Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A system and method for issuing a cryptographic certificate comprises describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. The present invention also requires naming one or more target groups of entities on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate is also signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups.

Abstract: A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.