US20010018675A1 - Method and apparatus for compliance checking in a trust-management system - Google Patents

Method and apparatus for compliance checking in a trust-management system Download PDF

Info

Publication number
US20010018675A1
US20010018675A1 US09/780,892 US78089201A US2001018675A1 US 20010018675 A1 US20010018675 A1 US 20010018675A1 US 78089201 A US78089201 A US 78089201A US 2001018675 A1 US2001018675 A1 US 2001018675A1
Authority
US
United States
Prior art keywords
assertion
policy
request
credential
acceptance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/780,892
Other languages
English (en)
Inventor
Matthew Blaze
Joan Feigenbaum
Martin Strauss
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US09/780,892 priority Critical patent/US20010018675A1/en
Publication of US20010018675A1 publication Critical patent/US20010018675A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/06Asset management; Financial planning or analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/009Trust

Definitions

  • the invention relates to trust-management systems. More particularly, the invention relates to a method and apparatus for compliance checking in a trust-management system.
  • the heart of the trust-management system is an algorithm for compliance checking.
  • the inputs to the compliance checker are a “request,” a “policy” and a set of “credentials.”
  • the compliance checker returns a “yes” (acceptance) or a “no” (rejection), depending on whether the credentials constitute a proof that the request complies with the policy.
  • a central challenge in trust management is to find an appropriate notion of “proof” and an efficient algorithm for checking proofs of compliance.
  • the compliance-checking problem may be mathematically undecidable in its most general form. Moreover, the compliance-checking problem is still non-deterministic polynomial time (NP) hard even when restricted in several natural ways.
  • Blaze, Feigenbaum and Lacy discloses the trust-management problem as a distinct and important component of security in network services. Aspects of the trust-management problem include formulation of policies and credentials, deferral of trust to third parties, and a mechanism for “proving ” that a request, supported by one or more credentials, complies with a policy. A comprehensive approach to trust management independent of the needs of any particular product or service is disclosed along with a trust-management system that embodies the approach.
  • the Policy Maker mechanism for checking that a set of credentials proves that a requested action complies with local policy does not depend on the semantics of the application-specific request, credentials or policy. This allows different applications with varying policy requirements to share a credential base and a trust-management infrastructure.
  • the head of the loan division must authorize approvers' public keys.
  • the division head's public key is currently PK 3 . This key expires on Dec. 31, 1998.
  • ⁇ i t ⁇ transforms A 0 such that ⁇ i t enters r into a cell not previously containing r, i.e., whether it is possible for some subject, not having right r over some object, ever to gain that right.
  • Harrison et al. identify several possible restrictions on ⁇ and give decision algorithms for input subject to one of these restrictions. One restriction they consider yields a PSPACE-complete problem.
  • n 1 has the “grant” right over n 2
  • n has some right r over n 3
  • a legal transaction is for n 1 to grant right r over n 3 to n 2 .
  • subjects can create new nodes and remove their 5 own rights over their immediate successors. Although rights are constrained to flow only via take-grant paths, take-grant systems do model non trivial applications.
  • an embodiment of the present invention formalizes the complexity of a general-purpose, working system for processing requests of this nature.
  • a general purpose trust-management system is, very roughly speaking, a meta-system in the protection system framework.
