GB2599331B - Distribution of security credentials - Google Patents

Distribution of security credentials Download PDF

Info

Publication number
GB2599331B
GB2599331B GB2200390.9A GB202200390A GB2599331B GB 2599331 B GB2599331 B GB 2599331B GB 202200390 A GB202200390 A GB 202200390A GB 2599331 B GB2599331 B GB 2599331B
Authority
GB
United Kingdom
Prior art keywords
distribution
security credentials
credentials
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB2200390.9A
Other languages
English (en)
Other versions
GB2599331A (en
Inventor
Sabath Mariusz
Jun Brandon Lum Jia
Steinder Malgorzata
Pittner Daniel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB2599331A publication Critical patent/GB2599331A/en
Application granted granted Critical
Publication of GB2599331B publication Critical patent/GB2599331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
GB2200390.9A 2019-06-27 2020-06-24 Distribution of security credentials Active GB2599331B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/455,168 US11652631B2 (en) 2019-06-27 2019-06-27 Distribution of security credentials
PCT/IB2020/055961 WO2020261134A1 (en) 2019-06-27 2020-06-24 Distribution of security credentials

Publications (2)

Publication Number Publication Date
GB2599331A GB2599331A (en) 2022-03-30
GB2599331B true GB2599331B (en) 2022-11-23

Family

ID=74043344

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2200390.9A Active GB2599331B (en) 2019-06-27 2020-06-24 Distribution of security credentials

Country Status (6)

Country Link
US (1) US11652631B2 (enExample)
JP (1) JP7549418B2 (enExample)
CN (1) CN113811873B (enExample)
DE (1) DE112020002343B4 (enExample)
GB (1) GB2599331B (enExample)
WO (1) WO2020261134A1 (enExample)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11689537B2 (en) * 2020-10-21 2023-06-27 Okta, Inc. Providing flexible service access using identity provider
US11822672B1 (en) * 2021-02-04 2023-11-21 Cisco Technology, Inc. Systems and methods for scanning images for vulnerabilities
US11528140B2 (en) 2021-02-09 2022-12-13 International Business Machines Corporation Compromised access token invalidation in a singleton process
US11989282B2 (en) * 2021-09-10 2024-05-21 International Business Machines Corporation Open-source container data management
US12141263B2 (en) * 2022-06-06 2024-11-12 Dell Products, L.P. Workspace root-of-trust
GB2628571A (en) 2023-03-29 2024-10-02 Ibm Enabling a securing of cryptographic operations
US20250240293A1 (en) * 2024-01-19 2025-07-24 Dell Products L.P. Multi-tenant secrets manager

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7275155B1 (en) * 2000-09-01 2007-09-25 Northrop Grumman Corporation Chain of trust processing
US20120174198A1 (en) * 2010-12-30 2012-07-05 Verisign, Inc. Shared Registration Multi-Factor Authentication Tokens
CN106452764A (zh) * 2016-12-02 2017-02-22 武汉理工大学 一种标识私钥自动更新的方法及密码系统
US20180101850A1 (en) * 2016-10-12 2018-04-12 Microsoft Technology Licensing, Llc User and device authentication for web applications
US20190140836A1 (en) * 2017-11-03 2019-05-09 Microsoft Technology Licensing, Llc Provisioning trusted execution environment based on chain of trust including platform

