384 results about "Trust level" patented technology

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient. The security architecture allows upgrade of credentials for a given session. This capability is particularly advantageous in the context of a single, enterprise-wide log-on. An entity (e.g., a user or an application) may initially log-on with a credential suitable for one or more resources in an initial resource set, but then require access to resource requiring authentication at higher trust level. In such case, the log-on service allows additional credentials to be provided to authenticate at the higher trust level. The log-on service allows upgrading and/or downgrading without loss of session continuity (i.e., without loss of identity mappings, authorizations, permissions, and environmental variables, etc.).

A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are associated with trust levels and a log-on service obtains credentials for an entity commensurate with the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

By including environment information in a security policy, a security architecture advantageously allows temporal, locational, connection type and/or client capabilities-related information to affect the sufficiency of a given credential type (and associated authentication scheme) for access to a particular information resource. In some configurations, time of access, originating location (physical or network) and/or connection type form a risk profile that can be factored into credential type sufficiency. In some configurations, changing environmental parameters may cause a previously sufficient credential to become insufficient. Alternatively, an authenticated credential previously insufficient for access at a given trust level may be sufficient based on a changed or more fully parameterized session environment. In some configurations, the use of session tracking facilites (e.g., the information content of session tokens) can be tailored to environmental parameters (e.g., connection type or location). Similarly, capabilities of a particular client entity (e.g., browser support for 128-bit cipher or availablity of a fingerprint scanner or card reader) may affect the availability or sufficiency of particular authentication schemes to achieve a desired trust level.

QoS is built into a peer network within existing Internet infrastructure itself lacking QoS, by enabling a network peer to continuously discern the network's ability to deliver to that peer a particular Content Object (distributed in groups of component Packages among neighboring VOD peers) within predetermined times. Content Objects are divided into groups of component Packages and distributed to Clusters of neighboring network peers, enhancing QoS upon subsequent retrieval. Tracking Files (lists of network peers storing Package groups) and Tracking Indexes (lists of network peers storing Tracking Files) are generated to facilitate “on demand” Content Objects retrieval. Dynamically monitoring network traffic (including VOD functionality, bandwidth and reliability) creates “distributed closed-loop feedback,” and in response, attributes of individual network peers (e.g., Trust Level and membership within a particular Cluster) are modified, and “content balancing” functions performed (e.g., redistribution of Package groups among network peers) enables maintaining high QoS.

A policy system includes the policy server (2617); a policy database (2619) which located at policy decision point (2723); the access/response entity (2603); resource server (2711); policy message (2725) and policy enforcement point (2721). System connected through public network (2702) or internal network (103). The access filter (107, 203, 403) control access by use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Access is permitted or denied according to of access policies (307) which define access in terms of the user groups (FIGS. 9-12) and information sets (FIGS. 13A-18). The rights of administrators are similarly determined by administrative policies (FIGS. 23A-C). Access is further permitted only if the trust levels of the network by which is made by the sufficient access (FIGS. 25-29). A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities. Policies may now further have specifications for time intervals during which the policies are in force and the entities may be associated with attributes that specify how the entity is to be used when the policy applies.

A level of trust is determined based on a combination of scores for one or more successful authentications. Scores indicate relative degrees of reliability for authentications, so that differing authentication methods may correspond to different scores. The determined level of trust can then be used to allow or deny access to a resource, and can be used to specify the type of access that is allowed, if applicable.

An online work management system provides a marketplace for multiple job owner and workers. The job owners provide a job description that defines task. The job description may be processed to generate task descriptions that may be published for workers' application. The task descriptions specify the qualification or restrictions for workers to have the task assigned. The online work management system also provides various functions supporting coordination and management of task assignment such as determining the trust level of the user's identity, search the tasks or workers, monitoring the progress of job, managing payment to workers, training and testing the workers, evaluating the review by the job owners, and generation of surveys.

A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.

An online work management system provides a marketplace for multiple job owner and workers. The job owners provide a job description that defines task. The job description may be processed to generate task descriptions that may be published for workers' application. The task descriptions specify the qualification or restrictions for workers to have the task assigned. The online work management system also provides various functions supporting coordination and management of task assignment such as determining the trust level of the user's identity, search the tasks or workers, monitoring the progress of job, managing payment to workers, training and testing the workers, evaluating the review by the job owners, and generation of surveys.

A system for causing routing of a communication event includes a sending platform for initiating and sending the communication event, a communications network for carrying the communication event, a receiving platform for receiving the communication event for final routing, and a router resident at least in the receiving platform for preparing and executing or forwarding for execution a routing instruction for handling the incoming communication event or notification thereof, the routing instruction thus executed, overriding a default routing instruction, the overriding routing instruction initiated upon discovery by the router of some level of trust metric between the sender and intended recipient of the event.

