GB9719818D0 - Generalized security policy management system and method - Google Patents

Generalized security policy management system and method

Info

Publication number
GB9719818D0
GB9719818D0 GB9719818A GB9719818A GB9719818D0 GB 9719818 D0 GB9719818 D0 GB 9719818D0 GB 9719818 A GB9719818 A GB 9719818A GB 9719818 A GB9719818 A GB 9719818A GB 9719818 D0 GB9719818 D0 GB 9719818D0
Authority
GB
United Kingdom
Prior art keywords
message
management system
security policy
protocol stack
policy management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9719818A
Other versions
GB2317539A (en
GB2317539B (en
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure Computing LLC
Original Assignee
Secure Computing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/715,343 external-priority patent/US5983350A/en
Priority claimed from US08/715,668 external-priority patent/US5950195A/en
Application filed by Secure Computing LLC filed Critical Secure Computing LLC
Publication of GB9719818D0 publication Critical patent/GB9719818D0/en
Publication of GB2317539A publication Critical patent/GB2317539A/en
Application granted granted Critical
Publication of GB2317539B publication Critical patent/GB2317539B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system (10) for regulating the flow of messages through a firewall (18) having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer where if the message is not encrypted, it passes the unencrypted message up the network protocol stack to an application level proxy (50), and if the message is encrypted, it decrypts the message and passes the decrypted message up the network protocol stack to the application level proxy. The step of decrypting the message includes the step of executing a process at the IP layer to decrypt the message.
GB9719818A 1996-09-18 1997-09-17 Generalized security policy management system and method Expired - Fee Related GB2317539B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/715,343 US5983350A (en) 1996-09-18 1996-09-18 Secure firewall supporting different levels of authentication based on address or encryption status
US08/715,668 US5950195A (en) 1996-09-18 1996-09-18 Generalized security policy management system and method

Publications (3)

Publication Number Publication Date
GB9719818D0 true GB9719818D0 (en) 1997-11-19
GB2317539A GB2317539A (en) 1998-03-25
GB2317539B GB2317539B (en) 2001-03-28

Family

ID=27109321

Family Applications (2)

Application Number Title Priority Date Filing Date
GB9719818A Expired - Fee Related GB2317539B (en) 1996-09-18 1997-09-17 Generalized security policy management system and method
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Country Status (2)

Country Link
DE (1) DE19741239C2 (en)
GB (2) GB2317539B (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7580919B1 (en) 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US7272625B1 (en) 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7821926B2 (en) 1997-03-10 2010-10-26 Sonicwall, Inc. Generalized policy server
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US7912856B2 (en) 1998-06-29 2011-03-22 Sonicwall, Inc. Adaptive encryption
US6104716A (en) * 1997-03-28 2000-08-15 International Business Machines Corporation Method and apparatus for lightweight secure communication tunneling over the internet
SE512440C2 (en) * 1998-05-27 2000-03-20 Telia Ab Method for secure telephony with mobility in a telephone and data communication system comprising an IP network
EP1105809A4 (en) * 1998-06-29 2005-10-05 Internet Dynamics Inc Generalized policy server
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7188180B2 (en) 1998-10-30 2007-03-06 Vimetx, Inc. Method for establishing secure communication link between computers of virtual private network
CA2349519C (en) 1998-10-30 2011-08-09 Science Applications International Corporation An agile network protocol for secure communications with assured system availability
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
FI106594B (en) * 1999-02-10 2001-02-28 Intrasecure Networks Communication method for sending a message through a firewall
GB2353676A (en) * 1999-08-17 2001-02-28 Hewlett Packard Co Robust encryption and decryption of packetised data transferred across communications networks
GB0003018D0 (en) * 2000-02-11 2000-03-29 Secr Defence Computer security system
EP2323335B1 (en) * 2000-04-26 2020-04-08 VirnetX Inc. Protocol for secure communication
DE10031896C1 (en) * 2000-06-30 2002-01-24 Chris Holland Network coupling gateway for data telecommunications uses modular data format matching device configured using stored data set corresponding to subscriber device type
US6996842B2 (en) * 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
US7315537B2 (en) 2001-09-25 2008-01-01 Siemens Aktiengesellschaft Method for the transmission of data in a packet-oriented data network
US20030084319A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node, method and computer readable medium for inserting an intrusion prevention system into a network stack
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
CN100512278C (en) * 2003-11-13 2009-07-08 中兴通讯股份有限公司 A method for embedding IPSEC in IP protocol stack
CN100414929C (en) * 2005-03-15 2008-08-27 华为技术有限公司 Text transmission method in protocal network of mobile internet
US10708230B2 (en) * 2018-06-14 2020-07-07 Servicenow, Inc. Systems and methods for firewall configuration using block lists

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5757924A (en) * 1995-09-18 1998-05-26 Digital Secured Networks Techolognies, Inc. Network security device which performs MAC address translation without affecting the IP address
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
WO1997026734A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network
AU1748797A (en) * 1996-01-16 1997-08-11 Raptor Systems, Inc. Key management for network communication
WO1997026731A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Data encryption/decryption for network communication
US5918018A (en) * 1996-02-09 1999-06-29 Secure Computing Corporation System and method for achieving network separation

Also Published As

Publication number Publication date
DE19741239C2 (en) 2000-08-24
GB2317792A (en) 1998-04-01
DE19741239A1 (en) 1998-05-07
GB9719816D0 (en) 1997-11-19
GB2317539A (en) 1998-03-25
GB2317792B (en) 2001-03-28
GB2317539B (en) 2001-03-28

Similar Documents

Publication Publication Date Title
GB2317539B (en) Generalized security policy management system and method
EP1317839B1 (en) Apparatus and method for selectively encrypting the payload portion of multimedia data sent over a network
US6260142B1 (en) Access and storage of secure group communication cryptographic keys
US5812671A (en) Cryptographic communication system
CA2278670A1 (en) Encryption and decryption method and apparatus
WO2000060846A3 (en) Selective and renewable encryption for secure distribution of video on-demand
WO2000033506A8 (en) Public key cryptosystem with roaming user capability
CA2224661A1 (en) Use of an encryption server for encrypting messages
WO2001078491A3 (en) Systems and methods for encrypting/decrypting data using a broker agent
MY119594A (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
EP0669741A3 (en) Method and apparatus for encrypted communication in data networks
AU3352000A (en) Multiple level public key hierarchy for performance and high security
WO1998002989B1 (en) Cryptographic communication system
AU2506397A (en) Method for providing a secure communication between two devices and application of this method
CA2299056A1 (en) A system and method for manipulating a computer file and/or program
WO1997026735A9 (en) Key management for network communication
WO1997026735A1 (en) Key management for network communication
WO2002101974A8 (en) Secure ephemeral decryptability
CA2213096A1 (en) Key management system for mixed-trust environments
EP1251670A3 (en) Negotiating secure connections through a proxy server
EP0872977A3 (en) System and method for efficiently implementing an authenticated communications channel that facilitates tamper detection
GB0317742D0 (en) Secure transmission of data within a distributed computer system
JPH1168730A (en) Encryption gateway device
AU1207600A (en) System and method of authenticating a key and transmitting secure data
CA2226831A1 (en) Decryption of retransmitted data in an encrypted communication system

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20141009 AND 20141015

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20150917