WO2008087331A2 - Method and device for adapting an application to a physical context implementing reconfigurable safety mechanisms - Google Patents

Method and device for adapting an application to a physical context implementing reconfigurable safety mechanisms Download PDF

Info

Publication number
WO2008087331A2
WO2008087331A2 PCT/FR2007/052580 FR2007052580W WO2008087331A2 WO 2008087331 A2 WO2008087331 A2 WO 2008087331A2 FR 2007052580 W FR2007052580 W FR 2007052580W WO 2008087331 A2 WO2008087331 A2 WO 2008087331A2
Authority
WO
WIPO (PCT)
Prior art keywords
context information
characterized
security
application
context
Prior art date
Application number
PCT/FR2007/052580
Other languages
French (fr)
Other versions
WO2008087331A3 (en
Inventor
Marc Lacoste
Gilles Privat
Fano Ramparany
Original Assignee
France Telecom
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to FR0656051 priority Critical
Priority to FR0656051 priority
Application filed by France Telecom filed Critical France Telecom
Publication of WO2008087331A2 publication Critical patent/WO2008087331A2/en
Publication of WO2008087331A3 publication Critical patent/WO2008087331A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/08Access security

Abstract

The invention relates to a method for adapting an application that implements safety mechanisms, characterised in that it comprises the following steps: determining at least one context information of the physical environment in which the application is run; determining at least one safety level based on at least one determined said context information; deciding a reconfiguration/non-reconfiguration from at least one comparison between the determined safety level and the current safety level applied by the safety mechanisms; and in case of a positive decision, reconfiguring the application for adapting the application to the determined safety level.

Description

PROCEEDS AND DEVICE FOR ADAPTATION TO PHYSICAL CONTEXT OF AN APPLICATION USING SAFETY MECHANISMS reconfigurable

The present invention relates to a method and an adapter device of the security level of an application depending on the physical environment in which runs at least part of the application.

More specifically, the invention relates to ambient intelligence environments that require application security is able to adapt to specific environmental conditions. The complexity and heterogeneity of these environments introduces numerous vulnerabilities giving rise to new security requirements.

Furthermore, the integration of safety into new and sensitive applications is important in terms of confidence to users.

physical context called the physical environment in which runs at least part of the application; this context is, in particular, that of the main user of the application. According to a method described in the document entitled "Cerberus: A

Context-Aware Security Scheme for Smart Spaces "J. Al-Muhtadi, A. Ranganathan, R. Campbell, and M. Mickunas, presented at the conference" International Conference on Pervasive Computing (Percom) "2003 Application Security is updated by changing application settings depending on the context of application execution.

Under this method, security policies, especially in terms of authentication and access control, defining different levels of security, take account of contextual information, especially for the physical context. This contextual information is obtained by means of a context management infrastructure.

However, this method has the disadvantage that only some parameters describing the configuration of the security system can be changed, which limits the possible adaptations.

It is also known, in particular the document entitled "Secure Verification of Location Claims" N. Sastry, U. Shankar, and D. Wagner, published in the conference "ACM Workshop on Wireless Security" (pages 1 to 10) in 2003, a method of use and location data verification to allow an input control in a building on the basis of these data.

However, this method allows to manage one type of context data, one relating to the location. Moreover, it is limited to only one way to describe the confidence we can have in this data, by restricting the authentication context data to describe this trust.

It is also known, in particular the document entitled "Security Ontology for Annotating Resources" A. Kim, J. Luo and Mr. Kang, presented at the conference "International Conference on Ontologies, Databases, and Applications of Semantics (ODBASE)" in 2005, a method to formalize as ontologies different ways to qualify the trust context information, limited to the field of security.

However, this method does not disclose adapting the security mechanisms of the system according to the data context.

The invention aims to remedy at least one of the disadvantages of the prior art by providing a dynamic method of adapting an application implementing security mechanisms, characterized in that it comprises the following steps: - determination at least one context information of the physical environment in which runs at least part of the application; - determining a security level depending on said determined at least context information;

- decision reconfiguration / non-reconfiguration based at least on a comparison between the determined level of security and the security level current applied by the security mechanisms; and

- in case of positive decision, reconfiguration of the application to suit the application at determined safety.

The present invention adapts automatically security policies and mechanisms used in an ambient intelligence environment according to background information on the physical environment in which the application is running, including the environment user.

Thus, the invention establishes a stronger link between the implementation of security level and the detected physical environment, for example by networked sensors in ambient intelligence environments, so as to make possible the adaptation mechanisms safety physical context.

To do this, the application experiences a dynamic reconfiguration, including security mechanisms, depending on the state of the determined environment, for example by sensors. According to the invention, it is allowed a reconfiguration of security policy at a macroscopic level, and reconfiguration of security mechanisms at a detailed level.

The dynamic adaptation of the security of an application to a physical context up to a complete reconfiguration of the security mechanism, including by adding or removing features in the application, for example, by introducing new safety components.

Thus, according to the invention, operators and service providers have the assurance of the existence of a minimum guarantee security by the system through reconfigurations, while users could completely disable a traditional manual security that seem to them too heavy to use. In addition, for example, in case of Ie 4G type systems (4 ιeme generation), according to the invention, it is possible to overcome the heterogeneity of existing mobile networks, in particular, so that a user with a terminal reconfigurable and attentive to context is the feeling of being connected to a single network, for example, an IP ( "Internet Protocol" in English terminology). The user moving through many types of environments, each characterized by its own security policy, this adaptation is also needed on security infrastructure.

According to a particular embodiment, the step of determining at least one context information of the physical environment comprises at least a step of acquiring contextual data.

As described above, the acquisition of context data is performed directly from the physical environment, for example by means of sensors in the physical environment. According to one embodiment, the method comprises a step of authenticating said at least context information.

According to this feature, the adjustment of the security of the application depends on the context information of the authentication level.

The authentication context information also helps alleviate the security mechanisms, taking into account such physical protection devices already present in the environment.

According to another characteristic, the method comprises a step of associating at least a degree of confidence to said at least one determined context information. According to one embodiment, the decision stage is also based on said at least one degree of confidence associated with said at least one determined context information.

