公开(公告)号：US10165009B2

公开(公告)日：2018-12-25

申请号：US14852052

申请日：2015-09-11

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Antonio Lain ,  Patrick Goldsack

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/751 ,  H04L12/755 ,  H04L12/725 ,  H04L12/713 ,  H04L12/24

Abstract: A connection policy for a communications network has a local connection policy indicating which paths between a given one of the nodes (computer A, router A, host 898) and others of the nodes (computers B, C, filters B1, B2, C1, C2, hosts 890, 892) are allowable paths, by a symbolic expression of ranges endpoint addresses and other local connection policies in respect of other nodes. It is implemented in a distributed manner by determining, for the given node, which of the allowable paths, are dual authorized as allowable by the other local connection policy relating to the other node at the other end of that path, by Boolean operations on the symbolic expressions. For a given message for a given path between two of the nodes having their own local connection policies, both of these nodes determine whether the given path is currently dual authorized. This can provide reassurance that changes in versions of the connection policy won't transiently open a risk of undetected unwanted communication.

公开(公告)号：US20160078211A1

公开(公告)日：2016-03-17

申请号：US14785433

申请日：2013-04-24

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Christopher Newton ,  Patrick Goldsack ,  Chris I Dalton

IPC: G06F21/34

CPC classification number: H04W12/08 ,  G06F2221/2111 ,  H04L63/107 ,  H04L63/12 ,  H04W4/023 ,  H04W4/027 ,  H04W4/80 ,  H04W12/00503

Abstract: In one implementation, a security management system accesses a trusted location signature and a candidate location signature to determine that the candidate location signature is correlated with the trusted location signature, and establishes a trusted state of an entity in response to determining that the candidate location signature is correlated with the trusted location signature.

Abstract translation: 在一个实现中，安全管理系统访问可信位置签名和候选位置签名以确定候选位置签名与可信位置签名相关联，并响应于确定候选位置签名而建立实体的可信状态 与可信位置签名相关。

公开(公告)号：US20160006767A1

公开(公告)日：2016-01-07

申请号：US14852052

申请日：2015-09-11

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Antonio LAIN ,  Patrick Goldsack

IPC: H04L29/06 ,  H04L12/751 ,  H04L12/713

CPC classification number: H04L63/20 ,  H04L41/0893 ,  H04L45/02 ,  H04L45/021 ,  H04L45/308 ,  H04L45/586 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/102

Abstract: A connection policy for a communications network has a local connection policy indicating which paths between a given one of the nodes (computer A, router A, host 898) and others of the nodes (computers B, C, filters B1, B2, C1, C2, hosts 890, 892) are allowable paths, by a symbolic expression of ranges endpoint addresses and other local connection policies in respect of other nodes. It is implemented in a distributed manner by determining, for the given node, which of the allowable paths, are dual authorised as allowable by the other local connection policy relating to the other node at the other end of that path, by Boolean operations on the symbolic expressions. For a given message for a given path between two of the nodes having their own local connection policies, both of these nodes determine whether the given path is currently dual authorised. This can provide reassurance that changes in versions of the connection policy won't transiently open a risk of undetected unwanted communication.

Abstract translation: 通信网络的连接策略具有本地连接策略，指示给定的一个节点（计算机A，路由器A，主机898）和节点（计算机B，C，过滤器B1，B2，C1， C2，主机890,892）是允许的路径，通过对其他节点的端点地址和其他本地连接策略的范围的符号表达式。 通过对于给定节点，通过对该路径的另一端与另一个节点相关的其他本地连接策略允许的两个授权路径，通过对该给定节点的布尔运算 符号表达。 对于具有其自己的本地连接策略的两个节点之间的给定路径的给定消息，这两个节点确定给定路径当前是否被双授权。 这可以保证连接策略版本中的更改不会暂时暴露未被发现的不需要的通信的风险。