System and method for enabling unconfigured devices to join an autonomic network in a secure manner
First Claim
1. A method, comprising:
- using a processor to create an initial information package for a device attempting to join a network domain of a network environment;
communicating the initial information package to a signing authority;
sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device;
evaluating an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment including, for each of the previous attempts, a date and time of the attempt, an identity of a network domain associated with the attempt, and an indication of whether the attempt was successful;
applying a policy to the device based on an evaluation of the audit history report;
generating a completed information package, wherein the completed information package includes an authorization token;
applying a second signature to the completed information package;
sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.
0 Assignments
0 Petitions
Accused Products
Abstract
A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.
43 Citations
20 Claims
-
1. A method, comprising:
-
using a processor to create an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; evaluating an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment including, for each of the previous attempts, a date and time of the attempt, an identity of a network domain associated with the attempt, and an indication of whether the attempt was successful; applying a policy to the device based on an evaluation of the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. Logic encoded in one or more non-transitory computer-readable media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; evaluating an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment including, for each of the previous attempts, a date and time of the attempt, an identity of a network domain associated with the attempt, and an indication of whether the attempt was successful; applying a policy to the device based on an evaluation of the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.
-
-
16. An apparatus, comprising:
-
a memory element configured to store data; a processor operable to execute instructions associated with the data; and an information package module configured to interface with the memory element and the processor, wherein the apparatus is configured to; create an initial information package for a device attempting to join a network domain of a network environment; communicate the initial information package to a signing authority; send an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; evaluate an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment including, for each of the previous attempts, a date and time of the attempt, an identity of a network domain associated with the attempt, and an indication of whether the attempt was successful; apply a policy to the device based on an evaluation of the audit history report; generate a completed information package, wherein the completed information package includes an authorization token; apply a second signature to the completed information package; send the authorization token and the completed information package to the device, the device validating the second signature on the completed information package. - View Dependent Claims (17, 18, 19, 20)
-
Specification