Network security policy mediation
First Claim
Patent Images
1. A method for mediating between first and second network security policies, comprising:
- mapping, by a security policy mediation device (SPMD) including at least one hardware processor, a first security policy to a second security policy, wherein the second security policy is a generic network-independent policy that is devoid of any specific network technology; and
mapping, by the SPMD, the second security policy to a plurality of rules, each associated with a target network security policy and collectively executable at the target network, wherein one policy of the first security policy and the target network security policy is operable for an IP-based network and the other policy of the first security policy and the target network security policy is operable for a signaling system number 7 (SS7) network, wherein mapping between the second security policy and the plurality of rules each associated with a target network security policy and collectively executable at the target network includes searching a repository, using the second security policy, for one or more executable security modules for including in the target network security policy; and
wherein mapping the second security policy to the plurality of rules associated with the target network security policy comprises;
deconstructing each rule of the second security policy into at least one generic action and at least one generic target;
mapping the at least one generic action into at least one action deployable in the target network security policy; and
mapping the at least one generic target to at least one target of the target network security policy; and
wherein the SPMD provides a consistent end-to-end security policy comprised of the first security policy and the target network security policy, across a convergent network including the SS7 network and the IP-based network.
16 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for mediating between first and second network security policies, by: (1) mapping a first security policy to a generic second security policy, and (2) mapping the generic second security policy to a plurality of rules each associated with a target network security policy.
-
Citations
13 Claims
-
1. A method for mediating between first and second network security policies, comprising:
-
mapping, by a security policy mediation device (SPMD) including at least one hardware processor, a first security policy to a second security policy, wherein the second security policy is a generic network-independent policy that is devoid of any specific network technology; and mapping, by the SPMD, the second security policy to a plurality of rules, each associated with a target network security policy and collectively executable at the target network, wherein one policy of the first security policy and the target network security policy is operable for an IP-based network and the other policy of the first security policy and the target network security policy is operable for a signaling system number 7 (SS7) network, wherein mapping between the second security policy and the plurality of rules each associated with a target network security policy and collectively executable at the target network includes searching a repository, using the second security policy, for one or more executable security modules for including in the target network security policy; and wherein mapping the second security policy to the plurality of rules associated with the target network security policy comprises; deconstructing each rule of the second security policy into at least one generic action and at least one generic target; mapping the at least one generic action into at least one action deployable in the target network security policy; and mapping the at least one generic target to at least one target of the target network security policy; and wherein the SPMD provides a consistent end-to-end security policy comprised of the first security policy and the target network security policy, across a convergent network including the SS7 network and the IP-based network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system configured to mediate between an originating network security policy and a target network security policy, the system comprising:
-
a security policy mediation device (SPMD) comprising; a hardware processor; and a memory, wherein the memory stores instructions that when executed by the at least one hardware processor performs the steps comprising; mapping first rules of an originating network security policy to second rules of a generic security policy that is devoid of specific network technology; and mapping the second rules of the generic network security policy to third rules of a target network security policy, wherein one policy of the originating network security policy and the target network security policy is operable for an IP-based network and the other policy of the originating network security policy and the target network security policy is operable for a signaling system number 7 (SS7) network, wherein mapping between the second rules of the generic network security policy and the third rules of the target network security policy each associated with the target network security policy and collectively executable at the target network includes searching a repository, using the second security policy, for one or more executable security modules for including in the target network security policy; wherein mapping the second rules of the generic network security policy to second third rules of the target network security policy comprises; deconstructing each of the second rules into at least one generic action and at least one generic target, mapping the at least one generic action into at least one action deployable in the target network security policy; and mapping the at least one generic target to at least one target of the target network security policy; and wherein the SPMD provides a consistent end-to-end security policy comprised of the originating network policy and the target network security policy across a convergent network that includes the SS7 network and the IP-based network. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification