INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

US 20110093423A1
Filed: 12/27/2010
Published: 04/21/2011
Est. Priority Date: 05/01/1998
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Intelligent Trust Management provides a centralized security facility that gives system components a flexible mechanism for implementing security policies. System components such as applications create a request describing an action that needs to be checked against an appropriate security policy. The request is given to a trust system that determines which policy object applies to the request, and may pass request arguments to the policy. The policy objects include executable code that uses any arguments along with dynamically obtained variable information to make a decision. The decision is returned to the system component, which then operates accordingly. Policy objects may maintain state and interface with the user independent of the system component in order to obtain information to make their decisions. Policy objects may call other policy objects and/or mathematically combine the results of other policy objects to make a decision.

57 Citations

40 Claims

1-20. -20. (canceled)

21. In a computing environment, a computer-implemented method, comprising:
- maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications;
  
  implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping;
  
  receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects;
  
  selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action;
  
  invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and
  
  returning the decision in response to the action information that was received.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method of claim 21, further comprising receiving argument data associated with the action information.
  - 23. The method of claim 22, further comprising providing data corresponding to the argument data to the first policy object, wherein the first policy object evaluates the provided data to assist in making the decision.
  - 24. The method of claim 21, wherein the first policy object accesses state information to assist in making the decision.
  - 25. The method of claim 21, wherein the first policy object accesses dynamically variable information to assist in making the decision.
  - 26. The method of claim 25, wherein accessing the dynamically variable information comprises communicating with a network site.
  - 27. The method of claim 21, wherein the first policy object calls at least one other policy object to assist in making the decision.
  - 28. The method of claim 21 wherein the first policy object mathematically combines a decision from the at least one other policy object to produce a final decision.

29. A computer storage medium storing a computer program of instructions for executing a computer-implemented method, the method comprising:
- maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications;
  
  implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping;
  
  receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects;
  
  selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action;
  
  invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and
  
  returning the decision in response to the action information that was received.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 40)
- - 30. The computer storage medium of claim 29, the method further comprising receiving argument data associated with the action information.
  - 31. The computer storage medium of claim 30, the method further comprising providing data corresponding to the argument data to the first policy object, wherein the first policy object evaluates the provided data to assist in making the decision.
  - 32. The computer storage medium of claim 29, wherein the first policy object accesses state information to assist in making the decision.
  - 33. The computer storage medium of claim 29, wherein the first policy object accesses dynamically variable information to assist in making the decision.
  - 34. The computer storage medium of claim 33, wherein accessing the dynamically variable information comprises communicating with a network site.
  - 35. The computer storage medium of claim 29, wherein the first policy object calls at least one other policy object to assist in making the decision.
  - 36. The computer storage medium of claim 35, wherein the first policy object mathematically combines a decision from the at least one other policy object to produce a final decision.
  - 40. The computer storage medium of claim 29, wherein the first policy object accesses state information to assist in making the decision.

37. A system comprising:
- at least one processing unit;
  
  a memory, operatively connected to the at least one processing unit and storing instructions that, when executed by the at least one processing unit, cause the at least one processing unit to perform a method, the method comprising;
  
  maintaining a plurality of policies as centrally maintained application system resources available to one or more applications through an intelligent trust manager, wherein the policies are isolated from the one or more applications;
  
  implementing the plurality of policies in a plurality of policy objects, wherein the plurality of policy objects are organized in a hierarchical grouping;
  
  receiving action information, including data that identifies a proposed action, wherein the proposed action corresponds to a first policy object of the plurality of policy objects;
  
  selecting, from the plurality of policy objects, the first policy object corresponding to the proposed action based on the data that identifies the proposed action;
  
  invoking the first policy object to obtain a decision made by the first policy object on the proposed action; and
  
  returning the decision in response to the action information that was received.
- View Dependent Claims (38, 39)
- - 38. The system of claim 37, the method further comprising receiving argument data associated with the action information.
  - 39. The system of claim 38, the method further comprising providing data corresponding to the argument data to the first policy object, wherein the first policy object evaluates the provided data to assist in making the decision.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
LaMacchia, Brian A., Fox, Barbara L.

Granted Patent

US 8,355,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

706/46
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/52   during program execution, e...

G06F 21/604   Tools and structures for ma...

G06Q 40/00   Finance; Insurance; Tax str...

INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

INTELLIGENT TRUST MANAGEMENT METHOD AND SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others