According to this feature, the application's security level is maintained by reconfiguration based on reliable information environment. Thus, the adaptation of the security of an application to a low level of security can take place on the basis of context information whose reliability is sufficient. According to a particular feature, said at least one degree of confidence is defined as an ontology.

According to another characteristic, the ontology defines at least one processing rule of said at least one context information associated. According to one embodiment, the method comprises a step of building a reputation for at least one context information determined based on said at least one degree of confidence associated with said at least one determined context information.

By building a reputation means determining values ​​of safety and / or security and / or personal data, etc.

According to one characteristic, said fame comprises a plurality of dimensions, each dimension being a confidence level describing ia confidence in the context information or its treatment.

According to yet another particular feature, said reputation comprises at least one relationship between confidence qualification dimensions.

In a particular embodiment, an ontology defines said at least one relationship between the confidence qualification dimensions.

According to a particular characteristic, the method comprises a step of associating at least one information of contextuality to said at least one determined context information describing said at least one context information according to its level of importance.

Correlatively, the invention also provides a dynamic adaptation device an application implementing security mechanisms, characterized in that it comprises the following means:

- means for determining at least one context information of the physical environment in which runs at least part of the application;

- means for determining a security level depending on said determined at least one context information;

- decision means for reconfiguring / non-reconfiguration based on at least the means for comparing the determined level of security and the current level of security applied by security mechanisms; and

- the application of the reconfiguration means for adapting the application to the determined security level. This device essentially has the same advantages as the method of adaptation of an application implementing security mechanisms briefly described above.

According to yet another aspect, the invention relates to a computer program loadable into a computer system, said program containing instructions enabling the implementation of the method of adapting an application implementing security mechanisms such that described above, when that program is loaded and executed by the computer system.

According to still one aspect, the invention also provides a computer program product loadable into a programmable apparatus, characterized in that it comprises an application implementing security mechanisms, means for determining at least one information of context of the physical environment in which runs at least part of the application, means for determining a security level depending on said determined at least one context information, decision means reconfiguration / no -reconfiguration based at least on means for comparing the determined level of security and the security level of current applied by the security mechanisms and reconfiguration means of the application to suit the application at determined safety.

Other aspects and advantages of the present invention will become apparent from reading the description which follows, this description being given by way of example and with reference to the accompanying drawings in which: - Figure 1 illustrates a component architecture model; - Ia Figure 2 illustrates a software or hardware architecture adaptation security features of an application based on the physical environment in accordance with the invention;

- Figure 3 shows an adaptation algorithm the security level of an application according to the invention;

- Figure 4 illustrates an authentication operation on the basis of location information;

- Figure 5 illustrates the nodes of the context management system;

- Figure 6 illustrates a structural ontology to a context management system;

- Figure 7 illustrates a confidence qualification ontology;

- Figure 8 illustrates the relationship between the trust qualification and structural ontology ontology;

- Figure 9 illustrates an architecture of a context management node;

- Figure 10 illustrates a reputation management infrastructure;

- Figure 11 shows an overall architectural context management;

- Figure 12 illustrates an implementation of the context management system;

- Figure 13 illustrates an access control based on the location with an adaptation of the system to a change of the characteristics of this location;

- Figure 14 illustrates an access control based on the location with prevention of location information spoofing; and

- Figure 15 shows an interface of "follow-me".

According to the invention, the security of an application running in an ambient intelligence environment is automatically adapted by dynamic reconfiguration of the application according to policies and security mechanisms used in this environment. This adaptation is performed based on information on the state of the environment in which runs at least part of the application.

The environment conditions, in accordance with the invention, the physical context in which runs at least part of the application. These include the physical context of the application user. The physical context is determined based on information acquired through sensors distributed in the environment.

The sensors are suitable, for example, to determine the position of the user, and more generally the relevant elements of the context in which the user (alone in an office, in a meeting, engaged in a non-interruptible activity, and so right now).

According to one embodiment, the physical environment can be managed by a context management system.

Furthermore, in accordance with the invention, the implementation of adaptation can also be performed based on the confidence level contextual information obtained.

For example, the adaptation of the security of an application to a lower level of security can be made only based on contextual information about which one can have a sufficient degree of confidence, and the authenticity of which is assured.

The adaptation of the level of security of an application aims to ensure a "just sufficient" protection without overloading the user by oversized security mechanisms, redundant or inappropriate.

For example, according to a first embodiment, the security of the application is adapted, if associated with the safety of existing physical protection devices elsewhere in the user's environment.

Thus, for example, by exploiting the user's location information as context element, the authentication process of the application can be alleviated if the user is present in a room whose access is already protected by traditional physical security mechanism, such as a lockable door or a biometric security device. More generally, the contextual information determined, especially by means of sensors, for example the nature of the current activity, are used to trigger an adaptation of the security mechanisms of the application, if necessary. It is thus made possible to automatically select the application's security level appropriate for its proper functioning, without unnecessarily burdening the attention of the user by asking, for example, approval for each adaptation operation level application security. According to one embodiment of the application, they are designed with an approach based software components as shown in Figure 1. The software components are defined as entities encapsulating code and data that appear in the software systems as execution units, configuration / reconfiguration, deployment and administration.

The construction of an application as a component model can master the complexity of implementing the software infrastructure, since the components can be composed themselves to form high-level code units. An application developed according to a component model also allows flexibility in the desired configuration since the functionality of the application can be adapted or introduced by adding or replacing components in the application.

Thus, according to the component model, an application is reconfigurable and thus makes the flexible choice of components.

One component is an executable entity constructed from a controller that supervises execution. A composite component is comparable to a white box in which components, called primitive components, are interconnected. These primitive components are considered as black boxes. Indeed, they encapsulate the software code.

A component can only interact with its environment through a set of well-determined access points called interfaces. Interactions between components require the establishment of links between the interfaces of these components.

Figure 2 illustrates a software architecture and / or hardware adaptation of an application based on its physical execution environment according to the invention.

This architecture includes a flexible security service 21 capable of allowing adaptation of the safety mechanism or the security level of an application, then an acquisition infrastructure, aggregation and context management 22 hereinafter referred to as "context management system", an inference engine 23 of the security context from the determined physical context and an adaptation decision mechanism of the security service 24 in accordance with information on the security context.

