Apparatus for distributed access control

US 20030229792A1
Filed: 03/21/2003
Published: 12/11/2003
Est. Priority Date: 03/22/2002
Status: Abandoned Application

First Claim

Patent Images

1. Computer apparatus for accessing by a user an electronic service provided by a remote service provider comprising a receiver for receiving an authorisation policy, wherein the authorisation policy defines access requirements to the electronic service;

and a trusted device for determining the users authorisation to access the electronic service based upon the authorisation policy and at least one attribute associated with the user, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer apparatus for accessing by a user an electronic service provided by a remote service provider comprising a receiver for receiving an authorisation policy, wherein the authorisation policy defines access requirements to the electronic service; and a trusted device for determining the users authorisation to access the electronic service based upon the authorisation policy and at least one attribute associated with the user, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.

50 Citations

View as Search Results

30 Claims

1. Computer apparatus for accessing by a user an electronic service provided by a remote service provider comprising a receiver for receiving an authorisation policy, wherein the authorisation policy defines access requirements to the electronic service;
- and a trusted device for determining the users authorisation to access the electronic service based upon the authorisation policy and at least one attribute associated with the user, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. Computer apparatus according to claim 1, wherein the trusted device is arranged to inhibit the remote service provider accessing the at least one attribute associated with the user.
  - 3. Computer apparatus according to claim 1, wherein the trusted device is tamper resistant.
  - 4. Computer apparatus according to claim 1, wherein the trusted device is arranged to produce a certified record of the users authorisation for the service.
  - 5. Computer apparatus according to claim 4, further comprising a transmitter for providing the certified record to the remote service provider.
  - 6. Computer apparatus according to claim 5, further comprising means for transmitting the certified record in a secure manner.
  - 7. Computer apparatus according to claim 1, wherein the trusted device is arranged to produce an audit of the authorisation polices used.

8. Distributed access control system comprising a first computer node associated with a service provider, a second computer node associated with a user, and a trusted device associated with the second computer node for determining the users authorisation to access an electronic service of the service provider based upon an authorisation policy received from the first computer node and a user attribute associated with the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. Distributed access control system according to claim 8, wherein the second computer node incorporates the trusted device.
  - 10. Distributed access control system according to claim 8, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.
  - 11. Distributed access control system according to claim 8, wherein the trusted device is arranged to inhibit the first computer node accessing the user attribute.
  - 12. Distributed access control system according to claim 8, wherein the trusted device is tamper resistant.
  - 13. Distributed access control system according to claim 8, wherein the trusted device is arranged to produce a certified record of the users authorisation for the service.
  - 14. Distributed access control system according to claim 13, further comprising a transmitter for providing the certified record to the first computer node.
  - 15. Distributed access control system according to claim 14, wherein the certified record can be decomposed by the first computer node into a plurality of certificate records for transmitting to other electronic service providers.
  - 16. Distributed access control system according to claim 13, wherein a plurality of certified records can be combined by the second computer node.
  - 17. Distributed access control system according to claim 8, wherein the trusted device is arranged to produce an audit of the authorisation polices used.
  - 18. Distributed access control system according to claim 8, wherein the first computer node has an associated trusted device.
  - 19. Distributed access control system according to claim 18, wherein the trusted device associated with the first computer node and the trusted device associated with the second computer node are arranged to allow the trusted devices to communicate in a peer to peer relationship.

20. Distributed access control system comprising a first computer node associated with a service provider, a second computer node associated with a user, wherein the second computer node includes a trusted device for determining the users authorisation to access an electronic service of the service provider based upon an authorisation policy received from the first computer node and a user attribute associated with the user.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. Distributed access control system according to claim 20, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.
  - 22. Distributed access control system according to claim 20, wherein the trusted device is arranged to inhibit the first computer node accessing the user attribute.
  - 23. Distributed access control system according to claim 20, wherein the trusted device is tamper resistant.
  - 24. Distributed access control system according to claim 20, wherein the trusted device is arranged to produce a certified record of the users authorisation for the service.
  - 25. Distributed access control system according to claim 24, further comprising a transmitter for providing the certified record to the first computer node.
  - 26. Distributed access control system according to claim 25, wherein the certified record can be decomposed by the first computer node into a plurality of certificate records for transmitting to other electronic service providers.
  - 27. Distributed access control system according to claim 24, wherein a plurality of certified records can be combined by the second computer node.
  - 28. Distributed access control system according to claim 20, wherein the trusted device is arranged to produce an audit of the authorisation polices used.
  - 29. Distributed access control system according to claim 20, wherein the first computer node includes a trusted device.
  - 30. Distributed access control system according to claim 29, wherein the trusted device included with the first computer node and the trusted device included with the second computer node are arranged to allow the trusted devices to communicate in a peer to peer relationship.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Pato, Joseph N., Mont, Marco Casassa, Baldwin, Adrian

Application Number

US10/394,396
Publication Number

US 20030229792A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/33 using certificates

Apparatus for distributed access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus for distributed access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links