Trusted delegation system
First Claim
1. A method of authenticating claims in a trust system wherein access to resources of a computer system by an object is granted or denied based on one or more claims about the access and the computer system, wherein a claim is a statement about a rule in the trust system relating to the object, the method comprising the steps of:
- identifying one or more trusted claims for the object;
determining whether clearance to trust the object exists from the trusted claims;
when the existence of clearance to trust is determined in the step of determining, granting the access; and
when the existence of clearance to trust is not determined in the step of determining, performing the steps of;
(a) examining one or more claims in a claim repository to identify a relevant claim that asserts that the access is grantable to the object;
(b) seeking a path of trust through the claim repository from the relevant claim to one of the trusted claims, wherein a path is a list of claims from the relevant claim to the one of the trusted claims joined by links specified in the claims and wherein a path of trust is a path wherein each claim is authenticated;
(c) when a path of trust is found and each claim in the path of trust is verified, granting the object the access; and
(d) when a path of trust cannot be found after a finite search, denying the object the access.
1 Assignment
0 Petitions
Accused Products
Abstract
A trust manager examines each new class before it is allowed to execute by examining a policy file which includes data structures defining security policies of the user system, a certificate repository for storing a plurality of certificates, a certificate being a data record which is digitally signed and which certifies claims relevant to a security evaluation, a code examiner adapted to analyze the portion of code to determine potential resource use of the portion of code and a trust evaluator adapted to evaluate certificate requirements of the portion of code based on policy rules extracted from the policy file and the potential resource use specified by the code examiner. The trust evaluator also determines, from certificates from the certificate repository and a code identifier identifying the portion of code, whether execution of the portion of code is allowed by the policy rules given the potential resource use, the code supplier and applicable certificates. Certificates and policies can be specified in hierarchical form, so that some levels of security can be delegated to trusted entities.
248 Citations
17 Claims
-
1. A method of authenticating claims in a trust system wherein access to resources of a computer system by an object is granted or denied based on one or more claims about the access and the computer system, wherein a claim is a statement about a rule in the trust system relating to the object, the method comprising the steps of:
-
identifying one or more trusted claims for the object; determining whether clearance to trust the object exists from the trusted claims; when the existence of clearance to trust is determined in the step of determining, granting the access; and when the existence of clearance to trust is not determined in the step of determining, performing the steps of; (a) examining one or more claims in a claim repository to identify a relevant claim that asserts that the access is grantable to the object; (b) seeking a path of trust through the claim repository from the relevant claim to one of the trusted claims, wherein a path is a list of claims from the relevant claim to the one of the trusted claims joined by links specified in the claims and wherein a path of trust is a path wherein each claim is authenticated; (c) when a path of trust is found and each claim in the path of trust is verified, granting the object the access; and (d) when a path of trust cannot be found after a finite search, denying the object the access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A trust management system for deciding whether to execute a portion of code on a user system, the portion of code being provided by a code supplier, code suppliers having varying levels of trust, the trust management system comprising:
-
a policy file which includes claims about security policies of the user system; a certificate repository for storing a plurality of certificates, a certificate being a data record including claims; means, coupled to the certificate repository, for receiving certificates and storing the certificates in the certificate repository; a code examiner, coupled to receive the portion of code from the code supplier and adapted to analyze the portion of code to determine potential resource use of the portion of code; and a trust evaluator, coupled to the policy file, the certificate repository and the code examiner, wherein the trust evaluator is adapted to determine a path of trust from a relevant claim to a trusted claim and to authenticate claims in the path of trust, where the path of trust, if required, specifies whether execution of the portion of code is allowed by the policy rules and the potential resource use. - View Dependent Claims (15, 16)
-
-
17. A method of authenticating an untrusted claim in a trust system, comprising the steps of:
-
(a) authenticating a key provided with the untrusted claim; (b) checking that the key has authorization to make the untrusted claim; (c) if the authorization for the key to make the untrusted claim is provided by a second claim which is not itself a trusted claim, repeating steps (a) and (b) to authenticate the second claim; and (d) repeating steps (a), (b) and (c) with subsequent claims until a trusted claim is reached or a predetermined computing effort is expended.
-
Specification