Enforcing a segmentation policy using cryptographic proof of identity

A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and cont...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Glenn, Matthew K, Desai, Anish Vinodkumar, Gupta, Mukesh, Kirner, Paul J
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Glenn, Matthew K
Desai, Anish Vinodkumar
Gupta, Mukesh
Kirner, Paul J
description A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11652637B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11652637B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11652637B23</originalsourceid><addsrcrecordid>eNrjZHB1zUvLL0rOzEtXSFQoTk3PTc0rSSzJzM9TKMjPyUyuVCgtBsklF1UWlOSnFyUWZGQmKxQU5eenKQBRZgpQeWZJJQ8Da1piTnEqL5TmZlB0cw1x9tBNLciPTy0uSExOzUstiQ8NNjQ0MzUyMzZ3MjImRg0AQRI0Ag</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Enforcing a segmentation policy using cryptographic proof of identity</title><source>esp@cenet</source><creator>Glenn, Matthew K ; Desai, Anish Vinodkumar ; Gupta, Mukesh ; Kirner, Paul J</creator><creatorcontrib>Glenn, Matthew K ; Desai, Anish Vinodkumar ; Gupta, Mukesh ; Kirner, Paul J</creatorcontrib><description>A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2023</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230516&amp;DB=EPODOC&amp;CC=US&amp;NR=11652637B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20230516&amp;DB=EPODOC&amp;CC=US&amp;NR=11652637B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Glenn, Matthew K</creatorcontrib><creatorcontrib>Desai, Anish Vinodkumar</creatorcontrib><creatorcontrib>Gupta, Mukesh</creatorcontrib><creatorcontrib>Kirner, Paul J</creatorcontrib><title>Enforcing a segmentation policy using cryptographic proof of identity</title><description>A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2023</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZHB1zUvLL0rOzEtXSFQoTk3PTc0rSSzJzM9TKMjPyUyuVCgtBsklF1UWlOSnFyUWZGQmKxQU5eenKQBRZgpQeWZJJQ8Da1piTnEqL5TmZlB0cw1x9tBNLciPTy0uSExOzUstiQ8NNjQ0MzUyMzZ3MjImRg0AQRI0Ag</recordid><startdate>20230516</startdate><enddate>20230516</enddate><creator>Glenn, Matthew K</creator><creator>Desai, Anish Vinodkumar</creator><creator>Gupta, Mukesh</creator><creator>Kirner, Paul J</creator><scope>EVB</scope></search><sort><creationdate>20230516</creationdate><title>Enforcing a segmentation policy using cryptographic proof of identity</title><author>Glenn, Matthew K ; Desai, Anish Vinodkumar ; Gupta, Mukesh ; Kirner, Paul J</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11652637B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2023</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Glenn, Matthew K</creatorcontrib><creatorcontrib>Desai, Anish Vinodkumar</creatorcontrib><creatorcontrib>Gupta, Mukesh</creatorcontrib><creatorcontrib>Kirner, Paul J</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Glenn, Matthew K</au><au>Desai, Anish Vinodkumar</au><au>Gupta, Mukesh</au><au>Kirner, Paul J</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Enforcing a segmentation policy using cryptographic proof of identity</title><date>2023-05-16</date><risdate>2023</risdate><abstract>A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US11652637B2
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Enforcing a segmentation policy using cryptographic proof of identity
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T19%3A58%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Glenn,%20Matthew%20K&rft.date=2023-05-16&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11652637B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true