Context aware security

US 8,788,804 B2
Filed: 05/15/2008
Issued: 07/22/2014
Est. Priority Date: 05/15/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for performing layered semantic security between a near communication device and a far communication device, comprising:

collecting first changing contextual information regarding the near communication device;

characterizing a first security vulnerability based upon the first changing contextual information;

collecting second changing contextual information for a plurality of communication links between the near communication device and the far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;

characterizing a second security vulnerability based on the second changing contextual information;

selecting a cryptographic protocol based upon the first and second security vulnerability characterizations; and

the near communication device establishing a secure communication with the far communication device by employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Layered semantic security provides a high degree of security for a mobile device based upon contextual awareness that dynamically changes based upon interaction between a user and a near communication device, which in turn interacts with a network, which ultimately interacts to a far communication device. Generating a shared secret key with a master secret and changing contextual information based on context awareness provides immunity to chosen plain text attacks by providing semantic security at each layer. Thereby, relying upon the overall robustness of the layering of semantic security, processing and power resources consumed can be advantageously adjusted dynamically to enhance concurrent use and service life of a mobile communication device.

Citations

42 Claims

1. A method for performing layered semantic security between a near communication device and a far communication device, comprising:
- collecting first changing contextual information regarding the near communication device;
  
  characterizing a first security vulnerability based upon the first changing contextual information;
  
  collecting second changing contextual information for a plurality of communication links between the near communication device and the far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;
  
  characterizing a second security vulnerability based on the second changing contextual information;
  
  selecting a cryptographic protocol based upon the first and second security vulnerability characterizations; and
  
  the near communication device establishing a secure communication with the far communication device by employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the near communication device comprises a mobile device.
  - 3. The method of claim 2, wherein the first changing contextual information is based upon a location of the mobile device.
  - 4. The method of claim 2, wherein the first changing contextual information is based upon a motion imparted to the mobile device.
  - 5. The method of claim 2, wherein the first changing contextual information is collected by determining a performance constraint of the mobile device.
  - 6. The method of claim 1, wherein the first changing contextual information is based upon ambient noise to the near communication device.
  - 7. The method of claim 1, wherein the second changing contextual information is based upon a vulnerability characteristic of a communication link between the near communication device and a network interface.
  - 8. The method of claim 1, wherein selecting the cryptographic protocol comprises selecting a length of an encryption key based on a tradeoff of processing performance and security.
  - 9. The method of claim 1, further comprising selecting a cryptographic protocol based upon a number of replays required for errored reception.
  - 10. The method of claim 1, further comprising establishing a trust relationship with the far communication device by:
    - providing a master secret;
      
      generating a shared secret based on predetermined contextual information and the master secret; and
      
      establishing a trust relationship based on the shared secret.
  - 11. The method of claim 10, further comprising:
    - forming a second trust relationship between an intermediary device and the near communication device by providing a second master secret;
      
      generating a second shared secret based on predetermined contextual information and the master secret; and
      
      establishing a trust relationship based on the second shared secret.
  - 12. The method of claim 10, wherein the second changing contextual information comprises topological information.
  - 13. The method of claim 10, wherein the first changing contextual information comprises time-based information.
  - 14. The method of claim 10, wherein the first changing contextual information comprises transactional information.
  - 15. The method of claim 10, further comprising receiving the second changing contextual information from another communication entity.
  - 16. The method of claim 15, further comprising cryptographically communicating with the another communication entity using the shared secret as key material.
  - 17. The apparatus of claim 15, wherein the communication component is further configured to cryptographically communicate with the another communication entity using the shared secret as key material.
  - 18. The method of claim 1, wherein the plurality of communication links include a far communication link between the far communication device and a far network interface.

19. At least one processor for performing layered semantic security, comprising:
- a first module configured to collect first changing contextual information regarding a near communication device;
  
  a second module configured to characterize a first security vulnerability based upon the first changing contextual information;
  
  a third module configured to collect second changing contextual information for a plurality of communication links between the near communication device and a far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;
  
  a fourth module configured to characterize a second security vulnerability based on the second changing contextual information;
  
  a fifth module configured to select a cryptographic protocol based upon the first and second security vulnerability characterizations; and
  
  a sixth module of the near communication device configured to establish a secure communication with the far communication device by employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.
- View Dependent Claims (20, 21)
- - 20. The at least one processor of claim 19, wherein the fifth module is further configured to select a length of an encryption key based on a tradeoff of processing performance and security.
  - 21. The at least one processor of claim 19, wherein the second changing contextual information comprises topological information.

