[go: up one dir, main page]

WO2009003742A1 - An apparatus for establishing trust in data associated with a data processing system - Google Patents

An apparatus for establishing trust in data associated with a data processing system Download PDF

Info

Publication number
WO2009003742A1
WO2009003742A1 PCT/EP2008/055555 EP2008055555W WO2009003742A1 WO 2009003742 A1 WO2009003742 A1 WO 2009003742A1 EP 2008055555 W EP2008055555 W EP 2008055555W WO 2009003742 A1 WO2009003742 A1 WO 2009003742A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
data processing
path
digest
processing system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/055555
Other languages
French (fr)
Inventor
Christopher Raymond Gibson
John Bryan Ibbotson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of WO2009003742A1 publication Critical patent/WO2009003742A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An apparatus for establishing trust in data, for use with a system comprising one or more data processing systems, each operable to process the data, the apparatus comprising: a determiner, responsive to the data being transmitted over a path from one data processing system to another, for determining a parameter associated withthe path; an assignor for assigning authentication data associated with the parameter; and a checker for using the authentication data to check the data.

Description

AN APPARATUS FOR ESTABLISHING TRUST IN DATA ASSOCIATED WITH A DATA PROCESSING SYSTEM
FIELD OF THE INVENTION
The present invention relates to an apparatus for establishing trust in data associated with a data processing system.
BACKGROUND OF THE INVENTION
"Ad-hoc" computing systems comprise for example, portable devices with limited resources having a pervasive nature (e.g. unreliable network connections). Such a system can be dynamic and heterogeneous in its configuration e.g. having a mixture of device types such as routers; mobile phones; wireless connections and satellite up/down links.
In such a system it is difficult to establish trust in data associated with the system because, for example, such a system can comprise untrusted devices and is dynamic and heterogeneous in its nature.
DISCLOSURE OF THE INVENTION
According to a first aspect, the present invention provides an apparatus for establishing trust in data, for use with a system comprising one or more data processing systems, each operable to process the data, the apparatus comprising: a determiner, responsive to the data being transmitted over a path from one data processing system to another, for determining a parameter associated with the path; an assignor for assigning authentication data associated with the parameter; and a checker for using the authentication data to check the data.
According to a second aspect, the present invention provides a method for establishing trust in data, for use with a system comprising one or more data processing systems, each operable to process the data, the method comprising the steps of: in response to the data being transmitted over a path from one data processing system to another, determining a parameter associated with the path; assigning authentication data associated with the parameter; and using the authentication data to check the data.
According to a third aspect, the present invention provides a computer program comprising program code means adapted to perform all the steps of the method described above when said program is run on a computer.
Advantageously, the present invention allows for establishment of trust in the data in a system which is "ad-hoc" in its nature (e.g. comprising untrusted devices and having a dynamic and heterogeneous nature).
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will now be described, by way of example only, with reference to preferred embodiments thereof, as illustrated in the following drawings:
Figure 1 is a block diagram of a system for establishing trust in data;
Figure 2 is a block diagram of an apparatus associated with a first data processing system associated with the system of figure 1 ;
Figure 3 is a flow chart showing the operational steps involved in a process for establishing trust in data;
Figure 4 is a representation of data associated with a function; and
Figure 5 is a representation of data associated with a path.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
A method for allowing the establishment of trust associated with data will now be described with reference to the figures. In a first example, figure 1 shows a system (100) comprising a first data processing system (135) according to the preferred embodiment(shown in more detail in figure 2); a second data processing system (140) associated with assigning one or more "functions" (as will be described herein) as is known in the art and a third data processing system (145) associated with assigning a "path" (as will be described herein) as is known in the art.
The system (100) also comprises a sub-system (155) (indicated with a dashed line) comprising a number of data processing systems.
The sub-system (155) comprises sensors associated with executing one or more "functions" (as will be described herein).
Preferably, a function is associated with processing of data.
The sub-system (155) also comprises intermediary nodes associated with collecting data from sensors. An intermediary node can also process the data. One or more intermediary nodes can forward the data to a data processing system that is not associated with the subsystem (155).
A path is associated with transmission of the data from one data processing system to another, preferably, within the sub-system (155).
Preferably, a path is associated with a function.
The sub-system (155) comprises a fourth data processing system (105) comprising a sensor having an identifier "Sl"; a fifth data processing system (110) comprising an intermediary function having an identifier "12"; a sixth data processing system (115) comprising an intermediary function having an identifier "H"; a seventh data processing system (120) comprising a sensor having an identifier "S2"; an eighth data processing system (125) comprising an intermediary function having an identifier "13" and a ninth processing system (130) comprising a sensor having an identifier "S3". In the first example, the second data processing system (140) is operable to assign functions to one or more of the data processing systems associated with the sub-system (155) in accordance with e.g. identifier and attribute data of the one or more data processing systems. The second data processing system (140) can preferably receive input e.g. from an administrator; a system or a set of rules.
