System and methodology for security policy arbitration
First Claim
1. A method for a particular device to apply a flexible security policy that is automatically adjusted over time as required for connection to different networks, the method comprising:
- (a) receiving a request from the particular device for a connection to a particular network, said particular device applying an initial security policy selected from a plurality of security policies available for governing connections, each security policy governing connections with a specific set of constraints;
(b) based on said particular network and said plurality of security policies available to said particular device, determining a current merged policy to apply to said particular device for governing said connection to said particular network, by merging said initial security policy with at least one other of the security policies available for governing connections;
(c) allowing said connection to said particular network to proceed with said current merged policy applied to said particular device; and
(d) repeating steps (a)-(c) for a plurality of connections to different networks, thereby automatically adjusting the security policy applied to the particular device based on the particular device'"'"'s current connections.
4 Assignments
0 Petitions
Accused Products
Abstract
A system providing methods for a device to apply a security policy required for connection to a network is described. In response to receipt of a request from a device for connection to a particular network, a current policy to apply to said device for governing the connection to this particular network is determined from a plurality of available security policies available to the device. This current policy to apply to said device is generated by merging a plurality of security policies available for governing connections. After said current policy is applied to the device, the connection from the device to this particular network is allowed to proceed.
-
Citations
51 Claims
-
1. A method for a particular device to apply a flexible security policy that is automatically adjusted over time as required for connection to different networks, the method comprising:
-
(a) receiving a request from the particular device for a connection to a particular network, said particular device applying an initial security policy selected from a plurality of security policies available for governing connections, each security policy governing connections with a specific set of constraints; (b) based on said particular network and said plurality of security policies available to said particular device, determining a current merged policy to apply to said particular device for governing said connection to said particular network, by merging said initial security policy with at least one other of the security policies available for governing connections; (c) allowing said connection to said particular network to proceed with said current merged policy applied to said particular device; and (d) repeating steps (a)-(c) for a plurality of connections to different networks, thereby automatically adjusting the security policy applied to the particular device based on the particular device'"'"'s current connections. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for a device to create and maintain a flexible security policy that is automatically revised over time as required to allow connection to a plurality of networks, the method comprising:
-
providing a security enforcement module at a device, said security enforcement module enforcing an existing initial security policy; upon receipt of a request for connection of said device to a new network, determining at that moment in time a particular security policy required to be enforced to allow connection of said device to said new network; generating from existing security policies a revised security policy for enforcement by said security enforcement module, said revised security policy based upon merging said particular security policy and said initial security policy so that security settings currently appropriate for the device are activated and security settings currently inappropriate for the device are inactivated; applying said revised security policy to said security enforcement module to allow said device to connect to said new network with appropriate security; and as the device connects to different networks, automatically regenerating the revised security policy applied to the particular device based on the particular device'"'"'s then-current connections. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for regulating access at a computing system as required for connection to a network, the system comprising:
-
a connection manager for receiving a request for connection to said network at said computing system and determining at that point in time an initial access policy which is required for connection to said network; a rules engine for automatically generating and repeatedly regenerating a current access policy for regulating access at said computing system as required for connection to different networks, so that security rules currently applied to the computing system are based on the computing system'"'"'s current connections, said current access policy being generated and repeatedly regenerated by merging a plurality of existing access policies available at said computing system, so that from time to time the rules engine automatically activates security rules that are required for current connections and deactivates security rules that are no longer required for current connections; and a security enforcement module for applying said current access policy for regulating access at said computing system. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for automatically and continually adjusting enforcement rules of a security enforcement module at a device as required from time to time to enable access to a plurality of different networks with appropriate security settings, the method comprising:
-
providing an enforcement module at said device, said enforcement module applying an initial set of enforcement rules already existing at said device; upon receiving a trigger event comprising a request for access to a given network, determining particular enforcement rules required to be applied by said enforcement module to enable access to said network; responsive to said trigger event, automatically adjusting said initial set of enforcement rules by merging said initial set of enforcement rules with said particular enforcement rules required to enable access to said network; applying said adjusted enforcement rules to said enforcement module to enable said device to access said network with security settings that are appropriate at that moment in; and as the device connects to different networks, automatically readjusting the enforcement rules being applied to enable said device to access different networks with security settings that are appropriate at that moment in time. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
-
Specification