System and method for expressing and evaluating signed reputation assertions
First Claim
1. A method of providing reputation services over a network, implemented in a computer system associated with a trusted entity, the method comprising:
- at the computer system associated with the trusted entity, receiving a request from a first party for a signed assertion concerning the reputation of a second party;
retrieving reputation-forming information (RFI) associated with the second party, the RFI comprising information that permits the trusted entity to make the requested signed assertion concerning the reputation of the second party;
creating, by the computer system, a reputation statement concerning the second party from the RFI;
binding, by the computer system, a piece of content, wherein the binding comprises generating a hash of the content;
generating, by the computer system, an assertion from the reputation statement, wherein the assertion includes the reputation statement, at least a portion of the RFI used to generate the reputation statement, said hash of the content, and an identity of the trusted entity;
signing, by the computer system, at least a portion of the assertion to produce said signed assertion to identify the trusted entity as the source of the signed assertion; and
transmitting, by the computer system, the signed assertion over the network to the first party.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for expressing and evaluating signed reputation assertions is disclosed. In one embodiment, a first entity receives a request to generate a signed assertion relating to a piece of content. The first entity generates a reputation statement about a second entity from reputation-forming information (RFI) about the second entity available to the first entity. The first entity then generates a signed assertion from the reputation statement and the piece of content at least in part by binding the piece of content to the reputation statement and signing a portion encompassing at least one of the bound piece of content and the bound reputation statement. The signed assertion is then transmitted to a receiving entity.
19 Citations
20 Claims
-
1. A method of providing reputation services over a network, implemented in a computer system associated with a trusted entity, the method comprising:
-
at the computer system associated with the trusted entity, receiving a request from a first party for a signed assertion concerning the reputation of a second party;
retrieving reputation-forming information (RFI) associated with the second party, the RFI comprising information that permits the trusted entity to make the requested signed assertion concerning the reputation of the second party;creating, by the computer system, a reputation statement concerning the second party from the RFI; binding, by the computer system, a piece of content, wherein the binding comprises generating a hash of the content; generating, by the computer system, an assertion from the reputation statement, wherein the assertion includes the reputation statement, at least a portion of the RFI used to generate the reputation statement, said hash of the content, and an identity of the trusted entity; signing, by the computer system, at least a portion of the assertion to produce said signed assertion to identify the trusted entity as the source of the signed assertion; and transmitting, by the computer system, the signed assertion over the network to the first party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A reputation services system comprising:
-
a computer system coupled a trusted entity to a network, the computer system comprising; a receiving module for receiving a request from a first party for a signed assertion concerning the reputation of a second party; a retrieval module adapted to retrieve over the network reputation-forming information (RFI) associated with the second party; a reputation module adapted to create a reputation statement concerning the second party, the reputation statement reflecting a calculation over the RFI and the reputation module binding a hash of a piece of content; an assertion generator module for generating an assertion about the second party from the reputation statement, at least a portion of the RFI, and said hash of said piece of content; a signing module adapted to generate the signed assertion by signing at least a portion of the assertion to identify the trusted entity as the source of the signed assertion; and a transmitter module adapted to send the signed assertion over the network to the first party. - View Dependent Claims (13, 14, 15)
-
-
16. A computing system associated with a trusted entity and connected to a computer network, the computer system including a non-transitory computer-readable medium embodying computer-executable instructions, which control the computer system to perform a method that comprises:
-
receiving a request from a first party for a signed assertion concerning the reputation of a second party; retrieving reputation-forming information (RFI) associated with the second party, the RFI comprising information that permits the trusted entity to make the requested signed assertion concerning the reputation of the second party; creating a reputation statement concerning the second party from the RFI; binding a piece of content by generating a hash of the content; generating an assertion from the reputation statement, wherein the assertion includes the reputation statement, at least a portion of the RFI used to generate the reputation statement, said hash of the content, and an identity of the trusted entity; signing at least a portion of the assertion to produce said signed assertion to identify the trusted entity as the source of the signed assertion; and transmitting the signed assertion over the network to the first party. - View Dependent Claims (17, 18, 19, 20)
-
Specification