Systems and methods for enabling trust in a federated collaboration

US 8,375,213 B2
Filed: 05/06/2011
Issued: 02/12/2013
Est. Priority Date: 12/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for communicating on a federated network involving a trusted third party, the method comprising:

setting policies related to communicating on the federated network, the federated network including a plurality of members;

accepting an application of an organization to become a member the federated network;

responsive to the application, auditing the organization for compliance with the policies;

based on a successful result of the audit;

generating, by a certificate server, a digital certificate for use by the organization to sign identity assertions when communicating on the federated network, the digital certificate signifying that the trusted third party has audited and approved the organization for compliance with the policies; and

providing, by the certificate server, the digital certificate to the organization.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods consistent with the present invention enable explicit and multilateral trust across a community of federated servers via a network. A trusted third party establishes a framework of policies and procedures governing a federation. Organizations joining the federation submit to an audit process of internal policies and procedures to ensure compliance with the policies and procedures of the federation. Upon successful completion of an audit, an organization may receive a digital certificate containing the digital public key of the organization and indicating approval of the trusted third party. The organization may then use the associated digital private key for signing security assertions associated with a request for resources from another federation service provider. The service provider may trust the assertion from the organization based on trust placed in trusted third party by the service provider and the trust placed in the organization by the trusted third party.

Citations

19 Claims

1. A method for communicating on a federated network involving a trusted third party, the method comprising:
- setting policies related to communicating on the federated network, the federated network including a plurality of members;
  
  accepting an application of an organization to become a member the federated network;
  
  responsive to the application, auditing the organization for compliance with the policies;
  
  based on a successful result of the audit;
  
  generating, by a certificate server, a digital certificate for use by the organization to sign identity assertions when communicating on the federated network, the digital certificate signifying that the trusted third party has audited and approved the organization for compliance with the policies; and
  
  providing, by the certificate server, the digital certificate to the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising publishing the policies.
  - 3. The method of claim 1, wherein the method is performed by the trusted third party.
  - 4. The method of claim 1, wherein settings policies for communicating in the federated network includes one or more of:
    - determining technical policies for communicating on the federated network;
      
      determining security policies for communicating on the federated network;
      
      ordetermining legal policies of the federated network.
  - 5. The method of claim 4, wherein determining technical policies includes one or more of:
    - setting technical standards to be used when communicating on the federated network;
      
      setting attribute profiles to be used when making identity assertions within the federated network;
      
      orsetting an authentication strength for communications on the federated network.
  - 6. The method of claim 4, wherein determining securities policies includes one or more of setting requirements for proofing attributes of identities associated with the members of the federated network, or setting requirements for storing and delivering the attributes within the federated network.
  - 7. The method of claim 4, wherein determining legal policies includes one or more of setting standards for auditing the members of the federated network, or setting legal obligations of the members of federated network.
  - 8. The method of claim 4, wherein auditing includes auditing the organization for compliance with at least one of the technical policies for communicating on the federated network, the security policies for communicating on the federated network, or the legal policies for communicating on the federated network.
  - 9. The method of claim 1, wherein generating a digital certificate includes:
    - receiving a public key generated by the organization; and
      
      generating the digital certificate based on the public key.
  - 10. The method of claim 9, wherein the digital certificate includes attributes associated with the organization and certified by the trusted third party.
  - 11. The method of claim 1, further comprising maintaining a list of digital certificates of members of the federated network that have been revoked.
  - 12. The method of claim 1, wherein auditing includes one or more of:
    - assessing methods by which the organization proofs attributes of user identities associated with users of the organization;
      
      assessing methods by which the organization binds user credentials to the users of the organization;
      
      assessing methods by which the organization protects the user credentials;
      
      orassessing an account revocation policy of the organization.
  - 13. The method of claim 1, further comprising, in response to receiving notification of a breach of the federation policies involving a breaching federation member and a federation member harmed by the breach:
    - initiating an investigation of the breach to identify and discipline the breaching member; and
      
      renumerating the harmed federation member.

14. A method for communicating on a federated network involving a trusted third party, the method comprising:
- setting policies related to communicating in the federated network, the federated network including a plurality of members;
  
  accepting an application of an organization to become a member the federated network;
  
  responsive to the application, auditing the organization for compliance with the policies;
  
  based on a successful result of the audit;
  
  accepting the organization as a member of the federated network;
  
  generating, by a certificate server, a digital certificate to be used by the organization when communicating with other members of the federated network, the digital certificate signifying that the organization has been audited and approved by the trusted third party for membership in the federation; and
  
  providing, by the certificate server, the digital certificate to the organization.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising publishing the policies.
  - 16. The method of claim 14, wherein settings policies for communicating on the federated network includes one or more of:
    - determining technical policies for communicating on the federated network;
      
      determining security policies for communicating on the federated network;
      
      ordetermining legal policies of the federated network.
  - 17. The method of claim 16, wherein determining technical policies includes one or more of:
    - setting technical standards to be used when communicating on the federated network;
      
      setting attribute profiles to be used when making identity assertions within the federated network;
      
      orsetting an authentication strength for communications on the federated network.
  - 18. The method of claim 14, wherein generating a digital certificate includes:
    - receiving a public key generated by the organization; and
      
      generating the digital certificate based on the public key.

19. A computing system associated with a trusted third party of a federated network, the system comprising:
- a policy storage area storing policies related to communicating on the federated network, the federated network including a plurality of members;
  
  an application server configured to process an application of an organization to become a member the federated network;
  
  an audit server configured to audit the organization for compliance with the policies responsive to the application; and
  
  a certificate server configured to, based on a successful result of the audit;
  
  generate a digital certificate for use by the organization to sign identity assertions when communicating on the federated network, the digital certificate signifying that the trusted third party has audited and approved the organization for compliance with the policies; and
  
  provide the digital certificate to the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Exostar Corp.
Original Assignee
Exostar Corp.
Inventors
Borneman, Christopher Allen, Kobielus, James Gerard, Nigriny, Jeffrey Dean, Sherwood, Robert Edmund, Takanti, Vijay Kumar
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US13/102,529
Publication Number

US 20120066502A1
Time in Patent Office

648 Days
Field of Search

None
US Class Current

713/175
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

H04L 67/53   using third party service p...

H04L 69/329   in the application layer [O...

Systems and methods for enabling trust in a federated collaboration

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for enabling trust in a federated collaboration

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links