Techniques for identity and policy based routing

US 9,848,017 B2
Filed: 01/30/2015
Issued: 12/19/2017
Est. Priority Date: 08/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

creating a customized network with multiple customized routes based on a resource identity and identifying customized connection protocols and services associated with interfacing with the resource identity over the customized network and defining the customized network as the multiple customized routes between a resource associated with the resource identity and other resources for the resource to interface with the other resources over the customized network by using the customized connection protocols and services associated with the resource identity with the connection protocols and services customized based on role assignments and the resource identity;

providing access over the multiple customized routes for the resource to establish connections and to access the other resources over a network connection within the customized network; and

detecting when an inactive role assigned to the resource or at least one of the other resources is activated as a new active role for the resource or the at least one of the other resources and in response creating a new customized network with multiple new customized routes.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for identity and policy based routing are presented. A resource is initiated on a device with a resource identity and role assignments along with policies are obtained for the resource. A customized network is created for the resource using a device address for the device, the resource identity, the role assignments, and the policies.

Citations

20 Claims

1. A method, comprising:
- creating a customized network with multiple customized routes based on a resource identity and identifying customized connection protocols and services associated with interfacing with the resource identity over the customized network and defining the customized network as the multiple customized routes between a resource associated with the resource identity and other resources for the resource to interface with the other resources over the customized network by using the customized connection protocols and services associated with the resource identity with the connection protocols and services customized based on role assignments and the resource identity;
  
  providing access over the multiple customized routes for the resource to establish connections and to access the other resources over a network connection within the customized network; and
  
  detecting when an inactive role assigned to the resource or at least one of the other resources is activated as a new active role for the resource or the at least one of the other resources and in response creating a new customized network with multiple new customized routes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein creating further includes creating the customized network based on role assignments and policies.
  - 3. The method of claim 1, wherein creating further includes creating the customized network as a Virtual Private Network (VPN).
  - 4. The method of claim 3 further comprising, defining all devices and all additional resources that the resource can access when the resource access the VPN.
  - 5. The method of claim 4, wherein creating further includes initially creating the customized network with just the resource and dynamically adding the other resources.
  - 6. The method of claim 1, wherein providing further includes dynamically adding an additional resource to the customized network.
  - 7. The method of claim 1, wherein providing further includes identifying the resource as a workload.
  - 8. The method of claim 1, wherein providing further includes providing the multiple customized routes to one or more network routers as a routing table.
  - 9. The method of claim 1 further comprising, detecting a new role assigned to the resource identity and updating the multiple customized routes based on the new role.
  - 10. The method of claim 1 further comprising, provisioning network services to support the resource communicating over the customized network.

11. A method, comprising:
- registering a machine executing a resource based on a machine identity and a resource identity;
  
  establishing a custom network for the resource and identifying customized connection protocols and services associated with interfacing with the resource over the custom network, and defining within the custom network other resources and other devices that the resource can establish connections with and can access over the custom network through multiple customized routes generated for and defining the custom network by the resource using the customized connection protocols and services with the connection protocols and services customized based on role assignments and the resource identity; and
  
  detecting when an inactive role assigned to the resource, at least one of the other resources, or at least one of the devices is activated as a new active role for the resource, the at least one of the other resources, or the at least one of the devices, and in response creating a new customized network with multiple new customized routes.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein establishing further includes building the custom network based on role assignments and policies associated with the resource and the machine.
  - 13. The method of claim 11, wherein establishing further includes establishing the custom network as a virtual network.
  - 14. The method of claim 11, wherein establishing further includes dynamically adding an additional resource to the custom network.
  - 15. The method of claim 11, wherein establishing further includes dynamically changing the multiple custom routes for the custom network based on a detected change in one of:
    - a role assignment and a policy change.
  - 16. The method of claim 11, wherein establishing further includes building the custom network as the multiple custom routes defined in a routing table.
  - 17. The method of claim 16 further comprising, dynamically pushing the routing table to network routers.
  - 18. The method of claim 17, wherein pushing further includes providing the routing table in formats recognized and processed by each of the network routers.

19. A system, comprising:
- a hardware processor; and
  
  a non-transitory computer-readable storage medium having executable instructions representing a provision service, the provision service configured to;
  
  i) execute on the hardware processor, ii) establish a custom network for a resource based on a resource identity of the resource and identify based on the resource identity customized connection protocols and services for interacting with the resource over the custom network, iii) dynamically add additional resources to the custom network and multiple custom routes through the custom network from the resource and the additional resources for connection with and for interaction over the custom network using the customized connection protocols and services with the connection protocols and services customized based on role assignments and the resource identity, and iv) detect when an inactive role assigned to the resource or at least one of the additional resources is activated as a new active role for the resource or the at least one of the additional resources and in response create a new customized network with multiple new customized routes, wherein the custom routes defining the custom network.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the provision service is further configured, in ii), to:
    - build the custom network as a virtual network comprising the multiple custom routes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Brown, Jeremy Ray, Sabin, Jason Allen, Kranendonk, Nathaniel Brent, Larsen, Kal A., Burch, Lloyd Leon, Carter, Stephen R
Primary Examiner(s)
Shin, Kyung H

Application Number

US14/609,722
Publication Number

US 20150143458A1
Time in Patent Office

1,054 Days
Field of Search

718 1, 370390, 370338, 726 1, 726 15
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 9/50   Allocation of resources, e....

H04L 12/18   for broadcast or conference...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0816   the condition being an adap...

H04L 45/14   Routing performance; Theore...

H04L 45/24   Multipath

H04L 45/302   Route determination based o...

H04L 63/20   for managing network securi...

Techniques for identity and policy based routing

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for identity and policy based routing

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links