Automated environmental policy awareness
First Claim
1. A method of configuring a device operating in a network environment, comprising:
- receiving a network policy from a policy authority that is an entity other than the device, and that is configured to send one or more network policies to one or more devices operating in the network environment, wherein the network environment is one of a plurality of network environments in which the device is configured to operate;
classifying the network policy based on a trust level of the policy authority, wherein the trust level of the policy authority is established by decrypting a digital signature associated with the network policy using a public key to obtain an identifier associated with the policy authority and comparing the identifier to a list of known policy authorities, and wherein the classification is one of a plurality of classifications each associated with a corresponding one of the plurality of network environments;
determining a local policy according to the classification, wherein the local policy is one of a plurality of local policies, each local policy in the plurality corresponding to an associated one of the plurality of network environments; and
determining a device configuration change to comply with the network policy in accordance with the local policy by merging the received network policy with the determined local policy.
3 Assignments
0 Petitions
Accused Products
Abstract
Configuring a device operating in a network environment comprises receiving a network policy from a policy authority, classifying the network policy based on the identity of the policy authority, determining a local policy according to the classification, and determining a device configuration change to comply with the network policy in accordance with the local policy. Configuring a device joining a network environment includes detecting that a device has joined the network environment, sending a network policy from a policy authority to the device, the network policy including authentication information for the policy authority, and notifying the presence of the device to a policy monitor.
-
Citations
33 Claims
-
1. A method of configuring a device operating in a network environment, comprising:
-
receiving a network policy from a policy authority that is an entity other than the device, and that is configured to send one or more network policies to one or more devices operating in the network environment, wherein the network environment is one of a plurality of network environments in which the device is configured to operate; classifying the network policy based on a trust level of the policy authority, wherein the trust level of the policy authority is established by decrypting a digital signature associated with the network policy using a public key to obtain an identifier associated with the policy authority and comparing the identifier to a list of known policy authorities, and wherein the classification is one of a plurality of classifications each associated with a corresponding one of the plurality of network environments; determining a local policy according to the classification, wherein the local policy is one of a plurality of local policies, each local policy in the plurality corresponding to an associated one of the plurality of network environments; and determining a device configuration change to comply with the network policy in accordance with the local policy by merging the received network policy with the determined local policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A device operating in a network, comprising:
-
at least one processor configured to; receive a network policy from a policy authority that is an entity other than the device, and that is configured to send one or more network policies to one or more devices operating in the network environment, wherein the network environment is one of a plurality of network environments in which the device is configured to operate; classify the network policy based on a trust level of the policy authority, wherein the trust level of the policy authority is established by decrypting a digital signature associated with the network policy using a public key to obtain an identifier associated with the policy authority and comparing the identifier to a list of known policy authorities, and wherein the classification is one of a plurality of classifications each associated with a corresponding one of the plurality of network environments; determine a local policy according to the classification, wherein the local policy is one of a plurality of local policies, each local policy in the plurality corresponding to an associated one of the plurality of network environments; and determine a device configuration change to comply with the network policy in accordance with the local policy by merging the received network policy with the determined local policy; and a memory coupled to the at least one processor, configured to provide the at least one processor with instructions. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable storage medium that stores a computer program product for configuring a device operating in a network environment, the computer program product comprising computer instructions for:
-
receiving a network policy from a policy authority that is an entity other than the device, and that is configured to send one or more network policies to one or more devices operating in the network environment, wherein the network environment is one of a plurality of network environments in which the device is configured to operate; classifying the network policy based on a trust level of the policy authority, wherein the trust level of the policy authority is established by decrypting a digital signature associated with the network policy using a public key to obtain an identifier associated with the policy authority and comparing the identifier to a list of known policy authorities, and wherein the classification is one of a plurality of classifications each associated with a corresponding one of the plurality of network environments; determining a local policy according to the classification, wherein the local policy is one of a plurality of local policies, each local policy in the plurality corresponding to an associated one of the plurality of network environments; determining a device configuration change to comply with the network policy in accordance with the local policy by merging the received network policy with the determined local policy. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification