Protocol/API between a key server (KAP) and an enforcement point (PEP)

US 20080083011A1
Filed: 09/29/2006
Published: 04/03/2008
Est. Priority Date: 09/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for communicating policy information between at least one key authority point and at least one policy enforcement point, the method comprising:

generating detailed policy information from high level policy definitions at the at least one key authority point;

communicating the detailed policy information from the at least one key authority point to the at least one policy enforcement point over a network, wherein the detailed policy information conforms to an application programming interface; and

receiving and storing of the detailed policy information at the at least one policy enforcement point.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Application Programming Interface (API) for communicating security policy information between a Key Authority Point (KAP) and a Policy Enforcement Point (PEP), thereby eliminating the need to manually install security policies on each network device.

Citations

25 Claims

1. A method for communicating policy information between at least one key authority point and at least one policy enforcement point, the method comprising:
- generating detailed policy information from high level policy definitions at the at least one key authority point;
  
  communicating the detailed policy information from the at least one key authority point to the at least one policy enforcement point over a network, wherein the detailed policy information conforms to an application programming interface; and
  
  receiving and storing of the detailed policy information at the at least one policy enforcement point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein communicating policy information includes communicating a policy name, server information, transaction information, and transaction details.
  - 3. The method of claim 2, wherein communicating server information includes indicating one of the at least one key authority points.
  - 4. The method of claim 2, wherein communicating transaction information includes specifying a deferred reload time.
  - 5. The method of claim 2, wherein communicating transaction information includes specifying a transaction type.
  - 6. The method of claim 5, wherein specifying the transaction type includes specifying a transaction type that corresponds with the transaction details.
  - 7. The method of claim 5, wherein specifying the transaction type includes specifying a replace transaction.
  - 8. The method of claim 2, wherein communicating transaction details includes communicating details for a replace transaction.
  - 9. The method of claim 8, wherein communicating transaction details includes specifying a set of policy rules.
  - 10. The method of claim 9, wherein specifying the set of policy rules includes specifying at least one policy rule.
  - 11. The method of claim 10, wherein specifying the at least one policy rule includes specifying a policy action.
  - 12. The method of claim 1, wherein communicating the detailed policy information includes communicating at least one key.
  - 13. The method of claim 1, wherein communicating the detailed policy information includes communicating using transport layer security.
  - 14. The method of claim 1, wherein communicating the detailed policy information includes communicating using remote procedure calls encoded with an extensible markup language.

15. A system for communicating security policy information between a key authority point and a policy enforcement point, the system comprising:
- at least one key authority point residing on a network;
  
  at least one policy enforcement point residing on the network; and
  
  an application programming interface between the at least one key authority point and the at least one policy enforcement point for invoking remote procedure calls over the network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The system of claim 15, wherein the application programming interface comprises:
    - a policy name component;
      
      a server information component;
      
      a transaction information component; and
      
      a transaction details component.
  - 17. The system of claim 16, wherein the server information component indicates one of the at least one key authority points.
  - 18. The system of claim 16, wherein the transaction information component includes a deferred reload time.
  - 19. The system of claim 16, wherein the transaction information component includes a transaction type.
  - 20. The system of claim 19, wherein the transaction type indicates a type of content stored in the transaction details component.
  - 21. The system of claim 19, wherein the transaction type indicates a replace transaction.
  - 22. The system of claim 16, wherein the transaction details component includes details for a replace transaction.
  - 23. The system of claim 22, wherein the transaction details component includes a set of policy rules.
  - 24. The system of claim 23, wherein the set of policy rules includes at least one policy rule.
  - 25. The system of claim 24, wherein the at least one policy rule includes a action component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certes Networks, Inc.
Original Assignee
Certes Networks, Inc.
Inventors
Orange, John Cary, McAlister, Donald

Application Number

US11/541,424
Publication Number

US 20080083011A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Protocol/API between a key server (KAP) and an enforcement point (PEP)

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Protocol/API between a key server (KAP) and an enforcement point (PEP)

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links