Resilient trust network services
First Claim
Patent Images
1. A system relating to trust network services comprising:
- a plurality of client computers coupled to a network;
an access server coupled to the network for providing a host application that provides a plurality of application services to the client computers;
a trust server coupled to a trust history database and the network, the trust server providing trust services to the access server;
a display broker coupled to the network providing a user interface for trust services; and
a set of application services including the following services;
trust services, service connectors which are adaptors for the trust services, and trust service proxies coupled to the network;
wherein the access server, the trust server, the display broker and the set of application services are system components that comprise a pipeline that provides function according to the interaction of the system components with the policies held by a relying party;
wherein the access server, the trust server, the display broker and the set of application services communicate with each other in a peer-to-peer manner in a non-hierarchical secure network through a trust protocol;
wherein the trust server is further configured to start a trust session by passing a user identification (ID), close a trust session by passing a session ID, create a new credential expression by passing a session ID, cancel a credential request by passing a credential ID, check a credential request status by passing the credential ID, where the credential request is a request to authorize an interaction with a protected resource that specifies the trust services needed to be validated and documents the interaction and has a status;
wherein the trust protocol does not include starting the trust session and does not include stopping the trust session; and
wherein the trust network services communicate with the trust protocol that includes transmitting a credential request to selectively authorize or restrict communications or provision services among any of the plurality of client computers and the trust network services.
2 Assignments
0 Petitions
Accused Products
Abstract
A Resilient Trust Network (RTN) is a set of servers that provide: an application integration platform for developing and publishing services and user interface for services, building derived services, subscribing to services, and embedding services into host applications, and building composite applications composed from multiple diverse services. The RST can also provide a platform for defining security requirements and accessing shared trust services that implement those requirements for services regardless of where or how those services are used.
347 Citations
24 Claims
-
1. A system relating to trust network services comprising:
-
a plurality of client computers coupled to a network; an access server coupled to the network for providing a host application that provides a plurality of application services to the client computers; a trust server coupled to a trust history database and the network, the trust server providing trust services to the access server; a display broker coupled to the network providing a user interface for trust services; and a set of application services including the following services;
trust services, service connectors which are adaptors for the trust services, and trust service proxies coupled to the network;wherein the access server, the trust server, the display broker and the set of application services are system components that comprise a pipeline that provides function according to the interaction of the system components with the policies held by a relying party; wherein the access server, the trust server, the display broker and the set of application services communicate with each other in a peer-to-peer manner in a non-hierarchical secure network through a trust protocol; wherein the trust server is further configured to start a trust session by passing a user identification (ID), close a trust session by passing a session ID, create a new credential expression by passing a session ID, cancel a credential request by passing a credential ID, check a credential request status by passing the credential ID, where the credential request is a request to authorize an interaction with a protected resource that specifies the trust services needed to be validated and documents the interaction and has a status; wherein the trust protocol does not include starting the trust session and does not include stopping the trust session; and wherein the trust network services communicate with the trust protocol that includes transmitting a credential request to selectively authorize or restrict communications or provision services among any of the plurality of client computers and the trust network services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system relating to trust network services comprising:
-
a plurality of client computers coupled to a network; and a plurality of trust network services including the following;
access servers, trust brokers, trust services and trust service proxies;wherein the plurality of trust network services communicate in a peer-to-peer manner via a trust protocol and a trust network service implements or invokes zero-knowledge token aliasing and encryption and crypto-hashing; wherein opaque token services selectively obfuscate or reveal data messages;
or opaque token services selectively obfuscate or reveal credential expressions among a plurality of participating client computers;
or opaque token services selectively obfuscate users of the plurality of client computers; andwherein the decision as to what code to use selected from the group;
token aliasing code, encryption code, crypto-hashing semantic transform firewall code or algorithmic transformation code, is made by an interaction of the trust broker and the trust service proxy is based on the policy of a relying party. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system relating to trust network services comprising:
-
a plurality of client computers coupled to a network; an access server coupled to the network for providing a host application that provides a plurality of application services to the client computers; a trust broker coupled to a trust history database and the network, the trust broker providing trust services to the access server; a display broker coupled to the network providing a user interface for trust services; and a set of application services including the following services;
trust services, service connectors which are adaptors for the trust services, and trust service proxies coupled to the network;wherein the access server, the trust broker, the display broker and the set of application services are system components that comprise a pipeline that provides function according to the interaction of the system components with the policies held by a relying party; wherein the access server, the trust broker, the display broker and the set of application services communicate with each other in a peer-to-peer manner in a non-hierarchical secure network through a trust protocol; wherein the trust server is further configured to start a trust session by passing a user identification (ID), close a trust session by passing a session ID, create a new credential expression by passing a session ID, cancel a credential request by passing a credential ID, check a credential request Status by passing the credential ID, where the credential request is a request to authorize an interaction with a protected resource that specifies the trust services needed to be validated and documents the interaction and has a status; wherein the trust protocol does not include starting the trust session and does not include stopping the trust session; and wherein the trust network services communicate with the trust protocol that includes transmitting a credential request to selectively authorize or restrict communications or provision services among any of the plurality of client computers and the trust network services.
-
Specification