Trust management

US 20040187031A1
Filed: 01/16/2004
Published: 09/23/2004
Est. Priority Date: 07/17/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for facilitating interactions via communications networks between computer systems of entities, wherein each entity belongs to a respective one of a plurality of different trust domains, the method comprising the steps of:

creating a trust community which encompasses the trust domains;

allowing each entity in the community to define its own entity rules; and

using a central body to enforce the entity rules of each entity within the community.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for facilitating interactions via communications networks between computer systems of entities (A, B), wherein each entity belongs to a respective one of a plurality of different trust domains (TD1, TD2). The method comprises the steps of creating a trust community which encompasses the trust domains, allowing each entity in the community to define its own trust and security policy rules, and using a central body to enforce the entity rules of each entity within the community.

Citations

40 Claims

1. A method for facilitating interactions via communications networks between computer systems of entities, wherein each entity belongs to a respective one of a plurality of different trust domains, the method comprising the steps of:
- creating a trust community which encompasses the trust domains;
  
  allowing each entity in the community to define its own entity rules; and
  
  using a central body to enforce the entity rules of each entity within the community.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 29, 31, 32, 33)
- - 2. A method according to claim 1 wherein the entity rules comprise security policy rules and/or trust rules.
  - 3. A method according to claim 1 or claim 2 wherein a trust broker creates the trust community and acts as the central body to enforce the entity rules.
  - 4. A method according to any one of claims 1 to 3 comprising the step of using at least one computer system for:
    - receiving information concerning trust and/or security policy within each trust domain;
      
      receiving, from entities within the community, requests for a decision on the allowability of an activity;
      
      making decisions on allowability based on received information concerning trust and/or security policy; and
      
      outputting decisions to requesting entities.
  - 5. A method according to claim 4 comprising the step of receiving and/or collecting and subsequently processing information concerning the context of requests for decisions from entities.
  - 6. A method according to claim 4 or claim 5 comprising the step of storing entity rules at a computer system of the central body and/or at a location accessible to a computer system of the central body and making decisions at the central body using the stored rules in response to requests for decisions from entities.
  - 7. A method according to claim 5 comprising the step of storing entity rules at a computer system of the central body and/or at a location accessible to a computer system of the central body;
    - deriving contextualised requests for decisions based on a respective decision request received from an entity and information concerning the context of that request; and
      
      making a decision at the central body on the basis of the contextualised request and the stored rules.
  - 8. A method according to any preceding claim in which the trust community has a set of community rules and the method includes the step of using the central body to enforce the community rules in addition to the entity rules of each entity in the community.
  - 9. A method according to claim 6 or 7 comprising the steps of storing community rules in addition to the entity rules and using the community rules in the decision making step.
  - 10. A method according to claim 8 or claim 9 wherein the community rules comprise community security policy rules and community trust rules, the security policy rules may include security management rules and the trust rules may include trust management rules.
  - 11. A method according to any preceding claim wherein each entity belongs to its respective trust domain by virtue of having a digital certificate anchored within the respective domain.
  - 12. A method according to any preceding claim wherein the step of creating a trust community comprises the step cross certifying between the plurality of trust domains.
  - 13. A method according to any preceding claim which is a method of public key infrastructure trust management and security policy enforcement.
  - 14. A method according to any one of claims 1 to 10 wherein each entity belongs to its respective trust domain by virtue of having a security token which is managed and controlled under the policies of the respective trust domain.
  - 15. A method according to claim 14 wherein the step of creating a trust community comprises linking by use of security tokens.
  - 16. A method according to any preceding claim wherein the step of creating a trust community comprises linking by use of security assertions.
  - 18. Apparatus according to claim 16 comprising:
    - a trust community creation module for creating the trust community encompassing said plurality of domains; and
      
      a trust control system for;
      
      a) receiving information concerning trust and/or security policy within each trust domain;
      
      b) receiving, from entities within the community, requests for a decision on the allowability of an activity;
      
      c) making decisions on allowability based on received information concerning trust and/or security policy; and
      
      d) outputting decisions to requesting entities.
  - 29. A computer program, or set of computer programs, comprising code portions which when loaded and run on computer means cause the computer means to execute a method according to any one of claims 1 to 16.
  - 31. A computer program according to claim 29 or 30 in which the computer means comprises a plurality of individual computers which may be in different locations.
  - 32. A computer readable data carrier carrying thereon a computer program according to any one of claims 29 to 31.
  - 33. A set of computer readable data carriers carrying thereon a set of computer programs according to any one of claims 29 to 31.

17. Apparatus for administering trust management and security policy enforcement comprising:
- means for creating a trust community encompassing a plurality of trust domains;
  
  means for receiving information concerning trust and/or security policy within each trust domain;
  
  means for receiving, from entities within the community, requests for a decision on the allowability of an activity;
  
  means for making decisions on allowability based on received information concerning trust and/or security policy; and
  
  means for outputting decisions to requesting entities.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30)
- - 19. Apparatus according to claim 17 or claim 18 wherein the trust community creation module is a bridge certification authority module for cross certifying with each of the plurality of trust domains.
  - 20. Apparatus according to any one of claims 17 to 19 wherein the trust control system comprises at least one policy agent module acting as an interface between computer systems of the central body and computer systems of entities within the community.
  - 21. Apparatus according to claim 20 wherein a policy agent module is disposed at at least one of the following locations:
    - the central body, a server, a gateway of a computer infrastructure, a component of a computer infrastructure, and an entity computer system, in any case the policy agent module being arranged to operate under the control of the central body.
  - 22. Apparatus according to any one of claims 17 to 21 wherein the trust control system comprises a trust engine module for receiving and/or collecting and subsequently processing information concerning the context of requests for decisions from entities.
  - 23. Apparatus according to any one of claims 17 to 22 wherein the trust control system comprises at least one decision engine module for storing security policy rules and/or trust rules and making decisions in response to requests for decisions.
  - 24. Apparatus according to claim 22 wherein the trust control system comprises at least one decision engine module for storing security policy rules and/or trust rules and making decisions and the trust engine is arranged to output, to the decision engine, contextualised requests for decisions, based on a respective decision request received from an entity and information concerning the context of that request.
  - 25. Apparatus according to claim 23 or claim 24 wherein the security policy rules and/or the trust rules which the decision engine is arranged to store comprise community rules applicable to the community and entity rules chosen by and applicable to respective entities within the community.
  - 26. Apparatus according to any one of claims 23 to 25 wherein the decision engine is arranged to output decisions to entities via a policy agent module.
  - 27. Apparatus according to any one of claims 23 to 26 in which the trust control system comprises at least one decision manager module for collecting and/or receiving rules from entities and for providing the decision engine access to any collected or received rules.
  - 28. Apparatus according to any one of claims 17 to 27 which is public key infrastructure trust management and security policy enforcement apparatus.
  - 30. A computer program, or set of computer programs, comprising code portions which when loaded and run on computer means cause the computer means to constitute apparatus according to any one of claims 17 to 28.

34. A method of facilitating interactions between entities wherein each entity belongs to a respective one of a plurality of trust domains the method comprising the steps of:
- creating a trust community which encompasses the trust domains;
  
  allowing each entity which is member of the trust community to define its own rules, the rules comprising at least one of trust rules and security policy rules; and
  
  using a computer system of a central body to make decisions based on the rules, which decisions are usable in controlling interactions between the entities.

35. A method for managing interactions between entities each belonging to a respective one of a plurality of different trust domains comprising the steps of:
- creating a trust community which encompasses the trust domains; and
  
  controlling the activities of entities within the community.

36. A method for managing interactions between entities each belonging to a respective one of a plurality of different trust domains comprising the steps of:
- creating a trust community which encompasses the trust domains;
  
  allowing each trust entity to define its own trust and/or security policy rules; and
  
  providing a central body to enforce the trust and/or security policy rules of each entity within the community.

37. A method for facilitating interactions between entities each belonging to a respective one of a plurality of different trust domains comprising the steps of:
- creating a trust community which encompasses the trust domains;
  
  allowing each entity to define its own trust and/or security policy rules; and
  
  providing a central body to enforce the trust and/or security policy rules of each entity within the community.

38. A method of trust management and security policy enforcement wherein a central body cross certifies with each of a plurality of trust domains to form a trust community and that central body or a different central body enforces trust and/or security policy rules defined by the entities.

39. A trust and security management system comprising a trust broker which is arranged to act both as a bridge certification authority between a plurality of trust domains and as a trust and/or security policy enforcement entity for enforcing trust and/or security policy rules of the entities.

40. Apparatus for administering trust management and security policy enforcement comprising:
- a module for creating a trust community encompassing a plurality of trust domains;
  
  a module for receiving information concerning security policy and/or trust within each trust domain;
  
  a module for receiving, from entities within the community, requests for a decision on the allowability of an activity;
  
  a module for making decisions on allowability based on received information concerning trust and/or security policy; and
  
  a module for outputting decisions to requesting entities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustis Ltd. (Entrust Corp.)
Original Assignee
Trustis Ltd. (Entrust Corp.)
Inventors
Liddle, Alan Thomas

Application Number

US10/484,158
Publication Number

US 20040187031A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/20 for managing network securi...

Trust management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Trust management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links