Hierarchical Trust Based Posture Reporting and Policy Enforcement
First Claim
1. A method comprising:
- establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point;
establishing a secure communication channel over an other communication link, the other communication link between at least the policy enforcement point and a manageability engine; and
forwarding the posture information to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point, the policy decision point to indicate what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
0 Assignments
0 Petitions
Accused Products
Abstract
A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.
-
Citations
17 Claims
-
1. A method comprising:
-
establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point; establishing a secure communication channel over an other communication link, the other communication link between at least the policy enforcement point and a manageability engine; and forwarding the posture information to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point, the policy decision point to indicate what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A manageability engine comprising:
-
a memory; a plurality of input/output (I/O) interfaces; security logic coupled with the memory, the security logic having at least a posture feature and a cryptographic feature; control logic coupled with the security logic, the memory, and the plurality of I/O interfaces, the control logic to establish a secure communication channel via a communication link through a first I/O interface with a policy enforcement agent, to obtain posture information associated with the manageability engine from the posture feature and an access requester; the cryptographic feature to cryptographically sign the posture information with a secret key maintained in the memory; and the control logic to forward the cryptographically signed posture information to the policy enforcement agent via the secure communication channel, the cryptographically signed posture information to be forwarded to a policy decision point for the network via another secure communication channel established between the policy enforcement agent and the policy decision point, wherein the policy decision point is to indicate what access the access requester can obtain to the network based on a comparison of the posture information to a network administrative policy. - View Dependent Claims (14, 15, 16, 17)
-
Specification