Hierarchical open security information delegation and acquisition
First Claim
1. A method of securing a computer system of an end user, comprising:
- storing a software provider root security information object in an end user'"'"'s computer system;
producing an end user root security information object based on the software provider root security information object;
receiving security information from a higher-level entity;
validating the received security information using the end user root security information object; and
updating the end user root security information object based on validated security information;
wherein the end user root security information object determines the entities the end user can trust, determines what functions a trusted entity can perform, and determines who can update the root security information object;
wherein the end user root security information object is controlled by the software provider root security information object; and
wherein the computer system refuses information from an entity that is not included in the end user root security information object.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a method and system for secure data transfer and dynamic definition of trustworthiness of various entities by multiple parties in a hierarchy tree or graph structure. The invention uses digital certificates. Each party in the business hierarchy can control and define various trust information including trustworthiness and delegation authority for the entities it deals with. The ability of a party to redefine or add trust information is controlled by the parties with which it has a relationship that are above it in the hierarchy. Trust vectors and delegation vectors are used to store this information. Each party can add trusted third parties to a security object without compromising the integrity of security objects already issued. A sequence of security objects including digital certificates can be modified without compromising the original digital certificates in those security objects.
-
Citations
15 Claims
-
1. A method of securing a computer system of an end user, comprising:
-
storing a software provider root security information object in an end user'"'"'s computer system;
producing an end user root security information object based on the software provider root security information object;
receiving security information from a higher-level entity;
validating the received security information using the end user root security information object; and
updating the end user root security information object based on validated security information;
wherein the end user root security information object determines the entities the end user can trust, determines what functions a trusted entity can perform, and determines who can update the root security information object;
wherein the end user root security information object is controlled by the software provider root security information object; and
wherein the computer system refuses information from an entity that is not included in the end user root security information object. - View Dependent Claims (2, 3, 4, 5, 10)
-
-
6. A method of controlling a computer system, comprising:
-
storing a software provider root security information object in a local computing device;
producing local root security information based on the stored software provider root security information object, wherein said local root security information identifies trusted entities, provides trust information that specifies the roles that the trusted entities can fulfill, and designates who can modify the local root entity information;
receiving updated trust information;
validating the received updated trust information using the local root security information and the software provider root security information object; and
updating the local root security information with the validated trust information. - View Dependent Claims (7, 8, 9)
-
-
11. A method of updating trust relationships of users, wherein each user includes stored software provider information and stored user root security information, the method comprising:
-
maintaining an upper level root security information object in a computing device, wherein the upper level root security information object includes information regarding the user root security information of each user and information on the stored software provider information; and
sending a selected user updated security information;
wherein the sent updated security information is security protected using the selected user'"'"'s stored user root security information and the software provider information; and
wherein the sent updated security information includes information regarding a trusted entity. - View Dependent Claims (12, 13, 14, 15)
-
Specification