Method and apparatus for providing an adaptable security level in an electronic communication

US 9,667,634 B2
Filed: 01/31/2014
Issued: 05/30/2017
Est. Priority Date: 04/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method of communicating between a first correspondent and a second correspondent in a data communication system, the method performed on a frame-by-frame basis and comprising:

assembling a data stream at said first correspondent, said data stream having at least one frame, said frame having a header and data;

determining a security level for a frame type of said frame based on a policy, wherein the policy identifies a minimum security level for the frame type;

incorporating in said header, an indication of said frame type and an indication of said security level;

forwarding said frame to said second correspondent to enable said second correspondent to determine the acceptability of said frame according to said frame type;

receiving, from said second correspondent, a frame including security bits that identify a security level for said received frame;

determining a minimum security level based on a frame type of said received frame and the policy;

if said security level for said received frame meets said minimum security level for said received frame, accept said received frame; and

if said security level for said received frame does no meet the minimum security level for said received frame, reject said received frame.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Citations

18 Claims

1. A method of communicating between a first correspondent and a second correspondent in a data communication system, the method performed on a frame-by-frame basis and comprising:
- assembling a data stream at said first correspondent, said data stream having at least one frame, said frame having a header and data;
  
  determining a security level for a frame type of said frame based on a policy, wherein the policy identifies a minimum security level for the frame type;
  
  incorporating in said header, an indication of said frame type and an indication of said security level;
  
  forwarding said frame to said second correspondent to enable said second correspondent to determine the acceptability of said frame according to said frame type;
  
  receiving, from said second correspondent, a frame including security bits that identify a security level for said received frame;
  
  determining a minimum security level based on a frame type of said received frame and the policy;
  
  if said security level for said received frame meets said minimum security level for said received frame, accept said received frame; and
  
  if said security level for said received frame does no meet the minimum security level for said received frame, reject said received frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1 further comprising said second correspondent:
    - receiving said frame;
      
      determining said frame type from said header; and
      
      correlating said frame type to said policy to determine if said frame type is acceptable for at least one attribute of said frame.
  - 3. The method according to claim 2 further comprising accepting said frame is said policy is met, and rejecting said frame otherwise.
  - 4. The method according to claim 2 wherein said header includes a representation of a key and said policy indicates an acceptable frame type for said key.
  - 5. The method according to claim 2 wherein said header includes an indication of a security level and said policy indicates an acceptable frame type for said security level.
  - 6. The method according to claim 2 wherein said policy indicates frame types vulnerable to an attack where one or more combinations of security features of said frame are present, said method comprising rejecting said frame if one of said combinations is found.
  - 7. The method according to claim 2 wherein said frame includes one or more security bits indicative of a security level, and said method comprises said second correspondent extracting said security bits to determine said security level wherein said policy indicates whether or not said frame type is acceptable for said security level.
  - 8. The method according to claim 2 wherein said policy comprises a look up table correlating said frame type to said at least one attribute.
  - 9. The method according to claim 1 comprising anyone or both of encrypting said data and signing said data according to said security level.
  - 10. The method according to claim 1 wherein said security level is a minimum acceptable security level and said minimum acceptable security level is independent of said data.
  - 11. The method according to claim 1 wherein said security level is a minimum acceptable security level and said minimum acceptable security level is dependent on said data.
  - 12. The method according to claim 11 wherein said data is anyone or both of encrypted and signed, said method comprising said second correspondent decrypting said data and/or authenticating said data according to said security bits.
  - 13. The method according to claim 1 wherein said security level is a minimum acceptable security level and said minimum acceptable security level is partially data dependent such that said minimum acceptable security level differs according to said frame type.
  - 14. The method according to claim 1 wherein said frame further comprises a footer comprising one or more bits representing an error code.
  - 15. The method according to claim 1 wherein said header comprises a key identifier, a representation of a key corresponding to said key identifier, a security level, and an originator for determining the acceptability of said frame type.

16. A method of verifying a communication on a frame-by-frame basis between a first correspondent and a second correspondent in a data communication system comprising said second correspondent:
- receiving from said first correspondent, a frame having a header and data, said header including an indication of a frame type and an indication of a security level for the frame;
  
  determining said frame type from said header; and
  
  determining a minimum security level for said frame type based on a policy;
  
  if said security level meets said minimum security level for said frame, accept said frame; and
  
  if said security level for said frame does not meet the minimum security level for said frame, reject said frame.
- View Dependent Claims (17, 18)
- - 17. The method according to claim 16 further comprising accepting said frame is said policy is met, and rejecting said frame otherwise.
  - 18. The method according to claim 16 wherein said header includes a representation of a key and said policy indicates an acceptable frame type for said key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus
Primary Examiner(s)
Pyzocha, Michael

Application Number

US14/170,213
Publication Number

US 20140201521A1
Time in Patent Office

1,215 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links