Managing supplied data

US 20080046216A1
Filed: 08/16/2006
Published: 02/21/2008
Est. Priority Date: 08/16/2006
Status: Active Grant

First Claim

Patent Images

1. By a data recipient in a computing system environment, a method of managing entropy data supplied from a data source, comprising:

scoring the entropy data to determine whether it meets or exceeds a predetermined policy score; and

developing a reputation value of the data source based upon the scoring.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computing system environment, a data recipient manages entropy data supplied from an external data source despite not knowing or being certain about their trustworthiness or if such varies over time. Features relate to scoring the data and determining whether it meets or exceeds a predetermined policy score. One or more initial or updated reputation values of the data source are contemplated and used for scoring. Logging of the scoring, reputation values or other matters is provided for historical purposes and to identify possible future corrective actions. Other embodiments contemplate enhancing the score of the entropy data. In some instances, use of less than all the data by the recipient occurs to increase attack-resistance. Whether such occurs or how much occurs remains substantially unbeknownst to all parties other than the data recipient. Still other embodiments contemplate computer-readable media.

Citations

29 Claims

1. By a data recipient in a computing system environment, a method of managing entropy data supplied from a data source, comprising:
- scoring the entropy data to determine whether it meets or exceeds a predetermined policy score; and
  
  developing a reputation value of the data source based upon the scoring.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further including receiving subsequent entropy data from the data source and performing subsequent scoring of the subsequent entropy data, the performing the subsequent scoring using the developed reputation value.
  - 3. The method of claim 2, further including updating the developed reputation value based on the subsequent scoring.
  - 4. The method of claim 1, further including initializing a first reputation value of the data source.
  - 5. The method of claim 4, using the initialized first reputation value when performing the scoring the entropy data.

6. By a data recipient in a computing system environment, a method of managing entropy data supplied from a data source, comprising:
- scoring the entropy data to determine whether it meets or exceeds a predetermined policy score;
  
  developing a reputation value of the data source based upon the scoring; and
  
  logging the scoring and the reputation value.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, further including auditing the logged scoring and reputation value to determine whether a corrective action is required.
  - 8. The method of claim 7, further including using the entropy data for an intended purpose and changing a practice thereof based on the auditing.

9. By a data recipient in a computing system environment, a method of managing entropy data supplied from a data source, comprising:
- scoring multiple instances of received said entropy data to determine whether it meets or exceeds a predetermined policy score;
  
  and logging the multiple instances of the scoring.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further including developing one or more reputation values of the data source based upon the logged scoring.
  - 11. The method of claim 10, using the one or more reputation values of the data source during one or more of the multiple instances of performing the scoring.

12. In a computing system environment, a method of managing data, comprising:
- by a data source, supplying entropy data to a data recipient;
  
  by the data recipient, scoring the entropy data to determine whether it meets or exceeds a predetermined policy score; and
  
  by the data recipient and only known to the data recipient, selecting only certain of the entropy data for use in an intended application requiring entropy data.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further including developing a reputation value of the data source based on the scoring.
  - 14. The method of claim 12, wherein the selecting further includes unbiasing the entropy data to obtain a substantially equal distribution of one type data and another type of data.
  - 15. The method of claim 12, wherein the selecting further includes randomly selecting said certain of the entropy data and discarding the unselected of the entropy data.
  - 16. The method of claim 12, further including logging the scoring.

17. A computer-readable medium having computer-executable instructions for managing supplied entropy data in a computing system environment, comprising:
- a first component for receiving the supplied entropy data;
  
  a second component for scoring the supplied entropy data;
  
  a third component for determining whether the supplied entropy data meets or exceeds a predetermined policy score; and
  
  a fourth component for utilizing a reputation value of a data source supplying the entropy data with the second component for the scoring.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17, further including a fifth component for enhancing the supplied entropy data to achieve a second score higher than a first score obtained from the second component performing the scoring.
  - 19. The computer-readable medium of claim 17, further including a fifth component for converting the scoring of the second component or the reputation value into a log.
  - 20. The computer-readable medium of claim 17, further including a fifth component known only to a recipient of the entropy data for selecting only certain of the supplied entropy data for use in an intended application requiring entropy data.

21. A method of managing a supplied plurality of random bits of ones and zeros from a data source, comprising;
- unbiasing the supplied plurality of random bits to obtain a substantially equal number of one and zero bits;
  
  randomly selecting bits of the substantially equal number of one and zero bits; and
  
  discarding all other bits of the substantially equal number of one and zero bits not randomly selected.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, further including retaining a predetermined number of bits from the supplied plurality of random bits.
  - 23. The method of claim 21, further including determining a reputation value of the data source.
  - 24. The method of claim 21, further including exclusively performing the discarding all other bits by a data recipient, the act of the discarding or the amount of the discarding being unbeknownst to all parties other than the data recipient.

25. By a data recipient in a computing system environment, a method of managing entropy data supplied from a data source, comprising:
- scoring the entropy data to determine whether it meets or exceeds a predetermined policy score;
  
  developing a reputation value of the data source based upon the scoring;
  
  receiving subsequent entropy data from the data source and performing subsequent scoring of the subsequent entropy data, the performing the subsequent scoring using the developed reputation value;
  
  for a later intend application requiring entropy data, selecting only certain of the supplied or subsequent entropy data for use in the intended application; and
  
  discarding all other entropy data not found in the selected certain of the supplied or subsequent entropy data, the act of the discarding or the amount of the discarding being substantially unbeknownst to all parties other than the data recipient.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method of claim 25, further including logging the scoring, the subsequent scoring, and the reputation value.
  - 27. The method of claim 26, further including auditing the logged scoring, the subsequent scoring, and the reputation value to determine whether a corrective action is required.
  - 28. The method of claim 27, wherein the selecting only certain of the supplied or subsequent entropy data further includes making a random selection of unbiased entropy data having a substantially equal number of a first and second type of the entropy data.
  - 29. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 25.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Thomas, Kasman E.

Granted Patent

US 8,606,834 B2
Time in Patent Office

Days
Field of Search
US Class Current

702/179
CPC Class Codes

H04L 9/002 Countermeasures against att...

Managing supplied data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Managing supplied data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links