embodiment, the compliance report includes (a) validity of the one or more certificates, (b) expiration status of the one or more certificates, and (c) expiration dates of the one or more certificates. The policy module generating an alert that indicates (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. The certificate group module 214 is configured to create a certificate group for the one or more certificates that are selected by the one or more users 102A-N. The validation module 216 is configured to validate (a) the new certificate that is added to the application centric centralized certificate management system 106, and (b) the one or more certificates. In one embodiment, the validation module 216 is configured to validate appropriateness of the one or more certificates that resides within a fully qualified domain name (FQDN), or an internet protocol (IP) address, based on expiration status of the one or more certificates. The settings module 218 is configured to manage authentication details to initiate a secured connection with a CA to perform one or more actions on the one or more certificates.
[0030] FIG. 3 illustrates a user interface view of the application centric centralized
WO 2018/029508
PCT/IB2016/054784 certificate management system 106 of FIG. 1 according to an embodiment herein. The application centric centralized certificate management system 106 includes a certificate tab 302. In one embodiment, the certificate tab 302 displays a certificate report by a vendor. The certificate tab 302 includes a discover tab 304, an inventory tab 306, a new certificate tab 308, a work order tab 310, and a policy tab 312. The discover tab 304 is configured to discover the one or more certificates in various ways in the application centric centralized certificate management system 106 when the one or more users 102A-N select/click the discover tab 304. The inventory tab 306 is configured to provide the details of the one or more certificates such as certificate group of the one or more certificates, a serial number of the one or more certificates, profile of the one or more certificates, a vendor of the one or more certificates, and to which devices the one or more certificates are connected, and provides the status of the certificates (e.g., managed certificate, new certificate). The new certificate tab 308 is configured to create a new certificate when the one or more users 102AN selects the new certificate tab 308. The work order tab 310 is configured to keep track of all the activities such as a work order id, device information, a time stamp of implementation, and a status of the one or more certificates. The policy tab 312 creates a policy (i.e. a set of protocols/rules that specifies (i) usage of the one or more certificates, and (ii) practices that a certificate authority employs to manage the one or more certificates. The policy is applied to the one or more certificates on granular object level by associating the policy to certificate groups that includes common security requirements. The policy tab 312 performs a compliance check against the one or more certificates based on the policy, and generate compliance reports. In one embodiment, the policy tab 312 performs one or more actions such as providing access control, policy enforcement, and compliance check on the one or
WO 2018/029508
PCT/IB2016/054784 more certificates on granular object level. The certificate tab 302 further includes a certificate group tab, a validation tab, and a settings tab. The certificate group tab is configured to create a certificate group for the one or more certificates that are selected by the one or more user’s 102A-N. In another embodiment, one or more certificate groups are created as a hierarchical structure with sub-groups nested under the one or more certificate groups. The validation tab is configured to validate (a) the new certificate that is added to the application centric centralized certificate management system 106, (b) the one or more certificates. In one embodiment, the validation tab generates a validation report to check (i) whether the fully qualified domain name (FQDN) of the application centric centralized certificate management system 106 matches the common name of the one or more certificates, and (ii) whether an end entity certificate, and the associated chain certificates of the end entity certificate are correctly installed onto the application centric centralized certificate management system 106. In another embodiment, the validation tab is configured to validate appropriateness of the one or more certificates that resides within a fully qualified domain name (FQDN), or an internet protocol (IP) address, based on expiration status of the one or more certificates. The settings tab is configured to manage authentication details to initiate a secured connection with a CA to perform one or more actions on the one or more certificates. The settings tab is further configured to change/update the information (e.g., a certificate authority name, credentials/respective authorization details, contact details, etc.) related to the one or more certificates in the application centric centralized certificate management system 106.
[0031 ] FIG. 4 illustrates a user interface view of the discover module 204 of FIG. 3 according to an embodiment herein. The user interface view of the discover module 204 is
WO 2018/029508
