Network application security policy enforcement
US10154067B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 30, 2018 |
| Grant date | Dec 11, 2018 |
| Priority date | — |
| Expiry date | Jan 30, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/30
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system validates the establishment and/or continuation of a connection between two applications over a network using a three-stage process: (1) a local security agent on the same source system as the source application validates the connection against a set of policies stored locally on the source system; (2) a local security agent on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system; and (3) a reconciliation engine, after receiving connection and application state information from both the source and destination local security agents, validates the connection against a master set of policies. The connection is allowed or blocked depending on the outcome of the three-stage validation. This system protects against policy violations that are not detected by traditional systems without requiring alterations to the source and destination applications or the network traffic between them.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.