Method and apparatus for providing an adaptable security level in an electronic communication

US 8,688,978 B2
Filed: 04/13/2007
Issued: 04/01/2014
Est. Priority Date: 04/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a communication device preparing a plurality of frames, each frame having a header, data, and a plurality of security features;

on a frame-by-frame basis, said communication device processing each frame by;

determining a frame type of the frame based on a type of transmission being sent in the frame, wherein a policy indicates appropriate security features for said frame type; and

including frame type data in said header of the frame, the frame type data indicating, based on said frame type, the type of transmission;

wherein said frame type is one of a plurality of predetermined frame types, the plurality of predetermined frame types includes two or more of data-type, command-type, acknowledgement-type, and beacon-type, the header includes a representation of a key and an indication of a security level, said policy indicates an acceptable frame type for said key, and said policy indicates an acceptable frame type for said security level; and

said communication device providing the plurality of frames for transmission.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Citations

46 Claims

1. A method comprising:
- a communication device preparing a plurality of frames, each frame having a header, data, and a plurality of security features;
  
  on a frame-by-frame basis, said communication device processing each frame by;
  
  determining a frame type of the frame based on a type of transmission being sent in the frame, wherein a policy indicates appropriate security features for said frame type; and
  
  including frame type data in said header of the frame, the frame type data indicating, based on said frame type, the type of transmission;
  
  wherein said frame type is one of a plurality of predetermined frame types, the plurality of predetermined frame types includes two or more of data-type, command-type, acknowledgement-type, and beacon-type, the header includes a representation of a key and an indication of a security level, said policy indicates an acceptable frame type for said key, and said policy indicates an acceptable frame type for said security level; and
  
  said communication device providing the plurality of frames for transmission.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein the communication device provides the plurality of frames for transmission to at least one recipient device, the policy comprises a policy of said at least one recipient device, and the method further comprises said at least one recipient device:
    - receiving the plurality of frames;
      
      for each frame, determining said frame type from said header of the frame; and
      
      for each frame, comparing said frame type to said policy to determine if said frame type is acceptable for said plurality of security features.
  - 3. The method according to claim 2 further comprising accepting said frame if said policy is met, and rejecting said frame otherwise.
  - 4. The method according to claim 2 wherein said policy indicates frame types vulnerable to an attack where one or more combinations of security features of said frame are present, said method further comprising rejecting the frame if one of said combinations is found.
  - 5. The method according to claim 2, wherein each frame includes one or more security bits indicative of the security level, and said method further comprises said at least one recipient device using said security bits to determine said security level for each frame.
  - 6. The method according to claim 5, wherein said data for the frame has been any one or more of encrypted and signed, said method further comprising said at least one recipient device decrypting, authenticating, or both, said data for the frame.
  - 7. The method according to claim 2, wherein said policy comprises a look up table correlating frame types to attributes of said plurality of frames.
  - 8. The method according to claim 1, wherein said preparing said plurality of frames comprises, for each frame, selecting the security level for the frame.
  - 9. The method according to claim 8, further comprising any one or more of:
    - encrypting said data of the frame, and signing said data of the frame, according to said security level.
  - 10. The method according to claim 8, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is independent of said data of the frame.
  - 11. The method according to claim 8, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is dependent on said data of the frame.
  - 12. The method according to claim 8 wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is partially data dependent such that said minimum acceptable security level can differ according to said frame type for the frame.
  - 13. The method according to claim 1, wherein each frame comprises a footer having one or more bits representing an error code.
  - 14. The method according to claim 1, wherein said header for the frame comprises a key identifier, the representation of the key corresponding to said key identifier, the security level, and an originator, for determining acceptability of said frame type for the frame.

15. A method performed by a communication device, said method comprising:
- said communication device receiving a plurality of frames, each frame having a header, data, and a plurality of security features, the header of each frame including;
  
  frame type data indicating a type of transmission sent by the frame;
  
  a representation of a key; and
  
  an indication of a security level; and
  
  for each frame, said communication device;
  
  identifying a frame type of the frame based on the type of transmission indicated by the frame type data in the header of the frame, wherein said frame type is one of a plurality of predetermined frame types, and the plurality of predetermined frame types includes two or more of data-type, command-type, acknowledgement-type, and beacon-type; and
  
  comparing said frame type for the frame to a policy to determine whether the security features of the frame are appropriate for said frame type, wherein said policy indicates an acceptable frame type for said key and for said security level.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method according to claim 15 further comprising, for each frame, accepting the frame if said policy is met, and rejecting the frame otherwise.
  - 17. The method according to claim 15 wherein said policy indicates frame types vulnerable to an attack where one or more combinations of security features of said frame are present, said method further comprising rejecting the frame if one of said combinations is found.
  - 18. The method according to claim 15, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is independent of said data of the frame.
  - 19. The method according to claim 15, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is dependent on said data of the frame.
  - 20. The method according to claim 15 wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is partially data dependent such that said minimum acceptable security level can differ according to said frame type for the frame.
  - 21. The method according to claim 15, wherein each frame includes one or more security bits indicative of a security level, and said method further comprises said communication device using said security bits to determine said security level.
  - 22. The method according to claim 21, wherein said data for each frame has been any one or more of encrypted and signed, said method further comprising said communication device decrypting, authenticating, or both, said data for the frame.
  - 23. The method according to claim 15, wherein said policy comprises a look up table correlating frame types to acceptable security features.

24. A system comprising a communication device that is operable to perform operations comprising:
- preparing a plurality of frames, each frame having a header, data, and a plurality of security features; and
  
  on a frame-by-frame basis, processing each frame by;
  
  determining a frame type of the frame based on a type of transmission being sent in the frame, wherein a policy indicates appropriate security features for said frame type, said frame type is one of a plurality of predetermined frame types, and the plurality of predetermined frame types includes two or more of data-type, command-type, acknowledgement-type, and beacon-type;
  
  including frame type data in said header of the frame, the frame type data indicating, based on said frame type, the type of transmission;
  
  including a representation of a key in said header of the frame, said policy indicating an acceptable frame type for said key; and
  
  including an indication of a security level in said header of the frame, said policy indicating an acceptable frame type for said security level;
  
  providing the plurality of frames for transmission.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 25. The system according to claim 24, further comprising at least one recipient device, wherein the communication device provides the plurality of frames for transmission to said at least one recipient device, the policy comprises a policy of said at least one recipient device, and said at least one recipient device is operable to perform operations comprising:
    - receiving the plurality of frames;
      
      for each frame, determining said frame type from said header of the frame; and
      
      for each frame, comparing said frame type to said policy to determine if said frame type is acceptable for said plurality of security features.
  - 26. The system according to claim 25, said at least one recipient device operable to perform operations further comprising accepting said frame if said policy is met, and rejecting said frame otherwise.
  - 27. The system according to claim 25 wherein said policy indicates frame types vulnerable to an attack where one or more combinations of security features of said frame are present, said at least one recipient device operable to perform operations further comprising rejecting the frame if one of said combinations is found.
  - 28. The system according to claim 25, wherein each frame includes one or more security bits indicative of the security level, and said at least one recipient device is operable to perform operations further comprising using said security bits to determine said security level.
  - 29. The system according to claim 25, wherein said data for each frame has been any one or more of encrypted and signed, and said at least one recipient device is operable to perform operations further comprising decrypting, authenticating, or both, said data for the frame.
  - 30. The system according to claim 25, wherein said policy comprises a look up table correlating frame types to attributes of said plurality of frames.
  - 31. The system according to claim 24, wherein said preparing said plurality of frames comprises, for each frame, selecting the security level for the frame.
  - 32. The system according to claim 31, further comprising at least one recipient device operable to perform operations further comprising any one or more of:
    - encrypting said data of the frame, and signing said data of the frame, according to said security level.
  - 33. The system according to claim 31, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is independent of said data of the frame.
  - 34. The system according to claim 31, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is dependent on said data of the frame.
  - 35. The system according to claim 31 wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is partially data dependent such that said minimum acceptable security level can differ according to said frame type for the frame.
  - 36. The system according to claim 24, wherein each frame comprises a footer having one or more bits representing an error code.
  - 37. The system according to claim 24, wherein said header for the frame comprises a key identifier, the representation of the key corresponding to said key identifier, the security level, and an originator, for determining acceptability of said frame type for the frame.

38. A non-transitory computer readable medium comprising computer executable instructions that are operable to cause a communication device to perform operations comprising:
- receiving a plurality of frames, each frame having a header, data, and a plurality of security features, the header of each frame including;
  
  frame type data indicating a type of transmission sent by the frame;
  
  a representation of a key; and
  
  an indication of a security level; and
  
  for each frame;
  
  determining a frame type of the frame based on the type of transmission indicated by the frame type data in the header of the frame, wherein said frame type is one of a plurality of predetermined frame types, and the plurality of predetermined frame types includes two or more of data-type, command-type, acknowledgement-type, and beacon-type; and
  
  comparing said frame type for the frame to a policy to determine whether the security features of the frame are appropriate for said frame type, wherein said policy indicates an acceptable frame type for said key and an acceptable frame type for said security level.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
- - 39. The non-transitory computer readable medium according to claim 38, the operations further comprising accepting the frame if said policy is met, and rejecting the frame otherwise.
  - 40. The non-transitory computer readable medium according to claim 38 wherein said policy indicates frame types vulnerable to an attack where one or more combinations of security features of said frame are present, and the operations further comprise rejecting the frame if one of said combinations is found.
  - 41. The non-transitory computer readable medium according to claim 38, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is independent of said data of the frame.
  - 42. The non-transitory computer readable medium according to claim 38, wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is dependent on said data of the frame.
  - 43. The non-transitory computer readable medium according to claim 38 wherein said security level provides an indication of a minimum acceptable security level, wherein said minimum acceptable security level is partially data dependent such that said minimum acceptable security level can differ according to said frame type for the frame.
  - 44. The non-transitory computer readable medium according to claim 38, wherein the frame includes one or more security bits indicative of the security level, and the operations further comprise using said security bits to determine said security level.
  - 45. The non-transitory computer readable medium according to claim 44, wherein said data for the frame has been any one or more of encrypted and signed, and the operations further comprise decrypting, authenticating, or both, said data for the frame.
  - 46. The non-transitory computer readable medium according to claim 38, wherein said policy comprises a look up table correlating frame types to attributes of said plurality of frames.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SIMS, JING F

Application Number

US11/735,055
Publication Number

US 20070255954A1
Time in Patent Office

2,545 Days
Field of Search

713150-151, 713160-161, 713164-170, 713/182, 713/189, 713/193
US Class Current

713/160
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links