Method and apparatus for discovering a trust chain imparting a required attribute to a subject
First Claim
1. A method for discovering a trust chain, at least comprising attribute delegations each with an issuer and a subject, that overall imparts a required attribute to a subject and is grounded in a known trusted issuer, the method involving the use of certificates as justification of associated attribute delegations and comprising the steps of:
- a) setting as a primary goal to be proved an attribute delegation from a known trusted issuer to said subject;
b) seeking a backwards proof of said primary goal by a process of recursively taking a goal to be proved, starting with said primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation that is justified by an available certificate and has the same subject as the goal being decomposed, inability to decompose a subgoal that has not been proved causing the process to backtrack to a previous subgoal to seek a new decomposition of the latter;
c) determining that a trust chain has been found upon the process of step (b) producing a chain of subgoals proved by corresponding certificates, that grounds in a subgoal justified by ajusfified attribute delegation that has as issuer the said known trusted issuer included in said primary goal.
9 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for discovering a trust chain that imparts a required attribute to a subject and is grounded in a trusted principal that is the issuer of a known trusted attribute delegation. The method involves setting as a primary goal to be proved an attribute delegation from a trusted principal to the subj ect and then seeking a backwards proof of the primary goal by a process of recursively taking a goal to be proved, starting with the primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation already proved by an available certificate. If it is not possible to decompose a subgoal that has not been proved, the process backtracks to a previous subgoal to seek a new decomposition of the latter. A trust chain is taken as found when the process produces a chain of subgoals proved by corresponding certificates, that grounds in a subgoal proved by a trusted attribute delegation. Name mappings are also permitted.
-
Citations
12 Claims
-
1. A method for discovering a trust chain, at least comprising attribute delegations each with an issuer and a subject, that overall imparts a required attribute to a subject and is grounded in a known trusted issuer, the method involving the use of certificates as justification of associated attribute delegations and comprising the steps of:
-
a) setting as a primary goal to be proved an attribute delegation from a known trusted issuer to said subject;
b) seeking a backwards proof of said primary goal by a process of recursively taking a goal to be proved, starting with said primary goal, and decomposing it into subgoals one of which corresponds to an attribute delegation that is justified by an available certificate and has the same subject as the goal being decomposed, inability to decompose a subgoal that has not been proved causing the process to backtrack to a previous subgoal to seek a new decomposition of the latter;
c) determining that a trust chain has been found upon the process of step (b) producing a chain of subgoals proved by corresponding certificates, that grounds in a subgoal justified by ajusfified attribute delegation that has as issuer the said known trusted issuer included in said primary goal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12)
-
-
9. A method according to any one ofthe preceding claims, wherein an attribute-delegation certificate used to prove a said subgoal has a subject-directed condition associated with it requiring that a specified subject must have a particular attribute in order for the delegation to be valid, step (b) involving making this condition a further subgoal to be proved for the current chain being followed.
Specification