Method and apparatus for security assurance automation
US-2022239700-A1 · Jul 28, 2022 · US
Network supported low latency security-based orchestration
US2022014566A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022014566-A1 |
| Application number | US-202117484617-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 24, 2021 |
| Priority date | Sep 24, 2021 |
| Publication date | Jan 13, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various aspects of methods, systems, and use cases include security-based orchestration. A method may include evaluating, within a secure environment of an untrusted device, a preamble to determine a set of security requirements. The method may include, providing, to an attestation server, an indication of security parameters for services of the untrusted device corresponding to security requirements of the set of security requirements, and in response to receiving a confirmation from the attestation server, providing a request to the untrusted device outside the secure environment to generate a trusted domain including the services.
First claim
Opening claim text (preview).
What is claimed is: 1 . A device comprising: processing circuitry operating outside a secure environment; processing circuitry operating within a secure environment; and memory including instructions for security-based orchestration, which when executed by the processing circuitry operating within the secure environment, causes the processing circuitry operating within the secure environment to perform operations including: receiving, from an edge device, a binary file; evaluating a preamble of the binary file to determine a set of security requirements; providing, to an attestation server, an indication of security parameters for services of the device corresponding to security requirements of the set of security requirements; receiving a confirmation from the attestation server based on the indication; and in response to receiving the confirmation, providing a request to the processing circuitry operating outside the secure environment to generate a trusted domain outside the secure environment to execute the services. 2 . The device of claim 1 , wherein evaluating the preamble includes sequentially determining whether a service of the device corresponding to each of the set of security requirements meets a respective security requirement. 3 . The device of claim 1 , wherein the instructions further cause the processing circuitry operating within the secure environment to perform operations including executing the services within the trusted domain using the binary file. 4 . The device of claim 1 , wherein the set of security requirements include at least one contingent security requirement, the contingent security requirement including a first requirement for a first level of security for a service, and a second requirement for a second level of security for the service requiring less security than the first level. 5 . The device of claim 4 , wherein in response to the first level of security not being met at the device, the instructions further cause the processing circuitry operating within the secure environment to perform operations including providing the indication of security parameters for the services includes providing an indication of security parameters corresponding to the second level of security. 6 . The device of claim 1 , wherein the set of security requirements include at least two different levels of security for at least two respective services. 7 . The device of claim 1 , wherein the edge device is a vehicle. 8 . The device of claim 1 , wherein the preamble is in a header of a packet or in a header packet of the binary file. 9 . The device of claim 1 , wherein evaluating the preamble includes evaluating a set of execution requirements, and wherein the instructions further cause the processing circuitry operating within the secure environment to perform operations including identifying the services based on both the execution requirements and the security requirements. 10 . The device of claim 1 , wherein the instructions further cause the processing circuitry operating within the secure environment to perform operations including: evaluating a second preamble of a second binary file to determine a second set of security requirements and a second set of execution requirements; determining that a security requirement of the second set of security requirements or an execution requirement of the second set of execution requirements cannot be met at the device; and in response to the determination, providing a notification that the respective requirement cannot be met. 11 . The device of claim 1 , wherein the device is one of at least two devices receiving the binary file from an orchestration device. 12 . The device of claim 1 , wherein the trusted domain is stored and accessible across a network by another device. 13 . An apparatus for security-based orchestration, the apparatus comprising: means for receiving, from an edge device, a binary file at a secure environment of the apparatus; means for evaluating within the secure environment, a preamble of the binary file to determine a set of security requirements; means for providing, to an attestation server, an indication of security parameters for services of the apparatus corresponding to security requirements of the set of security requirements; means for receiving a confirmation from the attestation server based on the indication; and in response to receiving the confirmation, means for providing a request to the apparatus outside the secure environment to generate a trusted domain including the services. 14 . The apparatus of claim 13 , wherein the means for evaluating the preamble include means for sequentially determining whether a service of the apparatus corresponding to each of the set of security requirements meets a respective security requirement. 15 . The apparatus of claim 13 , further comprising means for executing the services within the trusted domain using the binary file. 16 . A method for security-based orchestration, the method comprising: receiving, from an edge device, a binary file at a secure environment of a device; evaluating within the secure environment, a preamble of the binary file to determine a set of security requirements; providing, to an attestation server, an indication of security parameters for services of the device corresponding to security requirements of the set of security requirements; receiving a confirmation from the attestation server based on the indication; and in response to receiving the confirmation, providing a request to the device outside the secure environment to generate a trusted domain including the services. 17 . The method of claim 16 , wherein the set of security requirements include at least one contingent security requirement, the contingent security requirement including a first requirement for a first level of security for a service, and a second requirement for a second level of security for the service requiring less security than the first level. 18 . The method of claim 17 , wherein when the first level of security is not met at the device, providing the indication of security parameters for the services includes providing an indication of security parameters corresponding to the second level of security. 19 . The method of claim 16 , wherein the preamble is in a header of a packet or in a header packet of the binary file. 20 . The method of claim 16 , wherein evaluating the preamble includes evaluating a set of execution requirements, and further comprising identifying the services based on both the set of execution requirements and the security requirements. 21 . A data structure stored on a machine-readable medium comprising: a preamble stored in the machine-readable medium, which when executed in a secure environment of a device, causes processing circuitry of the secure environment to perform operations including: evaluating within the secure environment, the preamble to determine a set of security requirements; providing, to an attestation server, an indication of security parameters for services of the device corresponding to security requirements of the set of security requirements; receiving a confirmation from the attestation server based on the indication; and in response to receiving the confirmation, providing a request to the device outside the secure environment to generate a trusted domain including the services. 22 . The data structure of claim 21
Assignees
Inventors
Classifications
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022014566A1 cover?
- Various aspects of methods, systems, and use cases include security-based orchestration. A method may include evaluating, within a secure environment of an untrusted device, a preamble to determine a set of security requirements. The method may include, providing, to an attestation server, an indication of security parameters for services of the untrusted device corresponding to security requir…
- Who is the assignee on this patent?
- Guim Bernat Francesc, Moustafa Hassnaa, Doshi Kshitij Arun, and 4 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jan 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).