Device for and method of controlled multilevel chain of trust/revision

US 9,467,299 B1
Filed: 03/19/2014
Issued: 10/11/2016
Est. Priority Date: 03/19/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlled multilevel chain of trust/revision, comprising the steps of:

a) requesting by a first user, via the first user'"'"'s computing device, an uncertified computer object and certification of a certifiable characteristic;

b) receiving by a certification authority each certification request from the first user and comparing it against user-definable criteria for certifying the request and, if the criteria are satisfied, issuing to the first user a certificate authorizing the request;

c) upon issuance of a certificate from the certification authority, contacting by the first user each computing device from which a certified computer object is required and requesting the computer object, contacting each computing device from which an uncertified object is required;

d) contacting the certification authority by each computing device that receives a certification request for verification that the first user is authorized to receive the certified computer object, while a computing device contacted for an uncertified computer object sends the first user the uncertified computer object;

e) for each request for verification, informing the computing device by the certifying authority if the first user is authorized to receive the certified computer object;

f) upon receipt by the computing device of verification, sending by the computing device the certified computer object to the first user; and

g) upon receipt of the certified and uncertified computer object, executing the objects, where the result includes a digital certificate for communicating with a subsequent user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device and method of controlled, multilevel chain of trust/revision by certifying of each user, device, action, and circumstance in the creation, modification, and transmission of computer information, including a revision history of any modification, and identification of any uncertified computer object used.

34 Citations

View as Search Results

13 Claims

1. A method of controlled multilevel chain of trust/revision, comprising the steps of:
- a) requesting by a first user, via the first user'"'"'s computing device, an uncertified computer object and certification of a certifiable characteristic;
  
  b) receiving by a certification authority each certification request from the first user and comparing it against user-definable criteria for certifying the request and, if the criteria are satisfied, issuing to the first user a certificate authorizing the request;
  
  c) upon issuance of a certificate from the certification authority, contacting by the first user each computing device from which a certified computer object is required and requesting the computer object, contacting each computing device from which an uncertified object is required;
  
  d) contacting the certification authority by each computing device that receives a certification request for verification that the first user is authorized to receive the certified computer object, while a computing device contacted for an uncertified computer object sends the first user the uncertified computer object;
  
  e) for each request for verification, informing the computing device by the certifying authority if the first user is authorized to receive the certified computer object;
  
  f) upon receipt by the computing device of verification, sending by the computing device the certified computer object to the first user; and
  
  g) upon receipt of the certified and uncertified computer object, executing the objects, where the result includes a digital certificate for communicating with a subsequent user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the step of requesting by a first user, is comprised of requesting digital certification, and wherein the digital certificate includes a digital certificate in accordance with an X.509 standard published by the International Telecommunication Union.
  - 3. The method of claim 1, wherein the step of requesting by a first user certification of a certifiable characteristic includes, requesting computing device authorization, and wherein the computing devices are selected from the group consisting of a computer, a personal digital assistant, and a mobile device.
  - 4. The method of claim 1, wherein the step of requesting by a first user certification of a certifiable characteristic includes, requesting location authorization, where the certifying authority certifies that the first user'"'"'s computing device is located in an allowable geographical.
  - 5. The method of claim 1, wherein the step of requesting by a first user certification of a certifiable characteristic includes, requesting computing object authorization, where a computing object is selected from the group of data, software, and a library.
  - 6. The method of claim 1, wherein the step of requesting by a first user certification of a certifiable characteristic includes requesting activity authorization, where the activity is selected from the group consisting of develop program, compile program, distribute program, update program, install program, and execute program.
  - 7. The method of claim 1, wherein the step of requesting by a first user certification of a certifiable characteristic includes requesting circumstance authorization.
  - 8. The method of claim 1, further including the step of associating with each computer object a tuple including the computer object, a pointer to a data structure that indicates what data objects, if any, were used to create the computer object, and a digital signature, if any, of the computer object that was signed by a computer platform on which the computer object was created, where the pointer is null if the computer object was created on the computer platform without using another data object with which a tuple is associated.
  - 9. The method of claim 8, where the pointer points to a data structure containing a tuple, if the computer object was created using another data object with which a tuple is associated.
  - 10. The method of claim 8, where the pointer points to a data structure containing a list of tuples, if the computer object was created using more than one data object with which a tuple is associated.
  - 11. The method of claim 8, where the result further includes an indication of any uncertified objects used and where risk is quantified to allow a user to assess risk if a computer object does not have a digital signature in its tuple.
  - 12. The method of claim 1, wherein said certifiable characteristic is selected from the group consisting of user authorization, computing device authorization, location authorization, access to computing object authorization, activity authorization, circumstance authorization, and communication authorization.
  - 13. The method of claim 1, further comprising the steps of:
    - h) contacting the certification authority by the subsequent user and requesting verification that the subsequent user is authorized to process the communication;
      
      i) if the subsequent user is authorized to process the received communication, then providing the subsequent user with a certificate to process the received communication; and
      
      j) if the subsequent user is authorized to process the received communication, then processing the received communication, wherein the processed communication includes all of the certificates associated with each communication providing a chain of trust/revision and identification of any uncertified objects used.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Security Agency
Original Assignee
National Security Agency
Inventors
Alexander, Keith B., Dowd, Patrick W.
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/999,546
Time in Patent Office

937 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3265   using certificate chains, t...

Device for and method of controlled multilevel chain of trust/revision

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Device for and method of controlled multilevel chain of trust/revision

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others