Enforcing a Segmentation Policy Using Cryptographic Proof of Identity
A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and cont...
Saved in:
| Main Authors | , , , |
|---|---|
| Format | Patent |
| Language | English |
| Published |
31.03.2022
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages. |
|---|---|
| AbstractList | A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages. |
| Author | Desai, Anish Vinodkumar Gupta, Mukesh Glenn, Matthew K Kirner, Paul J |
| Author_xml | – fullname: Glenn, Matthew K – fullname: Desai, Anish Vinodkumar – fullname: Gupta, Mukesh – fullname: Kirner, Paul J |
| BookMark | eNrjYmDJy89L5WRwdc1Lyy9KzsxLV0hUCE5Nz03NK0ksyczPUwjIz8lMrlQILQbJORdVFpTkpxclFmRkJisEFOXnpykAkWcKUHlmSSUPA2taYk5xKi-U5mZQdnMNcfbQTS3Ij08tLkhMTs1LLYkPDTYyMDIyNDA2NjN0NDQmThUAzmo1qg |
| ContentType | Patent |
| DBID | EVB |
| DatabaseName | esp@cenet |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: EVB name: esp@cenet url: http://worldwide.espacenet.com/singleLineSearch?locale=en_EP sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Medicine Chemistry Sciences |
| ExternalDocumentID | US2022103361A1 |
| GroupedDBID | EVB |
| ID | FETCH-epo_espacenet_US2022103361A13 |
| IEDL.DBID | EVB |
| IngestDate | Fri Jul 19 14:40:44 EDT 2024 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-epo_espacenet_US2022103361A13 |
| Notes | Application Number: US202117398814 |
| OpenAccessLink | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20220331&DB=EPODOC&CC=US&NR=2022103361A1 |
| ParticipantIDs | epo_espacenet_US2022103361A1 |
| PublicationCentury | 2000 |
| PublicationDate | 20220331 |
| PublicationDateYYYYMMDD | 2022-03-31 |
| PublicationDate_xml | – month: 03 year: 2022 text: 20220331 day: 31 |
| PublicationDecade | 2020 |
| PublicationYear | 2022 |
| RelatedCompanies | Illumio, Inc |
| RelatedCompanies_xml | – name: Illumio, Inc |
| Score | 3.3964643 |
| Snippet | A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances.... |
| SourceID | epo |
| SourceType | Open Access Repository |
| SubjectTerms | ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| Title | Enforcing a Segmentation Policy Using Cryptographic Proof of Identity |
| URI | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20220331&DB=EPODOC&locale=&CC=US&NR=2022103361A1 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2BQMUg1TDRKSjbVNTSzTNE1sUxN0rVITDbXNU0xTTO2SDEzN08Czej6-pl5hJp4RZhGMDHkwPbCgM8JLQcfjgjMUcnA_F4CLq8LEINYLuC1lcX6SZlAoXx7txBbFzVo79jIyAC0AcjFydY1wN_F31nN2dk2NFjNLwgsZwiUNDN0BPaVWEENadBJ-65hTqB9KQXIlYqbIANbANC8vBIhBqbUPGEGTmfY3WvCDBy-0ClvIBOa-4pFGFxdQXuHgMLpCokKwanpudB9Q3kKkNN9FcDz_wrORZUFJZCTqDOTFQKATeM0BSCCbsmtFGVQdnMNcfbQBbonHu79-NBgZMcbizGw5OXnpUowKBhYWoAqm2RT8zQzk2Qzy0STNFOLJMMkE-M0kzTzZHNJBhl8Jknhl5Zm4AJxIfvvZBhYSopKU2WBFXBJkhw43AAJ8Ylr |
| link.rule.ids | 230,309,786,891,25594,76903 |
| linkProvider | European Patent Office |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3fT8IwEL4QNOKbokYUtYmGt0UG27o9ECP7kalsEDcMb2QtGyHRQWDG8N97K0N5IulD00su1ybX69frdwV4aMZy1GJclWTNmEiKETNJjziV1ImatPWJRinLM7qer7lD5XWkjkrwueXCiDqhP6I4InoUR3_PxH69-L_EssTbytUjm-HQ_MkJO1ajQMetVjMnAFndjj3oW32zYZqdYdDw34VMRqEmPyNWOqAICgVY-ujmvJTFblBxTuBwgPrS7BRKcVqFirn9e60KR16R8sZu4X2rM7DtnDuEw1MSkSCefhW8oZRsqvsSkf8n5nK9yDaVqGecDPBonBBsBSV3fQ73jh2aroT2jP-mPx4Gu8a3L6CcztP4EkjT0PNgw1WaaArXjEhJVJ3JTGknSkI5rUF9n6ar_eI7qLih1xv3Xvy3azjORRsuXh3K2fI7vsFgnLFbsYa_nE-MVQ |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=Enforcing+a+Segmentation+Policy+Using+Cryptographic+Proof+of+Identity&rft.inventor=Glenn%2C+Matthew+K&rft.inventor=Desai%2C+Anish+Vinodkumar&rft.inventor=Gupta%2C+Mukesh&rft.inventor=Kirner%2C+Paul+J&rft.date=2022-03-31&rft.externalDBID=A1&rft.externalDocID=US2022103361A1 |