Communication channel access based on channel identifier and use policy
First Claim
1. A method implemented in a computing device, the method comprising:
- obtaining an identifier of a communication channel, the communication channel comprising a removable storage device;
obtaining a use policy identifying an entity that originated protection of the communication channel as well as how an owner of the communication channel indicates the communication channel is used including techniques employed to protect data stored on the removable storage device, the techniques including how the data is to be encrypted;
generating, using a private key of a public/private key pair of the owner of the communication channel, a digital signature over the identifier of the communication channel and the use policy; and
associating the identifier of the communication channel, the use policy, and the digital signature with the communication channel.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.
-
Citations
20 Claims
-
1. A method implemented in a computing device, the method comprising:
-
obtaining an identifier of a communication channel, the communication channel comprising a removable storage device; obtaining a use policy identifying an entity that originated protection of the communication channel as well as how an owner of the communication channel indicates the communication channel is used including techniques employed to protect data stored on the removable storage device, the techniques including how the data is to be encrypted; generating, using a private key of a public/private key pair of the owner of the communication channel, a digital signature over the identifier of the communication channel and the use policy; and associating the identifier of the communication channel, the use policy, and the digital signature with the communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method implemented in a computing device, the method comprising:
-
retrieving, from a communication channel authenticator of a communication channel, an identifier of the communication channel and a use policy identifying how an owner of the communication channel indicates the communication channel is used, the communication channel comprising a removable storage device; verifying the identifier of the communication channel and the use policy have not been altered; checking whether a current security policy of the computing device is satisfied by the use policy; and determining, based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified, an access that the computing device is allowed to have to the communication channel, the determining including allowing read-write access to the communication channel only if an entity that originated protection of the communication channel is a same entity as an entity that implements a security policy protecting the computing device, the entity that originated protection of the removable storage device being identified in the use policy. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computing device having stored computer-executable instructions that when executed perform operations comprising:
-
obtaining, from an authenticator of a removable storage device, a first identifier of the removable storage device; obtaining, from the authenticator, a second identifier of an entity that originated protection of the removable storage device; verifying a digital signature over the first identifier and the second identifier to confirm that the first identifier and the second identifier have not been changed since the digital signature was generated; checking whether the entity that enabled protection of the removable storage device is a same entity as implements a security policy protecting the computing device, the entity that enabled protection of the removable storage device being identified in a use policy obtained from the removable storage device; and allowing the computing device read-write access to the removable storage device if the entity that enabled protection of the removable storage device is the same entity as implements the security policy protecting the computing device, otherwise allow the computing device read-only access to the removable storage device. - View Dependent Claims (17, 18, 19, 20)
-
Specification