PCT/IB2016/054784 configured to provide an option to the one or more users 102A-N to discover one or more certificates in the application centric centralized certificate management system 106. The user interface view of the discover module 204 discovers the one or more certificates using following options: (i) an IP range 402, (ii) a subnet 404, (iii) an URL 406, (iv) by uploading the certificate 408, and/or (v) managed devices. The user interface view of the discover module 204 discovers the one or more certificates using the IP range 402 when the one or more users 102A-N select the IP Range 402 to discover the one or more certificates. The one or more users 102A-N enter the start IP and end IP addresses, and click on the discover button 410 to discover the one or more certificates. The reset button 412 is configured to reset/re-enter the start IP and end IP addresses. In one embodiment, the user interface view of the discover module 204 discovers the one or more certificates using the subnet 404 when the one or more users 102A-N selects the subnet 404 to discover the one or more certificates. The one or more users 102A-N enter the network address, and clicks on the discover button 410 to discover the one or more certificates. In another embodiment, the user interface view of the discover module 204 discovers the certificate using the URL 406 when the one or more users 102A-N select the URL 406 to discover the one or more certificates. The one or more users 102A-N enter the URL 406 address, and clicks on discover button 410 to discover the one or more certificates in the application centric centralized certificate management system 106. In yet another embodiment, the user interface view of the discover module 204 discovers the one or more certificates using the upload the certificate 408 when the one or more users 102A-N select the option of uploading the certificate 408 to discover the one or more certificates. The certificates are uploaded on granular object level to the application centric centralized certificate management system 106 using upload the certificate 408 for
WO 2018/029508
PCT/IB2016/054784 managing and/or monitoring the one or more certificates. In yet another embodiment, the user interface view of the discover module 204 discovers the one or more certificates using the managed devices when the one or more users 102A-N select the option of managed devices to discover the one or more certificates.
[0032] FIG. 5 illustrates a user interface view of the inventory module 206 of FIG. 3 according to an embodiment herein. The user interface view of the inventory module 206 is configured to provide details of the one or more certificates such as a certificate group to which the one or more certificates associated with, a serial number of the one or more certificates, a profile of the one or more certificates, a vendor of the one or more certificates and to which devices the one or more certificates are connected, and a status of the one or more certificates (e.g., a managed certificate, a new certificate). The user interface view of the inventory module 206 includes the details of the one or more certificates such as a common name (CN) of the certificate 502, a serial number of the certificate 504, a certificate group 506, an issuer CN 508, a validity detail 510, and a status 512. The certificate group 506 provides details about a list of certificate groups that are available in the application centric centralized certificate management system 106. In one embodiment, the certificate group 506 is created for the one or more certificates that need to be grouped by selecting/clicking on associate cert group tab (not shown in FIG.). The one or more users 102A-N provide a certificate group name, and an application ID when the one or more users 102A-N create the certificate group 506. In one embodiment, the one or more users 102A-N further select a parent certificate group to which the selected certificate needs to be associated.
[0033] FIG. 6A illustrates a user interface view 600A of the new certificate module
WO 2018/029508
PCT/IB2016/054784
208 of FIG. 3 according to an embodiment herein. The user interface view 600A of the new certificate module 208 is configured to provide an option to the one or more users 102A-N to create a new certificate. The one or more users 102A-N further select a connector type to create the new certificate. In one embodiment, the connector type includes (i) an application connector 602, (ii) a certificate authority (CA) connector 604, and (iii) a monitor connector 606. The application connector 602 provides information related to a device/application (i.e. ASNC’s 112A1-N) to which the one or more certificates, and associated entities of the one or more certificates are transferred/pushed. In one embodiment, the application connector 602 includes a F5 connector for F5 device, and a script connector for ADC devices. In another embodiment, the application connector 602 includes connectors for ADC devices, and server applications/vendors. The CA connector 604 interacts with certificate authorities (CA), and facilitates a complete multi-level approval work flow in ordering/renewing/revoking the one or more certificates. The CA is an entity that provides the digital certificate. A digital certificate certifies a public key of the one or more users 102A-N for the one or more certificates which allows other users to rely upon signatures or assertions made by the private key that corresponds to the public key which is certified. The monitor connector 606 monitors an expiry status of the one or more certificates on the device at regular periods. In one embodiment, the application type includes (i) an AppViewX CA, (ii) a Script CA, and (iii) connectors that support all the CAs. In another embodiment, to create a new certificate, the one or more users 102A-N create a new key, or select the existing key that corresponds to key type and bit length.
[0034] The user interface view 600A of the new certificate module 208 further includes a certificate signing request (CSR) selection. The CSR selection includes (i)
WO 2018/029508
