Methods and systems for secure and reliable identity-based computing

US 9,971,894 B2
Filed: 06/20/2017
Issued: 05/15/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system for establishing trustworthy, isolated, purposeful computing sessions based, at least in part, upon resource, and resource at least one of stakeholder human and stakeholder human agent, identity information sets, such system comprising:

one or more computing arrangements, including at least one processor, for use in providing at least one of one or more standardized (a) resources, and (b) specifications, that enable trustworthy, isolated, purposeful computing sessions, each comprising (a) an operating arrangement including at least one of a secure virtual machine, and a secure, other isolated sandbox, and (b) one or more resource arrangements that operate on such operating arrangement, and wherein each of such trustworthy, isolated, purposeful computing sessions operates at least in part in accordance with one or more user purpose fulfillment specifications,wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable specifying standardized, interoperably interpretable resource identity information one or more sets for each resource instance, such information one or more sets each comprising at least in part;

(i) an identifier for such resource instance, and (ii) such resource instance'"'"'s associated attribute, information one or more sets,wherein at least a portion of such resource identity information one or more sets enables (i) identifying one or more resources for one or more trustworthy, isolated, purposeful computing sessions, and (ii) formulating one or more specifications for at least one of one or more secure virtual machines, and one or more secure, other isolated sandboxes, for such one or more trustworthy, isolated, purposeful computing sessions, in accordance with respective user purpose fulfillment specification information sets,wherein such trustworthy, isolated, purposeful computing sessions operate in accordance with respective standardized and interoperably interpretable session purposeful computing framework specification sets that enable the dynamic provisioning of respective such trustworthy, isolated, purposeful computing sessions, in response to users'"'"' instructions to activate their respective trustworthy, isolated, purposeful computing sessions, andwherein one or more resource operations in respective trustworthy resource arrangements operating on such at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, are at least one of authorized, limited in operation, and otherwise securely managed using one or more session operating rule information sets, at least in part, in accordance with respective user purpose fulfillment specifications, and in support of trustworthy, isolated, purposeful computing one or more sessions;

wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable performing, using at least one biometric sensor, biometric identification of one or more at least one of stakeholder humans and stakeholder human agents, of stakeholder respective resources, wherein such at least one of biometrically acquired identification information, and information derived therefrom, is cryptographically, securely bound to stakeholders'"'"' at least one of respective resource associated identity information sets; and

wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable employing at least one tamper resistant processing and memory arrangement for secure processing of at least one of (a) at least a portion of resource identity information, and (b) resource stakeholder identity information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes. Systems and methods may include, as applicable, software and hardware implementations for Identity Firewalls; Awareness Managers; Contextual Purpose Firewall Frameworks for situationally germane resource usage related security, provisioning, isolation, constraining, and operational management; liveness biometric, and assiduous environmental, evaluation and authentication techniques; Repute systems and methods assertion and fact ecosphere; standardized and interoperable contextual purpose related expression systems and methods; purpose related computing arrangement resource and related information management systems and methods, including situational contextual identity management systems and methods; and/or the like.

76 Citations

View as Search Results

33 Claims

1. A system for establishing trustworthy, isolated, purposeful computing sessions based, at least in part, upon resource, and resource at least one of stakeholder human and stakeholder human agent, identity information sets, such system comprising:
- one or more computing arrangements, including at least one processor, for use in providing at least one of one or more standardized (a) resources, and (b) specifications, that enable trustworthy, isolated, purposeful computing sessions, each comprising (a) an operating arrangement including at least one of a secure virtual machine, and a secure, other isolated sandbox, and (b) one or more resource arrangements that operate on such operating arrangement, and wherein each of such trustworthy, isolated, purposeful computing sessions operates at least in part in accordance with one or more user purpose fulfillment specifications,wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable specifying standardized, interoperably interpretable resource identity information one or more sets for each resource instance, such information one or more sets each comprising at least in part;
  
