Trust spectrum for certificate distribution in distributed peer-to-peer networks

US 7,383,433 B2
Filed: 06/07/2002
Issued: 06/03/2008
Est. Priority Date: 07/31/2001
Status: Active Grant

First Claim

Patent Images

1. A peer computing system, comprising:

a plurality of peer nodes;

at least a subset of the plurality of peer nodes configured to participate in areas of interest to find and exchange codats relevant to the areas of interest, wherein a codat is computer-representable content or data;

wherein the at least a subset of the plurality of peer nodes is further configured to participate in a distributed trust mechanism to establish and maintain trust relationships among the peer nodes in particular areas of interest from trust evaluations of codat exchange among the peer nodes in the particular areas of interest; and

wherein each of the at least a subset of the plurality of peer nodes is configured to provide secure access to codats at a plurality of levels of trust, wherein, at one or more of the levels of trust, the at least a subset of the plurality of peer nodes use certificates to provide secure access to the codats, wherein a certificate is a security credential corresponding to a particular peer node;

wherein each of the at least a subset of the plurality of peer nodes is further configured to determine trust in certificates corresponding to other peer nodes in accordance with the distributed trust mechanism, wherein, to determine trust in certificates corresponding to other peer nodes, each of the at least a subset of plurality of peer nodes is further configured to;

locally maintain trust information corresponding to one or more other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and

determine trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a decentralized, distributed trust mechanism that may be used in peer-to-peer platforms, to implement trust relationships based on data relevance between peers on a network and to implement trust relationships between peers and content and data (codat). In one embodiment, the trust mechanism may provide a trust spectrum of multiple levels wherein unique peer identities may be established to enable authentication and the assignment of the peers'"'"' associated access policies within a peer group. In one embodiment, the trust spectrum may have Certificate Authority signed certificates as a maximum level of security, and self-signed certificates as a minimum level of security. Since a certificate is one form of codat, in one embodiment the trust mechanism may be applied to a peer group member'"'"'s collection of signed certificates for a given peer group.

239 Citations

27 Claims

1. A peer computing system, comprising:
- a plurality of peer nodes;
  
  at least a subset of the plurality of peer nodes configured to participate in areas of interest to find and exchange codats relevant to the areas of interest, wherein a codat is computer-representable content or data;
  
  wherein the at least a subset of the plurality of peer nodes is further configured to participate in a distributed trust mechanism to establish and maintain trust relationships among the peer nodes in particular areas of interest from trust evaluations of codat exchange among the peer nodes in the particular areas of interest; and
  
  wherein each of the at least a subset of the plurality of peer nodes is configured to provide secure access to codats at a plurality of levels of trust, wherein, at one or more of the levels of trust, the at least a subset of the plurality of peer nodes use certificates to provide secure access to the codats, wherein a certificate is a security credential corresponding to a particular peer node;
  
  wherein each of the at least a subset of the plurality of peer nodes is further configured to determine trust in certificates corresponding to other peer nodes in accordance with the distributed trust mechanism, wherein, to determine trust in certificates corresponding to other peer nodes, each of the at least a subset of plurality of peer nodes is further configured to;
  
  locally maintain trust information corresponding to one or more other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and
  
  determine trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The peer computing system as recited in claim 1, wherein two or more of the plurality of peer nodes are configured to participate as members in a peer group at one level of the plurality of levels of trust in accordance with the distributed trust mechanism.
  - 3. The peer computing system as recited in claim 2, wherein the plurality of levels of trust include one or more of:
    - self-signed certificates wherein a certificate is signed by a peer node corresponding to the certificate;
      
      cosigned certificates wherein a certificates is signed by the peer node corresponding to the certificate and at least one other peer node;
      
      pseudo-Certificate Authority signed certificates wherein a certificate is signed by a peer group member configured to act as a Certificate Authority;
      
      satellite Certificate Authority signed certificates wherein a certificate is signed by a peer group member assigned as a satellite Certificate Authority by a central Certificate Authority; and
      
      Certificate Authority signed certificates wherein a certificate is signed by a network Certificate Authority.
  - 4. The peer computing system as recited in claim 2, wherein each member in the peer group is configured to receive, from other members of the peer group, trust information including trust evaluations of peer nodes and trust evaluations of certificates and to incorporate the received trust information into the locally maintained trust information.
  - 5. The peer computing system as recited in claim 1, wherein the trust information includes trust evaluations of the one or more other peer nodes and trust evaluations of certificates corresponding to the one or more other peer nodes.
  - 6. The peer computing system as recited in claim 1, wherein the plurality of peer nodes is configured to implement a peer-to-peer environment on the network according to a peer-to-peer platform comprising one or more peer-to-peer platform protocols for enabling the plurality of peer nodes to discover each other, to communicate with each other, and to find and exchange the codats in the peer-to-peer environment.