PCT/IB2016/054784 generating a new CSR, and (ii) use existing CSR. After providing the information to the CSR selection, select an add button to create a new application connector (e.g., AppViewX connector). In one embodiment, the application connector includes the details about the application CA (e.g., AppViewX CA). In another embodiment, after adding the application connector, the application connector generates a new CSR to the one or more certificates by selecting a generate CSR option (Not shown in FIG.). After generating the CSR, the CSR is approved by the application CA connector (i.e. AppViewx CA connector), by right clicking on the application CA connector, and selecting the approve CSR option. The one or more users 102A-N provide a request for a new certificate by right clicking on the application connector, and selecting a request new certificate option once the CSR is approved. In one embodiment, the connector type is a native & script connector. The native & script connector defines flexibility, and a necessary logic to the administrator to communicate with the external entities using various scripting languages.
[0035] FIG. 6B illustrates a holistic view of the one or more certificates according to an embodiment herein. The holistic view 600B provides the details about expiry status, technical details of the one or more certificates, associated entities (e.g., intermediate certificate, root certificates, all chain certificates, etc.) of one or more certificates, applications/device and the CA information. The holistic view is a single page where the operations/actions like validation check, order, renewal, revoke or pushing of the one or more certificates to a device are performed on granular object level. In one embodiment, the holistic view provides status of validation checks of the one or more certificates across one or more devices. In another embodiment, the application centric centralized certificate management system 106 supports various types of certificates. In another embodiment, the
WO 2018/029508
PCT/IB2016/054784 application centric centralized certificate management system 106 performs following operations on granular object level: (i) discovering the one or more certificates, (ii) issuing the one or more certificates, (iii) renewing the one or more certificates, (iv) pushing the one or more certificates, (v) automatic renewal/pushing the one or more certificates, and (vi) compliance reporting of the one or more certificates.
[0036] FIG. 7A illustrates a user interface view 700A of the policy module 212 of FIG. 1 according to an embodiment herein. The user interface view 700A of the policy module 212 provides an option to the one or more users 102A-N to create a policy (i.e. a set of protocols/rules) that specifies (i) usage of the one or more certificates, and (ii) practices that a certificate authority employs to manage the one or more certificates. The policy is applied on granular object level to the one or more certificates by associating the policy to certificate groups that includes common security requirements. The user interface view 700A of the policy module 212 is configured to perform a compliance check against the one or more certificates based on the policy, and generate compliance reports to provide an alert regards (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. The user interface view 700A of the policy module 212 further provides the details of the one or more certificates including a solution when the one or more users 102A-N lost the private keys.
[0037] FIGS. 7B and 7C illustrate user interface views 700A-B of the settings module 218 of FIG. 3 according to an embodiment herein. The user interface views 700A-B of the settings module 218 provides an option to the one or more users 102A-N to manage authentication details to initiate a secured connection with a certificate authority (CA), when the one or more users 102A-N performs one or more actions, involving support from CA's,
WO 2018/029508
PCT/IB2016/054784 on the one or more certificates. In one embodiment, the user interface views 700A-B of the settings module 218 is configured to manage the certificate authorities that are connected to the application centric centralized certificate management system 106.
[0038] FIG. 8 is a flow diagram illustrating a computer implemented method for managing one or more certificates on granular object level in one or more application specific networking components across one or more data centers according to an embodiment herein. In step 802, one or more certificates are discovered in various ways using the discover module 204. In step 804, the inventory module 206 provides details of the discovered one or more certificates, such as, a certificate group of the one or more certificates, a serial number of the one or more certificates, a profile of the one or more certificates, a vendor of the one or more certificates, and devices to which the one or more certificates are connected, and a status of the one or more certificates (e.g., managed certificate, new certificate). In step 806, the work order module 210 receives and stores details of (i) a work order id of the one or more certificates, (ii) device information of the one or more certificates, (iii) a time stamp of implementation of the one or more certificates, and (iv) a status associated with the one or more certificates. In step 808, the policy module 212 creates a policy (i.e. a set of protocols/rules) for (i) the one or more certificates, and (ii) a certificate authority that specifies (i) usage of the one or more certificates, and (ii) practices that a certificate authority (CA) employs to manage the one or more certificates. The policy is applied on granular object level to the one or more certificates by associating the policy to the certificate group that includes common security requirements. In step 810, the policy module 212 performs a compliance check against the one or more certificates based on the policy. In step 812, the policy module 212 generates a compliance report about at least one
WO 2018/029508
PCT/IB2016/054784 of the certificates. The compliance report includes (i) validity of the one or more certificates, (ii) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. In step 814, the policy module 212 generates an alert that indicates (i) expiration status of the one or more certificates, and (iii) expiration dates of the one or more certificates. The one or more certificates are automatically renewed when the alert indicates the expiration status of the one or more certificates.
[0039] The embodiments can be used to efficiently prevent the one or more certificates related security risk. Embodiments can also act as a certificate authority to secure internal tools/applications of the enterprise. Embodiment can also be used to perform all certificate registration authority related actions like renew, revoke, certificate push, rollback as well from single place.
[0001] FIG. 9 illustrates an exploded view of a receiver 900 having a memory 902 having a set of instructions, a bus 904, a display 906, a speaker 908, and a processor 910 capable of processing the set of instructions to perform any one or more of the methodologies herein, according to an embodiment herein. The processor 910 may also enable digital content to be consumed in the form of video for output via one or more displays 906 or audio for output via speaker and/or earphones 908. The processor 910 may also carry out the methods described herein and in accordance with the embodiments herein.
[0002] Digital content may also be stored in the memory 902 for future processing or consumption. The memory 902 may also store program specific information and/or service information (PSI/SI), including information about digital content (e.g., the detected information bits) available in the future or stored from the past. A user of the receiver 900 may view this stored information on display 906 and select an item of for viewing, listening,
WO 2018/029508
PCT/IB2016/054784 or other uses via input, which may take the form of keypad, scroll, or other input device(s) or combinations thereof. When digital content is selected, the processor 910 may pass information. The content and PS1/SI may be passed among functions within the receiver using the bus 904.
[0003] The techniques provided by the embodiments herein may be implemented on an integrated circuit chip (not shown). The chip design is created in a graphical computer programming language, and stored in a computer storage medium (such as a disk, tape, physical hard drive, or virtual hard drive such as in a storage access network). If the designer does not fabricate chips or the photolithographic masks used to fabricate chips, the designer transmits the resulting design by physical means (e.g., by providing a copy of the storage medium storing the design) or electronically (e.g., through the Internet) to such entities, directly or indirectly.
[0004] The stored design is then converted into the appropriate format (e.g., GDSII) for the fabrication of photolithographic masks, which typically include multiple copies of the chip design in question that are to be formed on a wafer. The photolithographic masks are utilized to define areas of the wafer (and/or the layers thereon) to be etched or otherwise processed.
[0005] The resulting integrated circuit chips can be distributed by the fabricator in raw wafer form (that is, as a single wafer that has multiple unpackaged chips), as a bare die, or in a packaged form. In the latter case the chip is mounted in a single chip package (such as a plastic carrier, with leads that are affixed to a motherboard or other higher level carrier) or in a multichip package (such as a ceramic carrier that has either or both surface interconnections or buried interconnections). In any case the chip is then integrated with
WO 2018/029508
PCT/IB2016/054784 other chips, discrete circuit elements, and/or other signal processing devices as part of either (a) an intermediate product, such as a motherboard, or (b) an end product. The end product can be any product that includes integrated circuit chips, ranging from toys and other lowend applications to advanced computer products having a display, a keyboard or other input device, and a central processor.
[0006] The embodiments herein can take the form of, an entirely hardware embodiment, an entirely software embodiment or an embodiment including both hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. Furthermore, the embodiments herein can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0007] The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk - read only memory (CD-ROM), compact disk - read/write (CD-R/W) and DVD.
[0008] A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through
WO 2018/029508
PCT/IB2016/054784 a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
[0040] Input/output (I/O) devices (including but not limited to keyboards, displays, pointing devices, remote controls, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
[0041] FIG. 10 is a schematic drawing illustrates a hardware configuration of an information retrieval system/computer architecture in accordance with the embodiments herein. The computer architecture includes at least one processor or central processing unit (CPU) 10. The CPUs 10 are interconnected via system bus 12 to various devices such as a random access memory (RAM) 14, read-only memory (ROM) 16, and an input/output (RO) adapter 18. The RO adapter 18 can connect to peripheral devices, such as disk units 11 and tape drives 13, or other program storage devices that are readable by the system. The system can read the inventive instructions on the program storage devices and follow these instructions to execute the methodology of the embodiments herein.
[0042] The system further includes a user interface adapter 19 that connects a keyboard 15, mouse 17, speaker 24, microphone 22, and/or other user interface devices such as a touch screen device (not shown) or a remote control to the bus 12 to gather user input.
WO 2018/029508
PCT/IB2016/054784
Additionally, a communication adapter 20 connects the bus 12 to a data processing network
25, and a display adapter 21 connects the bus 12 to a display device 23 which may be embodied as an output device such as a monitor, printer, or transmitter, for example.
[0043] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology 10 employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the appended claims.

