Methods preserving user identities during login and related systems, devices, and machines
US-9369450-B1 · Jun 14, 2016 · US
Trust relationships in a computerized system
US9602478B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9602478-B2 |
| Application number | US-201615072669-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 17, 2016 |
| Priority date | Jul 8, 2013 |
| Publication date | Mar 21, 2017 |
| Grant date | Mar 21, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for providing identity information associated with an originating network host adapted to use a security protocol for communications, the method comprising communicating said identity information in an environment variable parameter of the security protocol. 2. The method according to claim 1 , comprising sending by a security protocol client of a computer providing the originating network host said identity information in the environment variable parameter of the security protocol. 3. The method according to claim 1 , comprising causing configuration of a security protocol client of a computer providing the originating network host to send said identity information in the environment variable parameter of the security protocol. 4. The method according to claim 1 , comprising receiving the environment variable parameter of the security protocol containing the identity information at a server from the originating network host. 5. The method according to claim 4 , comprising including, by the server, the received identity information in log information. 6. The method according to claim 5 , comprising causing configuration of the server to obtain identity information from received environment variable parameters and to include the obtained identity information in log information. 7. The method according to claim 1 , wherein the identity information comprises at least one of an identity of a user of the originating network host, a login identity, a unique identifier associated with the originating network host, an address associated with the originating network host, and a random identifier. 8. The method according to claim 1 , wherein the identity information is included in the environmental variable parameter of the security protocol to enable traversing of at least one network address translator device and/or for auditing purposes. 9. The method according to claim 1 , wherein the identity information is included in the environmental variable parameter of the security protocol in a wrapper script adapted to be executed when a user attempts to open a client running the security protocol. 10. The method according to claim 1 , wherein the environmental variable parameter comprises a local user environmental variable according to the Secure Shell (SSH) security protocol, the method comprising setting SSH configuration files such that SendEnv and AcceptEnv configuration variables denote a user. 11. A method for communicating identity information associated with an originating network host, the identity information being obtained from an environment variable parameter of a security protocol the originating network host is adapted to use for communications, the method comprising communicating log information comprising said identity information obtained from the environment variable parameter of the security protocol. 12. The method according to claim 11 , the method comprising receiving the environment variable parameter containing the identity information at a server from the originating network host, and wherein the communicating comprises sending said log information by the server to a computer device. 13. The method according to claim 11 , wherein the communicating comprises receiving said log information by a computer device, and parsing by the computer device the identity information from the log information. 14. The method according to claim 13 , wherein the identity information comprises an identity of a first user of an originating network host, the method comprising determining that the identity associates with an originating user of a login event. 15. An apparatus comprising at least one processor, and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to communicate identity information associated with an originating network host adapted to use a security protocol for communications in an environment variable parameter of the security protocol. 16. The apparatus according to claim 15 , comprising one of data processing apparatus providing the originating network host and comprising a security protocol client, and a server configured to receive the environment variable parameter from the originating network host. 17. The apparatus according to claim 15 , comprising a server configured to include the identity information received by the server in the environment variable parameter of the security protocol in log information. 18. The apparatus according to claim 15 , configured to include the identity information in the environmental variable parameter of the security protocol to enable traversing of at least one network address translator device and/or for auditing purposes. 19. The apparatus according to claim 15 , configured to include the identity information in the environmental variable parameter of the security protocol in a wrapper script adapted to be executed when a user attempts to open a client running the security protocol. 20. An apparatus comprising at least one processor, and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to communicate log information comprising identity information obtained from an environment variable parameter of a security protocol, wherein said identity information associates with an originating network host and is obtained from an environment variable parameter of a security protocol the originating network host is adapted to use for communications. 21. The apparatus according to claim 20 , comprising a server configured to receive the environment variable parameter containing the identity information from the originating network host and to send said log information by the server to another computer device. 22. The apparatus according to claim 21 , wherein the identity information comprises an identity of a first user of the originating network host and the log information is sent for use determining that the identity associates with an originating user of a login event.
Assignees
Inventors
Classifications
- H04L63/105Primary
Multiple levels of security · CPC title
Architectural arrangements, e.g. perimeter networks or demilitarized zones · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
involving long-term monitoring or reporting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9602478B2 cover?
- Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second…
- Who is the assignee on this patent?
- Ssh Communications Security Oyj
- What technology area does this patent fall under?
- Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).