Consigning Authentication Method

US 20110321134A1
Filed: 06/28/2010
Published: 12/29/2011
Est. Priority Date: 06/28/2010
Status: Active Grant

First Claim

Patent Images

1. A method for sharing electronic content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management, the method comprising:

receiving a first request from a first client for delivery of the electronic content to the first client at a first trust level in the trust hierarchy;

approving the delivery of the electronic content to the first client at a policy enforcement point in the network based at least in part on the first trust level in the trust hierarchy;

delivering the electronic content to the first client;

receiving a second request from a second client at the first trust level in the trust hierarchy, for permission to receive the electronic content from the first client, the second request including integrity information about the first client;

determining whether to allow the second client to receive the electronic content from the first client based at least in part on the integrity information about the first client; and

communicating to the second client the determination of whether the second client may receive the electronic content from the first client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management includes receiving integrity information from a first client at a first trust level in the trust hierarchy at a second client at the first trust level, requesting permission to receive electronic content from the first client, receiving a determination regarding the requested permission, and communicating the determination to the first client. The first client obtained content from a policy enforcement point in the network. The request for permission is made to the policy enforcement point and the request includes the integrity information. The determination is received from the policy enforcement point and is based in part on the integrity information about the first client. The second client communicates to the first client the determination of whether the second client receives the content from the first client.

39 Citations

View as Search Results

18 Claims

1. A method for sharing electronic content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management, the method comprising:
- receiving a first request from a first client for delivery of the electronic content to the first client at a first trust level in the trust hierarchy;
  
  approving the delivery of the electronic content to the first client at a policy enforcement point in the network based at least in part on the first trust level in the trust hierarchy;
  
  delivering the electronic content to the first client;
  
  receiving a second request from a second client at the first trust level in the trust hierarchy, for permission to receive the electronic content from the first client, the second request including integrity information about the first client;
  
  determining whether to allow the second client to receive the electronic content from the first client based at least in part on the integrity information about the first client; and
  
  communicating to the second client the determination of whether the second client may receive the electronic content from the first client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, further comprising the second client negotiating with the policy enforcement point for permission to receive the content from the first client.
  - 3. A method according to claim 1, further comprising delivering the content from the first client to the second client.
  - 4. A method according to claim 1, further comprising the second client communicating to the first client the determination of whether the second client may receive the content from the first client.
  - 5. A method according to claim 1, further comprising the second client obtaining integrity information regarding the first client.
  - 6. A method according to claim 1, further comprising:
    - the second client obtaining integrity information regarding the first client;
      
      the second client verifying the integrity information regarding the first client; and
      
      the second client requesting the content from the first client only after verifying the integrity information regarding the first client.
  - 7. A method according to claim 1, further comprising the first client obtaining integrity information about the second client.
  - 8. A method according to claim 1, further comprising:
    - the first client obtaining integrity information about the second client; and
      
      the first client verifying the integrity information about the second client;
      
      wherein the first client delivers the content to the second client only after verifying the integrity information about the second client.
  - 9. A method according to claim 1, further comprising determining at least one limitation on the use of the content by the second client.
  - 10. A method according to claim 1, wherein the first client is associated with a first entity and the second client is associated with a second entity.

11. A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management, the method comprising:
- receiving integrity information from a first client at a first trust level in the trust hierarchy at a second client at the first trust level, the first client having obtained content from a policy enforcement point in the network;
  
  requesting permission from the policy enforcement point to receive the electronic content from the first client, the request including the integrity information regarding the first client;
  
  receiving a determination from the policy enforcement point whether to allow the second client to receive the content from the first client based at least in part on the integrity information about the first client; and
  
  communicating to the first client the determination of whether the second client may receive the content from the first client.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A method according to claim 11, further comprising receiving the content from the first client if the determination allows delivery.
  - 13. A method according to claim 11, further comprising:
    - the second client obtaining integrity information regarding the first client;
      
      the second client verifying the integrity information regarding the first client; and
      
      the second client requesting the content from the first client only after verifying the integrity information regarding the first client.
  - 14. A method according to claim 11, further comprising the first client obtaining integrity information about the second client.
  - 15. A method according to claim 11, further comprising:
    - the first client obtaining integrity information about the second client; and
      
      the first client verifying the integrity information about the second client;
      
      wherein the first client delivers the content to the second client only after verifying the integrity information about the second client.
  - 16. A method according to claim 11, further comprising receiving at least one limitation on the use of the content by the second client from the policy enforcement point.
  - 17. A method according to claim 11, wherein the first client is associated with a first entity and the second client is associated with a second entity.

18. A network system for sharing electronic content among clients at a common trust level in a trust hierarchy, the network system implementing policy-based management, the network system comprising:
- a plurality of clients, each client having a respective trust level in the trust hierarchy;
  
  a storage unit configured to deliver electronic content to the plurality of clients;
  
  a policy enforcement point in electronic communication with the storage unit and a first one of the plurality of clients, the policy enforcement point configured to receive a first request from the first one of the plurality of clients for the delivery of electronic content from the storage unit; and
  
  a policy decision point in electronic communication with the policy enforcement point, the policy decision point configured to assess the first one of the plurality of clients including assessing at least the trust level of the first one of the plurality of clients and to grant permission to the policy enforcement point to deliver the content from the storage unit to the first one of the plurality of clients;
  
  the policy enforcement point further configured to receive from a second one of the plurality of clients a second request for permission to receive the electronic content from the first one of the plurality of clients, the second request including at least integrity information associated with the first one of the plurality of clients; and
  
  the policy decision point further configured to make a policy-based decision whether to allow the second one of the plurality of clients to receive the electronic content from the first one of the plurality of clients based at least in part on the integrity information associated with the first one of the plurality of clients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Kotani, Seigo

Granted Patent

US 9,467,448 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

Consigning Authentication Method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Consigning Authentication Method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links