7. A peer computing system, comprising:
- a plurality of peer nodes;
  
  at least a subset of the plurality of peer nodes configured to participate in areas of interest to find and exchange codats relevant to the areas of interest, wherein a codat is computer-representable content or data;
  
  wherein the at least a subset of the plurality of peer nodes is further configured to participate in a distributed trust mechanism to establish and maintain trust relationships among the peer nodes in particular areas of interest from trust evaluations of codat exchange among the peer nodes in the particular areas of interest;
  
  wherein each of the at least a subset of the plurality of peer nodes is configured to provide secure access to codats using certificates, wherein a certificate is a security credential corresponding to a particular peer node; and
  
  wherein the at least a subset of the plurality of peer nodes is further configured to determine trust in certificates received from other peer nodes in accordance with the distributed trust mechanism, wherein, to determine trust in certificates corresponding to other peer nodes, each of the at least a subset of plurality of peer nodes is further configured to;
  
  locally maintain trust information corresponding to one or more other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and
  
  determine trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.
- View Dependent Claims (8, 9)
- - 8. The peer computing system as recited in claim 7, wherein the trust information includes trust evaluations of the one or more other peer nodes and trust evaluations of certificates corresponding to the one or more other peer nodes.
  - 9. The peer computing system as recited in claim 7, wherein the plurality of peer nodes is configured to implement a peer-to-peer environment on the network according to a peer-to-peer platform comprising one or more peer-to-peer platform protocols for enabling the plurality of peer nodes to discover each other, to communicate with each other, and to find and exchange the codats in the peer-to-peer environment.

10. A peer node, comprising:
- a processor;
  
  a memory comprising program instructions, wherein the program instructions are executable by the processor to;
  
  participate in an area of interest with other peer nodes on a network to find and exchange codats relevant to the area of interest, wherein a codat is computer-representable content or data;
  
  implement a distributed trust mechanism to establish and maintain trust relationships with the other peer nodes in the area of interest from trust evaluations of codat exchange with the peer nodes in the area of interest;
  
  provide secure access to codats using certificates, wherein a certificate is a security credential corresponding to a particular peer node; and
  
  determine trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism;
  
  wherein, to determine trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism, the program instructions are executable by the processor to;
  
  locally maintain trust information corresponding to one or more of the other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and
  
  determine trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The peer node as recited in claim 10, wherein the program instructions are executable by the processor to:
    - provide secure access to codats at a plurality of levels of trust, wherein one or more of the levels of trust use certificates to provide secure access to the codats; and
      
      participate with one or more of the other peer nodes as members in a peer group at one level of the plurality of levels of trust in accordance with the distributed trust mechanism.
  - 12. The peer node as recited in claim 11, wherein the plurality of levels of trust include one or more of:
    - self-signed certificates wherein a certificate is signed by a peer node associated with the certificate;
      
      cosigned certificates wherein a certificates is signed by the peer node associated with the certificate and at least one other peer node;
      
      pseudo-Certificate Authority signed certificates wherein a certificate is signed by a peer group member configured to act as a Certificate Authority;
      
      satellite Certificate Authority signed certificates wherein a certificate is signed by a peer group member assigned as a satellite Certificate Authority by a central Certificate Authority; and
      
      Certificate Authority signed certificates wherein a certificate is signed by a network Certificate Authority.
  - 13. The peer node as recited in claim 11, wherein the program instructions are executable by the processor to:
    - receive, from other members of the peer group, trust information including trust evaluations of peer nodes and trust evaluations of certificates; and
      
      incorporate the received trust information into the locally maintained trust information.
  - 14. The peer node as recited in claim 10, wherein the trust information includes trust evaluations of the one or more other peer nodes and trust evaluations of certificates corresponding to the one or more other peer nodes.
  - 15. The peer node as recited in claim 10, wherein the program instructions are further executable within the peer node to participate with the other peer nodes in a peer-to-peer environment on the network according to a peer-to-peer platform comprising one or more peer-to-peer platform protocols for enabling peer nodes to discover each other, to communicate with each other, and to find and exchange the codats in the peer-to-peer environment.

16. A method, comprising:
- a peer node participating in an area of interest with other peer nodes on a network to find and exchange codats relevant to the area of interest, wherein a codat is computer-representable content or data;
  
  the peer node establishing and maintaining trust relationships with the other peer nodes in the area of interest from trust evaluations of codat exchange with the peer nodes in the area of interest in accordance with a distributed trust mechanism;
  
  the peer node providing secure access to codats using certificates, wherein a certificate is a security credential corresponding to a particular peer node; and
  
  the peer node determining trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism, wherein said determining trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism comprises;
  
  locally maintaining trust information corresponding to one or more of the other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and
  
  determining trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method as recited in claim 16, further comprising:
    - the peer node providing secure access to codats at a plurality of levels of trust, wherein one or more of the levels of trust use certificates to provide secure access to the codats; and
      
      the peer node participating with one or more of the other peer nodes as members in a peer group at one level of the plurality of levels of trust in accordance with the distributed trust mechanism.
  - 18. The method as recited in claim 17, wherein the plurality of levels of trust include one or more of:
    - self-signed certificates wherein a certificate is signed by a peer node associated with the certificate;
      
      cosigned certificates wherein a certificates is signed by the peer node associated with the certificate and at least one other peer node;
      
      pseudo-Certificate Authority signed certificates wherein a certificate is signed by a peer group member configured to act as a Certificate Authority;
      
      satellite Certificate Authority signed certificates wherein a certificate is signed by a peer group member assigned as a satellite Certificate Authority by a central Certificate Authority; and
      
