Trust-management systems and methods

US 8,578,151 B2
Filed: 03/29/2011
Issued: 11/05/2013
Est. Priority Date: 05/19/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for controlling access to electronic resources, the system comprising:

a first computer system for processing requests for system resources, the first computer system comprising;

a network interface for receiving digital certificates from other systems and for receiving requests to access electronic resources;

a memory for storing electronic resources and one or more certificates relating thereto; and

a trust management engine for processing digital certificates and requests for electronic resources, and for making access control decisions using authorizations associated with at least one principal included in at least one of said digital certificates by performing least fixpoint computations using said authorizations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied. The certificates may be evaluated until the state of the root authority indicates that the request should be granted, or until further evaluation of the certificates is ineffective in changing the state of the principals.

72 Citations

View as Search Results

7 Claims

1. A system for controlling access to electronic resources, the system comprising:
- a first computer system for processing requests for system resources, the first computer system comprising;
  
  a network interface for receiving digital certificates from other systems and for receiving requests to access electronic resources;
  
  a memory for storing electronic resources and one or more certificates relating thereto; and
  
  a trust management engine for processing digital certificates and requests for electronic resources, and for making access control decisions using authorizations associated with at least one principal included in at least one of said digital certificates by performing least fixpoint computations using said authorizations.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A system as in claim 1, further comprising:
    - a second computer system for making a request for system resources from the first computer system;
      
      a third computer system for generating a first digital certificate, the first digital certificate authorizing, at least in part, the second computer system to access a predefined system resource.
  - 3. A system as in claim 2, further comprising:
    - a fourth computer system, the fourth computer system being operable to generate a second digital certificate, the second digital certificate authorizing, at least in part, the third computer system to authorize, at least in part, the user of the second computer system to access the predefined system resource.
  - 4. A system as in claim 3, in which the third computer system is operable to send the first digital certificate to the second computer system, the second computer system is operable to send the first digital certificate to the first computer system in connection with said request, and the fourth computer system is operable to send the second digital certificate to the first computer system.
  - 5. A system as in claim 4, in which the first computer system further comprises a public key associated with the fourth computer system, the public key corresponding to a private key used to sign the second digital certificate.
  - 6. A system as in claim 1, in which at least some of the digital certificates comprise SPKI certificates.
  - 7. A system as in claim 1, in which at least some of the digital certificates comprise Keynote certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Weeks, Stephen P., Serret-Avila, Xavier
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US13/074,788
Publication Number

US 20110238982A1
Time in Patent Office

952 Days
Field of Search

726/1, 726/2, 726/8, 726/21, 713/156, 713/175, 713/182, 380/45, 380/277
US Class Current

713/156
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 9/3263   involving certificates, e.g...

Trust-management systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Trust-management systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links