Generalized security policy management system and method

Data processing: database and file management or data structures – Database design – Data structure types

Patent

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

707 3, 707100, 707102, 707103, 707104, 707513, G06F 1730

Patent

active

059501952

ABSTRACT:
A system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer. A determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from. A query is generated and a determination is made whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a determination is made whether authentication is required by the rule. If authentication is required by the rule, an authentication protocol is activated and the connection is activated if the authentication protocol is completed successfully.

REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4104721 (1978-08-01), Markstein et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4442484 (1984-04-01), Childs, Jr. et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4648031 (1987-03-01), Jenner et al.
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4870571 (1989-09-01), Frink
patent: 4885789 (1989-12-01), Burger et al.
patent: 4888801 (1989-12-01), Foster et al.
patent: 4914568 (1990-04-01), Kodosky et al.
patent: 5093914 (1992-03-01), Coplien et al.
patent: 5124984 (1992-06-01), Engel
patent: 5153918 (1992-10-01), Tuai
patent: 5204961 (1993-04-01), Barlow
patent: 5228083 (1993-07-01), Lozowick et al.
patent: 5263147 (1993-11-01), Francisco et al.
patent: 5272754 (1993-12-01), Boebert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5303303 (1994-04-01), White
patent: 5305385 (1994-04-01), Schanning et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5333266 (1994-07-01), Boaz et al.
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5485460 (1996-01-01), Schrier et al.
patent: 5511122 (1996-04-01), Atkinson
patent: 5530758 (1996-06-01), Marino, Jr. et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5586260 (1996-12-01), Hu
patent: 5604490 (1997-02-01), Blakley, III et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5615340 (1997-03-01), Dai et al.
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5644571 (1997-07-01), Seaman
patent: 5671279 (1997-09-01), Elgamal
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5706507 (1998-01-01), Schloss
patent: 5708780 (1998-01-01), Levergood et al.
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5724425 (1998-03-01), Chang et al.
patent: 5781550 (1998-07-01), Templin et al.
Hong, Toue, and Leifer, "Personal Electronic Notebook with Sharing", IEEE/IEE Publications, pp. 88-94, Apr. 20, 1995.
Steffen Stempel, "IpAcess--An Internet Service Access System for Firewall Installations", IEEE, pp. 31-41, 1995.
Greenwald, Singhal, Stone, and Cheriton, "Designing an Academic Firewall: Policy, Practice, and Experience With Surf", pp. 79-92, 1996.
Bill Gassman, "Internet Security, and Firewalls Protection on the Internet", IEEE, pp. 93-107, 1996.
S. Cobb, "Establishing fiewall policy", IEEE, pp. 198-205, 1996.
Steven M. Bellovin and William R. Cheswick, "Network Firewalls", IEEE, pp. 50-57, Sep. 1994.
Lee J. White and Hareton K.N. Leung, "A Firewall Concept for both Control-Flow and Data-Flow in Regression Integration Testing", IEEE, pp. 262-271, 1992.
"100% of Hackers Failed to Break Into One Internet Site Protected by Sidewinder", News Release, Secure Computing Corporation, (Feb. 16, 1995).
"Internet Security System Given `Product of the Year` Award", News Release, Secure Computing Corporation (Mar. 28, 1995).
"Satan No Threat to Sidewinder.TM.", News Release, Secure Computing Corporation (Apr. 26, 1995).
"Answers to Frequently Asked Questions About Network Security", Secure Computing Corporation, 41 p. (1994).
Adam, J.A., "Meta-matrices", IEEE Spectrum, 26-27 (Oct. 1992).
Adam, J.A., "Playing on the Net", IEEE Spectrum, 29 (Oct. 1992).
Ancilotti, P., et al., "Language Features for Access Control", IEEE Transactions on Software Engineering, SE-9, 16-25 (Jan. 1983).