  (i) an identifier for such resource instance, and (ii) such resource instance'"'"'s associated attribute, information one or more sets,wherein at least a portion of such resource identity information one or more sets enables (i) identifying one or more resources for one or more trustworthy, isolated, purposeful computing sessions, and (ii) formulating one or more specifications for at least one of one or more secure virtual machines, and one or more secure, other isolated sandboxes, for such one or more trustworthy, isolated, purposeful computing sessions, in accordance with respective user purpose fulfillment specification information sets,wherein such trustworthy, isolated, purposeful computing sessions operate in accordance with respective standardized and interoperably interpretable session purposeful computing framework specification sets that enable the dynamic provisioning of respective such trustworthy, isolated, purposeful computing sessions, in response to users'"'"' instructions to activate their respective trustworthy, isolated, purposeful computing sessions, andwherein one or more resource operations in respective trustworthy resource arrangements operating on such at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, are at least one of authorized, limited in operation, and otherwise securely managed using one or more session operating rule information sets, at least in part, in accordance with respective user purpose fulfillment specifications, and in support of trustworthy, isolated, purposeful computing one or more sessions;
  
  wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable performing, using at least one biometric sensor, biometric identification of one or more at least one of stakeholder humans and stakeholder human agents, of stakeholder respective resources, wherein such at least one of biometrically acquired identification information, and information derived therefrom, is cryptographically, securely bound to stakeholders'"'"' at least one of respective resource associated identity information sets; and
  
  wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable employing at least one tamper resistant processing and memory arrangement for secure processing of at least one of (a) at least a portion of resource identity information, and (b) resource stakeholder identity information.
- View Dependent Claims (3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. A system as in any one of claims 1 and 2, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, where such at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enable specifying user purpose fulfillment specifications for trustworthy, isolated, group common purpose, multiple participating parties, purposeful computing sessions, such system comprising:
    - one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that at least in part, enable the specification of, and operation of, such trustworthy, group common purpose computing sessions, and wherein each such trustworthy, group common purpose computing session operates in accordance with such purposeful computing session'"'"'s (a) one or more purpose specification sets, and (b) multiple participant parties'"'"' respective individual computing arrangements'"'"' purpose specification sets,wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable specifying interoperably interpretable;
      
      (a) group common purpose, multiple participating parties'"'"' purpose specification sets for respective such trustworthy, group common purpose, computing sessions, wherein each of such group common purpose, purpose specification sets enables shared group resource management policies for respective one or more such trustworthy, group common purpose computing sessions, and(b) multiple participant parties'"'"' respective individual computing arrangements'"'"' purpose specification sets for participating in such trustworthy, group common purpose computing sessions, wherein such multiple participant parties'"'"' respective individual computing arrangements'"'"' purpose specification sets enable resource management policies for respective participant parties'"'"' respective operating sessions participating in such trustworthy, group common purpose computing session;
      
      wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable evaluating at least a portion of multiple participating parties'"'"' respective individual computing arrangements'"'"' purpose specification sets for compliance with respective such trustworthy, group common purpose computing sessions'"'"' one or more such group common purpose, specification sets'"'"' shared group resource management policies; and
      
      wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable using, at least in part, at least one tamper resistant processing and memory arrangement to ensure compliance of multiple participating parties'"'"' respective individual computing arrangements'"'"' at least one of (a) policy information sets, and (b) one or more operating sessions, with respective such trustworthy, group common purpose, computing sessions'"'"' one or more such group common purpose, purpose specification sets'"'"' shared group resource management policies.
  - 6. A system as in claim 3, wherein such one or more computing arrangements are employed to provide such at least one of one or more (a) specifications, and (b) resources, that, at least in part, enable specifying policy compliance based, at least in part, on employing a seniority of policy rules and controls authority schema.
  - 7. A system as in any one of claims 1 and 2, wherein such one or more computing arrangements are employed to provide such at least one of one or more (a) specifications, and (b) resources, that, at least in part, enable binding one or more such biometrically acquired information and information derived therefrom, instances, to respective at least one of (a) publishing process stakeholders'"'"' respective resource identity information sets, and (b) at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', respective at least one of person names, person physical addresses, person e-mail addresses, and other specific to person attribute information sets.
  - 8. A system as in any one of claims 1, 2, and 4, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable computing sessions, where at least a portion of a session'"'"'s resources has at least one, at least one of associated and included, interoperably interpretable, standardized, and quantized assertion, quality to purpose specification,wherein such at least one of associated and included, interoperably interpretable, standardized, and quantized assertion, quality to purpose specification includes a standardized and interoperably interpretable contextual purpose expression comprising at least one, at least one of inferred and expressed verb specified by using a purposeful computing constrained verb lexicon, and at least one domain category.
  - 9. A system as in any one of claims 1, 2, and 4, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable, on a user computing arrangement, at least one non-isolated, non-sandboxed session that operates at least in part contemporaneously with a trustworthy, isolated, purposeful computing session.
  - 10. A system as in any one of claims 1 and 2, wherein such one or more computing arrangements are employed to provide such at least one of (a) specifications, and (b) resources, that, at least in part, support performing human biometric identifications on respective plural stakeholder resource publishing process persons, where a person is at least one of stakeholder human and stakeholder human agent,wherein at least a portion of plural stakeholder persons'"'"' respective resources'"'"' publishing process biometric identification information and/or information derived therefrom, is at least one of securely included in and otherwise securely associated with, such resources'"'"' respective identity information sets.
  - 11. A system as in any one of claims 1, 2, and 4, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, support identifying at least one publishing process stakeholder role as at least one of publisher, publisher agent, creator, editor, retailer, modifier, and distributor, for respective resources such stakeholder publishing process persons.
  - 12. A system as in any one of claims 1, 2, and 4, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, support one or more such trustworthy, isolated, purposeful computing sessions that operate, at least in part, on computer hardware shared contemporaneously with one or more other computing sessions that are not, at least in part, managed as trustworthy, isolated, computing sessions.
  - 13. A system as in any one of claims 1, 2, and 4, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable one of one or more such trustworthy, isolated, computing sessions to be provisioned, at least in part based upon respective specification sets that at least one of include and reference, respective standardized and interoperably interpretable security rigor level specifications, such specifications expressed, at least in part, as quantized security rigor level values.
  - 14. A system as in claim 13, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable such security rigor level specifications to be at least one of included in, and otherwise associated with, respective information sets as resource corresponding attributes.
  - 15. A system as in claim 1, wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable performing biometric identification contemporaneously with publishing processes of such stakeholder respective resources.

2. A system for establishing trustworthy, isolated purposeful computing sessions based, at least in part, upon resource, and at least one of resource stakeholder human and resource stakeholder human agent, identity information sets, such system comprising:
- one or more computing arrangements, including at least one processor, for use in providing at least one of one or more standardized (a) resources, and (b) specifications, that enable trustworthy, isolated, purposeful computing sessions, where each of such trustworthy, isolated, purposeful computing sessions comprises;
  
  (i) an operating arrangement including at least one of a secure virtual machine and a secure, other isolated sandbox; and
  
  (ii) one or more resource arrangements that operate on such operating arrangement, and wherein each such trustworthy, isolated, purposeful computing session operates, at least in part, in accordance with one or more user purpose fulfillment specifications,wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable;
  
  specifying standardized, interoperably interpretable resource identity information one or more sets for each resource instance, such information one or more sets comprising at least in part;
  
  (i) an identifier for such resource instance, and (ii) such resource instance'"'"'s associated attribute, information one or more sets,wherein at least a portion of such resource identity information one or more sets enables (i) identifying one or more resources for one or more trustworthy, isolated, purposeful computing sessions, and (ii) formulating one or more specifications for at least one of one or more secure virtual machines, and one or more secure, other isolated sandboxes, for such one or more trustworthy, isolated, purposeful computing sessions, in accordance with respective user purpose fulfillment specification information sets, andwherein each such resource instance identity information one or more sets at least one of (i) is securely associated with, and (ii) securely includes, descriptive purpose specification information, wherein at least a portion of one or more such identity information sets is used, at least in part, for securely identifying resources to operate in respective user purpose fulfillment trustworthy, isolated, purposeful computing sessions;
  
  wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable;
  
  using one or more at least in part biometric sensors for enabling publishing process biometric identifications of respective resource information set at least one of publisher stakeholder humans and stakeholder human agents,wherein at least one of such one or more at least in part biometric sensors biometrically acquired information, and information derived therefrom, is securely at least one of included in, and associated with, such at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', respective resource publishing process identity information sets, where;
  
  a. stakeholder biometric identification information is acquired during at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', respective publishing processes, andb. one or more effective fact validation rule sets are provided for respective effective fact validation processes regarding one or more of such stakeholders'"'"' respective attributes; and
  
  wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable employing at least one tamper resistant processing and memory arrangement for secure processing of at least one of (a) at least a portion of resource identity information, and (b) resource stakeholder identity information.
- View Dependent Claims (5)
- - 5. A system as in claim 2, wherein such one or more computing arrangements are employed to provide such at least one of one or more (a) specifications, and (b) resources, that, at least in part, enable specifying specifications for such purpose information sets that comprise respective contextual purpose specifications, wherein each such contextual purpose specification includes at least one of a specified and inferred verb, and at least one domain category.