  • an application-independent notion of compliance checking can be useful and can enhance security. Any product or service that requires proof that a requested transaction complies with a policy could implement a special-purpose compliance checker from scratch.
  • One important advantage of a general purpose compliance checker is the soundness and reliability of both the design and the implementation of the compliance checker. Formalizing the notion of “credentials proving that a request complies with a policy” involves subtlety and detail.
  • a general-purpose compliance checker can facilitate inter-operability. Requests, policies, and credentials, if originally written in the native language of a specific product or service, must be translated into a standard format understood by the compliance checker. Because a wide variety of applications will each have translators with the same target language, policies and credentials originally written for one application can be used by another. The fact that the compliance checker can serve as a locus of inter-operability may prove particularly useful in e-commerce applications and, more generally, in all setting in which publickey certificates are needed.
  • the source-IDs are just strings, and the assertions encode a set of, possibly indirect and possibly conditional, trust relationships among the issuing sources. Associating each assertion with the correct source-ID is, according to this embodiment, the responsibility of the calling application and takes place before the POC instance is handed to the compliance checker.
  • the request r may be a string encoding an “action” for which the calling application seeks a proof of compliance.
  • the compliance checker's domain of discourse may need to include other action strings.
  • a request r may include, for example, a request to access or copy a data object, or to play a data object that contains, for example, audio content.
  • a set of acceptance records is referred to as an “acceptance set.” It is by maintaining acceptance sets and making them available to assertions that the compliance checker manages “inter-assertion communication,” giving assertions the chance to make decisions based on conditional decisions by other assertions.
  • the compliance checker starts with an “initial acceptance set” ⁇ ( ⁇ , ⁇ , R) ⁇ , in which the one acceptance record means that the action string for which approval is sought is R and that no assertions have yet signed off on it or anything else.
  • the checker runs the assertions ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . .
  • the compliance checker approves the request r if the acceptance record (0, POLICY, R), which means “policy approves the initial action string,” is produced. Note that the use of the string “POLICY” herein is by way of example only, and any other information may of course be used instead.
  • an assertion is a mapping from acceptance sets to acceptance sets. Assertion ( ⁇ i , s i ) looks at an acceptance set A encoding the actions that have been approved so far, and the numbers and sources of the assertions that approved them. Based on this information about what the sources it trusts have approved, ( ⁇ i , s i ) outputs another acceptance set A′.
  • R is the action string that corresponds to the request r?
  • N is the length of the original problem instance, i.e., the number of bits needed to encode r, ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ), and d in some standard fashion.
  • the length of the input fed to an individual assertion ( ⁇ i j , s i j ) in the course of checking a proof may be considerably bigger than the length of the original problem instance (r, ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ , c), because the running of assertions ( ⁇ i 1 , s i 1 ), . . . , ( ⁇ i j-1 , s i j-1 ) may have caused the creation of many new acceptance records.
