Search

JP-7856375-B2 - Authenticity assessment of the requester based on communication requests

JP7856375B2JP 7856375 B2JP7856375 B2JP 7856375B2JP-7856375-B2

Inventors

  • ハワード、ジーナ
  • リンガフェルト、チャールズ
  • ムーア、ジュニア、ジョン
  • ジョーンズ、アンドリュー

Assignees

  • インターナショナル・ビジネス・マシーンズ・コーポレーション

Dates

Publication Date
20260511
Application Date
20211124
Priority Date
20201203

Claims (20)

  1. A method for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester, and the first information related to the communication network includes one or more physical network attributes related to the requester, logical network connection information related to the requester, and connection history information related to the requester. In response to determining that the requester satisfies one or more authentication rules, the communication path for the requester is dynamically established on the communication network according to one or more communication attributes associated with the requester. Methods that include...
  2. The method according to claim 1, wherein the requester is selected from a group comprising at least one of an application, a microservice, a software component, a hardware component, and a computing device.
  3. A method for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester. This includes, in response to determining that the requester satisfies one or more authentication rules, dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes associated with the requester, The one or more authentication rules described above are based on fourth information about permitted connections provided by the network operator, and evaluating the requester based on said fourth information from the network operator is, A method including querying the network operator about acceptable connection configurations.
  4. A method for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester. In response to determining that the requester satisfies one or more authentication rules, the communication path for the requester is dynamically established on the communication network according to one or more communication attributes associated with the requester. Includes, Evaluating the requester based on the first information related to the communication network is, Determining one or more physical network attributes related to the requester, To determine the logical network connection information related to the aforementioned requester, To determine connection history information related to the aforementioned requester, Methods that further include this.
  5. Evaluating the aforementioned requester based on the second piece of information about the requester means that Scanning the requester for observable attributes, including open ports and the operating system version associated with the requester, Obtaining information about the requester from the inventory or database, The method according to claim 1, further comprising:
  6. Evaluating the requester based on the third piece of information from the requester means that The method according to claim 1, further comprising querying the requester and receiving information related to the requester and identity verification information.
  7. The method according to claim 1, further comprising automatically terminating the established communication path in response to determining that the communication path for the requesting party is no longer needed.
  8. A computer system for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, The computer system includes one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored in at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester, and the first information related to the communication network includes one or more physical network attributes related to the requester, logical network connection information related to the requester, and connection history information related to the requester. In response to determining that the requester satisfies one or more authentication rules, the communication path for the requester is dynamically established on the communication network according to one or more communication attributes associated with the requester. A computer system capable of performing methods including those mentioned above.
  9. The computer system according to claim 8, wherein the requester is selected from a group comprising at least one of applications, microservices, software components, hardware components, and computing devices.
  10. A computer system for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, The computer system includes one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored in at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester. In response to determining that the requester satisfies one or more authentication rules, the communication path for the requester is dynamically established on the communication network according to one or more communication attributes associated with the requester. A method including the following is possible: The one or more authentication rules described above are based on fourth information about permitted connections provided by the network operator, and evaluating the requester based on said fourth information from the network operator is A computer system that includes querying the network operator about acceptable connection configurations.
  11. A computer system for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, The computer system includes one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored in at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, In response to receiving the aforementioned communication request, the system dynamically determines whether to establish a communication path from the requester to the destination via the communication network by evaluating the requester based on one or more authentication rules, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester. In response to determining that the requester satisfies one or more authentication rules, the communication path for the requester is dynamically established on the communication network according to one or more communication attributes associated with the requester. A method including the following is possible: Evaluating the requester based on the first information related to the communication network is, Determining one or more physical network attributes related to the requester, To determine the logical network connection information related to the aforementioned requester, To determine connection history information related to the aforementioned requester, A computer system, including further details.
  12. Evaluating the aforementioned requester based on the second piece of information about the requester means that Scanning the requester for observable attributes, including open ports and the operating system version associated with the requester, Obtaining information about the requester from the inventory or database, The computer system according to claim 8, further comprising:
  13. Evaluating the requester based on the third piece of information from the requester means that The computer system according to claim 8, further comprising querying the requester and receiving identity authentication information related to the requester.
  14. The computer system according to claim 8, further comprising automatically terminating the established communication path in response to determining that the communication path for the requesting party is no longer needed.
  15. A computer program for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, Includes program instructions that can be executed by the processor, and such program instructions are A program instruction for dynamically determining whether to establish a communication path from the requester to the destination via a communication network by evaluating the requester based on one or more authentication rules in response to receiving the aforementioned communication request, wherein the one or more authentication rules are based on first information related to the communication network, second information about the requester, and third information from the requester, and the first information related to the communication network includes one or more physical network attributes related to the requester, logical network connection information related to the requester, and connection history information related to the requester, In response to determining that the requester satisfies one or more authentication rules, program instructions for dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes associated with the requester, A computer program that includes [this].
  16. The computer program according to claim 15, wherein the requester is selected from a group comprising at least one of an application, a microservice, a software component, a hardware component, and a computing device.
  17. A computer program for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, Includes program instructions that can be executed by the processor, and such program instructions are A program instruction for dynamically determining whether to establish a communication path from the requester to the destination via a communication network by evaluating the requester based on one or more authentication rules in response to receiving the aforementioned communication request, wherein the one or more authentication rules are program instructions based on first information related to the communication network, second information about the requester, and third information from the requester. In response to determining that the requester satisfies one or more authentication rules, program instructions for dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes associated with the requester, Includes, The one or more authentication rules described above are based on fourth information about permitted connections provided by the network operator, and evaluating the requester based on said fourth information from the network operator is A computer program that includes querying the network operator about acceptable connection configurations.
  18. A computer program for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request, Includes program instructions that can be executed by the processor, and such program instructions are A program instruction for dynamically determining whether to establish a communication path from the requester to the destination via a communication network by evaluating the requester based on one or more authentication rules in response to receiving the aforementioned communication request, wherein the one or more authentication rules are program instructions based on first information related to the communication network, second information about the requester, and third information from the requester. In response to determining that the requester satisfies one or more authentication rules, program instructions for dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes associated with the requester, Includes, The program instruction for evaluating the requester based on the first information related to the communication network is: A program instruction for determining one or more physical network attributes related to the requester, A program instruction for determining logical network connection information related to the requester, A program instruction for determining connection history information related to the requester, A computer program that further includes this.
  19. Evaluating the aforementioned requester based on the second piece of information about the requester means that Program instructions for scanning the requester for observable attributes, including open ports and the version of the operating system associated with the requester, Program instructions for obtaining information about the requester from an inventory or database, The computer program according to claim 15, further comprising:
  20. A program instruction for evaluating the requester based on the third piece of information from the requester is: The computer program according to claim 15, further comprising a program instruction for querying the requester and receiving identity authentication information related to the requester.

