Information security – Access control or authentication – Network
Reexamination Certificate
2007-07-24
2007-07-24
Vu, Kim (Department: 2135)
Information security
Access control or authentication
Network
C713S159000, C713S100000, C709S230000, C709S203000, C709S236000
Reexamination Certificate
active
09767284
ABSTRACT:
A method and apparatus for selectively enforcing network security policy using group identifiers are disclosed. One or more access controls are created and stored in a policy enforcement point that controls access to the network, wherein each of the access controls specifies that a named group is allowed access to a particular resource. A binding of a network address to an authenticated user of a client, for which the policy enforcement point controls access to the network, is created and stored. The named group is updated to include the network address of the authenticated user at the policy enforcement point. A packet flow originating from the network address is permitted to pass from the policy enforcement point into the network only if the network address is in the named group identified in one of the access controls that specifies that the named group is allowed access to the network. Accordingly, network security may be implemented in the form of abstract groups that include specific network addresses; as a result, users may be allowed or denied access to network addresses by updating membership of the groups to include or delete the network addresses of the users, rather than by creating or deleting access controls that specifically identify the users.
REFERENCES:
patent: 6182226 (2001-01-01), Reid et al.
patent: 6587455 (2003-07-01), Ray et al.
patent: 6823462 (2004-11-01), Cheng et al.
Stevens, TCP/IP Illustrated, 1994, Addison-Wesley, vol. 1, pp. 187-190.
Stewart, R. R. Aggregate server Access Protocol (ASAP), Nov. 15, 2000.
J. Saltzer et al., “On the Naming and Binding of Network Destinations,” Aug. 1993, Network Working Group, Request for Comments: 1498, pp. 1-10.
J. H. Saltzer, “Naming and Binding of Objects,” Chapter 3.A., 1978, Lecture Notes in Computer Science, 60, “Operating Systems—An Advanced Course,” R. Bayer, R. M. Graham, and G. Seegmüller (eds), Springer-Verlag, pp. 1-105.
Hugh Mahon, et al., “Requirements for a Policy Management System,” Nov. 2000, pp. 1-20.
A. Westerinen, et al., “Terminology,” Apr. 2001, pp. 1-20.
B. Moore, et al., “Policy Core Information Model—Version 1 Specification,” Feb. 2001, pp. 1-64.
“Policy Framework (policy),” pp. 1-4, http://www.ietf.org/html.charters/policy-charter.html.
“CiscoWorks2000, User Registration Tool 2.0,” Data Sheet, 2001, pp. 1-5.
“CiscoWorks2000, User Registration Tool 2.0,” Q&A, 2001, pp. 1-7.
“CiscoWorks2000, User Registration Tool 2.0,” Product Bulletin No. 1256, 2001, pp. 1-3.
“The CiscoWorks200 User Registration Tool,” Data Sheet, 1998, pp. 1-7.
Lear Eliot
Lonvick Christopher M.
Hickman Palermo & Truong & Becker LLP
Klimach Paula
Vu Kim
LandOfFree
Method and apparatus for selectively enforcing network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for selectively enforcing network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for selectively enforcing network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3797216