Method and apparatus for providing network communication association information to applications and services

US 9,444,823 B2
Filed: 12/24/2008
Issued: 09/13/2016
Est. Priority Date: 12/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method operational on a transmitting terminal, the method comprising:

collecting security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;

collecting feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;

assessing level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;

determining a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and

providing the security information, the level of trust information, and the level of strength information to a requesting application of the transmitting terminal, the requesting application configured to;

(a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to a receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided that allow an application on a first terminal to inquire about available network communication associations that it can use to send data to another terminal, thereby avoiding the establishment of a new network communication association with the other terminal. A security information module may serve to collect and/or store information about available network communication associations between the first terminal and another terminal across different layers. The security information module may also assess a trust level for the network communication associations based on security mechanisms used to establish each association and/or past experience information reported for these network communication associations. Upon receiving a request for available network communication associations, the security information module provides this to the requesting application which can use it to establish communications with a corresponding application on the other terminal.

22 Citations

View as Search Results

30 Claims

1. A method operational on a transmitting terminal, the method comprising:
- collecting security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;
  
  collecting feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;
  
  assessing level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;
  
  determining a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and
  
  providing the security information, the level of trust information, and the level of strength information to a requesting application of the transmitting terminal, the requesting application configured to;
  
  (a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to a receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - storing the collected security information and the level of trust information in a security information module for later retrieval and selection of the secure network communication association on which to send the data to an application on the receiving terminal.
  - 3. The method of claim 1, wherein the one or more network communication associations correspond to one or more layers of an Open Systems Interconnection (OSI) module communication system, the one or more layers including at least one of a network layer, a data link layer and a physical layer.
  - 4. The method of claim 1, wherein the secure network communication association is selected from the one or more network communication associations after the requesting application determines that one or more of the network communication associations meets a desired security level.
  - 5. The method of claim 4, wherein the secure network communication association operates on a first layer of a hierarchical protocol architecture, and selecting the first layer secure network communication association to send the data to the receiving terminal avoids the establishment of a new network communication association with the receiving terminal that operates on a second layer of the hierarchical protocol architecture, the second layer being a higher layer than the first layer.
  - 6. The method of claim 1, further comprising:
    - identifying a set of policies to be used in selecting the secure network communication association through which to send the data, wherein the set of policies is based on user preferences.
  - 7. The method of claim 1, further comprising:
    - receiving a request from the requesting application for the security information about the one or more network communication associations.
  - 8. The method of claim 1, wherein the security information of the network communication associations include at least one of:
    - a method used to secure the first layer network communication association, a method used to authenticate the first layer network communication association, and a prior history between the transmitting terminal and the receiving terminal with which the network communication associations are previously established.
  - 9. The method of claim 1, wherein the secure network communication association operates on a first layer of a hierarchical protocol architecture and the requesting application operates on a second layer of the hierarchical protocol architecture that is a higher layer than the first layer.
  - 10. The method of claim 1, wherein the requesting application operates on a first layer of a hierarchical protocol architecture and the secure network communication association operates on the same first layer.
  - 11. The method of claim 1, wherein the security information is collected through an application programming interface (API) of the transmitting terminal.
  - 12. The method of claim 1, wherein the security information includes at least one of:
    - (a) a type of available credentials with one or more of the receiving terminals over a particular channel;
      
      (b) how the one or more network communication associations were authenticated; and
      
      /or (c) trust information that indicates whether the one or more receiving terminals are trusted or non-trusted.
  - 13. The method of claim 1, wherein the one or more network communication associations operate on a first layer of a hierarchical protocol architecture, and the newly established network communication association operates on a second layer of the hierarchical protocol architecture that is a higher layer than the first layer.
  - 14. The method of claim 1, wherein the negative communications with the one or more receiving terminals include at least one communication of a corrupt file.