In addition, this architecture can also include background information authentication service 25. According to the invention, the adaptation of the security of an application based on the physical context of the user is carried out according following method.

First, the context management system 22, distributed or centralized gets low level context data. These data relate in particular physical quantities, e.g., supplied by an array of sensors Ci disposed in the environment in which the application is running.

These variables can be, for example, a temperature, a pressure, a distance from a reference point, a location. These quantities are then aggregated in order to determine the more or less high level context information, for example, the position or the posture of the user with respect to a relevant reference, the state of the environment, activity in this environment, the situation, the ambient noise level. We can thus infer from the low-level context data, information on ongoing activities in the environment that will adapt the security of the application running in this environment. One embodiment of the context management system 22 is described below with reference to Figures 5 to 12.

Then the 25 context information authentication service can be associated with previously determined context information a degree of contextuality that would for example strictly between 0 and 1, with 0 being unnecessary information and 1 to important information for the system. That (s) level (s) of contextuality can subsequently be taken into account when adapting the security level of the application by the security service 21. Thus, designate that context information to modulate their use for adapting the security of an application.

According to a particular embodiment, is associated, during the processing of context information, the context information a degree of security type of confidence provided by the authentication service context information 25 and a degree of reliability type of trust .

Thus, if the context information is "low confidence", they will typically not used for critical adjustments when they could be for adaptations inconsequential to safety. This notion of trust or context data quality can take many aspects. Indeed, it can be trusted in terms of reliability, precision, conventional safety, privacy {data not spied), integrity (data not altered maliciously) or authenticity (a data source is not substituted for another). This confidence can also be linked to respect for private life (more or less restricted data access by third parties).

Thus, the context information of 25 authentication service is able to attach to the context information or the acquired raw data, metadata integrating these different dimensions of trust. This metadata can also be modified in the light of treatments applied to the data throughout their treatment and their aggregation. Then, from the context of information and levels of trust or metadata, the inference engine 23 infers the appropriate security context Cs. The latter is, for example, the security level for the application suitable for the activity or the current running status of implementation in terms of environment.

However, the concept of security context may be more general than just security level.

Indeed, the information of the context from which the inference engine infers the current security context can be described in a formal ontology security, and it is the same for the information from the inference engine.

The context of adequate safety Cs is then securely transmitted to the matching decision mechanism of the security service 24.

This Cs adequate security environment can also be used to adapt the context information authentication service 25. According to that security context, the authentication level is higher or lower depending on the required security level .

Finally, based on the information authenticated security context, the decision mechanism 24 triggers or not the reconfiguration or the setting of the adaptation of the security service 21.

Consider an example in which is performed an adaptation of the security of an application based on the context of cryptographic algorithms ensuring the protection of network traffic.

In this example, the security level is high during communications issued and received by the user terminal present in a hostile environment and insecure.

A hostile environment where the communications interception risk is not negligible, for example, a risk country or a competitor. The level of security is achieved in particular by using a strong encryption algorithm, for example, using an AES cryptographic algorithm or Advanced Encryption Standard ( "Advanced Encryption Standard" terminology Anglo Saxon).

In addition, key lengths must remain notably higher than the current capacity of cryptanalysis to avoid dictionary attacks or brute force.

In contrast, when the user's environment is already protected by physical security mechanisms and / or computer, such as, for example, a meeting room locked, a home or corporate environment behind a firewall -Fire { "firewall" in English terminology), the application security level can be attenuated, in particular in the protection of communications.

In this manner, redundancy of security mechanisms including accumulation of encryption algorithms at different levels of a protocol stack (e.g., encryption at the wireless handset layer with mechanisms IPSec, SSL and encryption application) is avoided.

In addition, for example, a better response time over slow network connections available, computing and communication capabilities of the objects involved, for example, objects of type "smart dust" in English terminology or "smart dust" which can be limited.

To do this, a less robust encryption algorithm, for example a type of cryptographic algorithm or Data Encryption Standard ( "Data Encryption Standard" in English terminology) and / or lower key lengths are used. This relaxation of security measures may also be necessary when the mobile user is in a country where use of cryptography is regulated, key lengths to remain below a size limit.

The security service considered in this example is a cryptographic library used to encrypt and / or sign communications. Depending on the degree of flexibility of these cryptographic mechanisms, the application designed as a component model may undergo a reconfiguration operation in order to change the application to a higher level of security. To do this, reconfiguration is performed by downloading a new cryptographic library providing more robust algorithms or having larger key lengths.

The reconfiguration of an application is performed, for example, according to steps described below with reference to Figure 3.

The algorithm starts at step 31 involving the acquisition of context data from the user's environment, including by means of the context management system 22.

According to a particular embodiment, this step is performed by means of a location determination system that can locate the user with respect to a reference system, namely the country where the user is located, the position of the user compared to an already secure environment, for example, an indoor environment or outside the home, a meeting room, or business.

According to another embodiment, this step is performed by aggregation of low-level information from multiple location determination systems. The location data and aggregated and consolidated are then transmitted to the authentication service 25 to ensure their authenticity.

Step 31 is followed by step 32 of authenticating the user context, in particular by the authentication service 25. During this step, it is ensured that the context data produced in step 31 are authentic, they were generated by an infrastructure of 22 location trustworthy, and they have not been modified by a malicious third party.

So it is to prevent attacks on systems where access rights are directly dependent on the location and where a third party can obtain illegitimate access to services by falsifying its location. According to a particular embodiment, if at step 31, an attribute certificate is generated and signed by the location of infrastructure where certificate attribute contains location information, in step 32, this latter then consists of the verification of the certificate, ensuring that the signing of the location of infrastructure is valid.

Step 32 is followed by step 33 in which it is inferred the security context, in particular by means of the inference engine 23.

The inference engine infers the environmental security level by comparing the location data provided in steps 31 and 32 to the application's security level.

This policy includes, for example, rules of use of cryptography in the country where the user is located. These rules can be of the form:

If country = USA = longueur_clé so short. According to this rule, it is given the potential restrictions on the use of cryptography in the US.

If countries = FRANCE = longueur_clé so long.

