Hierarchical open security information delegation and acquisition
First Claim
Patent Images
1. A method of securing a computer system of an end user, comprising:
- storing a software provider root security information object in an end user'"'"'s computer system;
producing an end user root security information object based on the software provider root security information object;
receiving security information from a higher-level entity;
validating the received security information using the end user root security information object; and
updating the end user root security information object based on validated security information;
wherein the end user root security information object determines one or more trusted entities, determines what functions a trusted entity can perform, and determines who can update the root security information object; and
wherein the end user root security information object is controlled by the software provider root security information object; and
wherein the computer system refuses information from an entity that is not included in the end user root security information object.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a method and system for secure data transfer and dynamic definition of trustworthiness of various entities by multiple parties in a hierarchy tree or graph structure. The invention uses digital certificates. Each party in the business hierarchy can control and define various trust information including trustworthiness and delegation authority for the entities it deals with. The ability of a party to redefine or add trust information is controlled by the parties with which it has a relationship that are above it in the hierarchy. Trust vectors and delegation vectors are used to store this information. Each party can add trusted third parties to a security object without compromising the integrity of security objects already issued. A sequence of security objects including digital certificates can be modified without compromising the original digital certificates in those security objects.
59 Citations
15 Claims
-
1. A method of securing a computer system of an end user, comprising:
-
storing a software provider root security information object in an end user'"'"'s computer system; producing an end user root security information object based on the software provider root security information object; receiving security information from a higher-level entity; validating the received security information using the end user root security information object; and updating the end user root security information object based on validated security information; wherein the end user root security information object determines one or more trusted entities, determines what functions a trusted entity can perform, and determines who can update the root security information object; and wherein the end user root security information object is controlled by the software provider root security information object; and wherein the computer system refuses information from an entity that is not included in the end user root security information object. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of controlling a computer system, comprising:
-
storing a software provider root security information object in a local computing device; producing local root security information based on the stored software provider root security information object, wherein said local root security information identifies trusted entities, provides trust information that specifies the roles that the trusted entities can fulfill, and designates who can modify the local root entity information; receiving updated trust information; validating the received updated trust information using the local root security information and the software provider root security information object; and updating the local root security information with the validated trust information, wherein the local root security information object is controlled by the software provider root security information object; and wherein the computer system refuses information from art entity that is not included in the local root security information object. - View Dependent Claims (8, 9, 10)
-
-
11. A method of updating trust relationships of users, wherein each computer system of a user includes stored software provider information and stored user root security information, the method comprising:
-
maintaining an upper level root security information object in a computing device, wherein the upper level root security information object includes information regarding the user root security information of each user and information regarding the stored software provider information; and sending the computer system of the selected user updated security information; wherein the sent updated security information is security protected using the stored user root security information of the selected user and the software provider information, wherein the sent updated security information includes information regarding a trusted entity, wherein the stored user root security information of the selected user is controlled by the software provider information, and wherein the computer system refuses in formation from an entity that is not included in the stored user root security information of the selected user. - View Dependent Claims (12, 13, 14, 15)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeComcast Cable Communications Management LLC (Comcast Corporation)
-
Original AssigneeTVWorks LLC (Comcast Corporation)
-
InventorsValente, Luis
-
Primary Examiner(s)Moise; Emmanuel L
-
Assistant Examiner(s)CALLAHAN, PAUL E
-
Application NumberUS11/247,601Publication NumberTime in Patent Office1,519 DaysField of Search713/2, 713/156, 713/175, 705/77, 726/18, 726/30, 380/382US Class Current713/175CPC Class CodesH04L 2209/56 Financial cryptography, e.g...H04L 9/007 involving hierarchical stru...H04L 9/3265 using certificate chains, t...