4. A system for establishing a computing platform that enables trustworthy, isolated, computing sessions that are dynamically provisioned in response to standardized and interoperably interpretable user target purpose specifications, and are based, at least in part, upon session resource, and resource at least one of stakeholder human and stakeholder human agent, attributes, such system comprising:
- one or more computing arrangements, including at least one processor, for providing at least one of one or more standardized (a) resources, and (b) specifications, to enable trustworthy, isolated, purposeful computing sessions, where each of such isolated, purposeful computing sessions includes at least one automatically provisioned at least one of secure virtual machine, and secure other isolated sandbox, wherein each such isolated, purposeful computing session (a) employs one or more operating resources that operate on such session'"'"'s operating arrangement foundation, (b) is automatically provisioned as a user target purpose computing session, such session automatic provisioning occurring in response to one or more users activating such session as a trustworthy, isolated, specific to user target purpose computing activity set, and (c) operates in accordance with trustworthy, isolated, purposeful computing session purpose fulfillment one or more specifications,wherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable assiduous resource identity management, ensuring valid provisioning of user target purpose resources, provisioned to at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, wherein such provisioning supports, at least in part, establishing user target purpose trustworthy, isolated, purposeful computing sessions, such provisioning occurring at least in part in response to users'"'"' respective target purpose session initiating instructions and through use of such computing sessions'"'"' respective target purpose session initiating instructions'"'"' resource identifying information,wherein such assiduous resource identity management employs, one or more biometric sensors to enable, at least in part, resource publishing process biometric identification of resources'"'"' respective at least one, at least one of stakeholder humans and stakeholder human agents, and where at least one of resources'"'"' respective biometric identification information sets, and information sets derived therefrom, is at least one of securely included in, and otherwise securely associated with, respective such resources, and where resource related identity information sets are at least in part securely processed and stored using tamper resistant processor and memory arrangements, andwherein such one or more computing arrangements are employed to provide such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable an effective fact stipulation computing environment to support effective fact stipulations, where such stipulations declare effective fact attributes regarding at least one of respective resources, and attributes of respective resources, and further where each such effective fact stipulation has at least one associated fact validation rule set for validating such fact stipulation.
- View Dependent Claims (32)
- - 32. A system as in claim 4, wherein such one or more biometric sensors are tamper resistant through security hardening.

16. A method for establishing trustworthy, isolated, purposeful computing sessions based, at least in part, upon resource, and resource at least one of stakeholder human and stakeholder human agent, identity information sets, such method comprising:
- providing, through use of a computing arrangement including at least one processor, at least one of one or more standardized (a) resources, and (b) specifications, to enable trustworthy, isolated, purposeful computing sessions comprising (a) an operating arrangement including at least one of a secure virtual machine, and a secure other isolated sandbox; and
  
  (b) one or more resource arrangements that operate on such operating arrangement, and wherein each of such trustworthy, isolated, purposeful computing sessions operates at least in part in accordance with one or more user purpose fulfillment specifications,wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables specifying standardized, interoperably interpretable resource identity information one or more sets for each resource instance, such information one or more sets each comprising at least in part;
  
  (i) an identifier for such resource instance, and (ii) such resource instance'"'"'s associated attribute, information one or more sets,wherein at least a portion of such resource identity information one or more sets enables (a) identifying one or more resources for one or more trustworthy, isolated, purposeful computing sessions, and (b) formulating one or more specifications for, at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, for such one or more trustworthy, isolated purposeful computing sessions, in accordance with respective user purpose fulfillment specification information sets,wherein such trustworthy, isolated, purposeful computing sessions operate in accordance with respective standardized and interoperably interpretable session purposeful computing framework specification sets that enable the dynamic provisioning of respective such trustworthy, isolated, purposeful computing sessions, in response to users'"'"' instructions to activate their respective trustworthy, isolated, purposeful computing sessions, andwherein one or more resource operations in respective trustworthy, isolated resource arrangements operating on such at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, are at least one of authorized, limited in operation, and otherwise securely managed using one or more session operating rule information sets, at least in part, in accordance with respective user purpose fulfillment specifications, and in support of trustworthy, isolated, purposeful computing one or more sessions;
  
  wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables performing, using at least one biometric sensor, biometric identification of one or more at least one of stakeholder humans and stakeholder human agents, of stakeholder respective resources, wherein such at least one of biometrically acquired identification information, and information derived therefrom, is cryptographically, securely bound to stakeholders'"'"' at least one of respective of resource associated identity information sets; and
  
  wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables secure processing at least one of (a) at least a portion of resource identity information, and (b) resource stakeholder identity information using at least one tamper resistant processing and memory arrangement.
- View Dependent Claims (18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. A method as in any one of claims 16 and 17, wherein such providing at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enable specifying user purpose fulfillment specifications for specifying trustworthy, isolated, group common purpose, multiple participating parties, purposeful computing sessions, such method comprising:
    - providing, through use of a computing arrangement, such at least one of one or more standardized (a) resources, and (b) specifications, that, at least in part, enable the specification of, and operation of, such trustworthy, group common purpose purposeful computing sessions, and wherein each such trustworthy, group common purpose computing session operates in accordance with such purposeful computing session'"'"'s (a) one or more session purpose specification sets, and (b) multiple participant parties'"'"' respective individual computing arrangements'"'"' purpose specification sets,wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables interoperably interpretable;
      
      (a) group common purpose, multiple participating parties'"'"' purpose specification sets for respective such trustworthy, group common purpose computing sessions, wherein each of such group common purpose, purpose specification sets enables shared group resource management policies for respective one or more such trustworthy, isolated, group common purpose, multiple participating parties, purposeful computing sessions, and(b) multiple participating parties'"'"' respective individual computing arrangements'"'"' purpose specification sets for participating in such trustworthy, group common purpose computing sessions, wherein such multiple participant parties'"'"' respective individual computing arrangements'"'"' purpose specification sets enable resource management policies for respective participant parties'"'"' respective operating sessions participating in such trustworthy, group common purpose computing session;
      
      wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables evaluating at least a portion of multiple participating parties'"'"' respective individual computing arrangements'"'"' purpose specification sets for compliance with respective such trustworthy, isolated, group common purpose, computing sessions'"'"' one or more such group common purpose, specification sets'"'"' shared group resource management policies; and
      
      wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, enables, at least in part, ensuring compliance of multiple participating parties'"'"' respective individual computing arrangements'"'"' at least one of (a) policy information sets, and (b) one or more operating sessions, with respective such trustworthy, group common purpose computing sessions'"'"' one or more such group common purpose, specification sets'"'"' shared group resource management policies, using, at least in part, at least one tamper resistant processing and memory arrangement.
  - 21. A method as in claim 18, wherein providing such at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables specifying policy compliance, based, at least in part, on employing a seniority of policy rules and controls authority schema.
  - 22. A method as in any one of claims 16 and 17, wherein providing such at least one of one or more standardized (a) resources, and (b) specifications enables binding one or more such at least one of biometrically acquired identification information and information derived therefrom, instances to respective at least one of (a) publishing processing stakeholders respective resource identity information sets, and (b) at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', respective at least one of person names, person physical addresses, person e-mail addresses, and other specific to person attribute information sets.
  - 23. A method as in any one of claims 16, 17, and 19, wherein at least one of (a) such provided specifications, and (b) such provided resources, enable computing sessions where at least a portion of a session'"'"'s resources has at least one, at least one of associated and included, interoperably interpretable, standardized, and quantized, quality to purpose specification, andwherein such at least one of associated and included, interoperably interpretable, standardized, and quantized, quality to purpose specification includes a standardized and interoperably interpretable contextual purpose expression comprising at least one, at least one of inferred and expressed verb specified by using a purposeful computing constrained verb lexicon, and at least one domain category.
  - 24. A method as in any one of claims 16, 17, and 19, wherein, at least a portion of such at least one of (a) such provided resources, and (b) such provided specifications, enables, on a user computing arrangement, at least one non-isolated, non-sandboxed session that operates at least in part contemporaneously with a trustworthy, isolated, computing session.
  - 25. A method as in any one of claims 16 and 17, wherein at least one of (a) such provided specifications, and (b) such provided resources, support performing human biometric identifications on respective plural stakeholder resource publishing process persons, where a person is at least one of stakeholder human and stakeholder human agent,wherein at least a portion of plural stakeholder persons'"'"' respective resources'"'"' publishing process biometric identification information and/or information derived therefrom, is at least one of securely included in and otherwise securely associated with, such resources'"'"' respective identity information sets.
  - 26. A method as in any one of claims 16, 17, and 19, wherein at least one of (a) such provided specifications, and (b) such provided resources, support identifying at least one publishing process stakeholder role as at least one of publisher, publisher agent, creator, editor, and distributor for respective such stakeholder publishing process persons.
  - 27. A method as in any one of claims 16, 17, and 19, wherein at least one of (a) such provided specifications, and (b) such provided resources, support one or more such trustworthy, isolated, purposeful computing sessions that operate, at least in part, on computer hardware shared contemporaneously with one or more other computing sessions that are not, at least in part, managed as trustworthy, isolated, purposeful computing sessions.
  - 28. A method as in any one of claims 16, 17, and 19, wherein at least one of (a) such provided specifications and (b) such provided resources, enable one of one or more such trustworthy, isolated, computing sessions to be provisioned, at least in part based upon respective specification sets that at least one of include and reference, respective standardized and interoperably interpretable security rigor level specifications, such specifications expressed, at least in part, as quantized security rigor level values.
  - 29. A method as in claim 28, wherein at least one of (b) such provided specifications, and (b) such provided resources, enable such security rigor level specifications to be at least one of included in and otherwise associated with, respective purpose information sets as computing session corresponding attributes.
  - 30. A method as in any one of claims 16, 17, and 19, wherein at least one of (a) such provided specifications and (b) such provided resources, enable computing sessions where at least a portion of each session'"'"'s resources comprise at least one of at least one intangible resource, and tangible resource, provisioned through their respective interfaces, wherein a resource comprises at least one of, one or more (a) software program, (b) document, (c) e-mail, (d) message, (e) hardware component, (f) device, (g) game, (h) web service, (i) web page, (j) network, (k) video communication, (l) database, (m) participant comprising at least one of (i) human and (ii) entity, and (n) at least one of (i) audio, (ii) video, and (iii) image.
  - 31. A method as in claim 16, at least one of (a) such provided specifications and (b) such provided resources, enable performing such biometric identification contemporaneously with publishing processes of such stakeholder respective resources.

17. A method for establishing trustworthy, isolated, purposeful computing sessions based, at least in part, upon resource, and at least one of resource stakeholder human and resource stakeholder human agent, identity attributes, such method comprising:
- providing, through use of a computing arrangement including at least one processor, at least one of one or more standardized (a) resources, and (b) specifications, to enable trustworthy, isolated, purposeful computing sessions, where each such trustworthy, isolated purposeful computing session comprises;
  
  (i) an operating arrangement including at least one of a secure virtual machine and a secure other isolated sandbox; and
  
  (ii) one or more resource arrangements that operate on such operating arrangement, and wherein each such trustworthy, isolated, purposeful computing session operates in accordance with one or more user purpose information sets,wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables;
  
  specifying standardized, interoperably interpretable resource identity information one or more sets for each resource instance, such information one or more sets comprising at least in part;
  
  (i) an identifier for such resource instance, and (ii) such resource instance'"'"'s associated attribute information one or more sets,wherein at least a portion of such resource identity information one or more sets enable;
  
  (i) identifying one or more resources for one or more trustworthy, isolated, purposeful computing sessions, and (ii) formulating one or more specifications for at least one of one or more secure virtual machines, and one or more secure, other isolated sandboxes, for such one or more trustworthy, isolated, purposeful computing sessions, in accordance with respective user purpose fulfillment specification information sets, andwherein each such resource instance identity information one or more sets at least one of (a) is securely associated with, and (b) securely includes, descriptive purpose specification information, wherein at least a portion of one or more such identity information sets is used, at least in part, for securely identifying resources to operate in respective user purpose fulfillment trustworthy, isolated, purposeful computing sessions;
  
  wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables;
  
  using one or more at least in part biometric sensors for enabling publishing process biometric identifications of respective resource information set at least one of publisher stakeholder humans and stakeholder human agents,wherein at least one of such one or more at least in part biometric sensors biometrically acquired information, and information derived therefrom, is securely at least one of included in, and associated with, such at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', respective resource publishing process identity information sets, where;
  
  a. stakeholder biometric identification information is acquired during respective at least one of stakeholder humans'"'"' and stakeholder human agents'"'"', publishing processes, andb. one or more effective fact validation rule sets are provided for respective effective fact validation processes regarding one or more of such stakeholders'"'"' respective attributes; and
  
  wherein such providing of at least one of one or more standardized (a) resources, and (b) specifications, at least in part enables secure processing of at least one of (a) at least a portion of resource identity information, and (b) resource stakeholder identity information using at least one tamper resistant processing and memory arrangement, andwherein providing such at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables an effective fact stipulation computing environment to support effective fact stipulations, where such effective fact stipulations declare effective fact attributes regarding at least one of respective resources, and attributes of respective resources, and further where each such effective fact stipulation has at least one associated fact validation rule set for validating such fact stipulation.
- View Dependent Claims (20)
- - 20. A method as in claim 17, wherein providing such at least one of one or more standardized (a) resources, and (b) specifications, enables specifying specifications for such purpose information sets that comprise respective contextual purpose specifications, wherein each such contextual purpose specification includes at least one of a specified, and inferred, verb, and at least one domain category.

19. A method for establishing a computing platform that enables trustworthy, isolated, computing sessions that are dynamically provisioned in response to standardized and interoperably interpretable user target purpose specifications, and are based, at least in part, upon session resource, and resource at least one of stakeholder human and stakeholder human agent, attributes, such method comprising:
- providing, through use of a computing arrangement including at least one processor, at least one of one or more standardized (a) resources, and (b) specifications, to enable trustworthy, isolated, purposeful computing sessions, where each of such isolated, computing sessions includes at least one automatically provisioned secure at least one of virtual machine and other isolated sandbox, wherein each of such isolated, purposeful computing sessions (a) employs one or more operating resources that operate on such session'"'"'s operating arrangement foundation, (b) is automatically provisioned as a user target purpose computing session, such session automatic provisioning occurring in response to one or more users activating such session as a trustworthy, isolated, specific to user target purpose computing activity set, and (c) operates in accordance with trustworthy, isolated, computing session purpose fulfillment one or more specifications,wherein providing such at least one of one or more standardized (a) resources, and (b) specifications, at least in part, enables assiduous resource identity management, ensuring valid provisioning of user target purpose resources provisioned to at least one of one or more secure virtual machines, and one or more secure other isolated sandboxes, wherein such provisioning supports, at least in part, establishing user target purpose trustworthy, isolated, purposeful computing sessions, such provisioning occurring at least in part in response to users'"'"' respective target purpose session initiating instructions and through use of such computing sessions'"'"' respective target purpose session initiating instructions'"'"' resource identifying information,wherein such assiduous resource identity management employs, one or more biometric sensors to enable, at least in part, resource publishing process biometric identification of resources'"'"' respective at least one, at least one of stakeholder humans and stakeholder human agents, and where at least one of resources'"'"' respective biometric identification information sets, and information sets derived therefrom, is at least one of securely included in and otherwise securely associated with, respective such resources, and where resource related identity information sets are at least in part securely processed and stored using tamper resistant processor and memory arrangements.
- View Dependent Claims (33)
- - 33. A method as in claim 19, wherein such one or more biometric sensors are tamper resistant through security hardening.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Elemental Technologies, Inc.
Original Assignee
Advanced Elemental Technologies, Inc.
Inventors
Shear, Victor Henry, Williams, Peter Robert, Rho, Jaisook, Redmond, Timothy St. John
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
TAYLOR, SAKINAH W

Application Number

US15/628,228
Publication Number

US 20170293763A1
Time in Patent Office

329 Days
Field of Search

726 6
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/445   by mutual authentication, e...

G06F 21/45   Structures or tools for the...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0861   using biometrical features,...

H04L 63/20   for managing network securi...

Methods and systems for secure and reliable identity-based computing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

76 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for secure and reliable identity-based computing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links