Trust ratings in group credentials

US 20020144149A1
Filed: 04/03/2001
Published: 10/03/2002
Est. Priority Date: 04/03/2001
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating a set of credentials comprising at least one group credential comprising:

ascertaining at least one first trust rating within at least one of said credentials within said set of credentials including said group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;

determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and

providing a signal in the event said second trust rating satisfies predetermined criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for evaluating a set of credentials that includes at least one group credential and that may include one or more additional credentials. A trust rating is provided in association with the at least one group credential within the set of credentials and trust ratings may also be provided in other credentials within the set of credentials. Each trust rating provides an indication of the level of confidence in the information being certified in the respective credential. In response to a request for access to a resource or service, an evaluation of the group credentials is performed by an access control program to determine whether access to the requested resource or service should be provided. In one embodiment, within any given certification path a composite trust rating for the respective path is determined. An overall trust rating for the set of credentials is determined based upon the composite trust ratings. Upon a determination that a user requesting access to a resource has an acceptable set of credentials and a satisfactory trust rating, access to the requested resource or service is granted to the user.

Citations

22 Claims

1. A method for evaluating a set of credentials comprising at least one group credential comprising:
- ascertaining at least one first trust rating within at least one of said credentials within said set of credentials including said group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  providing a signal in the event said second trust rating satisfies predetermined criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein said providing step includes the step of comparing said second trust rating to a predetermined trust rating threshold and wherein said predetermined criteria comprises said predetermined trust rating threshold.
  - 3. The method of claim 1 wherein said determining step comprises the step of assigning said second trust rating equal to the lowest trust rating among the first trust ratings of the respective credentials within a single certification path.
  - 4. The method of claim 1 further including, in the event said set of credentials forms a plurality of certification paths having at least one credential in each of said paths, the steps of:
    - determining for each of said plurality of certification paths a third trust rating equal to the lowest trust rating in the credentials of the respective certification path; and
      
      assigning said second trust rating equal to the highest trust rating of said third trust ratings.
  - 5. The method of claim 4 wherein said providing step includes the step of comparing said second trust rating to said predetermined criteria.
  - 6. The method of claim 1 wherein said signal comprises an indication that access to a resource should be granted.
  - 7. The method of claim 6 further including the step of granting access to said resource in response to said indication.
  - 8. The method of claim 7 wherein said resource comprises a file on a file server.
  - 9. The method of claim 7 wherein said resource comprises a web page.
  - 10. The method of claim 7 wherein said resource comprises a secure area.
  - 11. The method of claim 7 wherein said resource comprises a database.
  - 12. The method of claim 3 wherein said ascertaining step further includes the step of obtaining an identity credential trust rating associated with an identity credential within said certification path.
  - 14. The system of claim 13 wherein said access control program further includes program code for comparing said second trust rating to a predetermined trust rating threshold and wherein said predetermined criteria comprises said predetermined trust rating threshold.
  - 15. The system of claim 13 wherein said program code for determining said second trust rating includes program code for assigning said second trust rating as the lowest trust rating among the respective credentials within a single certification path.
  - 16. The system of claim 13 wherein said access control program further includes program code operative in the event said set of credentials forms plural certification paths for:
    - determining for each of said plural certification paths a third trust rating equal to the lowest trust rating in the credentials within the respective certification path; and
      
      assigning said second trust rating equal to the highest trust rating of said third trust ratings.
  - 17. The system of claim 13 wherein said signal comprises an indication that access to a resource should be granted.

13. A system for evaluating a set of credentials including at least one group credential comprising;
- a memory containing an access control program; and
  
  a processor operative to execute said access control program;
  
  said access control program comprising;
  
  program code for ascertaining at least one first trust rating within at least one of said credentials within said set of credentials including said group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  program code for determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  program code for providing a signal in the event said second trust rating satisfies predetermined criteria.

18. A computer program product including a computer readable medium, said computer readable medium having an access control program stored thereon, said access control program for execution on a processor and comprising:
- program code for ascertaining at least one first trust rating within at least one credential within a set of credentials including group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  program code for determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  program code for providing a signal in the event said second trust rating satisfies predetermined criteria.

19. A computer data signal, said computer data signal including a computer program for use in evaluating a set of credentials, said computer program comprising:
- program code for ascertaining at least one first trust rating within at least one credential within said set of credentials, wherein said set of credentials includes a group credential and wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  program code for determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  program code for providing a signal in the event said second trust rating satisfies predetermined criteria.

20. A system for evaluating a set of credentials including at least one group credential comprising;
- means for storing an access control program; and
  
  means for executing said access control program out of said storing means, said access control program including;
  
  program code for ascertaining at least one first trust rating within at least one of said credentials within said set of credentials including said group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  program code for determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  program code for providing a signal in the event said second trust rating satisfies predetermined criteria.

21. A method for evaluating a set of credentials comprising at least one group credential comprising:
- ascertaining at least one first trust rating within at least one of said credentials within said set of credentials including said group credential, wherein each of said first trust ratings is associated with a level of confidence in information being certified within the respective credential;
  
  determining a second trust rating for said set of credentials based, at least in part, upon an analysis of said at least one first trust rating; and
  
  storing said second trust rating for subsequent use.
- View Dependent Claims (22)
- - 22. The method of claim 21 further including the step of inserting said second trust rating stored in said storing step in another group credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Mullan, Sean J., Perlman, Radia J., Hanna, Stephen R., Anderson, Anne H., Elley, Yassir K.

Granted Patent

US 7,085,925 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 9/3263 involving certificates, e.g...

Trust ratings in group credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Trust ratings in group credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links