Or :

If extérieur_du__domicile (position) then longueurjclé = long. Otherwise longυeur_clé = short.

Under these rules, depending on the location of the user, ie inside or outside the home, it affects the variable "longueur_clé" representing the level of security in terms of length of the cryptographic key to the long or short value. Step 33 is followed by step 34 of transmitting securely the determined security context, that is to say, adequate current security level, in particular decision 24 mechanism.

To do this, the attribute longueur_clé updated in step 33 is then securely transmitted to the decision mechanism 24, e.g., having been encrypted using a symmetric key shared between the motor inference and decision mechanism. Step 34 is followed by step 35 in which a decision is made or not to reconfigure the application, in particular by means of the decision mechanism 24.

In this step, depending on the security context received in step 34, the decision mechanism 24 takes or not the decision of triggering the reconfiguration operation of the safety mechanism 21 reconfigurable component.

In the previous example considered, the reconfiguration operation, for example, a change or a change of encryption algorithms and a signature.

The decision making is in particular carried out by comparing the level of security determined in steps 31-34 to the current level (i.e. current just before the decision) of the security of the application, and reconfiguration consists, for example select a more or less robust encryption algorithm, or key length having a more or less important.

For example, it may have a sequence of the type: If niveau_de_sécurité_courant> niveau_actuel_de_sécurité then

// We increase safety system Algorithme_crypto AES =

Longueur_de_clé = 128 bits Reconfigure (Algorithm _crypto, Longueur_de_clé) If niveau_de_sécurité_courant <niveau_actuel_de_sécurité then

// We break safety system Algorithme_crypto OF =

Longueur_ de__clé Reconfigure = 56 bits (Algorithme_crypto, Longueur_de_clé) Step 35 is followed by step 36 in which it is carried through the reconfiguration of the reconfigurable safety mechanism 21. As described above, once the decision taken at in step 35, triggering the reconfiguration operation, this operation is performed, in particular by reconfiguring the cryptographic system from a different composition of modules from the same cryptographic library, or by downloading from the terminal of user a new cryptographic component providing more or less robust algorithms or key lengths having more or less important. Consider a second example of application shown in Figure 4 wherein is carried out an adjustment of the security of the application operation in a residential environment. Thus, in this example, provides access to a number of information services network, not on the basis of an identification or a traditional password authentication, but on the basis of the location of people wishing to use these services.

To do this, physical security perimeters corresponding to a building are defined, within which information security can be released due to the existence of a traditional physical security, including access control according to another way.

The objective is therefore not to impose an authentication step which would be redundant in this case with physical security. Indeed, it is assumed that persons authorized to enter within these perimeters are trustworthy people, and gives them access to a number of specific services of the house without imposing additional authentication.

These unidentified people does not have access provided to all services of the building, some of these services are reserved to the usual inhabitants of the building which would be identified by an appropriate means requiring, for example, biometric identification.

This use is transposed from a residential to any place receiving visitors "controlled" as a hotel, a local association or a local office, which implicitly provide access to a number of services for visitors authenticated by their location.

Thus, authentication password requested on a network such as a WLAN type of network or WLAN ( "Wireless Local Area Network" in English terminology), can be replaced by a location certificate authenticated to prohibit individuals located outside the secure perimeter of access services to legitimate visitors. However, those located outside the secure perimeter could access these services using a traditional authentication using password or other.

However, if these people do not know the password and are looking to have all the same access to these services by claiming that they are in when they are not, the usurpation of location, including falsification of source localization, they would be prohibited by an authentication mechanism of localization.

In addition, it is possible to carry out additional adaptations of the security based on the location. Indeed, for example, if we consider a network perimeter limited by building such as an infrared broadcast network, which can not pass through walls, can be taken into account that the windows are open or not adapt security. Thus, it is not necessary to request additional location for authentication when the windows are closed, so we will use a radio network also called RFID (additional authentication location technology) when windows are open.

The architecture described above is achievable by means of a software or hardware infrastructure providing aggregated location information, and more generally physical context, from data from a sensor array. As for the inference engine, an implementation is possible using the logic programming language Prolog as physical context data translator security context information, for example, confidence levels, representing such information in ontologies appropriate. The context information Authentication Service is able to be performed using a privilege management infrastructure (PMI), the security context is stored in the attribute certificate transmitted over secure channels. In the case of access control, the reconfigurable security service is able to be implemented on mobile terminal or PDA with components technologies that facilitate dynamic insertion of new security policies of classes to be applied in the system.

There is now described a context management system 22 and the various types of metadata that can be associated by the context information authentication service 25 to qualify the trust context information or raw data acquired with sensors.

Consider the context management system as consisting of a directed graph whose nodes represent acycϋque Its computing elements that will manipulate and transform data context and arcs or links represent the flow of information between the nodes. According to this graph, shown in Figure 5, there are three categories of nodes represented.

First, producers or context sources 51 are capable of producing one or more types of context data relating to the ambient environment. These sensors typically to acquire data on the physical context, ie, eg, temperature, pressure, location. These data are the lowest level of abstraction context information handled by the context of management.

Then the context of consumers 52 include intervening modules in target applications, and implementing special features that take into context a number of data types, they will be considered for adaptation their current regimen then said adaptive or attentive to the context. These data are generally higher level of context information in the context of management.

Finally, processors (or shells) context 53 take as input a number of context data types, for example, physical quantities and are outputting one or more other types of context information, e.g., type of current activity. produced background data is generally higher level than that provided input and are called context information. These nodes will typically perform aggregation operations context data from producers or context transformers upstream. They transmit the result of this operation to processors or context of consumers downstream. These nodes thus combine the functions of producer and consumer context. The structure of the context management system can be described in a so-called structural ontology notably including nodes, links and context data, as well as producers, consumers and the environment interpreters.

In addition, each node has a particular identity that serves to characterize the relationship of trust between the nodes of the system.

According to the invention, a structural ontology is now described with reference to Figure 6.

Each context information handled by the context management system is associated with a number of metadata describing the confidence one can have in that information. This metadata can also be associated with each node of the system to qualify the confidence we can have in the context of information processing process performed by this node.

This metadata allows building a reputation for context information or treatment process that information. This reputation has various dimensions that are as many ways to qualify confidence in context information or treatment. The relationship between these dimensions, the number can be extended, are described using an ontology called "trusted". This ontology can be extended also to enrich the description of this reputation. According to one embodiment, the confidence ontology includes the elements shown in Figure 7,

As shown in Figure 7, the primitive concept of this ontology is the "reputation" that qualifies the confidence one can have in a context of information or the processing of this information that will be performed by a Node context management. Reputation evaluates the confidence that a node can have in his peers and that we can have in the reliability of context information. Specifically, reputation is "what is generally said or believed about the characteristics or the situation / the importance of a person or thing" ( "A Survey of Trust and Reputation Systems for Online Service Provision "A. Jθsang, R. Ismail, and C. Boyd, published in 2006 in" Decision Support Systems "), or" a measure derived from direct or indirect knowledge from previous interactions between agents, and is used to estimate the level of confidence that an agent can place another officer "(" a Survey Study on trust Management in P2P Systems "by C. Ding, C. Yueguo, and C Weiwei's" Department of Computer Science, School of Computing, National University of Singapore ", published in2005).

The qualifying trust can be refined by combining the dimensions relating to "security" ( "security" in English terminology), the "security" ( "safety" in English terminology), and " protection of personal data "(" privacy "in English terminology). A definition of these terms is now given:

- "security" is the association of privacy properties, integrity, and availability vis-à-vis the authorized shares (PhD thesis of V. Nicomette, entitled "The protection in distributed object systems" of 1996);

- the "security" is the property of a system that allows users to place a justified confidence in the service it delivers them (V. Nicomette in the abovementioned thesis); and

- "protection of personal data" is the fact that an individual or an organization to control the collection, storage, sharing, and dissemination of personal data or relating to this organization (Mr. Abrams paper S. Jajodia and H. Podeil entitled "Information Security: An Integrated Collection of Essays" and published in 1995 by the IEEE Computer Society Press). At these dimensions, we must add the "contextuality", a concept that does not fit directly into the definition of reputation, but that is used to characterize more or less secondary character context information. It measures the degree of context of the combination with the primary function of the application / system, from a data unnecessary or redundant context to an essential information to be taken into account by the system.

In the safe qualifying trust, we find the classic "confidentiality" concepts, "integrity", "authenticity" of "non-repudiation" and "availability". A definition of these terms is now given:

- the "confidentiality" is non-occurrence or prevention of unauthorized disclosure of information; more precisely, "confidentiality can be defined as the ability of a computer system to prevent the disclosure of information, that is to say, to ensure that information is inaccessible (or incomprehensible) for non-designated users as authorized to access "(Y. Deswartes in" Construction of distributed operating systems ", published in the Collection of Didactic INRIA in 1991);

- "integrity" is the non-occurrence or prevention of inappropriate alteration of information (V. Nicomette in the abovementioned thesis); more precisely, "the integrity can be defined as the ability of the computer system to prevent corruption of information by accidental or intentional misconduct" (Y. Deswartes in "Construction of distributed operating systems", published in the Collection didactic INRIA in 1991);

- "authenticity" is "does not allow, by way of authorized modifications, loss of completeness and just information" ( "Glossary: ​​Terms relating to computer security" of DCSSI published at the following address: http://www.ssi.gouv.fr/fr/glossaire/index.html);

- "non-repudiation" is "the characteristic of a cryptosystem preventing a transmitter can later deny having sent a message or perform some action" (M. Kaeo in the book "Network Security" published in 2000 by Cisco Press); and

- "availability" is the fact that a system ready for use (PhD V. Nicomette). In the qualification of confidence in terms of safety, there is the concept of "reliability", but also those of "criticality" of "precision" and "vagosité". A definition of these terms is now given:

- "reliability" is "one of the attributes of dependability It is the continuity of service that the system must provide its users, the system is considered non-repairable." (Center of Studies of Navigation air in the "Glossary of dependability" published at the following address: http://www.tls.cena.fr/divisions/SDF/);

- the "criticality" or risk is "a measure of danger expressed in terms of the occurrence of an adverse event (probability, frequency) and a measure of its effects or consequences [...] A risk scale is often associated to danger in order to be classified into levels of criticality "(Center of Studies for Air Navigation in the" Glossary of dependability "published at: http: // www. tls.cena.fr/divisions/SDF/); - "accuracy", such a sensor is the ability, during repeated use without updates, reproduce the same value or measure, given the same conditions and the same environment of use ( " Alliance for Telecommunications Industry Solutions "in the glossary" Telecom glossary 2000 "published by the American National Standard in the T1.523-2001 reference); and

- the "vagosité" is the characterization of the context data in accordance with the terms of fuzzy logic ( "crisp vs. fuzzy" in English terminology); grandeur "crisp" is a traditional numeric value; on the contrary, a fuzzy variable associated with the numerical value a degree of membership (between 0 and 1) to a group called fuzzy set.

In the qualification of confidence in terms of personal data protection, we find the concept of "privacy", but especially that of "nymité" ( "Nymity" in English terminology), which measures the degree of anonymity bound context information. It can be defined as the amount of information that is revealed about the identity of the participants in a transaction. It includes different levels such as "identifiability", the "pseudonymity", "anonymous" and "traceability". A definition of these terms is now given with reference to the document Pftizmann A., M. Hansen, entitled "Anonymity, Unlikability, Unobservability, Pseudonymity, and Idenîity Management - A Consolidated suggested for Terminology" of the Technical University of Dresden, published in 2005 and at the following address: http://dud.inf.tu-dresden.de/Anon_Terminology.shtml:

- "identifiability" is the fact that a subject to be perfectly identifiable by his actions;

- the "pseudonymity" is the fact of using a pseudonym to be identified, anonymity is the fact not to be identifiable from a set of subjects, said all of anonymity; and

- "non-traceable" ( "unlinkability" in English terminology) is the fact that a user can access multiple to resources or services without others entities parts of the system can establish relationships between these uses. The elements of the ontology of trust and those of structural ontology maintain relationships illustrated in Figure 8.

For example, the concept of criticality can apply to consumers or producers context (and therefore a fortiori to intermediate nodes). Precision, vagosité, reliability, confidentiality, authenticity, integrity and non-repudiation are the characteristics of the context information. However, these features can also be called nodes in terms of system reliability, authenticity, or privacy. Nodes, links, and context information may have identities.

Finally, contextuality can be applied to the links of the context of management. According to the invention, the coupling between reputation management and context management system itself is permitted.

A software implementation of architecture and / or hardware of a context management node consists of the elements described below and illustrated in Figure 9. Here, each node producer, processor, or context consumer is, for example, consisting of the elements described now.

First of all, this architecture includes, in particular, a basic component said 91. This component is able to perform the treatment qu'effectuerait the context management system node without considering the reputation management. So, it takes as input a number of contextual inputs from other nodes or processors context of producers, and outputs a number of outlets context to context processors or consumers.

Then, the architecture includes reputation management said component 92 for each dimension of the reputation described in terms of ontology qualification of trust, being, for example, the accuracy, reliability or safety . These components perform specific treatments to the manipulation of metadata describing each dimension of reputation. We then obtain, for example, reputation-precision management components 93, security reputation-94, the criticality-95 reputation, reputation-reliability.

This architecture of a context management node, shown in Figure 9, is open and reconfigurable. The number of dimensions describing reputation is not limited, it is possible to extend the behavior of a context management node to manage additional dimensions. This is done by inserting a new reputation management component. It is also possible to change the treatment of a given dimension of performing the replacement of the reputation management component with another performing the new treatments on the metadata corresponding to the dimension.

The dimension of being fixed, reputation management components to communicate this dimension according to specific channels in a peer-to-peer model, similar to a conventional infrastructure management confidence, as shown in Figure 10.

Each reputation component is responsible for updating metadata about the reputation, both for each node and / or for each arc depending on the choice of d.

Specifically, for some dimension values, these metadata are for bows, for example the values ​​of trust between two nodes, while for others, the metadata is applicable to nodes themselves, for example, the criticality . This architecture enables support for multiple update protocols, and therefore coupling the context management infrastructure with multiple types of trust management infrastructure ( "Trust Management Systems" in English terminology).

An overall architecture of the infrastructure now described is that shown in Figure 11.

It should be noted that the information used by the context of consumers, including information from the context management system, are used as optional input to the system in which these are integrated context consumers. As described above, a specific dimension of reputation can thus be used to characterize much the contextual nature of these data.

This contextuality is a parameter between 0 and 1 measuring the degree of approximation with the main system, with 0 being a given unnecessary context to consider, 1 to an essential control data to be taken into account by the main system, that is to say, which is a primary input of the system. This setting is particularly from consumer context and can be propagated in the opposite direction in context management infrastructure data going back to producers, since it is a constraint back down from consumers to producers. It may, indeed, package processing data context, but also other dimensions of metadata as described below.

In addition, it is noted that another specific reputation level can afford to take into account the fact that it is a physical context.

Thus, the context attributes do not take any values, but are governed by the laws of physics.

These features can be described as constraints or probability distributions on these attributes, individually, for example, the values ​​of atmospheric pressure free atmosphere, or linking these different attributes, for example, the ideal gas laws linking pressure with temperature.

A dimension metadata can thus characterize the conformity of metadata relative to physical constraints and allow to validate the use of the lower floors of the infrastructure.

Finally, it should be noted that the various dimensions of reputation can be prioritized and preferred depending on the application to determine the contextual priority for consideration by the system.

For example, in an application context requiring a high level of personal data protection, priority may be given to reputation-nymité compared with the reputation and safety. This implies a general level of disclosure of information lower, up to complete anonymity without traceability. Similarly, the amount of information available to the nodes of the context management infrastructure to establish and measure trust between them is lower. The reputation management and safety will be less accurate in this case. It is now described an embodiment of the context of management. Thus, one embodiment of architecture is illustrated in Figure 12.

According to this embodiment, the context sources and the context of shells are constructed as components {called "bundles" in English terminology) that implements a Java interface, described below, called "iContextSource" referenced CSI and s exhibitor with intensive applications context or other context interpreters as web services. A library called "ExBindEv library" is also used to implement mechanisms exposing these components as web service.

The interface "IContextSource" referenced CSI is constituted including the three methods described below. First, the method "query (String sparql_str)" allows a client application or a context interpreter to question the source context of a particular value or set of context information values.

Next, the method "subscribe (String str sparqlevent, String URL)" allows the source of context to record in a list, the interest of a client application or context interpreter for a query on the element of particular context information, in order to later know as soon as the answer to this query changes.

Finally, the method "unsubscribe (String url)" allows the source to de-register context of the client application or the context interpreter of the previous list.

In addition, a component named "ContextBroker" allows context-intensive applications to discover the sources of context and interpreters context that interest through an interface called "CDBI" if they have registered with the component

"CcntextBroker". This recording is achieved using such an interface called "CBRI" described below.

The "CDBI" interface includes the method

"DiscoverContextSource (String context Nfl oDesc j", which allows an application to discover a context source based on a description of its needs in terms of nature of desired context, such as room temperature, but also in terms of quality of information, such as the accuracy of the temperature measurement. This method returns the list of identifiers of sources of context satisfying these needs.

The "CBRI" interface consists of two methods. Any First, this interface includes the method "registerContextSource (Striπg contextlnfoDesc, String CSREF)", which allows a source of context to declare to the ContextBroker component by providing a description of its capabilities in the same terms as those used for method "discoverContexrSource" described above, as well as its identifier that will allow applications to connect to the context source.

In addition, "CBRI" interface may include the method "deregisterContextSource (String CSREF)", which allows a context source to withdraw from the list of context sources maintained by the ContextBroker component.

The representation of the needs and capabilities used in the setting of contextlnfcDesc discoverContextSource registerContextSource methods and is based on the language called RDF ( "Resource Description Format" in English terminology). RDF allows flexible formalism and flexibility for representing heterogeneous information in large quantities if needed. The representation can be expressed as a text document into XML. Returning to the example described above with reference to the

4, authentication must also take account of the greater or lesser security / safety of the localization mechanism used, as well as its precision.

