System and method for multi-context policy management
First Claim
Patent Images
1. A method for multi-context policy management, comprising:
- generating multiple security contexts relating to a computing device communicating with a networked computing infrastructure, wherein the multiple security contexts include a first security context based on one or more first security attributes relating to the computing device communicating with the computing infrastructure and a second security context based on one or more second security attributes relating to the computing device communicating with the computing infrastructure;
receiving a request to access one or more elements in the computing infrastructure from the computing device;
receiving one or more security policy definitions that define one or more conditions associated with accessing the one or more elements in the computing infrastructure;
determining whether to grant the computing device access to the one or more elements in the computing infrastructure based on the first security context, the second security context, and the one or more security policy definitions; and
sending a response indicating that the computing device has not been granted the requested access to the one or more elements in the computing infrastructure, wherein the response includes one or more remediation messages that instruct the computing device to alter anti-virus protection associated with the computing device or increase an authentication level associated with the computing device by re-challenging a user with one or more secure authentication methods prior to any further requests to access the one or more elements.
1 Assignment
0 Petitions
Accused Products
Abstract
The system and method described herein provides multi-context security policy management in a networked computing infrastructure. The system and method may generate a plurality of security contexts regarding different security characteristics of the communication between a computing device and the networked computing infrastructure. The computing device then requests access to at least one specific element of the computing infrastructure. The security policy definitions of the at least one specific element are compared with one or more of the security contexts to determine whether access to the specific elements should be granted.
45 Citations
23 Claims
-
1. A method for multi-context policy management, comprising:
-
generating multiple security contexts relating to a computing device communicating with a networked computing infrastructure, wherein the multiple security contexts include a first security context based on one or more first security attributes relating to the computing device communicating with the computing infrastructure and a second security context based on one or more second security attributes relating to the computing device communicating with the computing infrastructure; receiving a request to access one or more elements in the computing infrastructure from the computing device; receiving one or more security policy definitions that define one or more conditions associated with accessing the one or more elements in the computing infrastructure; determining whether to grant the computing device access to the one or more elements in the computing infrastructure based on the first security context, the second security context, and the one or more security policy definitions; and sending a response indicating that the computing device has not been granted the requested access to the one or more elements in the computing infrastructure, wherein the response includes one or more remediation messages that instruct the computing device to alter anti-virus protection associated with the computing device or increase an authentication level associated with the computing device by re-challenging a user with one or more secure authentication methods prior to any further requests to access the one or more elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for multi-context security policy management in a networked computing infrastructure, the networked computing infrastructure having one or more elements, the method comprising:
-
generating a device-based security context based at least in part on one or more device-based security attributes regarding a computing device in communication with the computing infrastructure; generating a user-based security context based at least in part on one or more user-based security attributes regarding an identified user of the computing device; generating a connection-based security context based at least in part on one or more connection-based security attributes regarding the data connection between the computing device and the computing infrastructure; receiving a request from the computing device for access to at least one of the one or more elements of the computing infrastructure; receiving one or more security policy definitions for the at least one of the one or more elements, wherein the one or more security policy definitions define one or more sets of conditions for access to the at least one of the one of the one or more elements, each set of conditions including specified device-based attributes, user-based attributes, and connection based attributes, wherein for each set of conditions, the level of access to be granted to the at least one element is defined; and determining whether to grant the computing device access to the at least one of one or more elements based on the device-based security context, the user-based security context, the connection-based security context, and the one or more security policy definitions of the at least one of the one or more elements.
-
-
14. A system for multi-context policy management, comprising:
-
a networked computing infrastructure having one or more processing devices; a security context module configured to run on the one or more processing devices and generate multiple security contexts relating to a computing device communicating with the computing infrastructure, wherein the multiple security contexts include a first security context based on one or more first security attributes relating to the computing device communicating with the computing infrastructure and a second security context based on one or more second security attributes relating to the computing device communicating with the computing infrastructure; an element policy module configured to run on the one or more processing devices, receive a request to access one or more elements in the computing infrastructure from the computing device, and receive one or more security policy definitions that define one or more conditions associated with accessing the one or more elements in the computing infrastructure; an access module configured to run on the one or more processing devices and determine whether to grant the computing device access to the one or more elements in the computing infrastructure based on the first security context, the second security context, and the one or more security policy definitions; and a remediation message module configured to run on the one or more processing devices and send a response having one or more remediation messages that instruct the computing device to alter a security posture prior to further requesting access to the one or more elements in response to the access module not granting the computing device access to the one or more elements, wherein the security context module is further configured to update one or more of the first security context or the second security context in response to determining that the computing device has altered the security posture to comply with the one or more remediation instructions. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification