Methods and systems for secure and reliable identity-based computing

US 9,721,086 B2
Filed: 09/13/2014
Issued: 08/01/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method for establishing an identity-based resource identity information set computing environment employing a computing arrangement comprising at least in part one or more computing systems, the method comprising:

establishing specifications for providing at least one of resources and services for secure, standardized, interoperable publishing of resource identity information sets for identifying and evaluating resources, wherein such specifications include specifications for;

generating at least one persistent identifier for each such resource identity information set;

acquiring, during a publishing process for each such resource identity information set, participating publishing process stakeholder person biometric identification information, and maintaining at least one of biometric identification information of such person, and information derived therefrom, wherein the stakeholder person is at least one of a stakeholder-human and a stakeholder human-agent;

generating at least one persistent identifier for each resource subject matter of such resource identity information set;

generating persistent identity information for each such stakeholder person, wherein such identity information includes;

at least one identifier for each such resource publishing process stakeholder person; and

at least one of trustworthiness, and situational appropriateness, attribute information set specifying at least one of a standardized and interoperable quality to purpose assertion attribute, and an effective fact attribute for such resource publishing process stakeholder person,wherein a quality to purpose assertion attribute comprises identifying information for such publishing process stakeholder person, a contextual purpose specification associated with such stakeholder person, and at least one value expressing an approximation of such stakeholder person'"'"'s suitability relating to the fulfillment of such specified contextual purpose, andwherein an effective fact attribute is a specification regarding an attribute of such publishing process stakeholder person that is to be treated as factual, and is verifiable by an independent party through the use of at least one test method; and

publishing persistent resource identity information sets, wherein each information set is uniquely identifiable, identifies its subject matter, uniquely identifies its stakeholder person, and includes such maintained publishing process stakeholder person at least one of biometric identification information and information derived therefrom.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes. Systems and methods may include, as applicable, software and hardware implementations for Identity Firewalls; Awareness Managers; Contextual Purpose Firewall Frameworks for situationally germane resource usage related security, provisioning, isolation, constraining, and operational management; liveness biometric, and assiduous environmental, evaluation and authentication techniques; Repute systems and methods assertion and fact ecosphere; standardized and interoperable contextual purpose related expression systems and methods; purpose related computing arrangement resource and related information management systems and methods, including situational contextual identity management systems and methods; and/or the like.

112 Citations

View as Search Results

21 Claims

1. A method for establishing an identity-based resource identity information set computing environment employing a computing arrangement comprising at least in part one or more computing systems, the method comprising:
- establishing specifications for providing at least one of resources and services for secure, standardized, interoperable publishing of resource identity information sets for identifying and evaluating resources, wherein such specifications include specifications for;
  
  generating at least one persistent identifier for each such resource identity information set;
  
  acquiring, during a publishing process for each such resource identity information set, participating publishing process stakeholder person biometric identification information, and maintaining at least one of biometric identification information of such person, and information derived therefrom, wherein the stakeholder person is at least one of a stakeholder-human and a stakeholder human-agent;
  
  generating at least one persistent identifier for each resource subject matter of such resource identity information set;
  
  generating persistent identity information for each such stakeholder person, wherein such identity information includes;
  
  at least one identifier for each such resource publishing process stakeholder person; and
  
  at least one of trustworthiness, and situational appropriateness, attribute information set specifying at least one of a standardized and interoperable quality to purpose assertion attribute, and an effective fact attribute for such resource publishing process stakeholder person,wherein a quality to purpose assertion attribute comprises identifying information for such publishing process stakeholder person, a contextual purpose specification associated with such stakeholder person, and at least one value expressing an approximation of such stakeholder person'"'"'s suitability relating to the fulfillment of such specified contextual purpose, andwherein an effective fact attribute is a specification regarding an attribute of such publishing process stakeholder person that is to be treated as factual, and is verifiable by an independent party through the use of at least one test method; and
  
  publishing persistent resource identity information sets, wherein each information set is uniquely identifiable, identifies its subject matter, uniquely identifies its stakeholder person, and includes such maintained publishing process stakeholder person at least one of biometric identification information and information derived therefrom.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein establishing specifications further comprises establishing the specifications for securely maintaining at least a portion of published resource information sets in a storage arrangement available to distributed independent parties.
  - 3. The method of claim 1, wherein establishing specifications further comprises establishing the specifications for identifying a resource set based at least in part on a user set at least in part standardized contextual purpose specification expressed at least in part using a standardized purpose expression verb and category expression arrangement, wherein the user set contextual purpose specification at least in part specifies a contextual purpose approximation for the user set computing session activity set.
  - 4. The method of claim 1, wherein generating at least one persistent identifier for a resource identity information set employs, at least in part, such resource identity information set publishing process at least one of stakeholder biometric information, and information derived therefrom.
  - 5. The method of claim 1, wherein securely acquiring identity-related information from one or more biometric and/or environmental sensors comprises acquiring biometric and/or environmental identity-related information using security hardened at least one of Awareness Manager and Identity Firewall, at least one of component and appliance, arrangement.
  - 6. The method of claim 4, wherein identity-related information acquired from one or more biometric and/or environmental sensor and emitter arrangement sets is securely associated with time stamp information for timing anomaly analysis for reality integrity evaluation regarding the integrity of correspondence of at least a portion of sensor acquired information with such unpredictable emitter output corresponding information.
  - 7. The method of claim 1, wherein establishing specifications further comprises:
    - establishing the specifications for supporting a user resource evaluation arrangement employing such uniquely identifiable resource information sets, wherein at least one of resource identity information sets, and such subject matters of such resource identity information sets, are evaluated by users regarding their appropriateness for user purpose, such evaluation based at least in part upon attribute information of such resource identity information sets'"'"' respective biometrically identified publishing process stakeholder persons.
  - 8. The method of claim 1, wherein such resource information set subject matter comprises at least one of an e-mail, a text, and video, for at least in part communicating between a sender and at least one receiver.
  - 9. The method of claim 1, wherein such method further includes performing biometric identification liveness testing of stakeholder person sensor and emitter related at least one of reflection, refraction, diffraction, re-emission, scattering, and absorption, timing discontinuity, and timing overhead delay, information.
  - 10. The method of claim 9, wherein at least a portion of such sensor and emitter related information is time stamped through use of a secure clock.
  - 11. The method of claim 1, wherein such method further includes such publishing process stakeholder person cryptographically signing at least one of such stakeholder person publishing process resource information set, and one or more portions of such stakeholder person publishing process information set.
  - 12. The method of claim 1 or 11, wherein such method further includes liveness testing of such publishing process stakeholder person through use of sensor and emitter information anomaly analysis.
  - 13. The method of claim 1 or 4, wherein at least a portion of such biometric information for the stakeholder person is employed in performing a time delay anomaly analysis to detect a stakeholder human spoofing attempt or other malicious publishing process.

14. A security hardened identity device arrangement for secure and persistent resource identification, the device arrangement comprising:
- security hardened at least one of component and appliance packaging enclosure arrangement;
  
  at least one cryptographic engine for communicating with a remote administrative and/or cloud service identity arrangement in support of at least one of resource information set, and resource information set subject matter, validation;
  
  at least one of electromagnetic radiation and sound, sensor set, and effectively unpredictable at least one of electromagnetic radiation and sound, emitter set, for at least in part establishing, and authenticating, a resource information set publishing process stakeholder person biometric identification information set, wherein the stakeholder person is at least one of a stakeholder-human and a stakeholder human-agent;
  
  a secure clock for time stamping sensor and emitter related information for biometric identification liveness testing involving anomaly analysis of at least one of at least one of reflection, refraction, diffraction, re-emission, scattering, and absorption;
  
  timing discontinuity; and
  
  timing overhead delay; and
  
  at least one memory component-for securely storing at least a portion of sensor and/or emitter related information;
  
  wherein such security hardened identity device arrangement is configured to operate authenticated and authorized load modules for performing identity operations in at least one protected processing environment to enable a root of trust for identity operations, andwherein at least one of establishing at least a portion of such biometric identification information for, and authenticating, such stakeholder person, is used to enable cryptographic at least one of signing and certifying, a publishing process resource information set.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The device arrangement of claim 14, further comprising:
    - means, at least in part, for at least one of energy and/or intensity, and frequency, correlation analysis of emitter output periodicity and/or other pattern composition with related sensor received information to assess the presence of at least one of timing, and composition anomalies.
  - 16. The device arrangement of claim 14, further comprising:
    - at least one security hardened identity device enabling timing anomaly analysis, wherein emitter emission output, and sensor input, biometric related information are employed in supporting timing anomaly analysis for liveness testing detection associated with a resource publishing process stakeholder person, wherein such stakeholder person presence is used to authenticate a published resource information set that characterizes its resource subject matter.
  - 17. The device arrangement of claim 14, wherein the security hardened identity device enables unpredictable pseudo-random emitter control instruction.
  - 18. The device arrangement of claim 14, wherein such resource information set subject matter comprises at least one of an e-mail, a text, and video, for at least in part communicating between a sender and at least one receiver.
  - 19. The device arrangement of claim 14, wherein resource information includes at least one of trustworthiness, and situational appropriateness, characterizing at least one of an at least in part standardized and interoperable quality to purpose assertion attribute, and an effective fact attribute for such resource publishing process stakeholder person,wherein a quality to purpose assertion attribute comprises identifying information for such publishing process stakeholder person, a contextual purpose specification associated with such stakeholder person, and at least one value expressing an approximation of such stakeholder person'"'"'s suitability relating to the fulfillment of such specified contextual purpose, andwherein an effective fact attribute is a specification regarding an attribute of such publishing process stakeholder person that is to be treated as factual, and is verifiable by an independent party through the use of at least one test method.
  - 20. The device arrangement of claim 14, wherein such timing anomaly analysis includes analysis regarding sensor biometric information acquisition delay overhead resulting from, at least in part, the acquisition by a malicious party of emitter emission information and the time overhead required to construct a spoofing composition and outputting such composition for at least one of receipt by such security hardened identity device related sensor set, and insertion into a sensor data stream communication pathway.
  - 21. The device arrangement as in claim 14, 15, 16, 17, 18, 19, or 20, wherein such publishing process at least one of stakeholder person is at least in part identified through the use of a unique human person, identifier set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Elemental Technologies, Inc.
Original Assignee
Advanced Elemental Technologies, Inc.
Inventors
Shear, Victor Henry, Williams, Peter Robert, Rho, Jaisook, Redmond, Timothy St. John
Primary Examiner(s)
Mehrmanesh, Amir
Assistant Examiner(s)
TAYLOR, SAKINAH W

Application Number

US14/485,707
Publication Number

US 20150033305A1
Time in Patent Office

1,053 Days
Field of Search

726 6- 7
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/445   by mutual authentication, e...

G06F 21/45   Structures or tools for the...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

Methods and systems for secure and reliable identity-based computing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure and reliable identity-based computing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links