Sentinel appliance in an internet of things realm
First Claim
Patent Images
1. A sentinel device configured to provide Internet of things (IoT) security, comprising:
- a hardware platform;
a trusted execution environment (TEE) to execute on the hardware platform; and
a security engine to operate within the TEE and operable to;
communicatively couple to a trusted gateway device via a first interface and communicatively couple to a second device via a second interface;
receive a domain security policy for a domain of the second device;
determine that the second device lacks at least some security features to satisfy the domain security policy;
identify a key negotiation for an encrypted connection between the trusted gateway device and the second device;
request a service appliance key for the key negotiation;
receive the service appliance key; and
perform a service appliance function on traffic between the trusted gateway and the second device, comprising providing security functions to satisfy at least some of the security features lacking in the second device.
9 Assignments
0 Petitions
Accused Products
Abstract
In an example, there is disclosed a computing apparatus, comprising: a trusted execution environment (TEE); and a security engine operable to: identify a key negotiation for an encrypted connection between a first device and a second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the first device and the second device. There is also disclosed a method of providing the security engine, and a computer-readable medium having stored thereon executable instructions for providing the security engine.
-
Citations
25 Claims
-
1. A sentinel device configured to provide Internet of things (IoT) security, comprising:
-
a hardware platform; a trusted execution environment (TEE) to execute on the hardware platform; and a security engine to operate within the TEE and operable to; communicatively couple to a trusted gateway device via a first interface and communicatively couple to a second device via a second interface; receive a domain security policy for a domain of the second device; determine that the second device lacks at least some security features to satisfy the domain security policy; identify a key negotiation for an encrypted connection between the trusted gateway device and the second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the trusted gateway and the second device, comprising providing security functions to satisfy at least some of the security features lacking in the second device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more tangible, non-transitory computer readable storage mediums having stored thereon executable instructions for providing a security engine to operate within a trusted execution environment (TEE), wherein the security engine is operable to:
-
communicatively couple to a trusted gateway device via a first interface and communicatively couple to a second device via a second interface; receive a domain security policy for a domain of the second device; determine that the second device lacks at least some security features to satisfy the domain security policy; identify a key negotiation for an encrypted connection between the trusted gateway device and the second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the trusted gateway device and the second device, comprising providing security functions to satisfy at least some of the security features lacking in the second device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method of providing Internet of things (IoT) security, comprising:
-
providing a trusted execution environment (TEE) to execute on a hardware platform; within the TEE; communicatively coupling to a trusted gateway device via a first interface and communicatively coupling to a second device via a second interface; receiving a domain security policy for a domain of the second device; determining that the second device lacks at least some security features to satisfy the domain security policy; identifying a key negotiation for an encrypted connection between the trusted gateway device and the second device; requesting a service appliance key for the key negotiation; receiving the service appliance key; and performing a service appliance function on traffic between the trusted gateway and the second device, comprising providing security functions to satisfy at least some of the security features lacking in the second device. - View Dependent Claims (23, 24, 25)
-
Specification