15. An access terminal, comprising:
- a communication interface for communication with a receiving terminal;
  
  a processing circuit coupled to the communication interface, the processing circuit configured to;
  
  collect security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;
  
  collect feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;
  
  assess level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;
  
  determine a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and
  
  provide the security information, the level of trust information, and the level of strength information to a requesting application of the access terminal, the requesting application configured to;
  
  (a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to the receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The terminal of claim 15, further comprising:
    - a storage device coupled to the processing circuit and configured to store the collected security information and the level of trust information in a security information module for later retrieval and selection of the secure network communication association on which to send the data to an application on the receiving terminal.
  - 17. The terminal of claim 15, wherein the secure network communication association is selected from the one or more network communication associations after the requesting application determines that one or more of the network communication associations meets a desired security level.
  - 18. The terminal of claim 17, wherein the secure network communication association operates on a first layer of a hierarchical protocol architecture, and selecting the first layer secure network communication association to send the data to the receiving terminal avoids the establishment of a new network communication association with the receiving terminal that operates on a second layer of the hierarchical protocol architecture, the second layer being a higher layer than the first layer.
  - 19. The terminal of claim 15, wherein the secure network communication association is a newly established network communication association after the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.
  - 20. The terminal of claim 19, wherein the one or more network communication associations operate on a first layer of a hierarchical protocol architecture, and the newly established network communication association operates on a second layer of the hierarchical protocol architecture that is a higher layer than the first layer.
  - 21. The terminal of claim 15, wherein the processing circuit is further configured to:
    - receive a request from the requesting application for the security information about the one or more network communication associations.
  - 22. The terminal of claim 15, wherein the secure network communication association operates on a first layer of a hierarchical protocol architecture and the requesting application operates on a second layer of the hierarchical protocol architecture that is a higher layer than the first layer.
  - 23. The terminal of claim 15, wherein the requesting application operates on a first layer of a hierarchical protocol architecture and the secure network communication association operates on the same first layer.

24. An access terminal, comprising:
- means for collecting security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;
  
  means for collecting feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;
  
  means for assessing level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;
  
  means for determining a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and
  
  means for providing the security information, the level of trust information, and the level of strength information to a requesting application of the access terminal, the requesting application configured to;
  
  (a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to a receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The terminal of claim 24, wherein the secure network communication association is selected from the one or more network communication associations after the requesting application determines that one or more of the network communication associations meets a desired security level.
  - 26. The terminal of claim 24, wherein the secure network communication association is a newly established network communication association after the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.
  - 27. The terminal of claim 24, wherein the secure network communication association operates on a first layer of a hierarchical protocol architecture and the requesting application operates on a second layer of the hierarchical protocol architecture that is a higher layer than the first layer.
  - 28. The terminal of claim 24, wherein the requesting application operates on a first layer of a hierarchical protocol architecture and the secure network communication association operates on the same first layer.

29. A processor comprising:
- a processing circuit configured to;
  
  collect security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;
  
  collect feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;
  
  assess level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;
  
  determine a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and
  
  provide the security information, the level of trust information, and the level of strength information to a requesting application of a transmitting terminal, the requesting application configured to;
  
  (a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to a receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.

30. A non-transitory computer-readable storage medium comprising instructions for facilitating use of pre-established network communication associations to send data from an access terminal, the instructions which when executed by a processor causes the processor to:
- collect security information for one or more network communication associations across one or more layers distinct from an application layer, the one or more network communication associations having been previously established with one or more receiving terminals;
  
  collect feedback information from one or more applications regarding a history of positive or negative communications with the one or more receiving terminals;
  
  assess level of trust information for at least one of the one or more network communication associations based on the feedback information, wherein the level of trust information is based on a type of authentication used to create the one or more network communication associations previously established with the one or more receiving terminals;
  
  determine a level of strength information for the one or more network communication associations based on the security information and the level of trust information; and
  
  provide the security information, the level of trust information, and the level of strength information to a requesting application of the access terminal, the requesting application configured to;
  
  (a) compare the level of strength information to a set of policies and select a secure network communication association, from the one or more network communication associations, to send data to a receiving terminal if a desired security level is met based on the security information, the level of trust information, and the comparison, and(b) establish a secure network communication association if the requesting application determines that security levels of the one or more network communication associations fail to meet a desired security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Narayanan, Vidya, Dondeti, Lakshminath Reddy
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
JACKSON, JENISE E

Application Number

US12/343,988
Publication Number

US 20100162348A1
Time in Patent Office

2,820 Days
Field of Search

726/1, 713151-152
US Class Current

1/1
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04L 67/14   Session management for real...

Method and apparatus for providing network communication association information to applications and services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing network communication association information to applications and services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links