Systems and methods for automating security controls between computer networks
First Claim
1. A security control (SC) system comprising one or more security control (SC) computing devices for automating security controls between computer networks, the one or more SC computing devices comprising at least one processor and a memory, the SC system configured to:
- generate, using a declared dependency graph, a network topology based on service metadata identifying zones of the computer networks;
identify one or more computer systems included in the computer networks based on the network topology, wherein the identified one or more computer systems are one or more non-privileged access computer systems that do not require privileged access to a service controlled by the one or more SC computing devices;
receive a request to access the service including a system identifier, the system identifier identifies a candidate computer system requesting access to the service;
perform a lookup in the network topology for the candidate computer system;
determine that the candidate computer system is not one of the one or more non-privileged access computer systems based on results from the lookup;
in response to the determination, build a token request based on the received request;
download, from a policy administration point (PAP), at least one security policy and at least one public key, the at least one security policy and the at least one public key associated with the system identifier;
correlate the token request to the at least one security policy and the at least one public key;
generate an access token in response to the token request, wherein the access token is included in an authorization request;
invoke the service using the authorization request;
validate the access token using the at least one security policy and the at least one public key; and
authorize access to the service in response to the validation.
1 Assignment
0 Petitions
Accused Products
Abstract
A security control (SC) system including one or more security control (SC) computing devices for automating security controls between computer networks is provided. The SC system is configured to receive a request to access a service including a system identifier that identifies a computer system requesting access to a service controlled by the one or more SC computing devices, build a token request based on the request, and correlate the token request to at least one security policy associated with the system identifier. The SC system is also configured to generate an access token in response to the token request, wherein the access token is included in an authorization request, and invoke the service using the authorization request. The SC system is further configured to validate the access token using the at least one security policy and authorize access to the service based on the at least one security policy.
15 Citations
18 Claims
-
1. A security control (SC) system comprising one or more security control (SC) computing devices for automating security controls between computer networks, the one or more SC computing devices comprising at least one processor and a memory, the SC system configured to:
-
generate, using a declared dependency graph, a network topology based on service metadata identifying zones of the computer networks; identify one or more computer systems included in the computer networks based on the network topology, wherein the identified one or more computer systems are one or more non-privileged access computer systems that do not require privileged access to a service controlled by the one or more SC computing devices; receive a request to access the service including a system identifier, the system identifier identifies a candidate computer system requesting access to the service; perform a lookup in the network topology for the candidate computer system; determine that the candidate computer system is not one of the one or more non-privileged access computer systems based on results from the lookup; in response to the determination, build a token request based on the received request; download, from a policy administration point (PAP), at least one security policy and at least one public key, the at least one security policy and the at least one public key associated with the system identifier; correlate the token request to the at least one security policy and the at least one public key; generate an access token in response to the token request, wherein the access token is included in an authorization request; invoke the service using the authorization request; validate the access token using the at least one security policy and the at least one public key; and authorize access to the service in response to the validation. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for automating security controls between computer networks, the method implemented using one or more security control (SC) computing devices coupled to a memory device, the method comprising:
-
generating, using a declared dependency graph, a network topology based on service metadata identifying zones of the computer networks; identifying one or more computer systems included in the computer networks based on the network topology, wherein the identified one or more computer systems are one or more non-privileged access computer systems that do not require privileged access to a service controlled by the one or more SC computing devices; receiving a request to access the service including a system identifier, the system identifier identifies a candidate computer system requesting access to the service; performing a lookup in the network topology for the candidate computer system; determining that the candidate computer system is not one of the one or more non-privileged access computer systems based on results from the lookup; in response to the determination, building a token request based on the received request; downloading, from a policy administration point (PAP), at least one security policy and at least one public key, the at least one security policy and the at least one public key associated with the system identifier; correlating the token request to the at least one security policy and the at least one public key; generating an access token in response to the token request, wherein the access token is included in an authorization request; invoking the service using the authorization request; validating the access token using the at least one security policy and the at least one public key; and authorizing access to the service in response to the validation. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium that includes computer-executable instructions for automating security controls between computer networks, wherein when executed by one or more security control (SC) computing devices comprising at least one processor in communication with at least one memory device, the computer-executable instructions cause the one or more SC computing devices to:
-
generate, using a declared dependency graph, a network topology based on service metadata identifying zones of the computer networks; identify one or more computer systems included in the computer networks based on the network topology, wherein the identified one or more computer systems are one or more non-privileged access computer systems that do not require privileged access to a service controlled by the one or more SC computing devices; receive a request to access the service including a system identifier, the system identifier identifies a candidate computer system requesting access to service; perform a lookup in the network topology for the candidate computer system; determine that the candidate computer system is not one of the one or more non-privileged access computer systems based on results from the lookup; in response to the determination, build a token request based on the received request; download, from a policy administration point (PAP), at least one security policy and at least one public key, the at least one security policy and the at least one public key associated with the system identifier; correlate the token request to the at least one security policy and the at least one public key; generate an access token in response to the token request, wherein the access token is included in an authorization request; invoke the service using the authorization request; validate the access token using the at least one security policy and the at least one public key; and authorize access to the service in response to the validation. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification