Information security – Access control or authentication – Network
Reexamination Certificate
2005-07-15
2011-11-08
Moazzami, Nasser (Department: 2436)
Information security
Access control or authentication
Network
C726S022000, C726S027000, C713S153000, C380S059000, C709S223000
Reexamination Certificate
active
08056124
ABSTRACT:
A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
REFERENCES:
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5987611 (1999-11-01), Freund
patent: 6182226 (2001-01-01), Reid et al.
patent: 6453419 (2002-09-01), Flint et al.
patent: 6687353 (2004-02-01), Brysch et al.
patent: 6826698 (2004-11-01), Minkin et al.
patent: 6928553 (2005-08-01), Xiong et al.
patent: 7042988 (2006-05-01), Juitt et al.
patent: 7069437 (2006-06-01), Williams
patent: 7159125 (2007-01-01), Beadles et al.
patent: 7328451 (2008-02-01), Aaron
patent: 7441022 (2008-10-01), Schuba et al.
patent: 7676836 (2010-03-01), Prigent et al.
patent: 2003/0005331 (2003-01-01), Williams
patent: 2003/0061507 (2003-03-01), Xiong et al.
patent: 2003/0087629 (2003-05-01), Juitt et al.
patent: 2003/0154404 (2003-08-01), Beadles et al.
patent: 2004/0243835 (2004-12-01), Terzis et al.
patent: 2004/0268150 (2004-12-01), Aaron
patent: 2005/0149748 (2005-07-01), Spry et al.
patent: 2005/0268331 (2005-12-01), Le et al.
patent: 2006/0010491 (2006-01-01), Prigent et al.
patent: 2006/0072456 (2006-04-01), Chari et al.
patent: 2003-018156 (2003-01-01), None
“Firewall Builder Tutorial,” Kurland, archive.org of http://www.fwbuilder.org/, Jan. 21, 2002.
International Search Report for International Application No. PCT/US06/27263, Microsoft Corporation, Aug. 6, 2007 (3 pages).
U.S. Appl. No. 11/182,720, filed Jul. 15, 2005, Bassett et al.
Atkinson, R., RFC 1827, “IP Encapsulating Security Payload (ESP),” Network Working Group, Standards Track, Aug. 1995 (12 pages).
Kanda, Mitsuru, “IPsec: a basis for IPv6 security (Part 1),” IPv6style, Jul. 7, 2004 (4 pages) http://www.ipv6style.jp/en/tech/20040707/20040707—p.shtml.
Karve, Anita, “EBN—IP Security,” Feb. 1, 1998 (4 pages) http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleId=17600993.
Kent, S., “IP Authentication Header,” Internet-Draft, IPsec Working Group, Internet Engineering Task Force, Mar. 2005 (30 pages).
Kent, S. and R. Atkinson, RFC 2406, “IP Encapsulating Security Payload (ESP),” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (22 pages).
Kent, S. and R. Atkinson, RFC 2402, “IP Authentication Header,” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (22 pages).
Maughan, D., M. Schertler, M. Schneider and J. Turner, RFC 2408, “Internet Security Association and Key Management Protocol (ISAKMP),” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (86 pages).
Perlman, Radia, “Understanding IKEv2: Tutorial, and rationale for decisions,” IPSEC Working Group Internet-DRAFT, Feb. 2003 (14 pages).
Piper, D., RFC 2407, “The Internet IP Security Domain of Interpretation for ISAKMP,” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (32 pages).
McDonald, D., C. Metz and B. Phan, RFC 2367, “PF—KEY Key Management API, Version 2,” Network Working Group, Informational, The Internet Society, Jul. 1998 (68 pages).
Lavigne, Dru, “Cryptosystems: Configuring IPSec,” O'Reilly, ONLamp.com, Dec. 26, 2002 (10 pages) http://www.onlamp.com/pub/a/bsd/2002/12/26/FreeBSD—Basics.html.
Kent, S. and R. Atkinson, RFC 2401, “Security Architecture for the Internet Protocol,” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (66 pages).
Kent, S., “IP Encapsulating Security Payload (ESP),” Internet-Draft, IPsec Working Group, Internet Engineering Task Force, Mar. 2005 (40 pages).
Kaufman, Charlie, “Internet Key Exchange (IKEv2) Protocol,” Internet-Draft, Internet Engineering Task Force, The Internet Society, Sep. 23, 2004 (99 pages).
Kanda, Mitsuru, “IPsec: a basis for IPv6 security (Part 2),” IPv6style, Jul. 22, 2004 (3 pages) http://www.ipv6style.jp/en/tech/20040722/20040722—p.shtml.
Harkins, D. and D. Carrel, RFC 2409, “The Internet Key Exchange (IKE),” Network Working Group, Standards Track, The Internet Society, Nov. 1998 (41 pages).
Atkinson, R., “RFC 1826—IP Authentication Header,” Network Working Group, Standards Track, Aug. 1995 (13 pages).
Allard, Johan and Svante Nygren, “EBN—IPsec,” Jun. 1, 1999 (5 pages) http://www.networkmagazine.com/shared/article/showArticle.jhtml?
Office Action dated Apr. 1, 2011 for Japanese Application No. 2008-521620, 2 pages.
Bahl Pradeep
Bassett Charles D.
Carbaugh Ian M.
Koppolu Lokesh Srinivas
Noy Maksim
Louie Oscar
Microsoft Corporation
Moazzami Nasser
Perkins Coie LLP
LandOfFree
Automatically generating rules for connection security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatically generating rules for connection security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatically generating rules for connection security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4288960