COMMUNICATION CHANNEL CLAIM DEPENDENT SECURITY PRECAUTIONS
First Claim
1. A method implemented in a computing device, the method comprising:
- obtaining a set of security claims for a communication channel, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel;
comparing the set of security claims to a security policy of the computing device;
identifying an entity that has digitally signed the set of security claims; and
determining one or more security precautions that the computing device is to use in transferring data to and/or from the communication channel, the determining being based at least in part on the comparing and the entity that has digitally signed the set of security claims.
2 Assignments
0 Petitions
Accused Products
Abstract
A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
-
Citations
20 Claims
-
1. A method implemented in a computing device, the method comprising:
-
obtaining a set of security claims for a communication channel, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel; comparing the set of security claims to a security policy of the computing device; identifying an entity that has digitally signed the set of security claims; and determining one or more security precautions that the computing device is to use in transferring data to and/or from the communication channel, the determining being based at least in part on the comparing and the entity that has digitally signed the set of security claims. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method implemented in a computing device, the method comprising:
-
obtaining a channel identifier of a communication channel; obtaining a set of security claims of the communication channel, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel; obtaining, from a trust authority, a digital signature over the set of security claims and the channel identifier; generating a channel security descriptor including the channel identifier, the set of security claims, and the digital signature; and storing the channel security descriptor. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
obtain, from a removable flash memory device, a first set of security claims for the removable flash memory device, the first set of security claims including a first security characteristic that identifies a type of encryption used by the removable flash memory device to encrypt data on the removable flash memory device; obtain, from the removable flash memory device, a second set of security claims for the removable flash memory device, the second set of security claims including a second security characteristic that identifies a source of a key used by the removable flash memory device to encrypt data on the removable flash memory device; compare both the first set of security claims and the second set of security claims to a security policy of the computing device; identify a first entity that has digitally signed the first set of security claims and a second entity that has digitally signed the second set of security claims; and determine that data to be transferred to the removable flash memory device need not be encrypted by the computing device if the comparison indicates that the security policy is satisfied by the first security characteristic and the second security characteristic, and otherwise determine that data to be transferred to the removable flash memory device is to be encrypted by the computing device.
-
Specification