Trusted delegation system

US 5,958,050 A
Filed: 12/26/1996
Issued: 09/28/1999
Est. Priority Date: 09/24/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating claims in a trust system wherein access to resources of a computer system by an object is granted or denied based on one or more claims about the access and the computer system, wherein a claim is a statement about a rule in the trust system relating to the object, the method comprising the steps of:

identifying one or more trusted claims for the object;

determining whether clearance to trust the object exists from the trusted claims;

when the existence of clearance to trust is determined in the step of determining, granting the access; and

when the existence of clearance to trust is not determined in the step of determining, performing the steps of;

(a) examining one or more claims in a claim repository to identify a relevant claim that asserts that the access is grantable to the object;

(b) seeking a path of trust through the claim repository from the relevant claim to one of the trusted claims, wherein a path is a list of claims from the relevant claim to the one of the trusted claims joined by links specified in the claims and wherein a path of trust is a path wherein each claim is authenticated;

(c) when a path of trust is found and each claim in the path of trust is verified, granting the object the access; and

(d) when a path of trust cannot be found after a finite search, denying the object the access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trust manager examines each new class before it is allowed to execute by examining a policy file which includes data structures defining security policies of the user system, a certificate repository for storing a plurality of certificates, a certificate being a data record which is digitally signed and which certifies claims relevant to a security evaluation, a code examiner adapted to analyze the portion of code to determine potential resource use of the portion of code and a trust evaluator adapted to evaluate certificate requirements of the portion of code based on policy rules extracted from the policy file and the potential resource use specified by the code examiner. The trust evaluator also determines, from certificates from the certificate repository and a code identifier identifying the portion of code, whether execution of the portion of code is allowed by the policy rules given the potential resource use, the code supplier and applicable certificates. Certificates and policies can be specified in hierarchical form, so that some levels of security can be delegated to trusted entities.

248 Citations

17 Claims

1. A method of authenticating claims in a trust system wherein access to resources of a computer system by an object is granted or denied based on one or more claims about the access and the computer system, wherein a claim is a statement about a rule in the trust system relating to the object, the method comprising the steps of:
- identifying one or more trusted claims for the object;
  
  determining whether clearance to trust the object exists from the trusted claims;
  
  when the existence of clearance to trust is determined in the step of determining, granting the access; and
  
  when the existence of clearance to trust is not determined in the step of determining, performing the steps of;
  
  (a) examining one or more claims in a claim repository to identify a relevant claim that asserts that the access is grantable to the object;
  
  (b) seeking a path of trust through the claim repository from the relevant claim to one of the trusted claims, wherein a path is a list of claims from the relevant claim to the one of the trusted claims joined by links specified in the claims and wherein a path of trust is a path wherein each claim is authenticated;
  
  (c) when a path of trust is found and each claim in the path of trust is verified, granting the object the access; and
  
  (d) when a path of trust cannot be found after a finite search, denying the object the access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the finite search comprises the step of locating each possible path from the relevant claim to a trusted claim unless a predetermined effort level is reached.
  - 3. The method of claim 1, wherein the step of identifying one or more trusted claims is a step of reading a trusted boot file which is secure within a trust boundary of the computer system.
  - 4. The method of claim 1, wherein the step of examining and the step of seeking a path each comprise substeps of:
    - examining certificates in a certificate repository to locate hints referencing additional claims; and
      
      using one or more additional claims to complete the path of trust.
  - 5. The method of claim 4, wherein claims are included in certificates, the step of using one or more additional claims comprising a step of using a hint from a certificate to locate additional claims which are likely to link a claim in the certificate to another claim in the path of trust.
  - 6. The method of claim 5, further comprising a step of storing claims and certificates located in the certificate repository for later use in later authentication and claims checking steps.
  - 7. The method of claim 1, wherein the step of granting access is a step of allowing an object to load and execute on the computer system and the relevant claim is a claim identifying the object and stating that execution of the object is allowable.
  - 8. The method of claim 1, wherein the trusted claim is a claim which is either a policy statement or a previously authenticated claim.
  - 9. The method of claim 1, further comprising a step of authenticating claims, wherein a claim is authenticated by verifying a key associated with the claim.
  - 10. The method of claim 9, wherein at least one claim in the path of trust is a claim about keys associated with claims.
  - 11. The method of claim 1, further comprising the steps of:
    - using a code analyzer to determine which resources could possibly be used by a class when executed;
      
      granting access when either a relevant claim is not needed for access to the resources or a relevant claim and a path of trust is found for access to each of the resources.
  - 12. The method of claim 1, wherein the process of verifying the claim where a claim is not a trusted claim prior to verification comprises the steps of:
    - (a) authenticating a key provided with the claim;
      
      (b) checking that the key has authorization to make the claim; and
      
      (c) if the authorization for the key to make the claim is provided by a second claim which is not a trusted claim, repeating steps (a) through (c) to authenticate the second claim and subsequent claims, if any.
  - 13. The method of claim 12, wherein the key is associated with a claimant.

14. A trust management system for deciding whether to execute a portion of code on a user system, the portion of code being provided by a code supplier, code suppliers having varying levels of trust, the trust management system comprising:
- a policy file which includes claims about security policies of the user system;
  
  a certificate repository for storing a plurality of certificates, a certificate being a data record including claims;
  
  means, coupled to the certificate repository, for receiving certificates and storing the certificates in the certificate repository;
  
  a code examiner, coupled to receive the portion of code from the code supplier and adapted to analyze the portion of code to determine potential resource use of the portion of code; and
  
  a trust evaluator, coupled to the policy file, the certificate repository and the code examiner, wherein the trust evaluator is adapted to determine a path of trust from a relevant claim to a trusted claim and to authenticate claims in the path of trust, where the path of trust, if required, specifies whether execution of the portion of code is allowed by the policy rules and the potential resource use.
- View Dependent Claims (15, 16)
- - 15. The trust management system of claim 14, wherein the code examiner is a class examiner.
  - 16. The trust management system of claim 14, wherein the applicable certificates are enveloped from the code supplier with the portion of code.

17. A method of authenticating an untrusted claim in a trust system, comprising the steps of:
- (a) authenticating a key provided with the untrusted claim;
  
  (b) checking that the key has authorization to make the untrusted claim;
  
  (c) if the authorization for the key to make the untrusted claim is provided by a second claim which is not itself a trusted claim, repeating steps (a) and (b) to authenticate the second claim; and
  
  (d) repeating steps (a), (b) and (c) with subsequent claims until a trusted claim is reached or a predetermined computing effort is expended.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electric Communities
Original Assignee
Electric Communities
Inventors
Barnes, Douglas, Griffin, Claire
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Shaw, Brian H.

Application Number

US08/777,328
Time in Patent Office

1,006 Days
Field of Search

706/47, 395/187.01, 395/186, 713/201, 713/200
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 2211/009 Trust

Trusted delegation system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

248 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Trusted delegation system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

248 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others