Distributed security architecture
First Claim
1. A distributed security architecture implemented in a distributed computing network comprising mobile devices, the architecture comprising:
- assets protected by entitlement-specifying policies;
a mobile anti-tamper hardware policy enforcement point that is configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point;
a mobile anti-tamper hardware policy decision point that is encapsulated within the mobile anti-tamper hardware policy enforcement point;
a policy exchange channel for policy distribution nodes which is to at least one of distribute, update communication,or route security policies to the mobile client using a policy exchange protocol (PXP);
a contextual manager handling system-wide status change update signaling;
a mobility authentication manager providing mobile clients with registration and credential/role assignments based on mobile access policies;
open system interconnection layers 2, 3, 3.5, 4, 5, 6, and 7 in the distributed computing network;
wherein the open system interconnection layer 3.5 is above the open system interconnection layer 3 and provides distributed security policy enforcement and policy-based secure routing, and distributes and enforces the open system interconnection layer 3.5 security policy to mobile clients forming a policy-managed community of interest to at least two of the mobile clients and providing comprehensive information assurance in all of the open system interconnection layers; and
the open system interconnection layer 2 provides policy-based mandatory access control address filtering to provide a secured protocol session and computing at the open system interconnection layers 4, 5, 6, and 7.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point; a mobile anti-tamper hardware policy decision point encapsulated within the mobile anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the mobile client; a contextual manager configured to handle system-wide status change update signaling; and a mobility authentication manager configured to provide mobile clients with registration and credential/role assignments based on mobile access policies. The distributed security architecture may be configured to provide open system interconnection layer 3.5 policy-based secure routing, and open system interconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.
-
Citations
11 Claims
-
1. A distributed security architecture implemented in a distributed computing network comprising mobile devices, the architecture comprising:
-
assets protected by entitlement-specifying policies; a mobile anti-tamper hardware policy enforcement point that is configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point; a mobile anti-tamper hardware policy decision point that is encapsulated within the mobile anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution nodes which is to at least one of distribute, update communication,or route security policies to the mobile client using a policy exchange protocol (PXP); a contextual manager handling system-wide status change update signaling; a mobility authentication manager providing mobile clients with registration and credential/role assignments based on mobile access policies; open system interconnection layers 2, 3, 3.5, 4, 5, 6, and 7 in the distributed computing network; wherein the open system interconnection layer 3.5 is above the open system interconnection layer 3 and provides distributed security policy enforcement and policy-based secure routing, and distributes and enforces the open system interconnection layer 3.5 security policy to mobile clients forming a policy-managed community of interest to at least two of the mobile clients and providing comprehensive information assurance in all of the open system interconnection layers; and the open system interconnection layer 2 provides policy-based mandatory access control address filtering to provide a secured protocol session and computing at the open system interconnection layers 4, 5, 6, and 7. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for a distributed security architecture implemented in a distributed computing network comprising mobile devices, the method comprising:
-
protecting assets by entitlement-specifying policies; encapsulating a mobile anti-tamper hardware policy decision point within the mobile anti-tamper hardware policy enforcement point; distributing, by a policy exchange channel for policy distribution nodes, security policies to the mobile client using a policy exchange protocol (PXP); handling, by a contextual manager, system-wide status change update signaling; providing, by a mobility authentication manager, mobile clients with registration and credential/role assignments based on mobile access policies; providing open system interconnection layers 2, 3, 3.5, 4, 5, 6, and 7 in the distributed computing network, the open system interconnection layer 3.5 is above the open system interconnection layer 3; distributing security policy enforcement and policy-based secure routing; distributing and enforcing the open system interconnection layer 3.5 security policy to mobile clients forming a policy-managed community of interest to at least two of the mobile clients and providing comprehensive information assurance in all of the open system interconnection layers; and providing, by the open system interconnection layer 2, policy-based mandatory access control address filtering and providing a secured protocol session and computing at the open system interconnection layers 4, 5, 6, and 7.
-
Specification