Claims (15)

  1. What is claimed is:
    1. An application centric centralized certificate management system for securely managing a plurality of certificates on granular object level in a plurality of datacenters, said application centric centralized certificate management system comprising:
    a memory unit that stores a database and a set of modules; and a processor that executes said set of modules, wherein said set of modules comprise:
    a discover module, executed by said processor, configured to discover said plurality of certificates;
    an inventory module, executed by said processor, configured to provide details of said discovered plurality of certificates comprises (i) a name of a certificate group, (ii) a serial number of said plurality of certificates, (iii) a profile of said plurality of certificates, (iv) a vendor of said plurality of certificates, and (v) a name of a plurality of devices connected with said plurality of certificates;
    a work order module, executed by said processor, configured to store details of (i) a work order id of said plurality of certificates, (ii) device information of said plurality of certificates, (iii) a time stamp of implementation of said plurality of certificates, and (iv) a status of said plurality of certificates;
    a policy module, executed by said processor, configured to create a policy for (i) said plurality of certificates, and (ii) a certificate authority (CA), wherein said policy specifies (i) an usage of said plurality of certificates, and (ii) practices that said certificate authority (CA) employs to manage said plurality of certificates, wherein
    WO 2018/029508
    PCT/IB2016/054784 said policy module (i) performs compliance check for said plurality of certificates based on said policy, and (ii) generates a compliance report about at least one of said certificates, wherein said compliance report comprises (a) validity of said plurality of certificates, (b) expiration status of said plurality of certificates, and (c) expiration dates of said plurality of certificates, wherein said policy module generating an alert that indicates (i) expiration status of said plurality of certificates, and (iii) expiration dates of said plurality of certificates; and a display that displays a holistic view of said plurality of certificates to perform one or more actions on granular object level, wherein said one or more actions comprises (i) performing validation check on said plurality of certificates, (ii) renewing said plurality of certificates, (iii) revoking said plurality of certificates, or (iv) pushing said plurality of certificates, wherein said plurality of certificates are automatically renewed when said alert indicates said expiration status of said plurality of certificates.
  2. 2. The application centric centralized certificate management system of claim 1, wherein said set of modules comprises;
    a new certificate module, executed by said processor, configured to create a new certificate;
    a validation module, executed by said processor, configured to validate (a) said new certificate when said new certificate is added to said application centric centralized certificate management system, and (b) said plurality of certificates;
    WO 2018/029508
    PCT/IB2016/054784 a certificate group module, executed by said processor, configured to create a certificate group for said plurality of certificates; and a settings module, executed by said processor, configured to manage authentication details to initiate a secured connection with a certificate authority to perform one or more actions on said plurality of certificates.
  3. 3. The application centric centralized certificate management system of claim 1, wherein said inventory module is configured to provide an option to associate said plurality of certificates to said certificate group.
  4. 4. The application centric centralized certificate management system of claim 1, wherein said policy is applied to said plurality of certificates on granular object level by associating said policy to said certificate group.
  5. 5. The application centric centralized certificate management system of claim 1, wherein said discover module is configured to discover said plurality of certificates based on at least one of (i) an IP range, (ii) a subnet, (iii) an URL, (iv) by uploading a certificate, and (v) managed devices.
  6. 6. The application centric centralized certificate management system of claim 1, wherein said policy module is configured to perform at least one action on granular object level, wherein said at least one action is selected from a group comprising:
    (a) providing access control to said plurality of certificates; and
    WO 2018/029508
    PCT/IB2016/054784 (b) a policy enforcement on said plurality of certificates.
  7. 7. The application centric centralized certificate management system of claim 2, wherein said new certificate module is configured to provide an option to select a connector type for creating said new certificate.
  8. 8. A non-transitory program storage device readable by computer, and comprising a program of instructions executable by said computer to perform a method for securely managing a plurality of certificates on granular object level in a plurality of application specific networking components across a plurality of data centers, said method comprising:
    discovering a plurality of certificates in said application centric centralized certificate management system;
    providing details of said discovered plurality of certificates comprises (i) a name of a certificate group, (ii) a serial number of said plurality of certificates, (iii) a profile of said plurality of certificates, (iv) a vendor of said plurality of certificates, and (v) a name of a plurality of devices connected with said plurality of certificates;
    storing details of (i) a work order id, (ii) a device information, (iii) a time stamp of implementation, and (iv) a status associated with said plurality of certificates;