  • the meaningful “domain of discourse” for assertion (f i , s i ) is of size at most m—there are at most m actions that it would make sense for ( ⁇ i , s i ) to sign off on, no matter what the other assertions in the instance say about r.
  • the class NPP consists of all promise problems with at least one solution in NP.
  • a promise problem is NP-hard if it has at least one solution and all of its solutions are NP-hard.
  • Q, R promise problem
  • POC variants that can be shown to be NP-hard, which is generally interpreted to mean that they are computationally intractable in the worst case.
  • the “input” is a request r, a set ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ of assertions, and integers c, l, m, and S.
  • the “promise” is that each ( ⁇ i , s i ) runs in time O(N c ).
  • the “input” is a request r, a set ⁇ ( ⁇ 0 , POLICY), (f 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ of assertions, and an integer d.
  • the “question” can be stated as follows: is there a sequence i 1 , . . . , i t of indices such that:
  • Each i j is in ⁇ 0, 1, . . . , n ⁇ 1 ⁇ , but the i j need not be distinct or collectively exhaustive of ⁇ 0, 1, . . . , n ⁇ 1 ⁇ ;
  • the “input” is a request r, a set ⁇ ( ⁇ o , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 )) ⁇ of assertions, and integers l and c.
  • the “promise” is that each assertion ( ⁇ i , s i ) is monotonic and runs in time O(N c ).
  • the “question” can be stated as follows: is there a sequence i j , . . . , i t of indices such that:
  • Each i j is in ⁇ 0, 1, . . . , n ⁇ 1 ⁇ , but the i j need not be distinct or collectively exhaustive of ⁇ 0, 1, . . . , n ⁇ 1 ⁇ ;
  • Each version of POC may be defined using “agglomeration” ( ⁇ 2 , s 2 ) ⁇ ( ⁇ 1 , s t ) instead of composition ( ⁇ 2 , s 2 ) ⁇ ( ⁇ 1 , s 1 ).
  • ( ⁇ 1 t , s i t ) agglomeratively to an acceptance set S 0 is defined inductively as follows: S I ⁇ ( ⁇ i1 , s i1 )(S 0 ) ⁇ S 0 and, for 2 ⁇ i ⁇ t, S j ⁇ ( ⁇ t j , s 1 j ) (S j-1 ) ⁇ S j-1 .(Si-,) u Se 1
  • agglomerative versions of the decision problems are identical to the versions already given, except that the acceptance condition is “(0, POLICY, R) ⁇ ( ⁇ i t , s i t ) ⁇ . . . ⁇ ( ⁇ i t , s i t ) ( ⁇ ( ⁇ , ⁇ , R) ⁇ )?”
  • agglomerative POC refers to the version defined in terms of ⁇ instead of ⁇ .
  • a trust-management system that defines “proof of compliance” in terms of agglomeration can make it impossible for an assertion to “undo” an approval that it (or any other assertion) has already given to an action string during the course of constructing a proof. This definition of proof may make sense if the trust-management system should guard against a rogue credential-issuer's ability to thwart legitimate proofs. Note that the question of whether the compliance checker combines assertions using agglomeration or composition is separate from the question of whether the assertions themselves are monotonic.
  • the “input is a request r, a set ⁇ ( ⁇ 0 , POLICY), ( ⁇ i , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ of assertions, and integers c, m, and S.
  • the “promise” is that each ( ⁇ i , s i ) is monotonic, authentic, and runs in time O(N c ).
  • FIG. 1 a flow diagram of a method of compliance checking for a trust-management system according to an embodiment of the present invention.
  • the flow chart in FIG. 1 is not meant to imply a fixed order to the steps; embodiments of the present invention can be practiced in any order that is practicable.
  • a request r a policy assertion ( ⁇ 0 , POLICY) associated with the request r, and n ⁇ 1 credential assertions ( ⁇ 1 , s 1 ), . . .
  • an acceptance record set S is initialized to ⁇ ( ⁇ , ⁇ , R) ⁇ at step 110 , where A represents a distinguished “null string” and R represents the initial request, r.
  • step 120 j is initialized to 1.
  • each assertion ( ⁇ i , s i ), for integers i from 0 to n ⁇ 1, is run and the result is added to the acceptance record set S. If j does not equal mn at step 140 , where m is a number greater than 1, j is increased by 1 at step 150 and step 130 is repeated.
