WO2006058313A3 - Method to control access between network endpoints based on trust scores calculated from information system component analysis - Google Patents

Method to control access between network endpoints based on trust scores calculated from information system component analysis Download PDF

Info

Publication number
WO2006058313A3
WO2006058313A3 PCT/US2005/043035 US2005043035W WO2006058313A3 WO 2006058313 A3 WO2006058313 A3 WO 2006058313A3 US 2005043035 W US2005043035 W US 2005043035W WO 2006058313 A3 WO2006058313 A3 WO 2006058313A3
Authority
WO
WIPO (PCT)
Prior art keywords
information system
component analysis
system component
control access
scores calculated
Prior art date
Application number
PCT/US2005/043035
Other languages
French (fr)
Other versions
WO2006058313A2 (en
Inventor
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Anderson
Original Assignee
Signacert Inc
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Anderson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Signacert Inc, David Maurits Bleckmann, William Wyatt Starnes, Bradley Douglas Anderson filed Critical Signacert Inc
Priority to EP05847593.0A priority Critical patent/EP1817862A4/en
Priority to CA002588197A priority patent/CA2588197A1/en
Priority to JP2007543583A priority patent/JP4934860B2/en
Publication of WO2006058313A2 publication Critical patent/WO2006058313A2/en
Publication of WO2006058313A3 publication Critical patent/WO2006058313A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy.
PCT/US2005/043035 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis WO2006058313A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP05847593.0A EP1817862A4 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis
CA002588197A CA2588197A1 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis
JP2007543583A JP4934860B2 (en) 2004-11-29 2005-11-28 Method for controlling access between multiple network endpoints based on trust score calculated from information system component analysis

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US63145004P 2004-11-29 2004-11-29
US63144904P 2004-11-29 2004-11-29
US60/631,450 2004-11-29
US60/631,449 2004-11-29
US63706604P 2004-12-17 2004-12-17
US60/637,066 2004-12-17

Publications (2)

Publication Number Publication Date
WO2006058313A2 WO2006058313A2 (en) 2006-06-01
WO2006058313A3 true WO2006058313A3 (en) 2007-01-18

Family

ID=36498616

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/043035 WO2006058313A2 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis

Country Status (5)

Country Link
EP (1) EP1817862A4 (en)
JP (1) JP4934860B2 (en)
KR (1) KR20070098835A (en)
CA (1) CA2588197A1 (en)
WO (1) WO2006058313A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272719B2 (en) * 2004-11-29 2007-09-18 Signacert, Inc. Method to control access between network endpoints based on trust scores calculated from information system component analysis
US8327131B1 (en) 2004-11-29 2012-12-04 Harris Corporation Method and system to issue trust score certificates for networked devices using a trust scoring service
US7487358B2 (en) 2004-11-29 2009-02-03 Signacert, Inc. Method to control access between network endpoints based on trust scores calculated from information system component analysis
US9450966B2 (en) 2004-11-29 2016-09-20 Kip Sign P1 Lp Method and apparatus for lifecycle integrity verification of virtual machines
US7733804B2 (en) 2004-11-29 2010-06-08 Signacert, Inc. Method and apparatus to establish routes based on the trust scores of routers within an IP routing domain
US8266676B2 (en) 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
CN1703004B (en) 2005-02-28 2010-08-25 联想(北京)有限公司 Method for implementing network access authentication
CN100358303C (en) * 2005-02-28 2007-12-26 联想(北京)有限公司 A method for monitoring apparatus being managed
US20070169204A1 (en) * 2006-01-17 2007-07-19 International Business Machines Corporation System and method for dynamic security access
JP4822544B2 (en) * 2006-04-26 2011-11-24 株式会社リコー Image forming apparatus capable of managing a plurality of module configuration information
JPWO2023112140A1 (en) * 2021-12-14 2023-06-22

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US20020144149A1 (en) * 2001-04-03 2002-10-03 Sun Microsystems, Inc. Trust ratings in group credentials
US20030177394A1 (en) * 2001-12-26 2003-09-18 Dmitri Dozortsev System and method of enforcing executable code identity verification over the network
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6330670B1 (en) * 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
WO2004081756A2 (en) * 2003-03-12 2004-09-23 Nationwide Mutual Insurance Co Trust governance framework
US20040107363A1 (en) * 2003-08-22 2004-06-03 Emergency 24, Inc. System and method for anticipating the trustworthiness of an internet site

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US20020144149A1 (en) * 2001-04-03 2002-10-03 Sun Microsystems, Inc. Trust ratings in group credentials
US20030177394A1 (en) * 2001-12-26 2003-09-18 Dmitri Dozortsev System and method of enforcing executable code identity verification over the network
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method

Also Published As

Publication number Publication date
JP2008522292A (en) 2008-06-26
EP1817862A2 (en) 2007-08-15
CA2588197A1 (en) 2006-06-01
WO2006058313A2 (en) 2006-06-01
EP1817862A4 (en) 2014-03-19
KR20070098835A (en) 2007-10-05
JP4934860B2 (en) 2012-05-23

Similar Documents

Publication Publication Date Title
WO2006058313A3 (en) Method to control access between network endpoints based on trust scores calculated from information system component analysis
WO2008024135A3 (en) Method to verify the integrity of components on a trusted platform using integrity database services
WO2006062998A3 (en) System and method for identity verification and management
WO2008099402A3 (en) A method and system for dynamic security using authentication server
WO2006054282A3 (en) Mitigating network attacks using automatic signature generation
WO2008078366A1 (en) Data verifying device, data verifying method, and data verifying program
WO2004088472A3 (en) Methods and systems for assessing and advising on electronic compliance
EP1975836A3 (en) Server active management technology (AMT) assisted secure boot
WO2009148430A3 (en) System and method of collecting market-related data via a web-based networking environment
WO2007038027A3 (en) Methods, systems, and computer program products for verifying an identity of a service requester using presence information
WO2008155188A3 (en) Firewall control using remote system information
WO2008008219A3 (en) System and method of analyzing web content
WO2006008733A8 (en) A method for determining near duplicate data objects
WO2007079499A3 (en) Trusted host platform
EP3620934A3 (en) Intelligent compute request scoring and routing
WO2008067128A3 (en) Methods and systems for dynamically associating access rights with a resource
WO2007077362A3 (en) Method for authenticating applications of a computer system
MX2007007561A (en) Self-adaptive multimodal biometric authentication system and method.
WO2008016489A3 (en) Methods and systems for modifying an integrity measurement based on user athentication
WO2005109197A3 (en) Resource manager for clients in an information distribution system
WO2006091726A3 (en) Method for modeling and testing a security system
WO2006031401A3 (en) Reliable elliptic curve cryptography computation
JP2008522292A5 (en)
WO2007098405A3 (en) Systems and methods for determining a flow of data
WO2006015878A3 (en) Active relationship management

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REEP Request for entry into the european phase

Ref document number: 2005847593

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2005847593

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2588197

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2007543583

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1954/KOLNP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1020077014877

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005847593

Country of ref document: EP

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)