Communication channel access based on channel identifier and use policy
First Claim
1. A method implemented in a computing device, the method comprising:
- obtaining an identifier of a communication channel;
obtaining a use policy identifying how an owner of the communication channel indicates the communication channel is used;
generating, using a private key of a public/private key pair of the owner, a digital signature over the identifier and the use policy;
associating the identifier, the use policy, and the digital signature with the communication channel;
retrieving, from a communication channel authenticator of an additional communication channel, an additional identifier of the additional communication channel and an additional use policy identifying how an owner of the additional communication channel indicates the additional communication channel is used;
verifying the additional identifier and the additional use policy;
checking whether a current security policy of the computing device is satisfied by the additional use policy; and
determining, based at least in part on both whether the current security policy is satisfied by the additional use policy and whether the additional identifier and the additional use policy are verified, an access that the computing device is allowed to have to the additional communication channel.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
-
Citations
20 Claims
-
1. A method implemented in a computing device, the method comprising:
-
obtaining an identifier of a communication channel; obtaining a use policy identifying how an owner of the communication channel indicates the communication channel is used; generating, using a private key of a public/private key pair of the owner, a digital signature over the identifier and the use policy; associating the identifier, the use policy, and the digital signature with the communication channel; retrieving, from a communication channel authenticator of an additional communication channel, an additional identifier of the additional communication channel and an additional use policy identifying how an owner of the additional communication channel indicates the additional communication channel is used; verifying the additional identifier and the additional use policy; checking whether a current security policy of the computing device is satisfied by the additional use policy; and determining, based at least in part on both whether the current security policy is satisfied by the additional use policy and whether the additional identifier and the additional use policy are verified, an access that the computing device is allowed to have to the additional communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more computer storage media devices having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to perform acts comprising:
-
obtaining a first identifier of a first communication channel; obtaining a first use policy identifying how an owner of the first communication channel indicates the first communication channel is used; generating, using a private key of a public/private key pair of the owner, a first digital signature over the first identifier and the first use policy; associating the first identifier, the first use policy, and the first digital signature with the first communication channel; retrieving, from a communication channel authenticator of a second communication channel, a second identifier of the second communication channel and a second use policy identifying how an owner of the second communication channel indicates the second communication channel is used; verifying the second identifier and the second use policy; checking whether a current security policy of the computing device is satisfied by the second use policy; and determining, based at least in part on both whether the current security policy is satisfied by the second use policy and whether the second identifier and the second use policy are verified, an access that the computing device is allowed to have to the second communication channel. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, implemented at least in part in hardware, comprising:
-
one or more modules to; obtain an identifier of a communication channel; obtain a use policy identifying how an owner of the communication channel indicates the communication channel is used; generate, using a private key of a public/private key pair of the owner, a digital signature over the identifier and the use policy; and associate the identifier, the use policy, and the digital signature with the communication channel; and one or more modules to; retrieve, from a communication channel authenticator of an additional communication channel, an additional identifier of the additional communication channel and an additional use policy identifying how an owner of the additional communication channel indicates the additional communication channel is used; verify the additional identifier and the additional use policy; check whether a current security policy of the computing device is satisfied by the additional use policy; and determine, based at least in part on both whether the current security policy is satisfied by the additional use policy and whether the additional identifier and the additional use policy are verified, an access that the computing device is allowed to have to the additional communication channel. - View Dependent Claims (20)
-
Specification