  • CCA 1 Compliance-Checking Algorithm version 1
  • CCA 1 (r, ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ) . . . , ( ⁇ n-1 , s n-1 ) ⁇ , m):
  • an assertion ( ⁇ i , s i ) is “ill-formned” if it violates the promise. If CCA 1 discovers that ( ⁇ i , s i ) is ill-formed, the assertion is ignored for the remainder of the computation. An assertion ( ⁇ i , s i ) may be undetectably ill-formed. For example, there may be sets A B such that ( ⁇ i , s i )(A) ( ⁇ i , s i )(B), but such that A and B do not arise in this run of the compliance checker.
  • the CCA 1 algorithm may check for violations of the promise every time it simulates an assertion. Detailed pseudo-code for these checks is not included in CCA 1 , because it would not illustrate the basic structure of the algorithm. Instead, the predicate Ill-Formed () indicates that the checks may done for each simulation.
  • CCA 1 accepts if and only if the acceptance record (0, POLICY, R) is produced when it simulates the input assertions. Unlike the previous algorithms, however, it cannot non-deterministically guess an order in which to do the simulation. Instead, it uses an arbitrary order. CCA 1 also ensures that, if a proper subset F of the input assertions contains a proof that R complies with POLICY and every ( ⁇ i , s i ) ⁇ F satisfies the promise, then the remaining assertions do not destroy all or part of the acceptance records produced by F during the simulation (and destroy the proof), even if these remaining assertions do not satisfy the promise. CCA 1 achieves this by maintaining one set of approved acceptance records, from which no records are ever deleted, i.e., by agglomerating, and by discarding assertions that it discovers are ill-formed.
  • CCA 1 does mn iterations of the sequence ( ⁇ n-1 , s n-1 ), . . . , ( ⁇ 1 , s 1 ), ( ⁇ 0 , POLICY), for a total of mn 2 assertion-simulations.
  • a set F ⁇ ( ⁇ j t , s j t ), . . . , ( ⁇ j t , s j t ) ⁇ ⁇ ( ⁇ 0 , POLICY), . . .
  • F ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ contains a proof that R complies with POLICY and that every ( ⁇ i , s i ) ⁇ F satisfies the promise of LBMAPOC.
  • CCA 1 accepts (r, ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ , c, m, s).
  • CCA 1 rejects (r, ⁇ ( ⁇ 0 , POLICY), ( ⁇ 1 , s 1 ), . . . , ( ⁇ n-1 , s n-1 ) ⁇ , c, m, s).
  • k 1 , . . . , k u be a sequence of indices, each in ⁇ j 1 , . . . , j t ⁇ , but not necessarily distinct and not necessarily exhaustive of ⁇ (j 1 , . . . , j t ⁇ , such that (0, POLICY, R) ⁇ ( ⁇ k u , s k u ) ⁇ . . . ⁇ ( ⁇ k w , s k w ) ( ⁇ ( ⁇ , ⁇ , R) ⁇ ).
  • a u be the acceptance sets produced by applying ( ⁇ k 1 , s k 1 ), . . . , ( ⁇ k w , s k w ). Because k 1 , . . . , k u is a shortest sequence that proves compliance using assertions in F, each set A p must contain at least one action string that is not present in any of A 1 , . . . , A p-1 . Thus, u iterations of ( ⁇ 0 , POLICY) ⁇ ( ⁇ 1 , s 1 ) ⁇ . . . ⁇ ( ⁇ n-1 , s n-1 ) would suffice for CCA 1 .
  • cases (1) and (2) do not cover all possible inputs to CCA 1 .
US09/780,892 1998-02-17 2001-02-09 Method and apparatus for compliance checking in a trust-management system Abandoned US20010018675A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/780,892 US20010018675A1 (en) 1998-02-17 2001-02-09 Method and apparatus for compliance checking in a trust-management system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US7484898P 1998-02-17 1998-02-17
US25029699A 1999-02-17 1999-02-17
US09/414,778 US6256734B1 (en) 1998-02-17 1999-10-08 Method and apparatus for compliance checking in a trust management system
US09/780,892 US20010018675A1 (en) 1998-02-17 2001-02-09 Method and apparatus for compliance checking in a trust-management system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/414,778 Continuation US6256734B1 (en) 1998-02-17 1999-10-08 Method and apparatus for compliance checking in a trust management system

Publications (1)

Publication Number Publication Date
US20010018675A1 true US20010018675A1 (en) 2001-08-30

Family

ID=26756128

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/414,778 Expired - Lifetime US6256734B1 (en) 1998-02-17 1999-10-08 Method and apparatus for compliance checking in a trust management system
US09/780,892 Abandoned US20010018675A1 (en) 1998-02-17 2001-02-09 Method and apparatus for compliance checking in a trust-management system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/414,778 Expired - Lifetime US6256734B1 (en) 1998-02-17 1999-10-08 Method and apparatus for compliance checking in a trust management system

Country Status (1)

Country Link
US (2) US6256734B1 (US20010018675A1-20010830-P00901.png)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030050981A1 (en) * 2001-09-13 2003-03-13 International Business Machines Corporation Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US20030074321A1 (en) * 2001-10-15 2003-04-17 Vidius Inc. Method and system for distribution of digital media and conduction of electronic commerce in an un-trusted environment
US20050283443A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Auditable privacy policies in a distributed hierarchical identity management system
US20060005020A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Graduated authentication in an identity management system
US20060005263A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Distributed contact information management
US20060200425A1 (en) * 2000-08-04 2006-09-07 Enfotrust Networks, Inc. Single sign-on for access to a central data repository
US20060242688A1 (en) * 2005-04-22 2006-10-26 Microsoft Corporation Supporting statements for credential based access control
US20080066169A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Fact Qualifiers in Security Scenarios
US20080065899A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Variable Expressions in Security Assertions
US20080066147A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Composable Security Policies
US20080066170A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Security Assertion Revocation
US20080066175A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Security Authorization Queries
US20080066159A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Controlling the Delegation of Rights
US20080066171A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Security Language Translations with Logic Resolution
US20080066160A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Security Language Expressions for Logic Resolution
US20080066158A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Authorization Decisions with Principal Attributes
US20080091859A1 (en) * 2006-10-17 2008-04-17 Hon Hai Precision Industry Co., Ltd. Test Method for verifying installation validity of a PCI device on an electronic device
US20090049514A1 (en) * 2007-08-15 2009-02-19 Nokia Corporation Autonomic trust management for a trustworthy system
US20090210293A1 (en) * 2000-08-04 2009-08-20 Nick Steele Information transactions over a network
US7814534B2 (en) 2006-09-08 2010-10-12 Microsoft Corporation Auditing authorization decisions
US8260806B2 (en) 2000-08-04 2012-09-04 Grdn. Net Solutions, Llc Storage, management and distribution of consumer information

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7269580B2 (en) * 2000-10-03 2007-09-11 Celcorp, Inc. Application integration system and method using intelligent agents for integrating information access over extended networks
US7581103B2 (en) 2001-06-13 2009-08-25 Intertrust Technologies Corporation Software self-checking systems and methods
US7165718B2 (en) * 2002-01-16 2007-01-23 Pathway Enterprises, Inc. Identification of an individual using a multiple purpose card
WO2004051437A2 (en) * 2002-12-02 2004-06-17 Elemental Security System and method for providing an enterprise-based computer security policy
US20040260946A1 (en) * 2003-06-20 2004-12-23 Cahill Conor P. User not present
WO2005040995A2 (en) * 2003-10-24 2005-05-06 Dynexus, Inc Systems and methods of establishment of secure, trusted dynamic environments and facilitation of secured communication exchange networks
US8104075B2 (en) * 2006-08-10 2012-01-24 Intertrust Technologies Corp. Trust management systems and methods
US20090192784A1 (en) * 2008-01-24 2009-07-30 International Business Machines Corporation Systems and methods for analyzing electronic documents to discover noncompliance with established norms
US20100205649A1 (en) * 2009-02-06 2010-08-12 Microsoft Corporation Credential gathering with deferred instantiation
CN101923615B (zh) * 2010-06-11 2013-04-03 北京工业大学 一种基于灰色模糊综合评价的信任量化方法
JP5620781B2 (ja) * 2010-10-14 2014-11-05 キヤノン株式会社 情報処理装置、その制御方法、及びプログラム
US9015037B2 (en) 2011-06-10 2015-04-21 Linkedin Corporation Interactive fact checking system
US9087048B2 (en) 2011-06-10 2015-07-21 Linkedin Corporation Method of and system for validating a fact checking system
US8185448B1 (en) 2011-06-10 2012-05-22 Myslinski Lucas J Fact checking method and system
US8768782B1 (en) 2011-06-10 2014-07-01 Linkedin Corporation Optimized cloud computing fact checking
US9176957B2 (en) 2011-06-10 2015-11-03 Linkedin Corporation Selective fact checking method and system
US20140019762A1 (en) * 2012-07-10 2014-01-16 Digicert, Inc. Method, Process and System for Digitally Signing an Object
US9210051B2 (en) * 2012-09-12 2015-12-08 Empire Technology Development Llc Compound certifications for assurance without revealing infrastructure
US9483159B2 (en) 2012-12-12 2016-11-01 Linkedin Corporation Fact checking graphical user interface including fact checking icons
US20150095320A1 (en) 2013-09-27 2015-04-02 Trooclick France Apparatus, systems and methods for scoring the reliability of online information
US10169424B2 (en) 2013-09-27 2019-01-01 Lucas J. Myslinski Apparatus, systems and methods for scoring and distributing the reliability of online information
US9972055B2 (en) * 2014-02-28 2018-05-15 Lucas J. Myslinski Fact checking method and system utilizing social networking information
US9643722B1 (en) 2014-02-28 2017-05-09 Lucas J. Myslinski Drone device security system
US8990234B1 (en) 2014-02-28 2015-03-24 Lucas J. Myslinski Efficient fact checking method and system
US9189514B1 (en) 2014-09-04 2015-11-17 Lucas J. Myslinski Optimized fact checking method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6058383A (en) * 1996-06-27 2000-05-02 Kent Ridge Digital Labs Computationally efficient method for trusted and dynamic digital objects dissemination
US6212634B1 (en) * 1996-11-15 2001-04-03 Open Market, Inc. Certifying authorization in computer networks

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5315657A (en) * 1990-09-28 1994-05-24 Digital Equipment Corporation Compound principals in access control lists
EP0520709A3 (en) * 1991-06-28 1994-08-24 Digital Equipment Corp A method for providing a security facility for remote systems management
US5666416A (en) * 1995-10-24 1997-09-09 Micali; Silvio Certificate revocation system
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US6049872A (en) * 1997-05-06 2000-04-11 At&T Corporation Method for authenticating a channel in large-scale distributed systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6058383A (en) * 1996-06-27 2000-05-02 Kent Ridge Digital Labs Computationally efficient method for trusted and dynamic digital objects dissemination
US6212634B1 (en) * 1996-11-15 2001-04-03 Open Market, Inc. Certifying authorization in computer networks

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9928508B2 (en) 2000-08-04 2018-03-27 Intellectual Ventures I Llc Single sign-on for access to a central data repository
US8566248B1 (en) 2000-08-04 2013-10-22 Grdn. Net Solutions, Llc Initiation of an information transaction over a network via a wireless device
US20060200425A1 (en) * 2000-08-04 2006-09-07 Enfotrust Networks, Inc. Single sign-on for access to a central data repository
US8260806B2 (en) 2000-08-04 2012-09-04 Grdn. Net Solutions, Llc Storage, management and distribution of consumer information
US20090210293A1 (en) * 2000-08-04 2009-08-20 Nick Steele Information transactions over a network
US7389422B2 (en) 2001-09-13 2008-06-17 International Business Machines Corporation System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail
US20030050981A1 (en) * 2001-09-13 2003-03-13 International Business Machines Corporation Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US20060190545A1 (en) * 2001-09-13 2006-08-24 Banerjee Dwip N Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US20080235797A1 (en) * 2001-09-13 2008-09-25 International Business Machines Corporation Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail
US20080235345A1 (en) * 2001-09-13 2008-09-25 International Business Machines Corporation Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail
US20030074321A1 (en) * 2001-10-15 2003-04-17 Vidius Inc. Method and system for distribution of digital media and conduction of electronic commerce in an un-trusted environment
US8527752B2 (en) 2004-06-16 2013-09-03 Dormarke Assets Limited Liability Graduated authentication in an identity management system
US9398020B2 (en) 2004-06-16 2016-07-19 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US11824869B2 (en) 2004-06-16 2023-11-21 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US10904262B2 (en) 2004-06-16 2021-01-26 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US10567391B2 (en) 2004-06-16 2020-02-18 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US10298594B2 (en) 2004-06-16 2019-05-21 Callahan Cellular L.L.C. Graduated authentication in an identity management system
US20050283443A1 (en) * 2004-06-16 2005-12-22 Hardt Dick C Auditable privacy policies in a distributed hierarchical identity management system
US8504704B2 (en) 2004-06-16 2013-08-06 Dormarke Assets Limited Liability Company Distributed contact information management
US9245266B2 (en) * 2004-06-16 2016-01-26 Callahan Cellular L.L.C. Auditable privacy policies in a distributed hierarchical identity management system
US8959652B2 (en) 2004-06-16 2015-02-17 Dormarke Assets Limited Liability Company Graduated authentication in an identity management system
US20060005020A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Graduated authentication in an identity management system
US20060005263A1 (en) * 2004-06-16 2006-01-05 Sxip Networks Srl Distributed contact information management
US7657746B2 (en) * 2005-04-22 2010-02-02 Microsoft Corporation Supporting statements for credential based access control
US20060242688A1 (en) * 2005-04-22 2006-10-26 Microsoft Corporation Supporting statements for credential based access control
US8095969B2 (en) * 2006-09-08 2012-01-10 Microsoft Corporation Security assertion revocation
US20080066170A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Security Assertion Revocation
US8060931B2 (en) * 2006-09-08 2011-11-15 Microsoft Corporation Security authorization queries
US20080066175A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Security Authorization Queries
US8201215B2 (en) 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US8225378B2 (en) 2006-09-08 2012-07-17 Microsoft Corporation Auditing authorization decisions
US20110030038A1 (en) * 2006-09-08 2011-02-03 Microsoft Corporation Auditing Authorization Decisions
US7814534B2 (en) 2006-09-08 2010-10-12 Microsoft Corporation Auditing authorization decisions
US20080066169A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Fact Qualifiers in Security Scenarios
US20080066159A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Controlling the Delegation of Rights
US8584230B2 (en) 2006-09-08 2013-11-12 Microsoft Corporation Security authorization queries
US20080066158A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Authorization Decisions with Principal Attributes
CN102176226A (zh) * 2006-09-08 2011-09-07 微软公司 安全授权查询
US20080065899A1 (en) * 2006-09-08 2008-03-13 Microsoft Corporation Variable Expressions in Security Assertions
US20080066147A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Composable Security Policies
US9282121B2 (en) 2006-09-11 2016-03-08 Microsoft Technology Licensing, Llc Security language translations with logic resolution
US8938783B2 (en) * 2006-09-11 2015-01-20 Microsoft Corporation Security language expressions for logic resolution
US8656503B2 (en) 2006-09-11 2014-02-18 Microsoft Corporation Security language translations with logic resolution
US20080066160A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Security Language Expressions for Logic Resolution
US20080066171A1 (en) * 2006-09-11 2008-03-13 Microsoft Corporation Security Language Translations with Logic Resolution
US20080091859A1 (en) * 2006-10-17 2008-04-17 Hon Hai Precision Industry Co., Ltd. Test Method for verifying installation validity of a PCI device on an electronic device
US20090049514A1 (en) * 2007-08-15 2009-02-19 Nokia Corporation Autonomic trust management for a trustworthy system

Also Published As

Publication number Publication date
US6256734B1 (en) 2001-07-03

Similar Documents

Publication Publication Date Title
US6256734B1 (en) Method and apparatus for compliance checking in a trust management system
Blaze et al. Compliance checking in the policymaker trust management system
US7730138B2 (en) Policy processing model
Bertino et al. Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment
Blaze et al. The role of trust management in distributed systems security
Blaze et al. The KeyNote trust-management system version 2
Abadi et al. Analyzing security protocols with secrecy types and logic programs
US7665120B2 (en) Visual summary of a web service policy document
JP5010160B2 (ja) フォーマットにとらわれない証明書発行のためのシステムおよび方法
US20020087859A1 (en) Trust management systems and methods
Canetti et al. On the random-oracle methodology as applied to length-restricted signature schemes
Squicciarini et al. PP-trust-X: A system for privacy preserving trust negotiations
US7512976B2 (en) Method and apparatus for XSL/XML based authorization rules policy implementation
US20080066171A1 (en) Security Language Translations with Logic Resolution
Blaze et al. RFC2704: The KeyNote Trust-Management System Version 2
US20070277225A1 (en) Method and system for providing a secure message transfer within a network system
Schwoon et al. On generalized authorization problems
Rowe et al. Measuring protocol strength with security goals
WO1999041878A1 (en) Method and apparatus for compliance checking in a trust-management system
Chu Trust management for the world wide web
Trček Security policy conceptual modeling and formalization for networked information systems
Strauss Compliance Checking in the PolicyMaker Trust Management System
CN112016118A (zh) 匿名数据库评级更新
US8166306B2 (en) Semantic digital signatures
Cheval et al. Automatic verification of transparency protocols (extended version)

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION