Method and system for providing a complete traceability of changes incurred in a security policy
US11363068B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 4, 2019 |
| Grant date | Jun 14, 2022 |
| Priority date | — |
| Expiry date | Dec 14, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer-implemented method and a system provide a complete traceability of changes incurred in a security policy corresponding to a resource. A policy tracing engine (PTE) monitors and determines events of interest occurring at the resource. The PTE determines administrator-initiated intent-based changes and dynamic event-based changes incurred in the security policy and assigns a unique policy identifier (UPI) to the security policy. The UPI is a combination of unique identifiers assigned to the intent-based change and the event-based change. The PTE recomputes and stores the security policy and the UP in a policy database. The PTE receives network access information including the UPI from the corresponding resource deployed with the security policy. The PTE generates a traceability report that provides a complete traceability of each policy action performed in a networked environment to a source of each change incurred in the security policy as identified by the UPI.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.