INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

US 20020002684A1
Filed: 05/01/1998
Published: 01/03/2002
Est. Priority Date: 05/01/1998
Status: Active Grant

First Claim

Patent Images

1. In a computer system, a method of making a decision on a proposed action of an system component, comprising the steps of, receiving action information from an system component, the information including the proposed action, obtaining a policy corresponding to the proposed action, dynamically obtaining variable information at the policy from a source independent of the system component, making a decision via executable code in the policy based on the variable information, and returning the decision to the system component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.

141 Citations

33 Claims

1. In a computer system, a method of making a decision on a proposed action of an system component, comprising the steps of, receiving action information from an system component, the information including the proposed action, obtaining a policy corresponding to the proposed action, dynamically obtaining variable information at the policy from a source independent of the system component, making a decision via executable code in the policy based on the variable information, and returning the decision to the system component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 wherein the action information includes at least one argument related thereto, and further comprising the step of passing the at least one argument to the policy.
  - 3. The method of claim 2 wherein the step of making a decision via executable code in the policy includes the step of evaluating the at least one argument.
  - 4. The method of claim 1 wherein the system component is an application.
  - 5. The method of claim 1 wherein the step of dynamically obtaining variable information at the policy includes the step of accessing state information maintained in the policy.
  - 6. The method of claim 1 wherein the step of dynamically obtaining variable information at the policy includes the step of receiving the variable information via a user interface of the policy.
  - 7. The method of claim 1 wherein the step of dynamically obtaining variable information at the policy includes the step of receiving the variable information from a URL site.
  - 8. The method of claim 1 wherein the step of obtaining a policy corresponding to the proposed action includes the steps of determining a policy object based on an action identifier, and instantiating the policy object.
  - 9. The method of claim 1 further comprising the step of passing context information to the policy.
  - 10. The method of claim 1 wherein the step of dynamically obtaining variable information at the policy comprises the step of receiving context information.
  - 11. The method of claim 1 wherein the policy comprises a COM object.
  - 12. The method of claim 1 wherein the step of making a decision via executable code in the policy includes the step of calling at least one other policy.
  - 13. The method of claim 1 wherein the step of making a decision via executable code in the policy includes the step of calling at least two other policies, receiving a decision from each of the other policies, and mathematically combining the decisions to produce a final decision.
  - 14. The method of claim 13 wherein the step of mathematically combining the decisions to produce a final decision includes the step of adding like decisions into a sum and basing the final decision on the sum.
  - 15. The method of claim 13 wherein a decision returned by at least one of the policies is of unequal weight with respect to a decision returned by at least one other of the policies.
  - 16. The method of claim 1 wherein the step of making a decision via executable code in the policy includes the step determining which one of a plurality of other policies to call based on the variable information, and receiving a decision therefrom.
  - 17. The method of claim 1 wherein the step of receiving a first set of action information from an system component includes the step of exposing a COM object interface to the system component.
  - 18. The method of claim 1 further comprising the step of registering a plurality of policies.
  - 19. The method of claim 1 further comprising the steps of verifying a policy in accordance with another policy, and registering the policy.
  - 20. The method of claim 19 wherein the step of verifying the policy includes the step of verifying a digital signature associated with the policy.
  - 21. The method of claim 1 wherein the step of obtaining the policy corresponding to the proposed action includes the step of verifying the policy.
  - 22. The method of claim 21 wherein the step of verifying the policy includes the step of verifying a digital signature.

23. In a computer system, a system for making a decision requested by an system component, comprising, a trust manager for receiving an action proposed by the system component, a policy manager for maintaining a relationship between actions and policies, the trust manager obtaining a policy corresponding to the action from the policy manager, and wherein the policy makes a decision based on dynamic information obtained by the policy.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system of claim 23 wherein the system component is an application.
  - 25. The system of claim 23 further comprising a user interface via which the policy obtains the dynamic information.
  - 26. The system of claim 23 wherein the dynamic information comprises state information maintained by the policy.
  - 27. The system of claim 23 wherein the dynamic information comprises context information from the trust manager.
  - 28. The system of claim 23 wherein the policy manager includes an administrator interface.
  - 29. The system of claim 23 wherein the policy comprises a COM object.
  - 30. The system of claim 29 wherein the COM object includes an administrator interface.
  - 31. The system of claim 23 further comprising a plurality of other policies wherein the policy includes executable code for calling at least one other policy.
  - 32. The system of claim 23 further comprising a plurality of other policies wherein the policy includes executable code for calling a plurality of other policies and for mathematically combining decisions of the other to produce a final decision.
  - 33. The system of claim 32 further comprising a plurality of other policies wherein the policy includes executable code for determining which one of a plurality of other policies to call to receive a decision therefrom.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
FOX, BARBARA L., LAMACCHIA, BRIAN A.

Granted Patent

US 6,965,999 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/52   during program execution, e...

G06F 21/604   Tools and structures for ma...

G06Q 40/00   Finance; Insurance; Tax str...

INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links