SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS
First Claim
1. A system comprising:
- a target device having a target application and a web application thereon;
a trust broker configured to generate an application token having associated therewith a state attribute comprising at least one of a hash digest and a property value assertion, and weighted trust score;
the application token corresponding to a level of trustworthiness, in near real time, of a running application instance of the target application on the target device;
a trust monitor configured to monitor an execution state of the target application;
an authentication broker configured to authenticate a user to the web application and based upon a web services query for remote verification of the execution state of the target application;
a network access enforcer configured to control access of an authenticated user to the target application; and
a trust evaluation server configured to interrogate the target application based upon a request for a trust score, and generate the trust score based upon the interrogation.
8 Assignments
0 Petitions
Accused Products
Abstract
A target device may have a target application and a web application thereon, and a trust broker may generate an application token having associated therewith a state attribute having at least one of a hash digest and a property value assertion, and weighted trust score. The application token may correspond to a level of trustworthiness, in near real time, of a running application instance of the target application. A trust monitor may monitor an execution state of the target application, and an authentication broker may authenticate a user to the web application and based upon a web services query for remote verification of the target application. A network access enforcer may control access of an authenticated user to the target application, and a trust evaluation server may interrogate the target application and generate a trust score.
199 Citations
19 Claims
-
1. A system comprising:
-
a target device having a target application and a web application thereon; a trust broker configured to generate an application token having associated therewith a state attribute comprising at least one of a hash digest and a property value assertion, and weighted trust score; the application token corresponding to a level of trustworthiness, in near real time, of a running application instance of the target application on the target device; a trust monitor configured to monitor an execution state of the target application; an authentication broker configured to authenticate a user to the web application and based upon a web services query for remote verification of the execution state of the target application; a network access enforcer configured to control access of an authenticated user to the target application; and a trust evaluation server configured to interrogate the target application based upon a request for a trust score, and generate the trust score based upon the interrogation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for evaluating integrity of a web application comprising:
-
requesting a token for a web application instance; initiating an interrogation of the web application instance on a web server machine based upon an access request; establishing a secure channel between the web server machine and a trust broker server; generating at least one digest corresponding to at least one element of the web application instance; generating an integrity report to include the at least one digest; transmitting the integrity report to an authentication broker; generating weighted trust scores and property value assertions based upon the integrity report; transmitting the weighted trust scores in the token to the authentication broker; and including the weighted trust scores of the web application instance as a logo on a user web browser. - View Dependent Claims (9, 10, 11)
-
-
12. A method for interrogating a target application comprising:
-
generating a token for a target application using a trust broker server; requesting an interrogation of the target application; subscribing for a state change notification of the target application; receiving weighted trust scores and property value assertions of the target application based upon at least one of the interrogation and subscription; including the weighted trust scores and property value assertions into the token; and providing the token to at least one of an authentication broker and a network access enforcer. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification