| 发明名称 | System and method for safeguarding and processing confidential information | ||
| 摘要 | One aspect of the invention is a method for providing restricted access to confidential services without impacting the security of a network. The method includes using a gateway to isolate one or more components providing confidential services from one or more other portions of an enterprise network. A first communication directed to a selected one of the one or more components may be received at the gateway. A determination may be made as to whether the first communication is user traffic or management traffic. The first communication may then be authenticated. If the first communication is user traffic, the first communication is forwarded to a component providing the confidential services. If the first communication is management traffic, the first communication is encrypted and forwarded to a component providing the confidential services. Additionally, components of the sub-network may be monitored to identify malicious changes. | ||
| 申请公布号 | US9043589(B2) | 申请公布日期 | 2015.05.26 |
| 申请号 | US200711940018 | 申请日期 | 2007.11.14 |
| 申请人 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. | 发明人 | Vail Robert R.;Billings Mary Jo;Bohrer Robert D.;Brooks, II Robert D.;Emmighausen Mary M.;Fannin Howard M.;Jaroch Edward R.;Justice Tonya L.;Kelkenberg Alan L.;Morris Scott R.;Parks, Jr. William T.;Saxon Hayes I.;Weaver William L. |
| 分类号 | H04L29/06;G06F21/56 | 主分类号 | H04L29/06 |
| 代理机构 | Baker Botts LLP | 代理人 | Baker Botts LLP |
| 主权项 | 1. A method for providing restricted access to confidential services without impacting the security of an enterprise network, comprising: using a gateway to isolate one or more components providing confidential services from one or more other portions of an enterprise network; receiving, at the gateway, a first communication directed to a selected one of the one or more components; determining if the first communication is user traffic or management traffic, wherein user traffic contains confidential information and wherein management traffic comprises a communication to perform administrative functions with respect to a component providing confidential services; authenticating the first communication and implementing Payment Card Industry (PCI) security control separately between the user and management traffic, wherein only the management traffic undergoes more rigorous security measures than the user traffic does; if the first communication is user traffic, forwarding the first communication to one of the one or more components, which are PCI compliant devices in a first trusted zone for data processing; and if the first communication is management traffic, encrypting the first communication and forwarding the communication to one of the one or more components, which are PCI compliant devices in a second trusted zone for accessing and managing the devices in the first trusted zone; and monitoring the one or more components of the enterprise network to identify malicious changes. | ||
| 地址 | Houston TX US | ||