1. Field of the Invention
The present invention relates generally to computer security. More specifically, the present invention relates to computer security in distributed systems and user interaction with such systems.
2. Description of the Related Art
This section is intended to provide a background or context. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the claims in this application and is not admitted to be prior art by inclusion in this section.
Most current research in security addresses security theory and engineering (e.g. cryptography, algorithms, protocols) which aim at offering high guarantees for security. However, typically, in actual use, people are the weakest link in security. Even experienced computer users often find security intimidating or obstructing, applying it partially or not at all.
One application of security is with networked systems, such as home networks of computers, televisions, phones and other devices. The Digital Living Network Alliance (DLNA) has specified products for such networked “smart homes.” Digital Living Network Alliance (DLNA), “Home Networked Device Interoperability Guidelines v1.0”, June 2004. The users of these products are non-experts, everyday consumers, which only exacerbates the problem of interacting with security. Thus, there is a need for easy-to-use security mechanisms and real-world intuitive security abstractions.
A wide variety of security mechanisms and protocols at different levels need to be implemented to provide security in a “smart space” of networked devices, such as link-level security (e.g. Bluetooth Special Interest Group: “Specification Vol. 1, Specification of the Bluetooth System, Core”, version 1.1, Feb. 22 2001; Bluetooth SIG, “Bluetooth Security Architecture”, White Paper, version 1.0, 15 Jul. 1999; IEEE 802.1X, “802.1x-2001—Port Based Network Access Control”, June 2001; IEEE 802.11i, “802.11 Amendment 6: Medium Access Control Security Enhancements”, July 2004), IP-level security (e.g. IETF Network Working Group, “RFC2401: Security Architecture for the Internet Protocol”, November 1998), transport-level security (e.g. IETF Network Working Group, “RFC2246: The TLS Protocol, v1.0”, January 1999; IETF Network Working Group, “RFC2818: HTTP over TLS”, May 2000) or application-level security (e.g. UPnP Forum, “UPnP Security Ceremonies Design Document v1.0”, Oct. 3, 2003). Each of these security mechanisms requires different forms of user interaction in order for the user to configure the system's security properties to match the user's intent.
Examples of conventional concepts for management access of networked devices include link-keys, PINs, passwords, Access Control Lists (ACL), filtering of hardware addresses, creation of administrator and guest accounts and their options, certificates, certification authorities, concepts related to private/public key pairs, authentication and authorization options, etc. Depending on which security mechanisms and options are implemented in the underlying security infrastructure, the user has to take a number of different actions and perform different tasks, in essence in order to achieve the same user-level goal. Consumer non-experts generally do not use security because of the high level of complexity in most security systems.
Thus, there is a need for a middleware layer of indirection, which abstracts security concepts and exposes to users only intuitive security abstractions that can be easily understood, regardless of the protocols and algorithms used in the underlying security infrastructure. Further, there is a need for easier management of access control in networked spaces. Yet further, there is a need to improve the user experience in controlling access of devices in a network of devices.