Communication channel claim dependent security precautions
First Claim
1. A method implemented in a computing device, the method comprising:
- responsive to the computing device desiring access to a communication channel device and prior to determining security precautions for use by the computing device and the communication channel device during a data transfer;
obtaining a set of security claims for the communication channel device, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel device;
comparing the set of security claims for the communication channel device to a security policy of the computing device;
identifying an entity that has digitally signed the set of security claims; and
determining one or more security precautions that the computing device is to use in transferring data to and/or from the communication channel device, the determining being based at least in part on the comparing, the entity that has digitally signed the set of security claims, and a communication channel class identifier that has been digitally signed by the entity, the communication channel class identifier identifying a class of the communication channel device such that different communication channels of a same class share a same communication channel class identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.
34 Citations
20 Claims
-
1. A method implemented in a computing device, the method comprising:
-
responsive to the computing device desiring access to a communication channel device and prior to determining security precautions for use by the computing device and the communication channel device during a data transfer; obtaining a set of security claims for the communication channel device, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel device; comparing the set of security claims for the communication channel device to a security policy of the computing device; identifying an entity that has digitally signed the set of security claims; and determining one or more security precautions that the computing device is to use in transferring data to and/or from the communication channel device, the determining being based at least in part on the comparing, the entity that has digitally signed the set of security claims, and a communication channel class identifier that has been digitally signed by the entity, the communication channel class identifier identifying a class of the communication channel device such that different communication channels of a same class share a same communication channel class identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method implemented in a computing device, the method comprising:
-
obtaining a channel identifier of a communication channel, the communication channel comprising a communication channel device; obtaining a set of security claims of the communication channel, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel; obtaining, from a trust authority, a digital signature over the set of security claims and the channel identifier; generating a channel security descriptor including the channel identifier, the set of security claims, the digital signature, and a communication channel class identifier that has been digitally signed, the communication channel class identifier identifying a class of the communication channel device such that different communication channels of a same class share a same communication channel class identifier, the channel security descriptor available for analysis by the computing device when access to the communication channel is desired by the computing device; and storing the channel security descriptor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. One or more computer storage memories having stored thereon multiple instructions that, when executed by one or more processors of a computing device, cause the one or more processors to:
-
responsive to the computing device desiring access to a communication channel device and prior to determining security precautions for use by the computing device and the communication channel device during a data transfer; obtain a set of security claims for the communication channel device, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel device; compare the set of security claims for the communication channel device to a security policy of the computing device; identify an entity that has digitally signed the set of security claims; and determine one or more security precautions that the computing device is to use in transferring data to and/or from the communication channel device, the determining being based at least in part on the comparing, the entity that has digitally signed the set of security claims, and a communication channel class identifier that has been digitally signed by the entity, the communication channel class identifier identifying a class of the communication channel device such that different communication channels of a same class share a same communication channel class identifier.
-
Specification