      Certificate Authority signed certificates wherein a certificate is signed by a network Certificate Authority.
  - 19. The method as recited in claim 17, further comprising:
    - the peer node receiveing, from other members of the peer group, trust information including trust evaluations of peer nodes and trust evaluations of certificates andincorporating the received trust information into the locally maintained trust information.
  - 20. The method as recited in claim 16, wherein the trust information includes trust evaluations of the one or more other peer nodes and trust evaluations of certificates corresponding to the one or more other peer nodes.
  - 21. The method as recited in claim 16, wherein the peer nodes are configured to implement a peer-to-peer environment on the network according to a peer-to-peer platform comprising one or more peer-to-peer platform protocols for enabling the peer nodes to discover each other, communicate with each other, and to find and exchange the codats in the peer-to-peer environment.

22. A tangible, computer-accessible storage medium, comprising software instructions executable to implement, on a peer node:
- participating in an area of interest with other peer nodes on a network to find and exchange codats relevant to the area of interest, wherein a codat is computer-representable content or data;
  
  establishing and maintaining trust relationships with the other peer nodes in the area of interest from trust evaluations of codat exchange with the peer nodes in the area of interest in accordance with a distributed trust mechanism;
  
  providing secure access to codats using certificates, wherein a certificate is a security credential corresponding to a particular peer node; and
  
  determining trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism, wherein, in said determining trust in certificates received from the other peer nodes in accordance with the distributed trust mechanism, the software instructions are executable to implement, on the peer node;
  
  locally maintaining trust information corresponding to one or more of the other peer nodes, wherein the trust information includes trust evaluations pertaining to the one or more other peer nodes; and
  
  determining trust in a particular certificate, wherein trust in the particular certificate is determined dependent on the locally maintained trust information corresponding to at least one of one or more peer nodes on a network path between the peer node and a peer node corresponding to the particular certificate.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The tangible, computer-accessible storage medium as recited in claim 22, wherein the software instructions are further executable to implement, on the peer node:
    - providing secure access to codats at a plurality of levels of trust, wherein one or more of the levels of trust use certificates to provide secure access to the codats; and
      
      participating with one or more of the other peer nodes as members in a peer group at one level of the plurality of levels of trust in accordance with the distributed trust mechanism.
  - 24. The tangible, computer-accessible storage medium as recited in claim 23, wherein the plurality of levels of trust include one or more of:
    - self-signed certificates wherein a certificate is signed by a peer node associated with the certificate;
      
      cosigned certificates wherein a certificates is signed by the peer node associated with the certificate and at least one other peer node;
      
      pseudo-Certificate Authority signed certificates wherein a certificate is signed by a peer group member configured to act as a Certificate Authority;
      
      satellite Certificate Authority signed certificates wherein a certificate is signed by a peer group member assigned as a satellite Certificate Authority by a central Certificate Authority; and
      
      Certificate Authority signed certificates wherein a certificate is signed by a network Certificate Authority.
  - 25. The tangible, computer-accessible storage medium as recited in claim 23, wherein the software instructions are further executable to implement, on the peer node:
    - receiveing, from other members of the peer group, trust information including trust evaluations of peer nodes and trust evaluations of certificates andincorporating the received trust information into the locally maintained trust information.
  - 26. The tangible, computer-accessible storage medium as recited in claim 22, wherein wherein the trust information includes trust evaluations of the one or more other peer nodes and trust evaluations of certificates corresponding to the one or more other peer nodes.
  - 27. The tangible, computer-accessible storage medium as recited in claim 22, wherein the peer nodes are configured to implement a peer-to-peer environment on the network according to a peer-to-peer platform comprising one or more peer-to-peer platform protocols for enabling the peer nodes to discover each other, communicate with each other, and to find and exchange the codats in the peer-to-peer environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Yeager, William J., Chen, Rita Y.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Doan; Trang

Application Number

US10/165,019
Publication Number

US 20030070070A1
Time in Patent Office

2,188 Days
Field of Search

713156-158, 709/225, 709/229, 463/29, 726/1
US Class Current

713/157
CPC Class Codes

G06F 9/544   Buffers; Shared memory; Pipes

G06Q 30/02   Marketing; Price estimation...

H04L 61/00   Network arrangements, proto...

H04L 61/50   Address allocation

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1042   using topology management m...

H04L 67/1044   Group management mechanisms...

H04L 67/1046   Joining mechanisms

H04L 67/1048   Departure or maintenance me...

H04L 67/1057   involving pre-assessment of...

H04L 67/1068   Discovery involving direct ...

H04L 67/1095   Replication or mirroring of...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

Trust spectrum for certificate distribution in distributed peer-to-peer networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

239 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Trust spectrum for certificate distribution in distributed peer-to-peer networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

239 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links