Categorization of host security levels based on functionality implemented inside secure hardware

US 20040139312A1
Filed: 01/14/2003
Published: 07/15/2004
Est. Priority Date: 01/14/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for describing the security level of a target device to an inquiring device, wherein the target device and inquiring device are coupled via a digital network, the method comprising selecting an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware;

storing the selected indicator in a datagram; and

initiating transfer of the datagram from the target device to the inquiring device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for rating security levels a device according to the characteristics of functions executing within secure hardware components in the device. The security level of a host is placed in a digital certificate along with a corresponding private key at the time of manufacture of a device. The digital certificate can be provided to an inquiring device so that more comprehensive system-wide security levels can be communicated and maintained. Where a network uses ticket-based key management protocols, the security rating, or level, is transferred from the certificate to an issued ticket. Inquiring devices can then check security levels of target devices by using certificates or tickets and perform transfers or grant authorizations accordingly. In a preferred embodiment a security ratings system uses six levels of security. The levels are structured to include characteristics about a device'"'"'s processing. That is, the levels provide information on the amount and type of sensitive processing that can occur in non-secure (or low security) circuitry or components within a device. This gives a better indication of how prone a device is to threats that may be of particular concern in content delivery networks. Additional qualifiers can be optionally used to provide further information about a security level. For example, the degree of handling time management processing within secure hardware and whether a particular codec, watermarks or fingerprints are supported within secure hardware can each be represented by a policy qualifier.

146 Citations

23 Claims

1. A method for describing the security level of a target device to an inquiring device, wherein the target device and inquiring device are coupled via a digital network, the method comprising selecting an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware;
- storing the selected indicator in a datagram; and
  
  initiating transfer of the datagram from the target device to the inquiring device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the indicator is stored in the target device at the time of manufacture.
  - 3. The method of claim 1, wherein the target device includes one or more cryptographic keys, wherein the indicator includes an indication that software techniques are used to obfuscate the keys.
  - 4. The method of claim 1, wherein the target device includes one or more cryptographic keys, wherein the indicator includes an indication of the degree that keys are accessed within a secure hardware module.
  - 5. The method of claim 1, wherein the indicator includes an indication of the degree to which digital rights management processing is performed within a secure hardware module.
  - 6. The method of claim 1, wherein the indicator includes an indication of the degree to which time management is performed within a secure hardware module.
  - 7. The method of claim 1, wherein the indicator includes an indication of the degree to which time management is performed within a secure hardware module.
  - 8. The method of claim 1, wherein the indicator includes an indication of the degree to which a codec is supported within a secure hardware module.
  - 9. The method of claim 1, wherein the indicator includes an indication of the degree to which a digital watermark is supported within a secure hardware module.
  - 10. The method of claim 1, wherein the indicator includes an indication of the degree to which a digital fingerprint is supported within a secure hardware module.
  - 11. The method of claim 1, wherein the datagram is included in one or more packets.
  - 12. The method of claim 1, wherein a digital certificate is provided with the indicator.
  - 13. The method of claim 1, wherein the datagram includes a digital certificate.
  - 14. The method of claim 13, wherein the indicator is transferred from the digital certificate to a ticket.
  - 15. The method of claim 1, wherein the datagram includes a ticket.
  - 16. The method of claim 15, wherein the indicator is transferred from the ticket to a digital certificate.

17. An apparatus for providing the security level of a device, the apparatus comprising a stored indicator that indicates the security level of the device, wherein the indicator includes an indication of a type of processing performed in secure hardware within the device;
- a coupling for coupling the device to a digital network; and
  
  a processor for transferring the stored indicator to the digital network.

18. A method for describing the security level of a target device to an inquiring device, the method comprising evaluating an indicator that indicates the security level of the target device, wherein the indicator includes an indication of a type of processing performed in secure hardware in the target device.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, further comprising transferring the indicator over a digital network.
  - 20. The method of claim 18, further comprising transferring the indicator by using a storage device.
  - 21. The method of claim 18, wherein a device includes a compact disk player.
  - 22. The method of claim 18, wherein a device includes a digital versatile disk player.
  - 23. The method of claim 18, wherein a device includes an audio playback device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander

Application Number

US10/345,075
Publication Number

US 20040139312A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2129   Authenticate client device ...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

Categorization of host security levels based on functionality implemented inside secure hardware

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Categorization of host security levels based on functionality implemented inside secure hardware

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links