    creating a policy for (i) said plurality of certificates, and (ii) a certificate authority (CA), wherein said policy specifies (a) an usage of said plurality of certificates, and (b) practices that said certificate authority (CA) employs to manage said plurality of certificates;
    performing compliance check for said plurality of certificates based on said policy;
    WO 2018/029508
    PCT/IB2016/054784 generating a compliance report about at least one of said certificates, wherein said compliance report comprises (i) validity of said plurality of certificates, (ii) expiration status of said plurality of certificates, and (iii) expiration dates of said plurality of certificates; and generating an alert that indicates (i) expiration status of said plurality of certificates, and (iii) expiration dates of said plurality of certificates, wherein said plurality of certificates are automatically renewed when said alert indicates said expiration status of said plurality of certificates.
  9. 9. The non-transitory machine-readable medium of claim 8, wherein said method further comprises displaying a holistic view of said plurality of certificates to perform one or more actions on granular object level, wherein said one or more actions comprises (i) performing validation check on said plurality of certificates, (ii) renewing said plurality of certificates, (iii) revoking said plurality of certificates, or (iv) pushing said plurality of certificates.
  10. 10. The non-transitory machine-readable medium of claim 8, wherein said policy is applied to said plurality of certificates on granular object level by associating said policy to said certificate group.
  11. 11. The non-transitory machine-readable medium of claim 8, wherein said method further comprises:
    creating a group to categorize said plurality of certificates;
    managing authentication details to initiate a secured connection with a certificate authority to perform one or more actions on said plurality of certificates;
    WO 2018/029508
    PCT/IB2016/054784 creating a new certificate; and validating (a) said new certificate when said new certificate is added to said application centric centralized certificate management system, (b) said plurality of certificates.
  12. 12. A computer implemented method for securely managing a plurality of certificates on granular object level in a plurality of application specific networking components across a plurality of data centers using an application centric centralized certificate management system, said method comprising:
    discovering a plurality of certificates in said application centric centralized certificate management system;
    providing details of said discovered plurality of certificates comprises (i) a name of a certificate group, (ii) a serial number of said plurality of certificates, (iii) a profile of said plurality of certificates, (iv) a vendor of said plurality of certificates, and (v) a name of a plurality of devices connected with said plurality of certificates;
    receiving and storing details of (i) a work order id, (ii) a device information, (iii) a time stamp of implementation, and (iv) a status associated with said plurality of certificates;
    creating a policy for (i) said plurality of certificates, and (ii) a certificate authority (CA), wherein said policy specifies (a) usage of said plurality of certificates, and (b) practices that said certificate authority (CA) employs to manage said plurality of certificates;
    performing compliance check for said plurality of certificates based on said policy;
    WO 2018/029508
    PCT/IB2016/054784 generating a compliance report about at least one of said certificates, wherein said compliance report comprises (i) validity of said plurality of certificates, (ii) expiration status of said plurality of certificates, and (iii) expiration dates of said plurality of certificates; and generating an alert that indicates (i) expiration status of said plurality of certificates, and (iii) expiration dates of said plurality of certificates, wherein said plurality of certificates are automatically renewed when said alert indicates said expiration status of said plurality of certificates.
  13. 13. The computer implemented method of claim 12, further comprising displaying a holistic view of said plurality of certificates to perform one or more actions on granular object level, wherein said one or more actions comprises (i) performing validation check on said plurality of certificates, (ii) renewing said plurality of certificates, (iii) revoking said plurality of certificates, or (iv) pushing said plurality of certificates.
  14. 14. The computer implemented method of claim 12, further comprising steps of: creating a new certificate; and validating (a) said new certificate when said new certificate is added to said application centric centralized certificate management system, and (b) said plurality of certificates.
  15. 15. The computer implemented method of claim 12, further comprising steps of: creating a group to categorize said plurality of certificates; and
    WO 2018/029508
    PCT/IB2016/054784
    3 managing authentication details to initiate a secured connection with said certificate
    4 authority to perform one or more actions on said plurality of certificates.
AU2016419031A 2016-08-09 2016-08-09 Application centric centralized certificate management system for managing certificates across data centers Abandoned AU2016419031A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2023202613A AU2023202613A1 (en) 2016-08-09 2023-04-28 Application centric centralized certificate management system for managing certificates across data centers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2016/054784 WO2018029508A1 (en) 2016-08-09 2016-08-09 Application centric centralized certificate management system for managing certificates across data centers

