Information security – Policy
Reexamination Certificate
2003-09-04
2010-06-08
Moazzami, Nasser (Department: 2436)
Information security
Policy
C726S002000, C726S003000, C726S004000, C726S013000, C726S014000, C713S151000, C713S153000, C713S168000, C709S225000, C709S229000, C455S410000, C455S411000
Reexamination Certificate
active
07735114
ABSTRACT:
A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.
REFERENCES:
patent: 4897874 (1990-01-01), Lidinsky et al.
patent: 5237614 (1993-08-01), Weiss et al.
patent: 5721780 (1998-02-01), Ensor et al.
patent: 5757924 (1998-05-01), Friedman et al.
patent: 5774551 (1998-06-01), Wu et al.
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5825890 (1998-10-01), Elgamal et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5894479 (1999-04-01), Mohammed
patent: 5946308 (1999-08-01), Dobbins et al.
patent: 5958053 (1999-09-01), Denker
patent: 5974463 (1999-10-01), Warrier et al.
patent: 6021495 (2000-02-01), Jain et al.
patent: 6115376 (2000-09-01), Sherer et al.
patent: 6167052 (2000-12-01), McNeill et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6212191 (2001-04-01), Alexander et al.
patent: 6219790 (2001-04-01), Lloyd et al.
patent: 6339830 (2002-01-01), See et al.
patent: 6363489 (2002-03-01), Comay et al.
patent: 6393484 (2002-05-01), Massarani
patent: 6496502 (2002-12-01), Fite et al.
patent: 6510236 (2003-01-01), Crane et al.
patent: 6519646 (2003-02-01), Gupta et al.
patent: 6553028 (2003-04-01), Tang et al.
patent: 6615264 (2003-09-01), Stoltz et al.
patent: 6651168 (2003-11-01), Kao
patent: 6728246 (2004-04-01), Egbert et al.
patent: 6732270 (2004-05-01), Patzer et al.
patent: 6775290 (2004-08-01), Merchant et al.
patent: 6789118 (2004-09-01), Rao
patent: 6807179 (2004-10-01), Kanuri et al.
patent: 6853988 (2005-02-01), Dickinson et al.
patent: 6874090 (2005-03-01), See et al.
patent: 6892309 (2005-05-01), Richmond et al.
patent: 6912592 (2005-06-01), Yip
patent: 6950628 (2005-09-01), Meier et al.
patent: 6959336 (2005-10-01), Moreh et al.
patent: 6981054 (2005-12-01), Krishna
patent: 7028098 (2006-04-01), Mate et al.
patent: 7032241 (2006-04-01), Venkatachary et al.
patent: 7062566 (2006-06-01), Amara et al.
patent: 7079537 (2006-07-01), Kanuri et al.
patent: 7093280 (2006-08-01), Ke et al.
patent: 7113479 (2006-09-01), Wong
patent: 7188364 (2007-03-01), Volpano
patent: 7194554 (2007-03-01), Short et al.
patent: 7216229 (2007-05-01), Hu
patent: 7249374 (2007-07-01), Lear et al.
patent: 7302700 (2007-11-01), Mao et al.
patent: 7360086 (2008-04-01), Tsuchiya et al.
patent: 7523485 (2009-04-01), Kwan
patent: 7529933 (2009-05-01), Palekar
patent: 7536464 (2009-05-01), Dommety et al.
patent: 7562390 (2009-07-01), Kwan
patent: 7567510 (2009-07-01), Gai et al.
patent: 7596101 (2009-09-01), Oguchi
patent: 2002/0016858 (2002-02-01), Sawada et al.
patent: 2002/0133534 (2002-09-01), Forslow
patent: 2002/0146002 (2002-10-01), Sato
patent: 2003/0028808 (2003-02-01), Kameda
patent: 2003/0037163 (2003-02-01), Kitada et al.
patent: 2003/0046391 (2003-03-01), Moreh et al.
patent: 2003/0051041 (2003-03-01), Kalavade et al.
patent: 2003/0056063 (2003-03-01), Hochmuth et al.
patent: 2003/0065944 (2003-04-01), Mao et al.
patent: 2003/0067874 (2003-04-01), See et al.
patent: 2003/0105881 (2003-06-01), Symons et al.
patent: 2003/0142680 (2003-07-01), Oguchi
patent: 2003/0217151 (2003-11-01), Roese et al.
patent: 2003/0226017 (2003-12-01), Palekar et al.
patent: 2004/0053601 (2004-03-01), Frank et al.
patent: 2004/0160903 (2004-08-01), Gai et al.
patent: 2004/0255154 (2004-12-01), Kwan et al.
patent: 2005/0025125 (2005-02-01), Kwan
patent: 2005/0055570 (2005-03-01), Kwan et al.
patent: 2005/0091313 (2005-04-01), Zhou et al.
patent: 2005/0185626 (2005-08-01), Meier et al.
patent: 2007/0220596 (2007-09-01), Keeler et al.
