SYSTEM AND METHOD FOR GENERATING TRUST AMONG DATA NETWORK USERS
1 Assignment
0 Petitions
Accused Products
Abstract
A system and a method in which a user makes a service request with a service provider through a data network. The service provider receives from trust generating equipment, located in an access provider, an assessment of the security level of the user; said equipment in turn receiving a delivery of information about the trust level provided by said user; and in order for the aforementioned equipment to collect information about the user identity, the network traffic generated by the user, the security status of the user device and the geographical location of the user device, this information being analyzed and summarized in a trust label which is sent to the service provider.
80 Citations
14 Claims
-
1-7. -7. (canceled)
-
8. A system for generating trust among data network users, wherein a user provided with a device makes at a given time a service request to a service provider through a first data network such as the Internet, characterized in that it comprises a trust generating equipment installed in an access provider adapted to access said first data network that the aforementioned user is using, said trust generating equipment being connected to said service provider through a second data network or access provider, and said trust generating equipment being adapted to collect and analyze, through a third data network or internal network of the access provider, information about a security level provided by said user together with said service request, said information about a security level comprising several security information regarding at least the following four fields:
-
the user identity; the network traffic generated by the user in a period prior to said service request time during one or more online transactions, for the analysis of his behavior; the security status of the user device comprising at least a antivirus status, a firewall status of the device, and an operating status of one or more components of the device, which information allows to generate an evaluation of a risk level; and the geographical location of the user device, for a given user at said given time, wherein said trust generating equipment comprising a trust label generating module is adapted to generate a trust label or numerical value, based on said at least following four fields of said security information, and adapted to send said trust label or numerical value to the service provider, through said second data network, so that said service provider provides an assessment of the security level of the user and can act accordingly with respect to said service request. - View Dependent Claims (9, 10)
-
-
11. A method for generating trust among data network users, wherein a user provided with a device such as a computer PC makes a service request with a service provider through a first data network such as the Internet;
- characterized in that the sequence of operations for a user attempting to access any service from the time the user attempts to access said first network is as follows;
a PC network access authorization module, requesting credentials and collecting information about the current security level of the user device; said PC network access authorization module transmitting information about the security level and the user credentials to a network access approval module checking the credentials and further checking if the security level of the device complies with a policy obtained from a policy server module; a network access approval module transmitting said security level and said credentials on to a network status collection module, which also grants network access to the user device; said network status collection module while the user is browsing on the network, creating a statistical behavioral analysis of the user browsing habits, which will be stored in a historical behavior database, data about the location of the user device obtained from an external geographical location service module further being included in said statistical behavioral analysis; a PC status collection module, in simultaneity with the preceding point, keeping another status collection module informed of any security change in the user device; said service provider, when the user accesses a service hosted within it, requesting a trust label/security evaluation of the user from a trust label generating module, said trust label generating module in turn requesting the current security level of the user device from said status collection module and requesting information about the current behavior of the user in a browsing session compared with the history from a behavior correlating module; and said trust label generating module then calculating a numerical value for the security level/trust level of the user taking into account all the fields of collected information, said collected information including at least said user identity, user network traffic behavior, security status of said user device and geographical location of said user device, obtained from said network status collection module and transmitting said numerical value on to said service provider so that said service provider has an assessment of the security level of the user and can act accordingly with respect to said service request by said user. - View Dependent Claims (12, 13, 14)
- characterized in that the sequence of operations for a user attempting to access any service from the time the user attempts to access said first network is as follows;
Specification