Badger, L., et al., "Practical Domain and Type Enforcement for UNIX", Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, 66-77 (May 8-10, 1995).
Belkin, N.J., et al., "Information Filtering and Information Retrieval: Two Sides of the Same Coin?", Communications of the ACM, 35, 29-28 (Dec. 1992).
Bellovin, S.M., et al., "Network Firewalls", IEEE Communications Magazine, 32, 50-57 (Sep. 1994).
Bevier, W.R., et al., "Connection Policies and Controlled Interference", Proceedings of the 8th IEEE Computer Security Foundations Workshop, Kenmare, County Kelly, Ireland, 167-176 (Jun. 13-15, 1995).
Bowen, T.F., et al., "The Datacycle Architecture", Communications of the ACM, 35, 71-81 (Dec. 1992).
Bryan, J., "Firewalls For Sale", BYTE, pp. 99-100, 102 and 104 (Apr. 1995).
Damashek, M., "Gauging Similarity with n-Grams: Language-Independent Categorization of Text", Science, 267, 843-848 (Feb. 10, 1995).
Dillaway, B.B., et al., "A Practical Design for A Multilevel Secure Database Management System", American Institute of Aeronautics and Astronautics, Inc., pp. 44-57 (Dec. 1986).
Fine, T., et al., "Assuring Distributed Trusted Mach", Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, 206-218 (1993).
Foltz, P.W., et al., "Personalized Information Delivery: An Analysis of Information Filtering Methods", Communications of the ACM, 35, 51-60 (Dec. 1992).
Goldberg, D., et al., "Using Collaborative Filtering to Weave an Information Tapestry", Communications of the ACM, 35, 61-70 (Dec. 1992).
Grampp, F.T., "UNIX Operating System Security", AT&T Bell Laboratories Technical Journal, 63, 1649-1672 (Oct. 1984).
Haigh, J.T., et al., "Extending the Non-Interference Version of MLS for SAT", Proceedings of the 1986 IEEE Symposium on Security and Privacy, Oakland, CA, 232-239 (Apr. 7-9, 1986).
Kent, S.T., "Internet Privacy Enhanced Mail", Communications of the ACM, 36, 48-60 (Apr. 1993).
Lampson, B.W., "Dynamic Protection Structures", AFIPS Conference Proceedings, vol. 35, 1969 Fall Joint Computer Conference, Las Vegas, NV, 27-38 (Nov. 18-20, 1969).
Lee, K.-C., et al., "A Framework for Controlling Cooperative Agents", Computer, 8-16 (Jul. 1993).
Loeb, S., "Architecting Personalized Delivery of Multimedia Information", Communications of the ACM, 35, 39-50 (Dec. 1992).
Loeb, S., et al., "Information Filtering," Communications of the ACM, 35, 26-28 (Dec. 1992).
Merenbloom, P., "Network `Fire Walls` Safeguard LAN Data from Outside Intrusion", InfoWorld, p. 69 (Jul. 25, 1994).
Obraczka, K., et al., "Internet Resource Discovery Services", Computer, 26, 8-22 (Sep. 1993).
Press, L., "The Net: Progress and Opportunity", Communications of the ACM, 35, 21-25 (Dec. 1992).
Schroeder, M.D., et al., "A Hardware Architecture for Implementing Protection Rings", Communications of the ACM, 15, 157-170 (Mar. 1972).
Schwartz, M.F., "Internet Resource Discovery at the University of Colorado", Computer, 26, 25-35 (Sep. 1993).
Smith, R.E., "Sidewinder: Defense in Depth Using Type Enforcement", International Journal of Network Management, 219-229, (Jul.-Aug. 1995).
Thomsen, D., "Type Enforcement: The New Security Model", Proceedings of the SPIE, Multimedia: Full-Service Impact on Business, Education and the Home, vol. 2617, Philadelphia, PA, 143-150 (Oct. 23-24, 1995).
Warrier, U.S., et al., "A Platform for Heterogeneous Interconnection Network Management", IEEE Journal on Selected Areas in Communications, 8, 119-126 (Jan. 1990).
Wolfe, A, "Honeywell Builds Hardware for Computer Security", Electronics, 14-15 (Sep. 2, 1985).
Inte

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Generalized security policy management system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Generalized security policy management system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Generalized security policy management system and method will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-1815458

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.