Categorization of host security levels based on functionality implemented inside secure hardware
First Claim
1. A method for describing the security level of a target device to an inquiring device, wherein the target device and inquiring device are coupled via a digital network, the method comprising selecting an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware;
- storing the selected indicator in a datagram; and
initiating transfer of the datagram from the target device to the inquiring device.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for rating security levels a device according to the characteristics of functions executing within secure hardware components in the device. The security level of a host is placed in a digital certificate along with a corresponding private key at the time of manufacture of a device. The digital certificate can be provided to an inquiring device so that more comprehensive system-wide security levels can be communicated and maintained. Where a network uses ticket-based key management protocols, the security rating, or level, is transferred from the certificate to an issued ticket. Inquiring devices can then check security levels of target devices by using certificates or tickets and perform transfers or grant authorizations accordingly. In a preferred embodiment a security ratings system uses six levels of security. The levels are structured to include characteristics about a device'"'"'s processing. That is, the levels provide information on the amount and type of sensitive processing that can occur in non-secure (or low security) circuitry or components within a device. This gives a better indication of how prone a device is to threats that may be of particular concern in content delivery networks. Additional qualifiers can be optionally used to provide further information about a security level. For example, the degree of handling time management processing within secure hardware and whether a particular codec, watermarks or fingerprints are supported within secure hardware can each be represented by a policy qualifier.
146 Citations
23 Claims
-
1. A method for describing the security level of a target device to an inquiring device, wherein the target device and inquiring device are coupled via a digital network, the method comprising
selecting an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware; -
storing the selected indicator in a datagram; and
initiating transfer of the datagram from the target device to the inquiring device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for providing the security level of a device, the apparatus comprising
a stored indicator that indicates the security level of the device, wherein the indicator includes an indication of a type of processing performed in secure hardware within the device; -
a coupling for coupling the device to a digital network; and
a processor for transferring the stored indicator to the digital network.
-
-
18. A method for describing the security level of a target device to an inquiring device, the method comprising
evaluating an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware in the target device.
Specification