Systems and methods for using reputation scores in network services and transactions to calculate security risks to computer systems and platforms
DCFirst Claim
1. A reputation scoring system for generating and displaying a hierarchical representation of a reputation score of a subject, the system comprising:
- a hardware processor;
a reputation broker configured on the hardware processor to;
process a query for a reputation score of the subject received at a trust broker from a service provider as a result of a device initiated service transaction; and
dispatch a request to a trust orchestrator to generate a hierarchical reputation score for the subject as a measured dynamic assessment of the integrity of monitored applications executing on a device of the subject,wherein the trust orchestrator is configured to process the received dispatch request for the hierarchical reputation score by;
initiating a plurality of directed queries to information management systems internal or external to an organization to interrogate attributes associated with the subject;
analyzing received responses from the plurality of directed queries;
receiving the generated hierarchical reputation score for the subject based on a calculus of risk; and
sending the generated hierarchical reputation score for the subject to the reputation broker,wherein the trust orchestrator is further configured to;
receive a reputation token from the reputation broker for the subject in response to the dispatched request; and
send the reputation token to the service provider as a response to the query for the reputation score.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Instrumented networks, computer systems and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for calculating security risks by determining subject reputation scores. In an embodiment, a system receives a query for a reputation score of a subject, initiates directed queries to external information management systems to interrogate attributes associated with the subject, and analyzes responses. The system receives a hierarchical subject reputation score based on a calculus of risk and returns a reputation token. In another embodiment, a method provides real time attestation of a subject'"'"'s reputation to a service provider using an endpoint trust agent, and a trust orchestrator comprising a reputation broker and a trust broker.
-
Citations
24 Claims
-
1. A reputation scoring system for generating and displaying a hierarchical representation of a reputation score of a subject, the system comprising:
-
a hardware processor; a reputation broker configured on the hardware processor to; process a query for a reputation score of the subject received at a trust broker from a service provider as a result of a device initiated service transaction; and dispatch a request to a trust orchestrator to generate a hierarchical reputation score for the subject as a measured dynamic assessment of the integrity of monitored applications executing on a device of the subject, wherein the trust orchestrator is configured to process the received dispatch request for the hierarchical reputation score by; initiating a plurality of directed queries to information management systems internal or external to an organization to interrogate attributes associated with the subject; analyzing received responses from the plurality of directed queries; receiving the generated hierarchical reputation score for the subject based on a calculus of risk; and sending the generated hierarchical reputation score for the subject to the reputation broker, wherein the trust orchestrator is further configured to; receive a reputation token from the reputation broker for the subject in response to the dispatched request; and send the reputation token to the service provider as a response to the query for the reputation score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of providing real time attestation of a reputation of a subject to a service provider using an endpoint trust agent, and a trust orchestrator including a processor comprising a reputation broker and a trust broker, the method comprising:
-
receiving, at the trust orchestrator by the reputation broker, from a service provider, a query for a reputation score of a subject as a result of a device initiated service transaction; dispatching, at the trust orchestrator by the reputation broker, a request to generate a just-in-time reputation score for a subject as a measured dynamic assessment of the integrity of monitored applications executing on a device of the subject; and processing, at the trust orchestrator by the trust broker, the received request to generate the just-in-time reputation score by; initiating, by the processor, a plurality of directed queries to external information management systems to interrogate attributes associated with a subject, analyzing, by the processor, received responses from the plurality of directed queries and generating a reputation score for a subject based on a calculus of risk, sending, the generated reputation score for the subject to the reputation broker, and sending, by the reputation broker at the trust orchestrator, as a response to the query for the reputation score, to a service provider, a reputation token for a subject. - View Dependent Claims (22, 23, 24)
-
Specification