Trust-management systems and methods
First Claim
1. A system for controlling access to electronic resources, the system comprising:
- a first computer system for processing requests for system resources, the first computer system comprising;
a network interface for receiving digital certificates from other systems and for receiving requests to access electronic resources;
a memory for storing electronic resources and one or more certificates relating thereto; and
a trust management engine for processing digital certificates and requests for electronic resources, and for making access control decisions using authorizations associated with at least one principal included in at least one of said digital certificates by performing least fixpoint computations using said authorizations.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied. The certificates may be evaluated until the state of the root authority indicates that the request should be granted, or until further evaluation of the certificates is ineffective in changing the state of the principals.
72 Citations
7 Claims
-
1. A system for controlling access to electronic resources, the system comprising:
-
a first computer system for processing requests for system resources, the first computer system comprising; a network interface for receiving digital certificates from other systems and for receiving requests to access electronic resources; a memory for storing electronic resources and one or more certificates relating thereto; and a trust management engine for processing digital certificates and requests for electronic resources, and for making access control decisions using authorizations associated with at least one principal included in at least one of said digital certificates by performing least fixpoint computations using said authorizations. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification