WO2006058313A3 - Method to control access between network endpoints based on trust scores calculated from information system component analysis - Google Patents

Method to control access between network endpoints based on trust scores calculated from information system component analysis Download PDF

Info

Publication number
WO2006058313A3
WO2006058313A3 PCT/US2005/043035 US2005043035W WO2006058313A3 WO 2006058313 A3 WO2006058313 A3 WO 2006058313A3 US 2005043035 W US2005043035 W US 2005043035W WO 2006058313 A3 WO2006058313 A3 WO 2006058313A3
Authority
WO
WIPO (PCT)
Prior art keywords
information system
component analysis
system component
control access
scores calculated
Prior art date
Application number
PCT/US2005/043035
Other languages
French (fr)
Other versions
WO2006058313A2 (en
Inventor
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Anderson
Original Assignee
Signacert Inc
David Maurits Bleckmann
William Wyatt Starnes
Bradley Douglas Anderson
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Signacert Inc, David Maurits Bleckmann, William Wyatt Starnes, Bradley Douglas Anderson filed Critical Signacert Inc
Priority to CA002588197A priority Critical patent/CA2588197A1/en
Priority to EP05847593.0A priority patent/EP1817862A4/en
Priority to JP2007543583A priority patent/JP4934860B2/en
Publication of WO2006058313A2 publication Critical patent/WO2006058313A2/en
Publication of WO2006058313A3 publication Critical patent/WO2006058313A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy.
PCT/US2005/043035 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis WO2006058313A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA002588197A CA2588197A1 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis
EP05847593.0A EP1817862A4 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis
JP2007543583A JP4934860B2 (en) 2004-11-29 2005-11-28 Method for controlling access between multiple network endpoints based on trust score calculated from information system component analysis

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US63145004P 2004-11-29 2004-11-29
US63144904P 2004-11-29 2004-11-29
US60/631,450 2004-11-29
US60/631,449 2004-11-29
US63706604P 2004-12-17 2004-12-17
US60/637,066 2004-12-17

Publications (2)

Publication Number Publication Date
WO2006058313A2 WO2006058313A2 (en) 2006-06-01
WO2006058313A3 true WO2006058313A3 (en) 2007-01-18

Family

ID=36498616

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/043035 WO2006058313A2 (en) 2004-11-29 2005-11-28 Method to control access between network endpoints based on trust scores calculated from information system component analysis

Country Status (5)

Country Link
EP (1) EP1817862A4 (en)
JP (1) JP4934860B2 (en)
KR (1) KR20070098835A (en)
CA (1) CA2588197A1 (en)
WO (1) WO2006058313A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8266676B2 (en) 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
US7733804B2 (en) 2004-11-29 2010-06-08 Signacert, Inc. Method and apparatus to establish routes based on the trust scores of routers within an IP routing domain
US9450966B2 (en) 2004-11-29 2016-09-20 Kip Sign P1 Lp Method and apparatus for lifecycle integrity verification of virtual machines
US7487358B2 (en) 2004-11-29 2009-02-03 Signacert, Inc. Method to control access between network endpoints based on trust scores calculated from information system component analysis
US7272719B2 (en) * 2004-11-29 2007-09-18 Signacert, Inc. Method to control access between network endpoints based on trust scores calculated from information system component analysis
US8327131B1 (en) 2004-11-29 2012-12-04 Harris Corporation Method and system to issue trust score certificates for networked devices using a trust scoring service
CN100358303C (en) 2005-02-28 2007-12-26 联想(北京)有限公司 A method for monitoring apparatus being managed
CN1703004B (en) * 2005-02-28 2010-08-25 联想(北京)有限公司 Method for implementing network access authentication
US20070169204A1 (en) * 2006-01-17 2007-07-19 International Business Machines Corporation System and method for dynamic security access
JP4822544B2 (en) * 2006-04-26 2011-11-24 株式会社リコー Image forming apparatus capable of managing a plurality of module configuration information
WO2023112140A1 (en) * 2021-12-14 2023-06-22 日本電気株式会社 Access control device, access control method, and program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US20020144149A1 (en) * 2001-04-03 2002-10-03 Sun Microsystems, Inc. Trust ratings in group credentials
US20030177394A1 (en) * 2001-12-26 2003-09-18 Dmitri Dozortsev System and method of enforcing executable code identity verification over the network
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6330670B1 (en) * 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
WO2004081756A2 (en) * 2003-03-12 2004-09-23 Nationwide Mutual Insurance Co Trust governance framework
US20040107363A1 (en) * 2003-08-22 2004-06-03 Emergency 24, Inc. System and method for anticipating the trustworthiness of an internet site

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6327652B1 (en) * 1998-10-26 2001-12-04 Microsoft Corporation Loading and identifying a digital rights management operating system
US20020144149A1 (en) * 2001-04-03 2002-10-03 Sun Microsystems, Inc. Trust ratings in group credentials
US20030177394A1 (en) * 2001-12-26 2003-09-18 Dmitri Dozortsev System and method of enforcing executable code identity verification over the network
US20050138417A1 (en) * 2003-12-19 2005-06-23 Mcnerney Shaun C. Trusted network access control system and method

Also Published As

Publication number Publication date
EP1817862A2 (en) 2007-08-15
KR20070098835A (en) 2007-10-05
WO2006058313A2 (en) 2006-06-01
JP4934860B2 (en) 2012-05-23
JP2008522292A (en) 2008-06-26
EP1817862A4 (en) 2014-03-19
CA2588197A1 (en) 2006-06-01

Similar Documents

Publication Publication Date Title
WO2006058313A3 (en) Method to control access between network endpoints based on trust scores calculated from information system component analysis
WO2006062998A3 (en) System and method for identity verification and management
WO2008008339A3 (en) System and method for analyzing web content
WO2008099402A3 (en) A method and system for dynamic security using authentication server
WO2006054282A3 (en) Mitigating network attacks using automatic signature generation
EP2199940A3 (en) Methods and systems for detecting man-in-the-browser attacks
WO2008078366A1 (en) Data verifying device, data verifying method, and data verifying program
WO2004070626A3 (en) System method and computer program product for obtaining structured data from text
EP1975836A3 (en) Server active management technology (AMT) assisted secure boot
WO2005060484A3 (en) Generic token-based authentication system
WO2006071951A3 (en) Email sender verification system
WO2006069158A3 (en) Self-adaptive multimodal biometric authentication system and method
WO2007038027A3 (en) Methods, systems, and computer program products for verifying an identity of a service requester using presence information
WO2006044835A3 (en) Method, system and apparatus for assessing vulnerability in web services
WO2006074294A3 (en) Methods and apparatus providing security to computer systems and networks
WO2008008219A3 (en) System and method of analyzing web content
WO2008042614A3 (en) Role based internet access and individualized role based systems to view biometric information
WO2011035150A3 (en) Systems and methods for sharing user generated slide objects over a network
WO2007009009A3 (en) Systems and methods for identifying sources of malware
WO2008067128A3 (en) Methods and systems for dynamically associating access rights with a resource
WO2008068450A3 (en) Improvements in resisting the spread of unwanted code and data
WO2007077362A3 (en) Method for authenticating applications of a computer system
WO2008016489A3 (en) Methods and systems for modifying an integrity measurement based on user athentication
WO2005109197A3 (en) Resource manager for clients in an information distribution system
WO2006031401A3 (en) Reliable elliptic curve cryptography computation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REEP Request for entry into the european phase

Ref document number: 2005847593

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2005847593

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2588197

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2007543583

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1954/KOLNP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 1020077014877

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2005847593

Country of ref document: EP

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)