Method and apparatus for use in security

US 20060294575A1
Filed: 09/13/2004
Published: 12/28/2006
Est. Priority Date: 09/11/2003
Status: Abandoned Application

First Claim

Patent Images

1. A security system for use in secure transfer of data to or from communication devices connected to a network, the system comprising:

i) an input for receiving data;

ii) security management apparatus for processing data received at the input and selecting a value for one or more parameters of the security system; and

iii) an output for use in identifying selected values to said communication devices, wherein the apparatus is adapted to process said received data to select said value(s), and to use said output to identify said value(s) to one or more of said communication devices for use in subsequent secure transfer of data to or from said one or more communication devices using the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for securing data paths in a network responds to events to change parameters of the security features in use. For example, it can change the type of encryption algorithm being used, or parameters of the encryption algorithm such as the key length or number of rounds of negotiation, or it can change a data transfer protocol. Events which the security system can respond to include user action, such as logging on to a more expensive service or moving their network location, or date or time, or patterns of usage in the network. The system processes incoming data using rules to determine a response. Parameters are changed by outputting configuration data to communication devices attached to the network, such as the head end and television receivers in a digital television system. In a preferred form of the system, the parameters of the security features in use can be dependent on network location, introducing diversity to the system which makes the security more difficult to penetrate.

Citations

35 Claims

1. A security system for use in secure transfer of data to or from communication devices connected to a network, the system comprising:
- i) an input for receiving data;
  
  ii) security management apparatus for processing data received at the input and selecting a value for one or more parameters of the security system; and
  
  iii) an output for use in identifying selected values to said communication devices, wherein the apparatus is adapted to process said received data to select said value(s), and to use said output to identify said value(s) to one or more of said communication devices for use in subsequent secure transfer of data to or from said one or more communication devices using the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31, 32)
- - 2. A security system according to claim 1 wherein the apparatus is adapted to process said received data to select said value(s) by using one or more rules.
  - 3. A security system according to claim 2, the system further comprising a rules data store for storing said one or more rules.
  - 4. A security system according to any one of the preceding claims wherein at least one of the input and the output is connected to a communication path which is separate from the network.
  - 5. A security system according to any one of the preceding claims wherein the input is connected to at least one of said communication devices, in use of the system, for receiving data to be processed, such that the apparatus is adapted to select at least one value which is at least partially dependent on data received from a said communication device.
  - 6. A security system according to any one of the preceding claims wherein the input is connected to data processing apparatus for processing data associated with use of the network, such that the apparatus is adapted to select at least one value which is at least partially dependent on network usage data.
  - 7. A security system according to any one of the preceding claims, wherein said one or more parameters for which one or more values might be selected comprise one or more parameters of an encryption algorithm.
  - 8. A security system according to claim 7 wherein said one or more parameters comprise a type of encryption algorithm selected from two or more different types of encryption algorithms available to the system.
  - 9. A security system according to claim 7 wherein the encryption algorithm comprises a master encryption algorithm and said one or more parameters comprise an encryption algorithm selected from two or more different encryption algorithms derivable from the master encryption algorithm.
  - 10. A security system according to any one of the preceding claims wherein said one or more parameters comprise an encryption key exchange protocol selected from two or more different types of encryption key exchange protocol available to the system.
  - 11. A security system according to any one of the preceding claims wherein said one or more parameters comprise a parameter of an encryption key exchange protocol.
  - 12. A security system according to claim 11 wherein said parameter of an encryption key exchange protocol comprises a number of rounds used in the encryption key exchange protocol.
  - 13. A security system according to any one of the preceding claims wherein said one or more parameters comprise a data transfer protocol selected from two or more different types of data transfer protocol available to the system.
  - 14. A security system according to any one of the preceding claims wherein said one or more parameters comprise a parameter of a data transfer protocol.
  - 15. A security system according to any one of the preceding claims wherein the system is arranged to use said output to identify said value(s) to one or more of said communication devices by sending a signal comprising the value(s).
  - 16. A security system according to any one of the preceding claims wherein the system is arranged to use said output to identify said value(s) to one or more of said communication devices by sending a signal comprising identifier(s) for the value(s).
  - 17. A security system according to any one of the preceding claims wherein the system is arranged to use said output to identify said value(s) to one or more of said communication devices by sending a signal comprising an identifier for a set of two or more value(s).
  - 18. A security system according to any one of the preceding claims wherein at least one of said rules comprises network location data such that the system is adapted to identify values to one or more communication devices which values are at least partially network location dependent.
  - 19. A security system according to claim 18 wherein the network location data comprises the network location of at least one communication device in the network.
  - 20. A security system according to claim 18 wherein the network location data identifies a sub-network of the network.
  - 21. A security system according to any one of the preceding claims wherein at least one of said rules comprises time and/or date data such that the system is adapted to identify values to one or more communication devices which values are at least partially dependent on time and/or date.
  - 27. A security system according to any one of the preceding claims, further comprising an activity monitor for monitoring data arising in use of the system, and at least one of said rules for selecting values is arranged to operate such that a selected value is at least partially dependent on monitored data.
  - 28. A security system according to claim 27 wherein the monitored data comprises network location data.
  - 29. A security system according to either one of claims 27 or 28 wherein the monitored data comprises values selected.
  - 30. A security system according to any one of claims 27 to 29 wherein the monitored data comprises user identification data.
  - 31. A communication device for use with a security system according to any one of the preceding claims, the device being configurable to implement one or more selected values for one or more parameters of the security system, said device comprising a values data store for storing a relationship between values for said one or more parameters and identifiers for the values, such that the device is configurable on receipt of one or more identifiers.
  - 32. A communication device for use with a security system according to any one of the preceding claims, the device comprising an activity monitor for monitoring network activity by at least one other communication device and making monitored activity available to the security system for use in the selection of values.

22. A security system for use in secure transfer of data to or from communication devices connected to a network, the system comprising:
- i) security management apparatus for selecting a value for one or more parameters of the security system; and
  
  ii) an output for use in identifying selected values to said communication devices, wherein the apparatus is adapted to use one or more rules to select said value(s), and to use said output to identify the selected value(s) to one or more of said communication devices for use in subsequent secure transfer of data to or from said one or more communication devices using the network, at least one of said one or more rules, in use of the system, comprising network location data and the apparatus is thus adapted to select a value which is at least partially network location dependent.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A security system according to claim 22 wherein the network location data comprises the network location of at least one communication device in the network.
  - 24. A security system according to claim 22 wherein the network location data identifies a sub-network of the network.
  - 25. A security system according to any one of claims 22 to 24 wherein at least one of said rules comprises data in addition to network location data and the apparatus is thus adapted to select at least one value which is only partially network location dependent.
  - 26. A security system according to claim 25 wherein said data in addition to network location data comprises time and/or date data.

33. A method of protecting transfer of data between communication devices attached to a network using one or more security parameters to protect said transfer of data, the one or more security parameters having selectable values, which method comprises the steps of:
- i) receiving stimulus data;
  
  ii) accessing current data identified in a set of one or more decision criteria;
  
  iii) processing the stimulus data together with said current data to select at least one value of at least one of said security parameter(s); and
  
  iv) outputting a signal to two or more of the communication devices, the signal comprising the at least one selected value.
- View Dependent Claims (34, 35)
- - 34. A method according to claim 33, further comprising the step of monitoring activity in relation to the protected transfer of data on the network in order to provide said current data.
  - 35. A method according to either one of claims 33 or 34, further comprising the step of processing the current data prior to processing the stimulus data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Latens Systems Ltd. (CommScope Holding Company, Inc.)
Original Assignee
Latens Systems Ltd. (CommScope Holding Company, Inc.)
Inventors
Rogers, Paul Jason

Application Number

US10/571,380
Publication Number

US 20060294575A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 69/24   Negotiation of communicatio...

Method and apparatus for use in security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for use in security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links