| CPC H04L 63/102 (2013.01) [H04L 63/0236 (2013.01); H04L 63/101 (2013.01)] | 20 Claims |
|
1. A system comprising:
computer-readable memory storing executable instructions; and
at least one computing device in communication with the computer-readable memory and programmed by the executable instructions to:
receive, from a device of a user, a request to access a network application;
receive, associated with the request, trust information generated by one or more trust providers, wherein the trust information represents at least:
first identity information regarding the user; and
second identity information regarding the device;
create a trust information data structure using the first identity information and the second identity information;
access a network application policy, wherein the network application policy maps the trust information data structure to one or more of (i) an access level of the network application, (ii) an access level to a network segment of a cloud provider network, (iii) routing instructions to a network firewall, or (iv) routing instructions to a network router;
transform the request based on the trust information data structure, wherein the transformation comprises a change to at least one of role, security context, and destination Internet protocol address;
determine access or routing information based at least in part on the network application policy and the trust information; and
perform an access or routing action based at least partly on the access or routing information.
|