Apparatus for and method of evaluating security within a data processing or transactional environment

US 20050033991A1
Filed: 06/24/2004
Published: 02/10/2005
Est. Priority Date: 06/27/2003
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for evaluating security or trust within a data processing or transactional environment, comprising:

a data processor arranged to interrogate the data processing or transactional environment to determine what devices or applications exist with the environment and their operating state, to evaluate this data and to provide an indication of the security of the environment or trust that can be placed in the environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for evaluating security within a data processing or transactional environment, comprising a data processor arranged to interrogate the data processing or transactional environment to determine what devices or applications exist with the environment and their operating state, to evaluate this data and to provide an indication of the security of the environment or trust that can be placed in the environment.

123 Citations

32 Claims

1. An apparatus for evaluating security or trust within a data processing or transactional environment, comprising:
- a data processor arranged to interrogate the data processing or transactional environment to determine what devices or applications exist with the environment and their operating state, to evaluate this data and to provide an indication of the security of the environment or trust that can be placed in the environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. An apparatus as claimed in claim 1, wherein the apparatus further includes a policy memory for the storing at least one policy defining what conditions are to be met for a data processing or transactional environment to be considered as meeting an acceptable level of security or trust.
  - 3. An apparatus as claimed in claim 2, wherein a plurality of policies are provided in the policy memory and a user can select which policy is appropriate.
  - 4. An apparatus as claimed in claim 3, wherein one policy is an employers/work policy and another policy is an individual'"'"'s private use policy.
  - 5. An apparatus as claimed in claim 1, in which the data processing environment is a first data processing environment and the apparatus can selectively make contact with other data processing environments and can act on behalf of those other data processing environments to provide an indication of trust of the first data processing environment.
  - 6. An apparatus as claimed in claim 1 in which the apparatus requires a user to authenticate themselves or identify themselves to it before it will enforce a user'"'"'s policies.
  - 7. An apparatus as claimed in claim 6, in which authentication or identification is performed by one item selected from a list comprising entering a personal code, biometric identification and use of a physical device or key to identify the user.
  - 8. An apparatus as claimed in claim 7, in which the biometric identification includes at least one item selected from voice analysis, finger print analysis hand pattern analysis, retinal scanning and iris scanning.
  - 9. An apparatus as claimed in claim 6, in which the apparatus requires proximity to or contact with the user to be maintained in order for user'"'"'s to be maintained.
  - 10. An apparatus as claimed in claim 6, in which the apparatus retrieves the user'"'"'s policy from a secure store after user authentication.
  - 11. An apparatus as claimed in claim 10, in which the store is held on a remote computer, and the policy is down loaded to the apparatus.
  - 12. An apparatus as claimed in claim 11, in which the policy is downloaded in encrypted form.
  - 13. An apparatus as claimed in claim 1, in which the apparatus further evaluates environmental information.
  - 14. An apparatus as claimed in claim 13, in which proximity sensors are provided to determine the proximity of other people to the user.
  - 15. An apparatus as claimed in claim 13 where position determining means are provided for determining the position of the device.
  - 16. An apparatus as claimed in claim 15, wherein the apparatus determines its position by virtue of triangulating its position with respect to radio or telephone transmitters whose positions are known.
  - 17. An apparatus as claimed in claim 15, whereby a radio telecommunications network monitors a transmission from the device, calculates its position and transmits it to the device.
  - 18. An apparatus as claimed in claim 15, wherein the apparatus includes a GPS receiver for determining the position of the device.
  - 19. An apparatus as claimed in claim 13 further including a clock for determining the time.
  - 20. An apparatus as claimed in claim 13, wherein the apparatus is responsive to at least one of proximity of other persons, time and position and it uses this data, in association with a set of environmental rules to give an indication of security or trust.

21. An apparatus whereby an iconic, textural or graphical indication of trust is given to the user by the apparatus.

22. A method of evaluating security or trust within a data processing or transactional environment, comprising the steps of:
- selecting a policy defining what conditions are to be met for a data processing or transactional environment to be considered as corresponding to an acceptable level of trust;
  
  investigating devices or applications within the environment to determine their operating state; and
  
  providing an indication of the trust that can be placed in the environment.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. A method as claimed in claim 22, in which different policies are available for different data processing or transactional activities.
  - 24. A method as claimed in claim 22 in which a user must authenticate their identity before the investigation means or agent is enabled.
  - 25. A method as claimed in claim 24, in which the authentication is provided by password identification, key identification or biometric identification.
  - 26. A method as claimed in claim 22 in which a user'"'"'s position, time of day and proximity to others is taken into account when evaluating a level of trust or security.
  - 27. A computer program product for causing a data processor to operate in accordance with the method as claimed in claim 22.

28. A personal trust assistant comprising a portable data processing device having a policy memory for holding at least one trust policy giving indications of at least one item selected from a list comprising conditions to be satisfied for an environment to be considered safe, conditions to be satisfied for an environment to be considered trusted, and conditions which cause an environment to be considered unsafe or untrusted, and environment sensors for collecting environmental information, and wherein the data processor compares the environmental information with the policies and on the basis of the comparison gives an indication to the user of the safety or trust of the environment.
- View Dependent Claims (29, 30, 31)
- - 29. A personal trust assistant as claimed in claim 28, in which the personal trust assistant can assume at least limited control of a target system.
  - 30. A personal trust assistant as claimed in claim 29 in which the personal trust assistant acts as an agent for the user.
  - 31. A personal trust assistant as claimed in claim 29 in which the personal trust assistant acts as an identity manager for the user.

32. A policy server arranged to, upon establishment of communication with a personal trust assistant, seek confirmation of a user identity, to locate a user'"'"'s at least one policy, and to download at least a selected one of the user'"'"'s policies to the personal trust assistant for use by the personal trust assistant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Crane, Stephen James

Application Number

US10/877,833
Publication Number

US 20050033991A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Apparatus for and method of evaluating security within a data processing or transactional environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

123 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Apparatus for and method of evaluating security within a data processing or transactional environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others