| 摘要 |
A system for rating security levels a device according to the characteristics of functions executing within secure hardware components in the device. The security level of a host is placed in a digital certificate along with a corresponding private key at the time of manufacture of a device. The digital certificate can be provided to an inquiring device so that more comprehensive system-wide security levels can be communicated and maintained. Where a network uses ticket-based key management protocols, the security rating, or level, is transferred from the certificate to an issued ticket. Inquiring devices can then check security levels of target devices by using certificates or tickets and perform transfers or grant authorizations accordingly. In a preferred embodiment a security ratings system uses six levels of security. The levels are structured to include characteristics about a device's processing. That is, the levels provide information on the amount and type of sensitive processing that can occur in non-secure (or low security) circuitry or components within a device. This gives a better indication of how prone a device is to threats that may be of particular concern in content delivery networks. Additional qualifiers can be optionally used to provide further information about a security level. For example, the degree of handling time management processing within secure hardware and whether a particular codec, watermarks or fingerprints are supported within secure hardware can each be represented by a policy qualifier.
|