22. A computer program product, comprising:
- a non-transitory computer readable medium, comprising;
  
  a first set of codes for causing a computer to collect first changing contextual information regarding a near communication device;
  
  a second set of codes for causing the computer to characterize a first security vulnerability based upon the first changing contextual information;
  
  a third set of codes for causing a computer to collect second changing contextual information for a plurality of communication links between the near communication device and a far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;
  
  a fourth set of codes for causing the computer to characterize a second security vulnerability based on the second changing contextual information;
  
  a fifth set of codes for causing the computer to select a cryptographic protocol based upon the first and second security vulnerability characterizations; and
  
  a sixth set of codes for causing the computer to establish a secure communication with the far communication device employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.
- View Dependent Claims (23, 24)
- - 23. The computer program product of claim 22, wherein to select the cryptographic protocol comprises to select a length of an encryption key based on a tradeoff of processing performance and security.
  - 24. The computer program product of claim 22, wherein the second changing contextual information comprises topological information.

25. An apparatus for performing layered semantic security between a near communication device and a far communication device, comprising:
- means for collecting first changing contextual information regarding the near communication device;
  
  means for characterizing a first security vulnerability based upon the first changing contextual information;
  
  means for collecting second changing contextual information for a plurality of communication links between the near communication device and the far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;
  
  means for characterizing a second security vulnerability based on the second changing contextual information;
  
  means for selecting a cryptographic protocol based upon the first and second security vulnerability characterizations; and
  
  means for establishing a secure communication with the far communication device by employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.
- View Dependent Claims (26, 27)
- - 26. The apparatus of claim 25, wherein the means for selecting the cryptographic protocol comprises means for selecting a length of an encryption key based on a tradeoff of processing performance and security.
  - 27. The apparatus of claim 25, wherein the second changing contextual information comprises topological information.

28. An apparatus for establishing layered semantic security between a near communication device and a far communication device, comprising:
- a memory configured to collect first changing contextual information regarding the near communication device, and to collect second changing contextual information for a plurality of communication links between the near communication device and the far communication device, wherein the plurality of communication links include a near communication link between the near communication device and a near network interface;
  
  a context awareness component configured to characterize a first security vulnerability based upon the first changing contextual information, to characterize a second security vulnerability based on the second changing contextual information, and to select a cryptographic protocol based upon the first and second security vulnerability characterizations; and
  
  a communication component, of the near communication device, configured to establish a secure communication with the far communication device by employing the selected cryptographic protocol in at least one communication link of the plurality of communication links.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 29. The apparatus of claim 28, wherein the near communication device comprises a mobile device.
  - 30. The apparatus of claim 29, wherein the first changing contextual information is based upon a location of the mobile device.
  - 31. The apparatus of claim 29, wherein the first changing contextual information is based upon a motion imparted to the mobile device.
  - 32. The apparatus of claim 29, wherein the first changing contextual information is collected by determining a performance constraint of the mobile device.
  - 33. The apparatus of claim 28, further comprising a microphone configured to collect first changing contextual information based upon ambient noise to the near communication device.
  - 34. The apparatus of claim 28, wherein the second changing contextual information is based upon a vulnerability characteristic of a communication link between the near communication device and a network interface.
  - 35. The apparatus of claim 28, wherein the context awareness component is further configured to select a length of an encryption key based on a tradeoff of processing performance and security, to select the cryptographic protocol.
  - 36. The apparatus of claim 28, wherein the context awareness component is further configured to select a cryptographic protocol based upon a number of replays required for errored reception.
  - 37. The apparatus of claim 28, wherein the communication component is further configure to establish a trust relationship with the far communication device by:
    - providing a master secret;
      
      generating a shared secret based on predetermined contextual information and the master secret; and
      
      establishing a trust relationship based on the shared secret.
  - 38. The apparatus of claim 37, wherein the communication component is further configured to form a second trust relationship between an intermediary device and near communication device by:
    - providing a second master secret;
      
      generating a second shared secret based on predetermined contextual information and the master secret; and
      
      establishing a trust relationship based on the second shared secret.
  - 39. The apparatus of claim 37, wherein the second changing contextual information comprises topological information.
  - 40. The apparatus of claim 37, wherein the first changing contextual information comprises time-based information.
  - 41. The apparatus of claim 37, wherein the first changing contextual information comprises transactional information.
  - 42. The apparatus of claim 37, wherein the memory is further configured to collect the second contextual information from another communication entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Nagaraja, Nagendra
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US12/121,571
Publication Number

US 20090319771A1
Time in Patent Office

2,259 Days
Field of Search

713/151
US Class Current

713/151
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/105   Multiple levels of security

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/65   Environment-dependent, e.g....

H04W 12/67   Risk-dependent, e.g. select...

Context aware security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Context aware security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links