Consumers are acquiring an increasing array of electronics, personal computers, and mobile devices. In addition to using and managing these devices, consumers also want to view digital media on these devices. For example, some consumers can watch TV on their mobile phones, or access recipes from the computer housed in their refrigerator door or elsewhere in the kitchen. Personal Digital Assistants (PDAs) can be used to send faxes, download reports, browse the Web, and more. Although these devices have made our lives easier in many ways, problems can arise with security on these devices.
Each device has different security capabilities based on their hardware and software platforms. For example, most existing devices that support Universal Plug and Play (UPnP) or simpler protocols have at best a hard coded encryption key, and quite often not even that. Users are required to understand what security measures, if any, are included with each device, and to program each individually. This can be time consuming, frustrating, and may not provide the level of security that the consumer ultimately needs or wants. For example, you can program a TV remote control to block certain channels so that under-age children cannot view undesirable media content. But programming the remote will do only that—it can not block the same user from downloading the same undesirable content onto a mobile phone or personal computer. Each consumer electronic device may have its own security setting(s) or none at all, depending on its hardware and/or software platform. Current security for a home device such as a DVD player, game player, or personal computer can grant or deny a user access that device, but cannot differentiate levels of usage. In addition, the security for one device cannot be applied to another device. Similarly, it cannot recognize what a user is allowed to do on another device.
Current PC networks, such as those in corporate settings, assume that each device on the network has the security capabilities to participate at the level required by the network. Devices in this case are either trusted or not. In other words, devices that do not meet this baseline of security are not allowed to participate in the network at all.