Distributed security architecture
First Claim
1. A method for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing comprising:
- providing a hardware and software combined solution;
providing comprehensive open system interconnection layer 3.5 processing;
implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;
wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;
forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag;
accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag;
receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and
upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile or stationary client by enforcing communication policies within a policy decision point; an anti-tamper hardware policy decision point encapsulated within the anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the client; a context manager configured to handle system-wide status change update signaling; and an authentication manager configured to provide clients with registration and credential/role assignments based on access policies. The distributed security architecture may be configured to provide open system interconnection layer 3.5 policy-based secure routing, and open system interconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.
-
Citations
12 Claims
-
1. A method for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing comprising:
-
providing a hardware and software combined solution; providing comprehensive open system interconnection layer 3.5 processing; implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;
wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag; accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag; receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest. - View Dependent Claims (2, 3, 4)
-
-
5. A non-transitory computer-readable storage medium storing one or more applications, which, when executed on a processor, perform an operation for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing, the operation comprising:
-
providing a hardware and software combined solution; providing comprehensive open system interconnection layer 3.5 processing; implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;
wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag; accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag; receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest. - View Dependent Claims (6, 7, 8)
-
-
9. A system, comprising:
-
a hardware processor; and a memory storing one or more applications, which, when executed on the processor perform an operation for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing, the operation comprising; providing a hardware and software combined solution, providing comprehensive open system interconnection layer 3.5 processing, implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest, wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4; forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag, accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag, receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level, and upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest. - View Dependent Claims (10, 11, 12)
-
Specification