483 results about "Trust network" patented technology

Computer systems and methods incorporate user annotations (metadata) regarding various pages or sites, including annotations by a querying user and by members of a trust network defined for the querying user into search and browsing of a corpus such as the World Wide Web. A trust network is defined for each user, and annotations by any member of a first user's trust network are made visible to the first user during search and/or browsing of the corpus. Users can also limit searches to content annotated by members of their trust networks or by members of a community selected by the user.

A system and method for direct authentication and/or authorization of transactions. The system includes a trusted Digital Identity (DID) Network connecting an Originating Participating Financial Institution (OPFI) and a Receiving Participating Financial Institution (RPFI) through a DID Operator. The DID Operator may further be coupled to a DID System that calculates digital identities for Originators. According to the method, direct authentication of the Originator and/or authorization of the transaction is initiated upon the Originator communicating its digital identity to the Receiver. The Receiver subsequently provides the digital identity to the RPFI. The RPFI is then able to communicate with the OPFI for authentication of the Originator and/or authorization of the transaction through the DID Operator based on Originator's digital identity. The transaction between the Originator and Receiver can be financial or non-financial and may include, for example, account-to-account transfers, identity authentication or express agreements. In another embodiment, authentication and/or authorization may be performed in real time.

A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic. This scheme enables the server to throttle untrusted password-guessing requests from crackers without penalizing most friendly logins and only slightly penalizing the relatively few untrusted friendly logins.

An arrangement, of functionally connected electronic devices includes: a data input entity, configured to obtain user in-formation relative to a plurality of users, data indicative of trust between multiple users and data indicative of a number of ride requests and ride offers by the users, a trust network knowledgebase entity configured to establish and manage a number of trust networks on the basis of the obtained data. The knowledgebase entity groups a plurality of users into a number of trust networks, a scheduling entity configured, on the basis of the obtained data, to determine a potential transport sharing scenario for a plurality of users belonging to the same trust network. The scheduling entity is configured to find potential matches between the ride requests and ride offers to determine the scenario, and a data output entity configured to indicate the scenario to multiple users of the plurality.

The invention advantageously provides a system for the verification a user's identity and qualifications and authentication of credentials associated with a user's digital identity on a trust network (where service providers involved in a transaction may be independent parties operating with limited trust), in which a pseudonymized transaction record may be created for that digital identity and stored in a shared ledger; identifying information for a user may be retained in a custodial escrow account for that user; and transactions may be re-correlated with identifying information for authorized third parties under established “due process” rules that are appropriate for the applicable jurisdiction(s).

A method is provided of enabling respective users (A, B) of first and second devices (12, 2) of a trusted network to perform a secure transaction between them. A communications channel, such as a telephone conversation, is established between the users (A, B). A verification identifier for the transaction is communicated between the users (A, B) using the communications channel (A6). The verification identifier is stored (A3) at the first device (12) as a reference identifier for the transaction. A secure connection is opened between the two devices (12, 2) over the trusted network (A10), the secure connection being different to the communications channel between the users (A, B). The verification identifier is sent (A11) from the second device (2) to the first device (12) over the secure connection. The verification identifier received over the secure connection is compared (A12) with the reference identifier at the first device (12). The secure transaction is performed over the secure connection (A15) in dependence upon the comparison.

Embodiments of the invention provide a method and an apparatus for detecting and responding to email based propagation of malicious software (malware) in a trusted network. One embodiment provides a detector decoy email account to serve as generic bait for malicious software for a domain within the trusted network. In addition, at least one email account for the domain within the trusted network is provided as a detector probe account. In so doing, when the detector decoy email account receives an email from the detector probe account within the trusted network a policy based infection response rule is generated.

A branding process provides a networked computing device with initial set up information, including a name, a public/private key pair, and a set of certificates the device will need to inter-operate with other devices in the trust group. A branding device conveys the initial set-up information to the networked computing device via a limited access network interface, or alternatively via a broadcast network media with the device enclosed in a wave guide and/or Faraday cage. The networked computing device can then use the set up information to verify that other devices on the network that seek to interact with the device are also members of the trust group, with which networked computing device can interact.

An approach is provided for causing an extension of secure emergency network resources via one or more trusted point of presence. The approach involves determining a networking context, wherein the networking context initiates a request to join an extension mesh network to a currently trusted network. The approach also involves determining a target network trust level associated with the networking context, the currently trusted network, or a combination thereof. The approach further involves selecting the extension mesh network based on the target network trust level. The approach also involves initiating a joining of the extension mesh network to the currently trusted network.

A trust-based communication and information filtering system having rating features is user customizable. It is a system in which the raters remain anonymous. The anonymous ratings mimic real life person-to-person recommendation methods wherein recommendations are personal and cannot be controlled by persons or items being rated. The system uses contextually meaningful rating which are filtered explicitly by the end-user or implicitly based upon the environment of the end-user to facilitate discovery and minimize the potential for fraud and deception. Trust networks are constructed between the participants and the rating or information filtered or weighted according to the user's relative trust of the raters in the system. Ratings made by the inventive system can be for goods, services, people, businesses or virtually any item that can be rated and/or recommended.

Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.

A computer readable storage medium includes instructions to receive a request from a client to enroll in a trust network. A registration form is supplied to the client in response to the request. Client data in the registration form received from the client is processed to load the client data as parameters in a managed trust network. The managed trust network includes a vouch system, a complaint resolution mechanism, relationship value exchange and endorsements.

A Secure Extranet Server (SES) provides for secure and traceable communication and document exchange between a trusted network and an untrusted network by authenticated users. The SES includes a first partition in communication with the untrusted network and a second partition in communication with the trusted network. The second partition maintains a session table and is in communication with a user authentication and authorization module. Communication between the first and second partition is preferably initiated by a request from the second partition. Security tokens attached to messages provide constraint checking on user inputs, access to documents and servers within the trusted network, checkout and checkin of controlled documents, and a single sign-on capability for on-line applications as well as local applications operating on protected files at remote user computers.

A method and apparatus for creating a computerized market for used and collectible goods by allowing the electronic present of goods from one market to another in a trusted network, allowing the electronic auctioning of goods, enabling an electronic agent to search the markets for locate a good, and enabling an electronic agent to search for the owner of a hard to find good.

Methods, data structures, and systems by which entities can efficiently discover, extend, validate and establish business relationships over a digital network are disclosed. A transitive trust system can be utilized by any number of interconnected entities in which at least two of the entities are capable of sharing information. One or more entity trust lists contain, for at least two of the entities, at least one characteristic. Each characteristic can, for example, describe or pertain to the actual or perceived dependability, reliability and/or credibility of an entity. The system also includes at least one transactional trust list that contains at least one parameter relative to an exchange between at least two of the entities through at least one degree of separation between the entities. The transactional trust list can, for example, be a listing of any type of parameters that define or describe business exchanges within a particular industry segment. The transactional trust list can also list information about the types of transactional activities that can take place and proxy actions available to cooperating entities. The system retrieves information from the entity trust list and the transactional trust list in order to provide a framework for at least two of the entities to establish relationships with one another.

According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.