For example, the second data processing system (140) can assign to a first sensor having identifier data comprising "first sensor id" and attribute data comprising "vibration sensor", a first function of "generate and publish a vibration reading every 5 seconds".
A plurality of sensors can each be assigned functions. For example, as well as assigning the first function to the first sensor, the second data processing system (140) can assign a second function (e.g. "generate and publish a temperature reading every 10 seconds") to a second sensor (having attribute data comprising "temperature sensor"). In the example, the first and second functions can be sub-function associated with a function (e.g. wherein the function is "monitoring safety of a gas canister").
A function can also be associated with any number of other aspects associated with processing of data (e.g. transformation; aggregation of data etc.).
The third data processing system (145) is operable to assign a "path" associated with one or more of the data processing systems associated with the sub-system (155).
Preferably, a path is assigned in accordance with the identifier and the attribute data of the one or more data processing systems. For example, the third data processing system (145) can establish a path between a first sensor, a first intermediary node and a second intermediary node in response to analysis of a "transmission" range attribute of each of the first sensor, the first intermediary node and the second intermediary node. For example, data is transmitted using the assigned path because each of the first sensor, the first intermediary node and the second intermediary node comprises a "short" transmission range and therefore, "multiple hops" are required. Preferably, a path is assigned for a function. For example, if a plurality of functions is assigned, a corresponding plurality of paths can also be assigned.
Preferably, the third data processing system (145) is operable to communicate with the second data processing system (140).
The third data processing system (145) can preferably receive input e.g. from an administrator; a system or a set of rules.
Figure 2 shows in more detail, the first data processing system (135) comprising a determiner (200) operable to access the second data processing system (140) and the third data processing system (145); a key assignor (205); a checker (210) and an executor (215).
A process according to the preferred embodiment will now be described with reference to figure 3.
At step 300, the determiner (200) accesses the second data processing system (140) in order to determine function data associated with one or more functions.
In the first example, the determiner (200) receives the function data from the second data processing system (140), a representation of which is shown in figure 4.
The function data comprises a function identifier associated with a function and an associated data processing system identifier associated with a data processing system.
At step 305, the determiner (200) accesses the third data processing system (145) in order to determine path data associated with a path.
In the first example, the determiner (200) receives the path data from the third data processing system (145), a representation of which is shown in figure 5. The path data comprises a path identifier (e.g. PATH l) associated with a path and a position identifier associated with a position (e.g. 3) of a data processing system (e.g. Sl) in the path. The path identifier and associated position identifier are associated with a data processing system identifier (e.g. Sl) and a function identifier (e.g. Fn I).
It should be understood that path data can comprise any number of other identifiers e.g. a sequence identifier of a point in an ordered sequence associated with a data processing system.
At step 310, the key assignor (205) assigns one or more keys. It should be understood that any number of types of authentication data can be assigned.
In the first example, the key assignor (205) uses the function and path data obtained in steps 300 and 305 to assign each data processing system a unique key. Preferably a key is unique to a path, a function and a data processing system. For example, if a data processing system associated with a path has a plurality of associated functions, the key assignor (205) assigns a plurality of associated unique keys to the data processing system.
It should be understood that the key assignor (205) can assign a key associated with any number of other parameters (e.g. wherein a key is associated with a particular user of a data processing system (e.g. wherein there are multiple users of a single data processing system) or wherein a key is associated with a sub-function rather than a function).
In the first example, for the function having an identifier "Fn 1", the key assignor (205) assigns keys having the following identifiers:
Sl - Kl
S2 - K2
S3 - K3
Il - K4
12 - K5 In the first example, each of the data processing systems in the sub-system (155) performs one or more sub-functions associated with the function "Fn 1".
In the first example, Sl executes a first sub-function resulting in generation of data.
Sl generates a first digest (having an associated identifier "DIG_S1") using a digest algorithm (e.g. SHA-I) and its associated key (e.g. "Kl").
Digest data associated with Sl is input to the digest algorithm, wherein FN ID represents an identifier associated with a function; DPS ID represents an identifier associated with a data processing system; PATH D ATA represents path data and DATA represents data associated with a data processing system:
FN ID; DPS ID; PATH DATA; DATA
The values associated with DIG_S1 are shown below, wherein "FN_1" represents the identifier associated with a function; "Sl" represents the identifier associated with a data processing system; "PATH_1 :3" represents the path data and "75" represents first data:
FN_1; S1; PATH_1 :3; 75
51 sends the first digest and the first data to a next data processing system in the path (e.g. "12").
In the first example, S2 executes a second sub-function resulting in a transformation (e.g. 75%) of the first data (e.g. 75).
52 generates a second digest (having an associated identifier "DIG_S2"), wherein the following digest data is input:
FN_1; S2; PATH_1 :4; 75% 52 sends the second digest and second data (e.g. 75%) to a next data processing system in the path (e.g. "13").
In the first example, S3 executes a third sub-function resulting in generation of further data.
53 generates a third digest (having an associated identifier "DIG_S3"), wherein the following digest data is input:
FN l; S3; PATHJ :4; IOOF
S3 sends the third digest and third data (e.g. IOOF) to a next data processing system in the path (e.g. "13").
Preferably, an intermediary node is responsible for transmitting check data associated with data processing systems to the checker (210). In the first example, 13 transmits the second digest, the second data, the third digest and the third data to the checker (210). Alternatively, the checker (210) can obtain the check data from 13. Alternatively, 13 can transmit the check data to a further data processing system which forwards the check data to the checker (210).
The checker (210) checks (step 315) the second digest and the third digest.
To check the second digest, the checker (210) creates a comparative second digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives the second data from 13 to use as input to the same digest algorithm used by S2, using the key (e.g. K2) associated with S2 (e.g. wherein the key obtained from the key assignor (205)). The checker (210) checks the comparative second digest against the second digest.
To check the third digest, the checker (210) creates a comparative third digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives the third data from 13 to use as input to the same digest algorithm used by S3, using the key (e.g. K3) associated with S3 (e.g. obtained from the key assignor (205)). The checker (210) checks the comparative third digest against the third digest.
If a comparative digest does not match an associated digest, checking of the associated digest fails (negative result to step 320). In response, preferably the executor (215) generates
(step 325) a notification indicating that there is an error associated with trust of associated data.
Preferably, the executor (215) transmits the notification to a data processing system (e.g. 13). Preferably, corrective or compensatory actions can be taken in response to receipt of the notification. Preferably, the notification is encrypted prior to transmission. Preferably, in response to generation of the notification, the process ends.
In the first example, the second comparative digest matches the second digest and the third comparative digest matches the third digest. Thus, checking of the second digest and the third digest succeeds (positive result to step 320) and this establishes trust in the second and third data as processed by S2 and S3 respectively.
Advantageously, trust in data can be evaluated before further processing occurs by authenticating the data at points in the path.
Preferably, the executor (215) generates (step 330) a notification indicating that 13 should proceed and in response, 13 executes a fourth sub-function resulting in collection of the second and third data.
13 generates a fourth digest (having an associated identifier "DIG I3") wherein the following digest data is input:
FN l; 13; PATH_1 :3; 75%; IOOF 13 sends the fourth digest and the second and third data to a next data processing system in the path (e.g. "12"). Preferably, the fourth digest replaces the second digest and the third digest, advantageously resulting in less data being transmitted.
In the first example, 12 transmits the first digest, the first data, the fourth digest and the second and third data to the checker (210).
In response to further checks being required (positive result to step 335), the checker (210) checks the first digest by creating a comparative first digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives the first data from 12 to use as input to the same digest algorithm used by Sl, using the key (e.g. Kl) associated with Sl (e.g. obtained from the key assignor (205)). The checker (210) checks the comparative first digest against the first digest.
The checker (210) checks the fourth digest by creating a comparative fourth digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives the second and third data from 12 to use as input to the same digest algorithm used by 13, using the key (e.g. K6) associated with 13 (e.g. obtained from the key assignor (205)). The checker (210) checks the comparative fourth digest against the fourth digest.
In the first example, checking of the first digest and the fourth digest succeeds (positive result to step 320) and this establishes trust in the first data as processed by Sl and second and third data as processed by 13.
Preferably, the executor (215) generates (step 330) a notification indicating that 12 should proceed and in response, 12 executes a fifth sub-function resulting in collection of data. It should be understood that preferably, 12 replaces the first data (e.g. 75) with the second data (e.g. 75%) as the second data is a transformation of the first data.
12 generates a fifth digest (having an associated identifier "DIG I2") wherein the following digest data is input: FN l; 12; PATHJ :2; 75%; IOOF
12 sends the fifth digest and the second and third data to a next data processing system in the path (e.g. "H"). Preferably, the fifth digest replaces the first digest and the fourth digest.
In the first example, Il transmits the fifth digest and the second and third data to the checker (210).
In response to further checks being required (positive result to step 335), the checker (210) checks the fifth digest by creating a comparative fifth digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives the second and third data from Il to use as input to the same digest algorithm used by 12, using the key (e.g.
K5) associated with 12 (e.g. obtained from the key assignor (205)). The checker (210) checks the comparative fifth digest against the fifth digest.
In the first example, checking of the fifth digest succeeds (positive result to step 320) and this establishes trust in the second and third data as processed by 12.
Preferably, the executor (215) generates (step 330) a notification indicating that Il should proceed and in response, Il executes a sixth sub-function resulting in forwarding of the second and third data to a data processing system (150) not associated with the sub-system (155).