For example, if you use a perimeter limited by construction network as a broadcast network that infrared can not pass through walls, can be considered in a local window without security and accuracy of a location-based connection to the network is perfect. However, if such a local has open windows, such technology is completely safe, "reputation" will find corresponding modified.

Thus, realized access control requires a strong safety and security of the location used by the application. This degree of safety / security must be provided to it in real time to be adapted to its behavior depending on the situation. Indeed, if security is no longer sufficient against the requirements of the application, the application can go back to using a traditional authentication method and not be content with the location as a means of authentication .

In terms of accuracy, it is a type of set-precision, that is not necessarily uniform in space. Indeed, it is necessary to ensure that the person is well within the secure perimeter, without having to know its exact location within that perimeter. This clarification could be characterized by a fuzzy type of membership function ( "fuzzy" in English terminology).

When membership function would depart too much of a rectangular function ( "crisp" in English terminology) and thereby leave uncertainty about the edges of the assembly secured, such as described above regarding open windows with infrared location, the application can also be considered.

For example, at the opening of the secure room shutters there is impairment of set-precision. Thus, this situation requires a reconfiguration of the environment management system by choosing another of stronger authentication method, as shown in Figure 13.

Similarly, if an attack is detected against the locating system used, for example, an attack by spoofing ( "spoofing" in English terminology) on your location data, there is alteration of the safety reputation . This then requires a reconfiguration of the environment management system by choosing another method of locating offering stronger security guarantees, as shown in Figure 14 "

In a second embodiment, a user interacts with services on the basis of its own location, which therefore serves as input to the system instead of what would be a mouse position in a traditional GUI. This location can be used for different types of adaptation.

For example, a feature of the physical proximity based interface, it can be a change of "focus" of communication if the person approaches an interface device for passing a communication "wide-angle" to a more focused communication.

In addition, in an interface feature known in English terminology "follow-me" service would follow the person on the nearest interface device.

Thus, unlike the previous case, the requirements in terms of safety implementation are very low in the case of non-critical applications.

However, the requirements in terms of accuracy can be much thinner. This is consistent precision here that would typically be characterized by a range of Cartesian coordinates.

Another parameter that can characterize the localization in this case is the fact that a target can be uniquely identified.

For example, in the case of location-based vision technology type, a target can be split or merged with another in the event of an occlusion. The reputation of reliability concealed source localization is degraded in this case and the application would comply. Thus, it would bring, if any, the application to appeal to a complementary technology to disambiguate location introduced by this technology. This may be the aggregation of a wireless location technology and a location technology based vision, which would remove the ambiguity on the only location based on the vision, as shown in Figure 15.

Similarly, in the case of a location based on the radio, as the technology known under the English terminology

"Fingerpήnting WiFi", the existence of electromagnetic interference can degrade the accuracy of this source localization, and the application could be considered.

This example can be generalized to include all communication applications in smart spaces ( "smart spaces" in English terminology) incorporating instrumentation for context data acquisition.

In addition, the invention can be applied especially to contextual assistance in smart spaces, for example, ambient assistance in activities of daily life.

Claims

1. A method for dynamic adaptation of an application implementing security mechanisms, characterized in that it comprises the following steps:
- determining at least one context information of the physical environment in which runs at least part of the application; - determining a security level depending on said determined at least context information;
- decision reconfiguration / non-reconfiguration based at least on a comparison between the determined level of security and the security level current applied by the security mechanisms; and - in case of positive decision, reconfiguration of the application to suit the application at determined safety.
2. A method of adaptation according to claim 1, characterized in that the step of determining at least one context information of the physical environment comprises at least a step of acquiring contextual data.
3. A method of adaptation according to claim 1 or claim 2, characterized in that the method comprises a step of authenticating said at least context information.
4. A method of adaptation according to one of the preceding claims, characterized in that it comprises a step of associating at least a degree of confidence to said at least one determined context information.
5. A method of adaptation according to claims 3 and 4, characterized in that the deciding step is additionally based on said at least one degree of confidence associated with said at least one determined context information.
6. A method of adaptation according to claim 4 or claim
5, characterized in that said at least one degree of confidence is defined as an ontology.
7. A method of adaptation according to claim 6, characterized in that the ontology defines at least one of said processing rule at least one context information associated.
8. A method of adaptation according to one of Claims 4 to 7, characterized in that it comprises a construction step a reputation for at least one context information determined based on said at least one associated confidence to said at least one determined context information.
9. A method of adaptation according to claim 8, characterized in that said fame comprises a plurality of dimensions, each dimension being a confidence level describing confidence in the context information or its treatment.
10. A method of adaptation according to claim 9, characterized in that said fame comprises at least one relationship between the confidence qualification dimensions.
11. A method of adaptation according to claim 10, characterized in that an ontology defines said at least one relationship between the confidence qualification dimensions.
12. A method of adaptation according to one of the preceding claims, characterized in that the method comprises a step of associating at least one information of contextuality to said at least one determined context information describing said at least one information context based on its level of importance.
13. A device for dynamic adaptation of an application implementing security mechanisms, characterized in that it comprises the following means: - means for determining at least one context information of the physical environment in which running at least a portion of the application;
- means for determining a security level depending on said determined at least one context information; - decision means for reconfiguring / non-reconfiguration based on at least the means for comparing the determined level of security and the current level of security applied by security mechanisms; and
- the application of the reconfiguration means for adapting the application to the determined security level.
14. An adapter device according to claim 13, characterized in that the means for determining at least one context information of the physical environment comprises means of acquiring contextual data.
15. An adapter device according to claim 13 or claim 14, characterized in that the device comprises means for authenticating at least said context information.
16. An adapter device according to any one of claims 13 to 15, characterized in that it comprises means for associating at least one degree of confidence to said at least one determined context information.
17. An adapter device according to claims 15 and 16, characterized in that the decision means are adapted to decide further based on said at least one degree of confidence associated with said at least one determined context information.
18. An adapter device according to claim 16 or claim 17, characterized in that said at least one degree of confidence is defined as an ontology.
19. An adapter device according to claim 18, characterized in that the ontology defines at least one of said processing rule at least one context information associated.
20. An adapter device according to any one of claims 16 to 19, characterized in that it comprises a reputation constructing means for at least one context information determined based on said at least one associated confidence to said at least one determined context information.
21. An adapter device according to claim 20, characterized in that said fame comprises a plurality of dimensions, each dimension being a confidence level describing confidence in the context information or its treatment.
22. An adapter device according to claim 21, characterized in that said fame comprises at least one relationship between the confidence qualification dimensions.
23. An adapter device according to claim 22, characterized in that an ontology defines said at least one relationship between the confidence qualification dimensions.
24. An adapter device according to any one of claims
13 to 23, characterized in that the device comprises means for associating at least one information contextuality to said at least one determined context information describing said at least one context information according to its level of importance.
25. Computer program loadable in a computer system, said program containing instructions enabling the implementation of the adaptation process layout of an application implementing security mechanisms according to any one of claims 1 to 12, when this program is loaded and executed by said computer system.
26. A computer program product loadable into a programmable apparatus, characterized in that it comprises an application implementing security mechanisms, means for determining at least one context information of the physical environment in which runs at least part of the application, means for determining a security level depending on said determined at least context information, decision means reconfiguration / non reconfiguration based on at least means comparing the determined level of security and the security level of current applied by the security mechanisms and reconfiguration means of the application to suit the application at determined safety.
PCT/FR2007/052580 2006-12-29 2007-12-20 Method and device for adapting an application to a physical context implementing reconfigurable safety mechanisms WO2008087331A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
FR0656051 2006-12-29
FR0656051 2006-12-29

