ENDPOINT POLICY CHANGE

US 20160226912A1
Filed: 02/04/2015
Published: 08/04/2016
Est. Priority Date: 02/04/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a detection engine to detect a change in a first registered attribute associated with an endpoint device authenticated on a network to a second registered attribute;

a policy engine to change a first policy applied to the authenticated endpoint device to a second policy associated with the second registered attribute in response to the detected change; and

a response engine to execute an action governed by the second policy in response to a communication of the registered endpoint device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Endpoint device policy change can, in various examples, include detecting a change in a first registered attribute associated with an endpoint device on a network to a second registered attribute and changing a first policy applied to the endpoint device to a second policy associated with the second registered attribute in response to the detected change.

Citations

18 Claims

1. A system, comprising:
- a detection engine to detect a change in a first registered attribute associated with an endpoint device authenticated on a network to a second registered attribute;
  
  a policy engine to change a first policy applied to the authenticated endpoint device to a second policy associated with the second registered attribute in response to the detected change; and
  
  a response engine to execute an action governed by the second policy in response to a communication of the registered endpoint device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, where the detection engine detects the change based on monitored operations of the authenticated endpoint device on the network.
  - 3. The system of claim 1, where an apply engine applies the first policy with the endpoint device during authorization of the endpoint device on the network.
  - 4. The system of claim 3, where the apply engine applies the second policy with the authenticated endpoint device subsequent to the authorization of the endpoint device on the network.
  - 5. The system of claim 4, where the apply engine applies the second policy with the authenticated endpoint device while maintaining the authorization of the device on the network.
  - 6. The system of claim 1, where the second policy is represented by a full Boolean expression including the second registered attribute and a full Boolean operator.
  - 7. The system of claim 1, where the network is a software-defined network (SDN).

8. A non-transitory computer readable medium storing instructions executable by a processing resource to cause a computer to:
- associate a first registered attribute with an endpoint device;
  
  apply a first policy associated with the first registered attribute to the endpoint device;
  
  authenticate the endpoint device on a software defined network (SDN);
  
  detect a change in a first registered attribute to a second registered attribute during operation of the authenticated endpoint device on the SDN; and
  
  apply a second policy to the endpoint device based on the second registered attribute in response to the detected change.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory computer readable medium of claim 8, including instructions to apply the first policy during authorization of the endpoint device on the network.
  - 10. The non-transitory computer readable medium of claim 8, including instructions to automatically apply, without a user input, the second policy with the authenticated endpoint device in response to the detected change.
  - 11. The non-transitory computer readable medium of claim 8, including instructions to continue operation of the authenticated endpoint device on the SDN in response to applying the second policy to the authenticated endpoint device.

12. A method, comprising:
- applying a first policy associated with a first registered attribute of an endpoint device in a software defined network (SDN) during authorization of the endpoint device;
  
  detecting a change in the first registered attribute to a second registered attribute during operation of the authenticated endpoint device on the SDN;
  
  applying a second policy associated with the second registered attribute to the authenticated endpoint device; and
  
  governing communications of the authenticated endpoint device based on the second policy.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, including changing the first registered attribute to the second registered attribute in response to a suspicious connection request within the network.
  - 14. The method of claim 12, where the second registered attribute is associated with the endpoint device by a SDN controller automatically.
  - 15. The method of claim 12, including providing a notification in response to detecting the change.

16. A method, comprising:
- detecting a change in a first registered attribute of an endpoint device to a second registered attribute during operation of the endpoint device on a software defined network (SDN);
  
  applying a second policy associated with the second registered attribute to the endpoint device in response to the detected change; and
  
  governing communications of the endpoint device based on the second policy.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the first registered attribute is a status attribute, and including detecting a change in the status attribute during the operation of the endpoint device on the SDN.
  - 18. The method of claim 17, including detecting the change in the status attribute by an application during the operation of the endpoint device on the SDN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Clark, Charles F., Mentze, Duane E.

Granted Patent

US 9,923,924 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/20 for managing network securi...

H04W 4/02 Services making use of loca...

ENDPOINT POLICY CHANGE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

ENDPOINT POLICY CHANGE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links