Il generates a sixth digest (having an associated identifier "DIG Il") wherein the following digest data is input:
FN l; II; PATHJ :1; 75%; IOOF
Il sends the sixth digest and the second and third data to the checker (210). Preferably, the sixth digest replaces the fifth digest. In response to further checks being required (positive result to step 335), the checker (210) checks the sixth digest by creating a comparative sixth digest by obtaining values associated with FN ID; DPS ID; PATH D ATA from the determiner (200) and receives second and third data from Il to use as input to the same digest algorithm used by II, using the key (e.g. K4) associated with Il (e.g. obtained from the key assignor (205)). The checker (210) checks the comparative sixth digest against the sixth digest.
In the first example, checking of the sixth digest succeeds (positive result to step 320) and this establishes trust in the second and third data as processed by Il .
Preferably, in response to further checks not being required (negative result to step 335), the process ends.
Advantageously, the method described allows for trust to be established in data. The establishment of trust can be used to determine whether data was transmitted using an expected path. Preferably, the establishment of trust occurs at multiple points in the path such that the path over which data is transmitted can be authenticated.
Preferably, the establishment of trust can also be used to determine whether data received by one data processing system is the same as data sent by another data processing system and to determine whether expected sub-functions were applied to data by one or more data processing systems.
The present invention allows for establishment of trust in the data in an environment which is "ad-hoc" in its nature (e.g. comprising untrusted devices and having a dynamic and heterogeneous nature). Furthermore, the present invention allows for establishment of trust in the data in an environment wherein dynamic changes can occur to any of: data processing systems being used; functions being performed and a path between data processing systems.
It should be understood that alternatively to a digest replacing a previous digest, each digest can be forwarded using the network. It should be understood that alternatively to a data processing system not associated with a path checking trust in data, the checking can occur at a data processing system associated with the path (e.g. at each intermediary node). In this case, preferably, an intermediary node is operable to receive from the key assignor, keys associated with another intermediary node or sensor immediately adjacent to the intermediary node in a path.
It will be clear to one of ordinary skill in the art that all or part of the method of the preferred embodiments of the present invention may suitably and usefully be embodied in a logic apparatus, or a plurality of logic apparatus, comprising logic elements arranged to perform the steps of the method and that such logic elements may comprise hardware components, firmware components or a combination thereof.
It will be equally clear to one of skill in the art that all or part of a logic arrangement according to the preferred embodiments of the present invention may suitably be embodied in a logic apparatus comprising logic elements to perform the steps of the method, and that such logic elements may comprise components such as logic gates in, for example a programmable logic array or application-specific integrated circuit. Such a logic arrangement may further be embodied in enabling elements for temporarily or permanently establishing logic structures in such an array or circuit using, for example, a virtual hardware descriptor language, which may be stored and transmitted using fixed or transmittable carrier media.
It will be appreciated that the method and arrangement described above may also suitably be carried out fully or partially in software running on one or more processors (not shown in the figures), and that the software may be provided in the form of one or more computer program elements carried on any suitable data-carrier (also not shown in the figures) such as a magnetic or optical disk or the like. Channels for the transmission of data may likewise comprise storage media of all descriptions as well as signal-carrying media, such as wired or wireless signal- carrying media.
The present invention may further suitably be embodied as a computer program product for use with a computer system. Such an implementation may comprise a series of computer- readable instructions either fixed on a tangible medium, such as a computer readable medium, for example, diskette, CD-ROM, ROM, or hard disk, or transmittable to a computer system, via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications lines, or intangibly using wireless techniques, including but not limited to microwave, infrared or other transmission techniques. The series of computer readable instructions embodies all or part of the functionality previously described herein.
Those skilled in the art will appreciate that such computer readable instructions can be written in a number of programming languages for use with many computer architectures or operating systems. Further, such instructions may be stored using any memory technology, present or future, including but not limited to, semiconductor, magnetic, or optical, or transmitted using any communications technology, present or future, including but not limited to optical, infrared, or microwave. It is contemplated that such a computer program product may be distributed as a removable medium with accompanying printed or electronic documentation, for example, shrink-wrapped software, pre-loaded with a computer system, for example, on a system ROM or fixed disk, or distributed from a server or electronic bulletin board over a network, for example, the Internet or World Wide Web.
In an alternative, the preferred embodiment of the present invention may be realized in the form of computer implemented method of deploying a service comprising steps of deploying computer program code operable to, when deployed into a computer infrastructure and executed thereon, cause said computer system to perform all the steps of the described method.
It will be clear to one skilled in the art that many improvements and modifications can be made to the foregoing exemplary embodiment without departing from the scope of the present invention.

Claims

1. An apparatus for establishing trust in data, for use with a system comprising one or more data processing systems, each operable to process the data, the apparatus comprising: a determiner, responsive to the data being transmitted over a path from one data processing system to another, for determining a parameter associated with the path; an assignor for assigning authentication data associated with the parameter; and a checker for using the authentication data to check the data.
2. An apparatus as claimed in claim 1, wherein the parameter further comprises: a first identifier associated with one or more data processing systems associated with the path.
3. An apparatus as claimed in claim 1, wherein the parameter further comprises: a second identifier associated with a processing function performed by the one or more data processing systems.
4. An apparatus as claimed in claim 1, wherein the system comprises at least one of: an untrusted data processing system; an untrusted path and an untrusted processing function.
5. An apparatus as claimed in claim 1, wherein the one or more data processing systems comprise sensors.
6. An apparatus as claimed in claim 1, wherein the one or more data processing systems comprise intermittent network connections.
7. A method for establishing trust in data, for use with a system comprising one or more data processing systems, each operable to process the data, the method comprising the steps of: in response to the data being transmitted over a path from one data processing system to another, determining a parameter associated with the path; assigning authentication data associated with the parameter; and using the authentication data to check the data.
8. A method as claimed in claim 7, wherein the parameter further comprises: a first identifier associated with one or more data processing systems associated with the path.
9. A method as claimed in claim 7, wherein the parameter further comprises: a second identifier associated with a processing function performed by the one or more data processing systems.
10. A method as claimed in claim 7, wherein the system comprises at least one of: an untrusted data processing system; an untrusted path and an untrusted processing function.
11. A method as claimed in claim 7, wherein the one or more data processing systems comprise sensors.
12. A method as claimed in claim 7, wherein the one or more data processing systems comprise intermittent network connections.
13. A computer program comprising program code means adapted to perform all the steps of any of claims 7 to 12 when said program is run on a computer.
PCT/EP2008/055555 2007-07-05 2008-05-06 An apparatus for establishing trust in data associated with a data processing system Ceased WO2009003742A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0712981.0 2007-07-05
GB0712981A GB0712981D0 (en) 2007-07-05 2007-07-05 an apparatus for establishing trust in data associated with a data processing system

Publications (1)

Publication Number Publication Date
WO2009003742A1 true WO2009003742A1 (en) 2009-01-08

Family

ID=38440389

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/055555 Ceased WO2009003742A1 (en) 2007-07-05 2008-05-06 An apparatus for establishing trust in data associated with a data processing system

Country Status (2)

Country Link
GB (1) GB0712981D0 (en)
WO (1) WO2009003742A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US20060242086A1 (en) * 2005-04-22 2006-10-26 Vinay Deolalikar Shipment authentication and tracking
US20070030143A1 (en) * 2005-05-03 2007-02-08 Greg Benson Trusted monitoring system and method
US7234059B1 (en) * 2001-08-09 2007-06-19 Sandia Corporation Anonymous authenticated communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US7234059B1 (en) * 2001-08-09 2007-06-19 Sandia Corporation Anonymous authenticated communications
US20060242086A1 (en) * 2005-04-22 2006-10-26 Vinay Deolalikar Shipment authentication and tracking
US20070030143A1 (en) * 2005-05-03 2007-02-08 Greg Benson Trusted monitoring system and method

Also Published As

Publication number Publication date
GB0712981D0 (en) 2007-08-15

Similar Documents

Publication Publication Date Title
US20190335333A1 (en) Security for network computing environment using centralized security system
CN104573516B (en) A kind of industrial control system trusted context management-control method and platform based on safety chip
US12505254B2 (en) Data processing method and apparatus based on blockchain network, and computer device
US10581849B2 (en) Data packet transmission method, data packet authentication method, and server thereof
JP2023541599A (en) Service communication methods, systems, devices and electronic equipment
US9444806B2 (en) Method, apparatus and server for identity authentication
US20170187831A1 (en) Universal Abstraction Layer and Management of Resource Devices
CN106911648B (en) A kind of environment isolation method and equipment
CN111898124B (en) Process access control method and device, storage medium and electronic equipment
US20190349356A1 (en) Cybersecurity intelligence platform that predicts impending cyber threats and proactively protects heterogeneous devices using highly-scalable bidirectional secure connections in a federated threat intelligence environment
CN107707557B (en) Anonymous access method, device, network equipment and readable storage medium
CN112468448A (en) Processing method and device of communication network, electronic equipment and readable storage medium
CN112219416A (en) Technology for authenticating data transmitted over cellular networks
CN111131144B (en) IoT (Internet of things) equipment management method, device, server and storage medium
CN117220933A (en) A vulnerability hot repair method and server
CN116980164A (en) Access request processing methods, systems, devices, computer equipment and storage media
US20240187301A1 (en) System, Method, and Computer Program Product for Detecting an Anomaly in Network Activity
CN115801292A (en) Access request authentication method and device, storage medium and electronic equipment
WO2009003742A1 (en) An apparatus for establishing trust in data associated with a data processing system
CN118055157A (en) Service calling method, device, equipment and storage medium
JP5635115B2 (en) Quarantine program, quarantine method and information processing apparatus
CN119544346B (en) Access request processing method and related device
US12393743B2 (en) Using modified inter-chip messages to determine microcontroller message encoding
CN115834129B (en) A license authentication method and computer equipment
JP7468652B2 (en) Distributed system, communication terminal, function recovery method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08759425

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08759425

Country of ref document: EP

Kind code of ref document: A1