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP07871991A EP2097878A2 (en) 2006-12-29 2007-12-20 Method and device for adapting an application to a physical context implementing reconfigurable safety mechanisms

Publications (2)

Publication Number Publication Date
WO2008087331A2 true WO2008087331A2 (en) 2008-07-24
WO2008087331A3 WO2008087331A3 (en) 2008-11-06

Family

ID=38261599

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2007/052580 WO2008087331A2 (en) 2006-12-29 2007-12-20 Method and device for adapting an application to a physical context implementing reconfigurable safety mechanisms

Country Status (2)

Country Link
EP (1) EP2097878A2 (en)
WO (1) WO2008087331A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105447931A (en) * 2015-03-09 2016-03-30 北京天诚盛业科技有限公司 Remote access control authorization method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1320011A2 (en) * 2001-12-12 2003-06-18 Pervasive Security Systems Inc. Method and architecture for providing pervasive security to digital assets
US20030140246A1 (en) * 2002-01-18 2003-07-24 Palm, Inc. Location based security modification system and method
US20030191949A1 (en) * 2000-08-30 2003-10-09 Akihiro Odagawa Authentication system, authentication request device, validating device and service medium
US6636983B1 (en) * 1999-10-07 2003-10-21 Andrew E. Levi Method and system for uniform resource locator status tracking
US20060218635A1 (en) * 2005-03-25 2006-09-28 Microsoft Corporation Dynamic protection of unpatched machines

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6636983B1 (en) * 1999-10-07 2003-10-21 Andrew E. Levi Method and system for uniform resource locator status tracking
US20030191949A1 (en) * 2000-08-30 2003-10-09 Akihiro Odagawa Authentication system, authentication request device, validating device and service medium
EP1320011A2 (en) * 2001-12-12 2003-06-18 Pervasive Security Systems Inc. Method and architecture for providing pervasive security to digital assets
US20030140246A1 (en) * 2002-01-18 2003-07-24 Palm, Inc. Location based security modification system and method
US20060218635A1 (en) * 2005-03-25 2006-09-28 Microsoft Corporation Dynamic protection of unpatched machines

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SMITH J M ET AL: "Integrating physical and computer access control systems" SECURITY TECHNOLOGY, 1993 SECURITY TECHNOLOGY, PROCEEDINGS, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS 1993 INTERNATIONAL CARNAHAN CONFERENCE ON OTTAWA, ONT., CANADA 13-15 OCT. 1993, NEW YORK, NY, USA,IEEE, 12 octobre 1994 (1994-10-12), pages 176-179, XP010146508 ISBN: 0-7803-1479-4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105447931A (en) * 2015-03-09 2016-03-30 北京天诚盛业科技有限公司 Remote access control authorization method, device and system
CN105447931B (en) * 2015-03-09 2017-10-24 北京天诚盛业科技有限公司 Access remote authorization method, apparatus and system for

Also Published As

Publication number Publication date
WO2008087331A3 (en) 2008-11-06
EP2097878A2 (en) 2009-09-09

Similar Documents

Publication Publication Date Title
Carminati et al. Enforcing access control in web-based social networks
McDaniel et al. Methods and limitations of security policy reconciliation
US7188173B2 (en) Method and apparatus to enable efficient processing and transmission of network communications
US7752442B2 (en) Virtual distributed security system
Ouaddah et al. Access control in the Internet of Things: Big challenges and new opportunities
US7127613B2 (en) Secured peer-to-peer network data exchange
Almenarez et al. Developing a model for trust management in pervasive devices
US20030074579A1 (en) Virtual distributed security system
US7222187B2 (en) Distributed trust mechanism for decentralized networks
US7203753B2 (en) Propagating and updating trust relationships in distributed peer-to-peer networks
Campbell et al. Towards security and privacy for pervasive computing
Sarma et al. Identities in the future internet of things
Mahmoud et al. Internet of things (IoT) security: Current status, challenges and prospective measures
Roman et al. On the features and challenges of security and privacy in distributed internet of things
Dorri et al. Blockchain in internet of things: challenges and solutions
Hulsebosch et al. Context sensitive access control
US9386040B2 (en) Policy-based service management system
US9357331B2 (en) Systems and apparatuses for a secure mobile cloud framework for mobile computing and communication
US9032215B2 (en) Management of access control in wireless networks
Gritzalis Enhancing web privacy and anonymity in the digital era
Shands et al. Secure virtual enclaves: Supporting coalition use of distributed application technologies
JP2016513851A (en) System and method for identifying the secure application when connecting to the network
Farrell et al. Security considerations in space and delay tolerant networks
Zhu et al. PrudentExposure: A private and user-centric service discovery protocol
US9166963B2 (en) Distributed security architecture

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2007871991

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07871991

Country of ref document: EP

Kind code of ref document: A2