Related Child Applications (1)

Application Number Title Priority Date Filing Date
AU2023202613A Division AU2023202613A1 (en) 2016-08-09 2023-04-28 Application centric centralized certificate management system for managing certificates across data centers

Publications (1)

Publication Number Publication Date
AU2016419031A1 true AU2016419031A1 (en) 2019-02-28

Family

ID=56852305

Family Applications (2)

Application Number Title Priority Date Filing Date
AU2016419031A Abandoned AU2016419031A1 (en) 2016-08-09 2016-08-09 Application centric centralized certificate management system for managing certificates across data centers
AU2023202613A Pending AU2023202613A1 (en) 2016-08-09 2023-04-28 Application centric centralized certificate management system for managing certificates across data centers

Family Applications After (1)

Application Number Title Priority Date Filing Date
AU2023202613A Pending AU2023202613A1 (en) 2016-08-09 2023-04-28 Application centric centralized certificate management system for managing certificates across data centers

Country Status (5)

Country Link
EP (1) EP3497633A1 (en)
AU (2) AU2016419031A1 (en)
SG (1) SG11201901028YA (en)
WO (1) WO2018029508A1 (en)
ZA (1) ZA201900799B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116882636B (en) * 2023-09-05 2024-01-16 苏州浪潮智能科技有限公司 Certificate life cycle management method, device, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7809940B2 (en) * 2005-06-29 2010-10-05 Microsoft Corporation Remote certificate management
US9363246B2 (en) * 2011-12-09 2016-06-07 Alaxala Networks Corporation Certificate distribution device and method for same, and computer program
US9225743B1 (en) * 2012-04-12 2015-12-29 Symantec Corporation Automatic generation of policy from a group of SSL server certificates
US8966260B1 (en) * 2013-01-30 2015-02-24 Palo Alto Networks, Inc. Credentials management in large scale virtual private network deployment
US9344425B2 (en) * 2013-09-25 2016-05-17 Wells Fargo Bank, N.A. Dynamic object creation and certificate management

Also Published As

Publication number Publication date
WO2018029508A1 (en) 2018-02-15
EP3497633A1 (en) 2019-06-19
AU2023202613A1 (en) 2023-05-25
ZA201900799B (en) 2021-03-31
SG11201901028YA (en) 2019-03-28

Similar Documents

Publication Publication Date Title
US9503449B1 (en) Application centric centralized certificate management system for managing certificates across data centers
CN102904927B (en) Distributed computer systems with time-dependent credentials
CN101277189B (en) Method and apparatus for accepting a digital identity of a user based on transitive trust among parties
CN108293045A (en) Single-sign-on Identity Management between local and remote system
US9729411B2 (en) Centralized device management system for monitoring and controlling various application specific network components across data centers
US20100250946A1 (en) Ad hoc distribution
CN114341917A (en) Software defined silicon implementation and management
US8560851B1 (en) Managing digital certificates
US11165666B2 (en) Provisioning persistent, dynamic and secure cloud services
CN103620556A (en) Binding applications to device capabilities
AU2016322817B2 (en) Application provisioning system for requesting configuration updates for application objects across data centers
US9043456B2 (en) Identity data management system for high volume production of product-specific identity data
CN105718785A (en) Authentication-Free Configuration For Service Controllers
AU2016293440B2 (en) Control center system for searching and managing objects across data centers
KR20130114651A (en) Trustworthy device claims as a service
AU2023202613A1 (en) Application centric centralized certificate management system for managing certificates across data centers
US8577761B1 (en) System and method for dynamic offering topologies
JP2014183587A (en) Method and system for intelligent many-to-many service over epp
US9946585B1 (en) System and method for asset module isolation
US9424405B2 (en) Using receipts to control assignments of items of content to users
US10346149B1 (en) System and method for managing asset-side offering modules
US8725610B1 (en) System and method for managing privacy for offerings
US11477038B2 (en) Certificate transfer system and certificate transfer method
Carpenter Microsoft Windows server administration essentials
US9043592B1 (en) Communicating trust models to relying parties

Legal Events

Date Code Title Description
MK5 Application lapsed section 142(2)(e) - patent request and compl. specification not accepted