Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography
Reexamination Certificate
2006-03-10
2010-10-12
Moise, Emmanuel L (Department: 2437)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular node for directing data and applying cryptography
C713S152000, C726S012000, C726S013000
Reexamination Certificate
active
07814311
ABSTRACT:
Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.
REFERENCES:
patent: 6073242 (2000-06-01), Hardy et al.
patent: 7293098 (2007-11-01), Sandhu et al.
patent: 7555527 (2009-06-01), Slaughter et al.
patent: 2002/0026592 (2002-02-01), Gavrila et al.
patent: 2003/0084293 (2003-05-01), Arkko et al.
patent: 2003/0105742 (2003-06-01), Boreham et al.
patent: 2003/0126468 (2003-07-01), Markham
patent: 2003/0152067 (2003-08-01), Richmond et al.
patent: 2003/0225892 (2003-12-01), Takusagawa et al.
patent: 2004/0083382 (2004-04-01), Markham et al.
patent: 2004/0199792 (2004-10-01), Tan et al.
patent: 2004/0215975 (2004-10-01), Dudfield et al.
patent: 2004/0221190 (2004-11-01), Roletto et al.
patent: 2004/0250134 (2004-12-01), Kohler et al.
patent: 2005/0055573 (2005-03-01), Smith
patent: 2005/0129019 (2005-06-01), Cheriton
patent: 2005/0190758 (2005-09-01), Gai et al.
patent: 2005/0283608 (2005-12-01), Halcrow et al.
patent: 2005/2083608 (2005-12-01), Kalcrow et al.
patent: 2006/0059253 (2006-03-01), Goodman et al.
patent: 2006/0090208 (2006-04-01), Smith
patent: 2007/0005971 (2007-01-01), Leung et al.
David Ferraiolo and Richard Kuhn, “Role-Based Access Control”, Proceedings of 15thNational Computer Society, 1992, pp. 1-11.
R. Yavatkar, D. Pendarakis, R. Guerin, “A Framework for Policy-based Admission Control”, Network Working Group Request for Comments: 2753, Universtiy of Pennsylvania, Jan. 2000, pp. 1-20.
Cisco—Understanding and Configuring VLAN Trunk Protocol (VTP), Document ID: 10558, 33 pgs.
“Overview of Routing Between Virtual LANs”, Cisco—IOS Switching Services Configuration Guide, pp. XC-31-XC36.
S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol”, Network Working Group Request for Comments: 2401, @Home Network, Nov. 1998, pp. 1-66.
David Greene, “802.1Q VLANs for better bandwith”, Network World, Mar. 5, 2001, http://www.networkworld.com
ews/tech/2001/0305tech.html, pp. 1-2.
International Searching Authority, “International Search Report”, PCT/US07/63458, dated Jul. 15, 2008, 12 pages.
Claims, PCT/US07/63458, 3 pages.
Convery Sean
Droms Ralph
Oran David R.
Rivers James
Schnizlein John
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Moise Emmanuel L
Pham Luu
LandOfFree
Role aware network security enforcement does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Role aware network security enforcement, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Role aware network security enforcement will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4192960