Techniques for sharing content among multiple users are described herein. According to one embodiment, content is received from an owner to be shared among multiple members of one or more communities, where the owner defines the one or more communities. In response to the received content, a privacy level associated with the content to be shared is determined, where the privacy level is assigned by the owner. A trust level associated with each member of the one or more communities is determined, where each member is associated with a trust level assigned by the owner previously to represent a relationship between each member and the owner. The content is shared among selected members of the one or more communities if trust levels of the selected members and the privacy level associated with the content satisfy a predetermined relationship. Other methods and apparatuses are also described.

The embodiments provide generating a dedicated virtual machine image (DVMI) including functionality for a target service provider and launching the DVMI in the host device as a dedicated virtual machine (DVM). A measurement of the DVMI and/or the launched DVM, as a Trusted Dedicated Virtual Machine (TDVM), is transmitted to the target service provider server. The target service provider determines a trust level for the TDVM, based upon the measurement and provides a level of service by the target service provider server to the TDVM, according to the trust level of the TDVM.

A method of providing varying levels of secure access to computer resources. A certificate is used to identify a particular data requester and the certificate is authenticated using asymmetrical encryption techniques, such as public-private key pairs. One or more trust authorities may be consulted to ascribe a trust level to the certificate, which is an indication of the veracity of the identity of the data requester. Individual system users may set differing levels of access to a number of shared system resources for a particular data requester. The authenticated and verified data requester is then provided with the pre-set level of access to the desired shared resource. The level of access to a particular shared system resource therefore depends upon the user the data is being accessed through, the authenticated identity of the data requester, and their ascribed trust level. The shared resource may comprise data and/or an application module that is accessed or executed through a secure symmetric encryption tunnel.

Systems and methods for determining trust levels for components of a computing application using a blockchain. The system may include a development framework, a trust matrix, a trust level calculation module, a visual design subsystem, and a deployment subsystem, where trust levels are associated with components, combinations of components, graphs, and blueprints, where trust levels relate to categories of use.

A system for executing a program using a virtual machine monitor and a method of controlling the system are provided. The system includes a virtual machine monitor which divides an operating system (OS) into at least one root domain and a plurality of domains having different trust levels, and a trust-management module which is included in the root domain and periodically measures the trust level of an application program currently being executed in the OS. The virtual machine monitor executes the application program in one of the domains in consideration of the trust level of the application program. The method includes dividing an OS into at least a root domain and a plurality of domains having different trust levels by using a virtual machine monitor, enabling the root domain to periodically measure the trust level of an application program currently being executed in the OS, and executing the application program in one of the domains according to the trust level of the application program.

Customers having a translation project to select a translation method from a variety of options, ranging from a completely human translation to a completely automated translation. For human translations, translation job information may be communicated through one or more network service modules which execute within a network service application, such as a web-based networking application. A network service module may register a user having an account with the network service application as a translator and communicate translation jobs to the user. One or more users who express interest in performing the translation are selected to perform a translation job, each job comprising at least a portion of the translation project. After a user provides a translation for the translation job, the translation is analyzed to generate a trust level prediction for the translation. A user translation profile may be updated after each translation to reflect the user's performance.

An apparatus for protecting against computer malware, comprising: a data inputter for intercepting data units flow, a trust level assigner, associated with the data inputter, for assigning to each of the data units a respective trust level, an isolated-processing environment, operable to process the data units in an isolated manner and configured to send copies of the processed data units out of the isolated-processing environment, and a processing environment selector, associated with the trust level assigner and the isolated-processing environment, operable to determine if a data unit is to be executed on the isolated-processing environment, in accordance with the respective trust level.

A quality-prediction engine predicts a trust level associated with translational accuracy of a machine-generated translation. Training a quality-prediction may include translating a document in a source language to a target language by executing a machine-translation engine stored in memory to obtain a machine-generated translation. The training may further include comparing the machine-generated translation with a human-generated translation of the document. The human-generated translation is in the target language. Additionally, the training may include generating a mapping between features of the machine-generated translation and features of the human-generated translation based on the comparison. The mapping may allow determination of trust levels associated with translational accuracy of future machine-generated translations that lack corresponding human-generated translations. Machine-generated translations may then be credibly provided by translating a document from a source language to a target language by executing a machine-translation engine stored in memory to obtain a machine-generated translation, predicting a trust level of the machine-generated translation by executing a quality-prediction engine stored in memory, and outputting the machine-generated translation and the trust level.