WIPO logo
Mobile | Deutsch | English | Español | 日本語 | 한국어 | Português | Русский | 中文 | العربية |
PATENTSCOPE

Recherche dans les collections de brevets nationales et internationales
World Intellectual Property Organization
Recherche
 
Options de navigation
 
Traduction
 
Options
 
Quoi de neuf
 
Connexion
 
Aide
 
maximize
Traduction automatique
1. (WO2013055421) SYSTÈME ET PROCÉDÉ DE GESTION D'ACCÈS POUR DES APPLICATIONS SÉCURISÉES ET NON SÉCURISÉES
Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

WHAT IS CLAIMED IS:

1. A method, comprising:

identifying a network location of an endpoint, which is attempting to initiate an application;

identifying whether the endpoint is operating in an enterprise environment;

determining whether the application is trusted based on metadata associated with the application; and

provisioning a tunnel for data traffic associated with the application.

2. The method of Claim 1, wherein the tunnel is provisioned if the application is trusted, and the endpoint is outside of the enterprise environment.

3. The method of Claim 1, wherein the tunnel is provisioned if the application is untrusted, and the endpoint is within the enterprise environment.

4. The method of Claim 1, wherein an application characteristic is used in order to identify whether the application is trusted, the application characteristic being a selected one of a group of application characteristics, the group consisting of:

a) a characteristic associated with a number of downloads associated with the application;

b) a characteristic associated with an origin of the application;

c) a characteristic associated with a manufacturer of the application; and d) a reputational characteristic associated with the application.

5. The method of Claim 1, wherein at least some of the data traffic is routed based on virtual local area network (VLAN) markings.

6. The method of Claim 1, wherein the endpoint is configured to download a list of application hashes, which are used to identify whether a subsequent application is trusted.

7. The method of Claim 1, wherein a remote query is sent when attempting to initiate the application in order to receive a policy designating how the data traffic is to be routed in a network.

8. The method of Claim 1, wherein the network location is identified using a network admission control element.

9. Logic encoded in one or more non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:

identifying a network location of an endpoint, which is attempting to initiate an application;

identifying whether the endpoint is operating in an enterprise environment;

determining whether the application is trusted based on metadata associated with the application; and

provisioning a tunnel for data traffic associated with the application.

10. The logic of Claim 9, wherein the tunnel is provisioned if the application is trusted, and the endpoint is outside of the enterprise environment.

11. The logic of Claim 9, wherein the tunnel is provisioned if the application is untrusted, and the endpoint is within the enterprise environment.

12. The logic of Claim 9, wherein an application characteristic is used in order to identify whether the application is trusted, the application characteristic being a selected one of a group of application characteristics, the group consisting of:

a) a characteristic associated with a number of downloads associated with the application;

b) a characteristic associated with an origin of the application; c) a characteristic associated with a manufacturer of the application; and d) a reputational characteristic associated with the application.

13. The logic of Claim 9, wherein the endpoint is configured to download a list of application hashes, which are used to identify whether a subsequent application is trusted.

14. The logic of Claim 9, wherein the network location is identified using a network admission control element.

15. An apparatus, comprising:

a memory element configured to store code;

a processor operable to execute instructions associated with the code; and

a policy module coupled to the memory element and the processor, wherein the apparatus is configured for:

identifying an attempt to initiate an application;

identifying whether the endpoint is operating in an enterprise environment; determining whether the application is trusted based on metadata associated with the application; and

provisioning a tunnel for data traffic associated with the application.

16. The apparatus of Claim 15, wherein the tunnel is provisioned if the application is trusted, and the apparatus is outside of an enterprise environment.

17. The apparatus of Claim 15, wherein the tunnel is provisioned if the application is untrusted, and the apparatus is within an enterprise environment.

18. The apparatus of Claim 15, wherein the apparatus is configured to download a list of application hashes, which are used to identify whether a subsequent application is trusted.

19. The apparatus of Claim 15, wherein a remote query is sent when attempting to initiate the application in order to receive a policy designating how the data traffic is to be routed in a network.

20. The apparatus of Claim 15, further comprising:

a server configured to use a network admission control element in order to identify the network location.

21. An apparatus, comprising:

a memory element configured to store code;

a processor operable to execute instructions associated with the code; and

a policy module coupled to the memory element and the processor, wherein the apparatus is configured for:

download a list of application hashes, which are stored with metadata and used to identify whether an application is trusted;

communicating a remote query in order to receive a policy designating routing for data traffic associated with the application; and

provisioning a tunnel for the data traffic associated with the application.