US2023007003A1PendingUtilityA1

Systems and methods for organizing devices in a policy hierarchy

65
Assignee: FORNETIX LLCPriority: Mar 12, 2015Filed: Sep 12, 2022Published: Jan 5, 2023
Est. expiryMar 12, 2035(~8.7 yrs left)· nominal 20-yr term from priority
H04L 63/10H04L 63/064
65
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method, comprising:
 receiving, by a system, a security object configured to encrypt or decrypt data;   determining, by the system based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and   authorizing, by the system, the device to use the security object to encrypt or decrypt data.   
     
     
         2 . The method of  claim 1 , wherein
 the at least one first policy comprises a policy used to evaluate the length of the security object; and   the at least one second policy a policy used to evaluate the time at which the security object is created.   
     
     
         3 . The method of  claim 1 , wherein the one or more attributes of the security object comprises a cryptographic algorithm of the security object. 
     
     
         4 . The method of  claim 1 , wherein the system receives the security object responsive to the security object being requested by the device for communicating the data. 
     
     
         5 . The method of  claim 1 , wherein the security object is receive from one of a hardware security module, a key management device, or an security object source. 
     
     
         6 . The method of  claim 1 , wherein the at least one first policy comprises one or more policies different from one or more policies of the at least one second policy. 
     
     
         7 . The method of  claim 1 , wherein
 the at least one policy comprises the at least one first policy and the at least one second policy; and   the device is registered to the first node.   
     
     
         8 . The method of  claim 7 , the second node is a parent node of the first node, and the at least one second policy is inherited by the first node from the second node. 
     
     
         9 . The method of  claim 1 , wherein
 the hierarchical structure is a Directed Acyclic Graph having a plurality of nodes; and   the plurality of nodes comprises the first node and the second node.   
     
     
         10 . The method of  claim 1 , wherein authorizing the device to use the security object comprises distributing the security object to the device in response to determining that the security object is secure to be used by the first device. 
     
     
         11 . A system, comprising:
 a memory; and   a processor coupled to the memory, wherein the processor is configured to:   receive a security object configured to encrypt or decrypt data;   determine, based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and   authorize the device to use the security object to encrypt or decrypt data.   
     
     
         12 . The system of  claim 11 , wherein
 the at least one first policy comprises a policy used to evaluate the length of the security object; and   the at least one second policy a policy used to evaluate the time at which the security object is created.   
     
     
         13 . The system of  claim 11 , wherein the one or more attributes of the security object comprises a cryptographic algorithm of the security object. 
     
     
         14 . The system of  claim 11 , wherein the processor receives the security object responsive to the security object being requested by the device for communicating the data. 
     
     
         15 . The system of  claim 11 , wherein the security object is receive from one of a hardware security module, a key management device, or an security object source. 
     
     
         16 . The system of  claim 11 , wherein the at least one first policy comprises one or more policies different from one or more policies of the at least one second policy. 
     
     
         17 . The method of  claim 1 , wherein
 the at least one policy comprises the at least one first policy and the at least one second policy; and   the device is registered to the first node.   
     
     
         18 . The system of  claim 17 , the second node is a parent node of the first node, and the at least one second policy is inherited by the first node from the second node. 
     
     
         19 . The system of  claim 11 , wherein authorizing the device to use the security object comprises distributing the security object to the device in response to determining that the security object is secure to be used by the first device. 
     
     
         20 . A non-transitory computer-readable medium comprising computer-readable instructions, such that, when executed, causes a processor to:
 receive a security object configured to encrypt or decrypt data;   determine, based on at least one policy configured for evaluating whether one or more attributes of the security object are secure, that the security object is secure to be used by a device, wherein the at least one policy comprises at least one of at least one first policy of a first node or at least one second policy of a second node, wherein the first node and the second node are parts of a hierarchical structure of policies, the one or more attributes comprises at least one of a length of the security object or a time at which the security object is created; and   authorize the device to use the security object to encrypt or decrypt data.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.