Records Access and Management
US-2024419838-A1 · Dec 19, 2024 · US
Securing delegated remote management with digital signature
US9940480B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9940480-B2 |
| Application number | US-201615053820-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 25, 2016 |
| Priority date | Feb 25, 2016 |
| Publication date | Apr 10, 2018 |
| Grant date | Apr 10, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method of executing a script includes receiving, by a service user account module, a user script from a first user account. The method includes issuing, by a management system, execution data including the user script and validation parameters. The method includes signing, by the management system, the execution data with a private key. Responsive to signing the execution data, the execution data further includes a digital signature. The method further includes authorizing, by the management system, communication to a remote execution tool, where authorization requires the digital signature. The method further includes sending, to the remote execution tool, the execution data including the digital signature. The method further includes confirming, by the remote execution tool, the validation parameters. The method further includes, responsive to confirming the validation parameters, executing, by the remote execution tool, the user script on a remote system for the first user account.
First claim
Opening claim text (preview).
The invention is claimed as follows: 1. A method of executing a script, the method comprising: receiving, by a service user account module, a user script from a first user account; issuing, by a management system, execution data, wherein the execution data includes: the user script; and a plurality of validation parameters; signing, by the management system, the execution data with a private key, such that responsive to signing the execution data, the execution data further includes a digital signature; authorizing, by the management system, communication to a remote execution tool, wherein authorization requires the digital signature; sending, to the remote execution tool, the execution data including the digital signature; confirming, by the remote execution tool, the plurality of validation parameters; and responsive to confirming the plurality of validation parameters, executing, by the remote execution tool, the user script on a remote system for the first user account. 2. The method of claim 1 , wherein the plurality of validation parameters include a user identity and a time period. 3. The method of claim 2 , wherein confirming the plurality of validation parameters includes: confirming that the user identity matches the first user account; and confirming that the time period has not expired. 4. The method of claim 1 , further comprising switching, by a delegation tool, the first user account with a second user account, such that the user script is executed, by the remote execution tool, by the second user account. 5. The method of claim 4 , wherein the delegation tool is a sudo program. 6. The method of claim 1 , wherein execution of the user script, by the remote execution tool, occurs immediately upon confirmation of the plurality of validation parameters. 7. The method of claim 1 , wherein execution of the user script, by the remote execution tool, occurs at a later time after confirmation of the plurality of validation parameters. 8. The method of claim 1 , wherein the user script is verified with a public key, by the management system, before the management system issues execution data. 9. The method of claim 8 , wherein public key verification is pre-configured on the management system. 10. The method of claim 1 , wherein the private key is pre-configured. 11. The method of claim 1 , wherein the private key resides on a third party computer, such that signing the execution data further comprises: sending, from the management system to the third party computer, the execution data; receiving, at the third party computer, the execution data; signing, by the third party computer, the execution data with the private key, such that the execution data further includes the digital signature; and sending, to the management system from the third party computer, the execution data. 12. The method of claim 1 , wherein the execution data is symmetrically encrypted with a pre-shared key. 13. The method of claim 1 , wherein the user script contains sensitive data. 14. The method of claim 13 , wherein signing, by the management system, the execution data includes encrypting the user script, such that the user script is decrypted by the remote execution tool. 15. A system of script execution, the system comprising: a memory; one or more processors, in communication with the memory; a plurality of user accounts, including at least a service user account and a real user account, in communication with the one or more processors; a remote system, in communication with the one or more processors; a remote execution tool, configured to execute on the one or more processors; and a management system, including a service user account module, configured to execute on the one or more processors, to: receive, by the service user account module, a user script from the service user account; issue execution data, wherein the execution data includes: the user script; and a plurality of validation parameters; sign the execution data with a private key, such that responsive to signing the execution data, the execution data further includes a digital signature; authorize communication to the remote execution tool, wherein authorization requires the digital signature; and send, to the remote execution tool, the execution data including the digital signature; wherein the remote execution tool: confirms the plurality of validation parameters; and responsive to confirming the plurality of validation parameters, executes the user script on the remote system as the service user account. 16. The system of claim 15 , wherein the plurality of validation parameters include a user identity and a time period. 17. The system of claim 16 , wherein confirming the plurality of validation parameters includes: confirming that the user identity matches the service user account; and confirming that the time period has not expired. 18. The system of claim 15 , wherein the remote system includes a delegation tool, which is configured to switch the service user account with the real user account, such that the user script is executed, by the remote execution tool, as the real user account. 19. The system of claim 18 , wherein the delegation tool is a sudo program. 20. A computer-readable non-transitory storage medium comprising executable instructions that, when executed, are configured to cause a management system to: receive, by a service user account module, a user script from a service user account; issue execution data, wherein the execution data includes: the user script; and a plurality of validation parameters; sign the execution data with a private key, such that responsive to signing the execution data, the execution data further includes a digital signature; authorize communication to a remote execution tool, wherein authorization requires the digital signature; and send, to the remote execution tool, the execution data including the digital signature; wherein the remote execution tool: confirms the plurality of validation parameters; and responsive to confirming the plurality of validation parameters, executes the user script on the remote system as the service user account.
Assignees
Inventors
Classifications
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9940480B2 cover?
- A system and method of executing a script includes receiving, by a service user account module, a user script from a first user account. The method includes issuing, by a management system, execution data including the user script and validation parameters. The method includes signing, by the management system, the execution data with a private key. Responsive to signing the execution data, the…
- Who is the assignee on this patent?
- Red Hat Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 10 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).