US2023007003A1PendingUtilityA1
Systems and methods for organizing devices in a policy hierarchy
Est. expiryMar 12, 2035(~8.7 yrs left)· nominal 20-yr term from priority
H04L 63/10H04L 63/064
65
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method, comprising:
receiving, by a system, a security object configured to encrypt or decrypt data; determining, by the system based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and authorizing, by the system, the device to use the security object to encrypt or decrypt data.
2 . The method of claim 1 , wherein
the at least one first policy comprises a policy used to evaluate the length of the security object; and the at least one second policy a policy used to evaluate the time at which the security object is created.
3 . The method of claim 1 , wherein the one or more attributes of the security object comprises a cryptographic algorithm of the security object.
4 . The method of claim 1 , wherein the system receives the security object responsive to the security object being requested by the device for communicating the data.
5 . The method of claim 1 , wherein the security object is receive from one of a hardware security module, a key management device, or an security object source.
6 . The method of claim 1 , wherein the at least one first policy comprises one or more policies different from one or more policies of the at least one second policy.
7 . The method of claim 1 , wherein
the at least one policy comprises the at least one first policy and the at least one second policy; and the device is registered to the first node.
8 . The method of claim 7 , the second node is a parent node of the first node, and the at least one second policy is inherited by the first node from the second node.
9 . The method of claim 1 , wherein
the hierarchical structure is a Directed Acyclic Graph having a plurality of nodes; and the plurality of nodes comprises the first node and the second node.
10 . The method of claim 1 , wherein authorizing the device to use the security object comprises distributing the security object to the device in response to determining that the security object is secure to be used by the first device.
11 . A system, comprising:
a memory; and a processor coupled to the memory, wherein the processor is configured to: receive a security object configured to encrypt or decrypt data; determine, based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and authorize the device to use the security object to encrypt or decrypt data.
12 . The system of claim 11 , wherein
the at least one first policy comprises a policy used to evaluate the length of the security object; and the at least one second policy a policy used to evaluate the time at which the security object is created.
13 . The system of claim 11 , wherein the one or more attributes of the security object comprises a cryptographic algorithm of the security object.
14 . The system of claim 11 , wherein the processor receives the security object responsive to the security object being requested by the device for communicating the data.
15 . The system of claim 11 , wherein the security object is receive from one of a hardware security module, a key management device, or an security object source.
16 . The system of claim 11 , wherein the at least one first policy comprises one or more policies different from one or more policies of the at least one second policy.
17 . The method of claim 1 , wherein
the at least one policy comprises the at least one first policy and the at least one second policy; and the device is registered to the first node.
18 . The system of claim 17 , the second node is a parent node of the first node, and the at least one second policy is inherited by the first node from the second node.
19 . The system of claim 11 , wherein authorizing the device to use the security object comprises distributing the security object to the device in response to determining that the security object is secure to be used by the first device.
20 . A non-transitory computer-readable medium comprising computer-readable instructions, such that, when executed, causes a processor to:
receive a security object configured to encrypt or decrypt data; determine, based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and authorize the device to use the security object to encrypt or decrypt data.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.