Hayes et al, Authenticated VLANs: Secure Network Access at Layer 2, Alcatel Telecommunication Riview, pp. 28-286, 2002.
S. Schmid et al, An Access Control Architecture for Microcellular Wireless IPv6 Networks, IEEE, 2001.
Michele wright, “Using Policies for Effective Network Management”, International Journal of Network Management, pp. 1-8, John Wiley & Sons, Ltd., 1999.
Peter J. Welcher, “Switching: MultiLayer Switching”, pp. 1-9, 1999.
Cisco Systems, Inc., Chapter 9, Configuring 802.1X Port-Based Authentication, Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1(13) EA1, Mar. 2003, pp. 1-18.
Cisco Systems, Inc., Chapter 20, “Configuring Port-Based Traffic Control”, Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1(13) EA1, Mar. 2003, pp. 1-14.
Cisco Systems, Inc., Chapter 27, “Configuring Network Security with ACLs”, Catalyst 3550 Multilayer Switch Software Configuration Guide, Cisco IOS Release 12.1(13) EA1, Mar. 2003, pp. 1-48.
The Institute of Electrical and Electronics Engineers, Inc., “Port-Based Network Access Control”, 2001, pp. 1-134.
Congdon, P. et al., “IEEE 802.1X Remote Authentication Dian in User Service (RADIUS) Usage Guidelines,” The Internet Society, 2003, 30 pages, obtained from http://www.faqs.org/ftp/rfc/pdf/rfc3580. txt.pdf.
Hayes et al., Authenticated VLANs: Secure Network Access at Layer 2, Alcatel Telecommunications Review, 2002, pp. 28-286.
Copending application U.S. Appl. No. 10/458,628, filed Jun. 11, 2003, entitled: “Multiple Tiered Network Security System, Method and Apparatus”.
Office Action issued by USPTO in copending U.S. Appl. No. 10/458,628 dated Jun. 1, 2007.
Copending U.S. Appl. No. 10/631,898, filed Aug. 1, 2003, entitled: “System, Method and Apparatus For Providing Multiple Access Modes In A Data Communications Network”.
Office Action issued by USPTO in copending U.S. Appl. No. 10/631,898 dated Jul. 24, 2007.
Microsoft, “Recommendations for IEEE 801.11 Access Points,” Apr. 2, 2002, pp. 1-12, obtained from http://www.microsoft.com/whdc/device
etwork/802x/AccessPts.mspx.
Office Action issued by USPTO in copending U.S. Appl. No. 10/458,628 dated Nov. 30, 2007.
Alcatel Internetworking, Inc., “Authenticated VLANs: Secure Network Access at Layer 2,” An Alcatel White Paper, Nov. 2002, pp. 1-14.
http://www.anml.iu.edu/PDF/Automatic—Spoof—Detector.pdf, entitled “Automatic Spoof Detector (aka Spoofwatch),” dated Jan. 28, 2002, printed Jul. 23, 2003, 2 pages in length.
http://www.cert.org/incident—notes/IN-2000-04.html, entitled “CERT® Incident Note IN-2000-04 (Denial of Service Attacks Using Nameservers),” printed Jul. 23, 2003, 3 pages in length.
http://www.cisco.com/en/US/products/hw/switches/ps574/products—configuration—guide—chapter09186a008007ef90.html#x tocid3 (PDF & web pages), entitled “Cisco Catalyst 1900 Series Switches,” printed Jul. 29, 2003, 13 pages in length.
http://www.cisco.com/en/US/products/sw/iosswrel/;s1839/products—feature—guide09186a00801543c8.html#1027177 (PDF & web pages), entitled “Cisco IOS Software Releases 12.2T,” printed Jul. 29, 2003, 12 pages in length.
http:www.cisco.com/en/US/tech/tk648/tk361/technologies—tech—note09186a0080094adb.shtml (PDF & web pages), entitled “IP Addressing Services,” printed Jul. 29, 2003, 10 pages in length.
http://www.cisco.com/en/US/tech/tk86/tk803/technologies—tech—note09186a00800a7828.shtml (PDF & web pages), entit
Ho Chi-Jui
Kwan Philip
Abedin Shanto M
Foundry Networks Inc.
Moazzami Nasser
Nixon & Peabody LLP
Schaub John P.
LandOfFree
Multiple tiered network security system, method and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Multiple tiered network security system, method and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Multiple tiered network security system, method and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4178470