Device communication based on device trustworthiness

US 9,386,045 B2
Filed: 12/19/2013
Issued: 07/05/2016
Est. Priority Date: 12/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

requesting, by a user device, one or more trustworthiness attributes of a target device before exchanging data with the target device;

receiving the one or more trustworthiness attributes of the target device;

determining, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device, wherein the set of one or more security policies is determined by determining a trustworthiness score of the target device based on the received one or more trustworthiness attributes of the target device, and determining a trust level of the target device based on the trustworthiness score; and

establishing the communication channel between the user device and the target device according to the set of one or more security policies,wherein when the trust level of the target device corresponds to a first trust level, the set of one or more security policies includes at least one of using a first encryption algorithm to encrypt the data being exchanged on the communication channel, and digitally signing the data being exchanged on the communication channel, and when the trust level of the target device corresponds to a second trust level, the set of one or more security policies includes at least one of using a second encryption algorithm that is different than the first encryption algorithm to encrypt the data being exchanged on the communication channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for assessing the trustworthiness of a target device that a user device is attempting to communicate with are described. A user device may request one or more trustworthiness attributes of a target device before exchanging data with the target device. The user device may receive the one or more trustworthiness attributes of the target device, and determine, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device. A communication channel between the user device and the target device can then be established according to the set of one or more security policies.

56 Citations

View as Search Results

18 Claims

1. A method comprising:
- requesting, by a user device, one or more trustworthiness attributes of a target device before exchanging data with the target device;
  
  receiving the one or more trustworthiness attributes of the target device;
  
  determining, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device, wherein the set of one or more security policies is determined by determining a trustworthiness score of the target device based on the received one or more trustworthiness attributes of the target device, and determining a trust level of the target device based on the trustworthiness score; and
  
  establishing the communication channel between the user device and the target device according to the set of one or more security policies,wherein when the trust level of the target device corresponds to a first trust level, the set of one or more security policies includes at least one of using a first encryption algorithm to encrypt the data being exchanged on the communication channel, and digitally signing the data being exchanged on the communication channel, and when the trust level of the target device corresponds to a second trust level, the set of one or more security policies includes at least one of using a second encryption algorithm that is different than the first encryption algorithm to encrypt the data being exchanged on the communication channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - performing an authentication process between the user device and the target device before requesting the one or more trustworthiness attributes.
  - 3. The method of claim 2, further comprising:
    - after receiving the one or more trustworthiness attributes of the target device, requesting additional credentials from the target device before establishing the communication channel.
  - 4. The method of claim 1, further comprising:
    - comparing the trustworthiness score of the target device against a set of trustworthiness thresholds.
  - 5. The method of claim 1, wherein when the user device is at a first location, the one or more trustworthiness attributes of the target device being requested by the user device before exchanging data with the target device includes at least one trustworthiness attribute that is different than when the user device is at a second location.
  - 6. The method of claim 1, wherein the one or more trustworthiness attributes includes a plurality of trustworthiness attributes, and each of the plurality of trustworthiness attributes is requested and received serially.
  - 7. The method of claim 1, wherein the one or more trustworthiness attributes include at least one of an ownership of the target device, an integrity measurement of the target device, or a trustworthiness reputation of the target device.
  - 8. The method of claim 1, wherein the set of one or more security policies include at least one of an access rule, an encryption rule, or a digital signature rule for the data being exchanged on the communication channel.

9. A user device comprising:
- communication circuitry for implementing a communication channel used for exchanging data with a target device;
  
  one or more processors; and
  
  one or more memories coupled to the one or more processors and including executable code which when executed by the one or more processors causes the user device to;
  
  request one or more trustworthiness attributes of a target device before establishing the communication channel with the target device;
  
  receive the one or more trustworthiness attributes of the target device;
  
  determine, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on the communication channel when exchanging data with the target device, wherein the set of one or more security policies is determined by determining a trustworthiness score of the target device based on the received one or more trustworthiness attributes of the target device, and determining a trust level of the target device based on the trustworthiness score;
  
  establish the communication channel using the communication circuitry after determining the set of one or more security policies; and
  
  enforce the set of one or more security policies on the communication channel when exchanging data with the target device,wherein when the trust level of the target device corresponds to a first trust level, the set of one or more security policies includes at least one of using a first encryption algorithm to encrypt the data being exchanged on the communication channel, and digitally signing the data being exchanged on the communication channel, and when the trust level of the target device corresponds to a second trust level, the set of one or more security policies includes at least one of using a second encryption algorithm that is different than the first encryption algorithm to encrypt the data being exchanged on the communication channel, and not digitally signing the data being exchanged on the communication channel.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The user device of claim 9, wherein the one or more memories further include executable code which when executed by the one or more processors causes the user device to:
    - compare the trustworthiness score of the target device against a set of trustworthiness thresholds.
  - 11. The user device of claim 10, wherein the one or more memories further include executable code which when executed by the one or more processors cause the user device to store the trustworthiness score of the target device in a known-device database, wherein the stored trustworthiness score is used instead of requesting the one or more trustworthiness attributes when establishing a subsequent communication channel with the target device.
  - 12. The user device of claim 11, wherein the stored trustworthiness score is valid for a predetermined time period, and the stored trustworthiness score is not used for establishing a subsequent communication channel with the target device after the predetermined time period has elapsed.
  - 13. The user device of claim 9, wherein when the user device is at a first location, the one or more trustworthiness attributes of the target device being requested by the user device before establishing the communication channel includes at least one trustworthiness attribute that is different than when the user device is at a second location.
  - 14. The user device of claim 9, wherein the one or more trustworthiness attributes include at least one of an ownership of the target device, an integrity measurement of the target device, or a trustworthiness reputation of the target device.
  - 15. The user device of claim 9, wherein the set of one or more security policies include at least one of an access rule, an encryption rule, or a digital signature rule for the data being exchanged on the communication channel.

16. A method comprising:
- receiving, by a target device, a request from a user device for one or more trustworthiness attributes of the target device before exchanging data with a user device;
  
  determining the one or more trustworthiness attributes of the target device;
  
  sending the determined one or more trustworthiness attributes of the target device to the user device;
  
  receiving one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device, wherein the set of one or more security policies is determined by determining a trustworthiness score of the target device based on the received one or more trustworthiness attributes of the target device, and determining a trust level of the target device based on the trustworthiness score; and
  
  establishing the communication channel between the user device and the target device according to the one or more security policies,wherein when the trust level of the target device corresponds to a first trust level, the set of one or more security policies includes at least one of using a first encryption algorithm to encrypt the data being exchanged on the communication channel, and digitally signing the data being exchanged on the communication channel, and when the trust level of the target device corresponds to a second trust level, the set of one or more security policies includes at least one of using a second encryption algorithm that is different than the first encryption algorithm to encrypt the data being exchanged on the communication channel.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the one or more trustworthiness attributes include at least one of an ownership of the target device, an integrity measurement of the target device, or a trustworthiness reputation of the target device.
  - 18. The method of claim 17, wherein the set of one or more security policies include at least one of an access rule for one or more memory regions of the user device, an encryption rule for the data being exchanged on the communication channel, or a digital signature rule for the data being exchanged on the communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kgil, Taeho, Aissi, Selim
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/134,959
Publication Number

US 20140173686A1
Time in Patent Office

929 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 63/205 involving negotiation or de...

Device communication based on device trustworthiness

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Device communication based on device trustworthiness

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links