SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS

US 20110179477A1
Filed: 12/30/2010
Published: 07/21/2011
Est. Priority Date: 12/09/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

a target device having a target application and a web application thereon;

a trust broker configured to generate an application token having associated therewith a state attribute comprising at least one of a hash digest and a property value assertion, and weighted trust score;

the application token corresponding to a level of trustworthiness, in near real time, of a running application instance of the target application on the target device;

a trust monitor configured to monitor an execution state of the target application;

an authentication broker configured to authenticate a user to the web application and based upon a web services query for remote verification of the execution state of the target application;

a network access enforcer configured to control access of an authenticated user to the target application; and

a trust evaluation server configured to interrogate the target application based upon a request for a trust score, and generate the trust score based upon the interrogation.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A target device may have a target application and a web application thereon, and a trust broker may generate an application token having associated therewith a state attribute having at least one of a hash digest and a property value assertion, and weighted trust score. The application token may correspond to a level of trustworthiness, in near real time, of a running application instance of the target application. A trust monitor may monitor an execution state of the target application, and an authentication broker may authenticate a user to the web application and based upon a web services query for remote verification of the target application. A network access enforcer may control access of an authenticated user to the target application, and a trust evaluation server may interrogate the target application and generate a trust score.

199 Citations

19 Claims

1. A system comprising:
- a target device having a target application and a web application thereon;
  
  a trust broker configured to generate an application token having associated therewith a state attribute comprising at least one of a hash digest and a property value assertion, and weighted trust score;
  
  the application token corresponding to a level of trustworthiness, in near real time, of a running application instance of the target application on the target device;
  
  a trust monitor configured to monitor an execution state of the target application;
  
  an authentication broker configured to authenticate a user to the web application and based upon a web services query for remote verification of the execution state of the target application;
  
  a network access enforcer configured to control access of an authenticated user to the target application; and
  
  a trust evaluation server configured to interrogate the target application based upon a request for a trust score, and generate the trust score based upon the interrogation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system according to claim 1, wherein the application token includes at least one of a registered service principle name for the running application instance, active listening and open port information, a product publisher, and product version information.
  - 3. The system according to claim 2, wherein said trust broker is configured to generate a new application token based upon a state change in the running application instance.
  - 4. The system according to claim 3, wherein the new application token includes the weighted trust scores and property value assertions.
  - 5. The system according to claim 1, wherein the application token comprises a digitally signed token.
  - 6. The system according to claim 1, wherein said authentication broker comprises a security token service (STS).
  - 7. The system according to claim 1, wherein said network access enforcer is configured as a policy enforcement point (PEP).

8. A method for evaluating integrity of a web application comprising:
- requesting a token for a web application instance;
  
  initiating an interrogation of the web application instance on a web server machine based upon an access request;
  
  establishing a secure channel between the web server machine and a trust broker server;
  
  generating at least one digest corresponding to at least one element of the web application instance;
  
  generating an integrity report to include the at least one digest;
  
  transmitting the integrity report to an authentication broker;
  
  generating weighted trust scores and property value assertions based upon the integrity report;
  
  transmitting the weighted trust scores in the token to the authentication broker; and
  
  including the weighted trust scores of the web application instance as a logo on a user web browser.
- View Dependent Claims (9, 10, 11)
- - 9. The method according to claim 8, wherein the integrity report is generated prior to initiating a transaction by a user.
  - 10. The method according to claim 8, wherein the integrity report is generated prior to completing a transaction by a user.
  - 11. The method according to claim 8, further comprising displaying information about the weighted trust scores responsive to a click on the logo.

12. A method for interrogating a target application comprising:
- generating a token for a target application using a trust broker server;
  
  requesting an interrogation of the target application;
  
  subscribing for a state change notification of the target application;
  
  receiving weighted trust scores and property value assertions of the target application based upon at least one of the interrogation and subscription;
  
  including the weighted trust scores and property value assertions into the token; and
  
  providing the token to at least one of an authentication broker and a network access enforcer.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method according to claim 12, wherein generating the token comprises generating the token to include at least one of a registered service principle name for a running instance of the target application, active listening and open port information, a product publisher, and product version information.
  - 14. The method according to claim 13, further comprising generating a new token for the target application using the trust broker server based upon a state change in the running instance of the target application instance.
  - 15. The method according to claim 14, wherein generating a new token comprises including the weighted trust scores and property value assertions in the new token.
  - 16. The method according to claim 12, further comprising digitally signing the token.
  - 17. The method according to claim 12, further comprising authenticating the target application using a trust evaluation server and a trust scoring system.
  - 18. The method according to claim 12, further comprising using the token, including the weighted trust scores and property value assertions, to enforce a set of logical post-connect access policies for controlling access to a trusted resource on a network.
  - 19. The method according to claim 12, further comprising using the token, including the weighted trust scores and property value assertions, to enforce a set of physical pre-connect access policies for controlling access to a trusted resource on a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KIP Sign P1 LP
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Starnes, W. Wyatt, Kumar, Srinivas

Application Number

US12/982,528
Publication Number

US 20110179477A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/56   Computer malware detection ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 67/02   based on web technology, e....

SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

199 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM INCLUDING PROPERTY-BASED WEIGHTED TRUST SCORE APPLICATION TOKENS FOR ACCESS CONTROL AND RELATED METHODS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

199 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others