Description

This invention relates generally to the field of computing, and more specifically to computer security. Generally, computer security, cybersecurity, or information technology security (IT security) can include protecting computer systems and networks from disruption or misdirection of services and applications running on computers. The field of computer security is becoming increasingly important due to the growing reliance on computer systems, the internet, and wireless network standards, as well as the growth of smart devices, including smartphones and apps. In computing, firewalls are one of the primary methods for controlling traffic on a network. More specifically, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Another method of computer protection can include endpoint authentication, an authentication mechanism used to verify the identity of external or remotely connected devices. For example, in a wireless network based on endpoint authentication, user authentication information such as a service set identifier (SSID) and password, as well as the security protocols used by the endpoint device, are verified. A method is provided for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request. The method dynamically determines whether to establish a communication path from the requester to the destination over a communication network by evaluating the requester based on one or more authentication rules in response to receiving the communication request, wherein the one or more authentication rules may be based on first information relating to the communication network, second information about the requester, and third information from the requester. The method may further include dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes related to the requester, in response to determining that the requester satisfies the one or more authentication rules. A computer system is provided for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request. The computer system may include one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored in at least one of the storage devices for execution by at least one of the processors via at least one of the memories. The computer system is capable of executing a method. The method dynamically determines whether to establish a communication path from the requester to a destination over a communication network by evaluating the requester based on one or more authentication rules in response to receiving the communication request, wherein the one or more authentication rules are based on first information relating to the communication network, second information about the requester, and third information from the requester. The method may further include dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes relating to the requester, in response to determining that the requester satisfies the one or more authentication rules. A computer program product is provided for dynamically establishing a communication path for a requester by evaluating the authenticity of the requester and the communication request. The computer program product may include one or more tangible computer-readable storage devices and program instructions stored in at least one of the one or more tangible computer-readable storage devices and executable by a processor. The computer program product includes program instructions for dynamically determining whether to establish a communication path from the requester to the destination over a communication network by evaluating the requester based on one or more authentication rules in response to receiving the communication request, wherein the one or more authentication rules may include program instructions based on first information related to the communication network, second information about the requester, and third information from the requester. The computer program product may further include program instructions for dynamically establishing the communication path for the requester on the communication network according to one or more communication attributes related to the requester, in response to determining that the requester satisfies the one or more authentication rules. The above and other objects, features, and advantages of the present invention will become apparent from the following detailed description relating to exemplary embodiments. These embodiments should be read in conjunction with the accompanying drawi