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827602B2 (en) 2003-06-30 2010-11-02 At&T Intellectual Property I, L.P. Network firewall host application identification and authentication
JP4559868B2 (ja) 2005-01-24 2010-10-13 日本放送協会 セキュリティモジュール、コンテンツ受信装置、契約情報生成装置及び契約情報検証装置、並びに、契約情報検証方法
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
JP4885683B2 (ja) 2006-10-24 2012-02-29 三菱電機株式会社 認証装置、認証装置の認証方法および認証装置の認証プログラム
US8402519B2 (en) 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US20110126197A1 (en) * 2009-11-25 2011-05-26 Novell, Inc. System and method for controlling cloud and virtualized data centers in an intelligent workload management system
KR101702618B1 (ko) 2010-07-09 2017-02-03 삼성전자주식회사 어플리케이션 관련 관리 객체를 제공하는 장치 및 방법
US8839363B2 (en) * 2011-04-18 2014-09-16 Bank Of America Corporation Trusted hardware for attesting to authenticity in a cloud environment
DE102011077218B4 (de) 2011-06-08 2023-12-14 Servicenow, Inc. Zugriff auf in einer Cloud gespeicherte Daten
US8850515B2 (en) * 2011-08-15 2014-09-30 Bank Of America Corporation Method and apparatus for subject recognition session validation
JP6044299B2 (ja) 2012-11-26 2016-12-14 富士通株式会社 データ参照システムおよびアプリケーション認証方法
EP3047626B1 (en) 2013-09-20 2017-10-25 Oracle International Corporation Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
US20150281225A1 (en) 2014-03-27 2015-10-01 Microsoft Corporation Techniques to operate a service with machine generated authentication tokens
JP2015201030A (ja) 2014-04-08 2015-11-12 富士通株式会社 端末装置、情報管理サーバ、端末プログラム、情報管理プログラム、及びシステム
CA2945199A1 (en) 2014-05-07 2015-11-12 Visa International Service Association Enhanced data interface for contactless communications
KR101605967B1 (ko) 2014-10-08 2016-03-24 한국과학기술원 어플리케이션 특성을 반영하여 트랜잭션을 관리하는 서비스 방법 및 시스템
US9692699B2 (en) 2014-10-30 2017-06-27 Intel Corporation Apparatus, system and method of protecting a service identifier
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
US10263898B2 (en) * 2016-07-20 2019-04-16 Cisco Technology, Inc. System and method for implementing universal cloud classification (UCC) as a service (UCCaaS)
US10375073B2 (en) 2016-08-29 2019-08-06 International Business Machines Corporation Configuration based client for OAuth authorization with arbitrary services and applications
US10348718B2 (en) * 2016-09-14 2019-07-09 Oracle International Corporation Sharing credentials and other secret data in collaborative environment in a secure manner
JP2018081643A (ja) 2016-11-18 2018-05-24 キヤノン株式会社 認可サーバーおよびその制御方法、プログラム、並びに権限委譲システム
US10673981B2 (en) * 2017-06-09 2020-06-02 Nutanix, Inc. Workload rebalancing in heterogeneous resource environments
US20180367528A1 (en) * 2017-06-12 2018-12-20 Cyberark Software Ltd. Seamless Provision of Authentication Credential Data to Cloud-Based Assets on Demand
US11019073B2 (en) * 2017-07-23 2021-05-25 AtScale, Inc. Application-agnostic resource access control
US10554525B2 (en) 2017-11-28 2020-02-04 International Business Machines Corporation Tracking usage of computing resources
US11438168B2 (en) * 2018-04-05 2022-09-06 T-Mobile Usa, Inc. Authentication token request with referred application instance public key
US10673840B2 (en) * 2018-05-10 2020-06-02 Jayant Shukla Cloud-based identity management and authentication system for containers and applications
US11379263B2 (en) * 2018-08-13 2022-07-05 Ares Technologies, Inc. Systems, devices, and methods for selecting a distributed framework
US10785122B2 (en) * 2018-10-05 2020-09-22 Cisco Technology, Inc. Canary release validation mechanisms for a containerized application or service mesh
US11425111B2 (en) * 2018-11-14 2022-08-23 Intel Corporation Attestation token sharing in edge computing environments
US11128482B2 (en) * 2019-04-19 2021-09-21 Microsoft Technology Licensing, Llc Metering cloud workloads at edge computing devices
US11575563B2 (en) * 2019-05-31 2023-02-07 Varmour Networks, Inc. Cloud security management
US11310284B2 (en) * 2019-05-31 2022-04-19 Varmour Networks, Inc. Validation of cloud security policies
US11290493B2 (en) * 2019-05-31 2022-03-29 Varmour Networks, Inc. Template-driven intent-based security

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7275155B1 (en) * 2000-09-01 2007-09-25 Northrop Grumman Corporation Chain of trust processing
US20120174198A1 (en) * 2010-12-30 2012-07-05 Verisign, Inc. Shared Registration Multi-Factor Authentication Tokens
US20180101850A1 (en) * 2016-10-12 2018-04-12 Microsoft Technology Licensing, Llc User and device authentication for web applications
CN106452764A (zh) * 2016-12-02 2017-02-22 武汉理工大学 一种标识私钥自动更新的方法及密码系统
US20190140836A1 (en) * 2017-11-03 2019-05-09 Microsoft Technology Licensing, Llc Provisioning trusted execution environment based on chain of trust including platform

Also Published As

Publication number Publication date
US20200412540A1 (en) 2020-12-31
US11652631B2 (en) 2023-05-16
DE112020002343B4 (de) 2024-12-19
CN113811873A (zh) 2021-12-17
GB2599331A (en) 2022-03-30
DE112020002343T5 (de) 2022-01-27
JP7549418B2 (ja) 2024-09-11
WO2020261134A1 (en) 2020-12-30
JP2022539055A (ja) 2022-09-07
CN113811873B (zh) 2025-03-14

Similar Documents

Publication Publication Date Title
GB2599331B (en) Distribution of security credentials
GB2609828B (en) Network security
IL266252B1 (en) Iot security service
SG11202104780XA (en) Collaborative risk aware authentication
GB2583252B (en) Authentication using delegated identities
GB202009751D0 (en) Methods of secure communication
ZA201706686B (en) Telecommunications distribution elements
IL265518A (en) Management of security vulnerabilities
EP3318043A4 (en) Mutual authentication of confidential communication
GB201609420D0 (en) Secure communications
EP3374852A4 (en) Authorized areas of authentication
GB201913273D0 (en) Security credentials
GB201811807D0 (en) Encryption system
EP3570517C0 (en) AUTHENTICATION TECHNIQUE USING EMERGENCY REFERENCES
GB2581458B (en) Authentication of users at multiple terminals
IL274013A (en) Verification for digital painting
GB2584120B (en) Network security
SG10201602187WA (en) Usage Based Authentication System
SG11202003080QA (en) Authentication of goods
GB201802776D0 (en) fatener locking
GB2601449B (en) Key-compressible encryption
GB201903561D0 (en) Distributed authentication
GB201715880D0 (en) Authentication system
GB201700649D0 (en) Improved authentication
GB201416282D0 (en) Authentication of communications

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20221223