EP1038217A1 - System and method of securing a computer from unauthorized access - Google Patents
System and method of securing a computer from unauthorized accessInfo
- Publication number
- EP1038217A1 EP1038217A1 EP99956566A EP99956566A EP1038217A1 EP 1038217 A1 EP1038217 A1 EP 1038217A1 EP 99956566 A EP99956566 A EP 99956566A EP 99956566 A EP99956566 A EP 99956566A EP 1038217 A1 EP1038217 A1 EP 1038217A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- computer
- server
- external client
- client computer
- server computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/009—Trust
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Communication Control (AREA)
- Circuits Of Receivers In General (AREA)
- Computer And Data Communications (AREA)
- Hardware Redundancy (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A message (602) is encrypted with a first key E1 at the first computer (604). This is sent to a second computer, encrypted with a second key E2 (606), and sent back to the first computer. The first computer decrypts it with E1 (608) and sends it to the second computer. The second computer decrypts it with the second key.
Description
SYSTEM AND METHOD OF SECURING A COMPUTER FROM UNAUTHORIZED ACCESS
BACKGROUND OF THE INVENTION
1. Field of the invention
The present invention relates generally to computer security and more specifically to making a computer impervious to unwanted users and methods thereof.
2. Description of the Prior Art
In order to maintain a computer server on the Internet, the server generally needs to be secured so that unwanted users will not break into sensitive areas on the server, particularly if the server is being used as an e-commerce server. One way to protect the server is to screen incoming requests with a firewall.
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
Basically, a firewall filters all network packets to determine whether to forward them toward their destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. However, a firewall is generally not impervious to unwanted users.
Since a firewall screens requests, the amount of traffic entering the server slows down considerably. Firewalls can be very complex and expensive, and often require an experienced technician to install and maintain. Furthermore, firewalls are open to attack from hackers, and once penetrated a hacker can gain supervisory rights to the server and access sensitive areas.
Thus, it would be desirable to provide a system and method of securing a computer that does not slow down traffic to the server, is easy to install, easy to use, inexpensive, and impervious to attack by unwanted users.
SUMMARY OF THE INVENTION
The present invention provides a system and method of securing a server computer from unauthorized access without requiring a firewall. The server computer is secured from an external client computer over the Internet or a network by removing the server's root or supervisor rights. The external client computer can be authorized through a trusted IP address list, as well as requiring a password key from the user of the external client computer. A telnet session and an ftp session can remain connected between the server computer and the Internet in order to manage the server computer while it is locked. Even though the supervisor rights have been removed from the server computer, an Internet session will continue to run to allow access to the server computer. The authorized external client can also restore the supervisor rights and manage the web server computer accordingly.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention may be better understood, and its numerous objects, features, and advantages made apparent to those skilled in the art by referencing the accompanying illustrations. For simplicity and ease of understanding, common numbering of elements is employed where an element is the same in different illustrations.
FIG. 1 is a schematic diagram illustrating a client requesting access to a secure server over the Internet, in accordance with the present invention;
FIG. 2 is a block diagram of the secure server computer shown in FIG. 1 , in accordance with the present invention;
FIG. 3 is a block diagram of one embodiment of the non-volatile memory module located within the secure server computer of FIG. 2; and
FIG. 4 is a flowchart of a method illustrating how an administrator can manage and secure the server computer, according to the invention.
DETAILED DESCRIPTION OF THE INVENTION
The following is a detailed description of illustrative embodiments of the present invention. As these embodiments of the present invention are described with reference to the aforementioned illustrations, various modifications or adaptations of the methods and or specific structures described may become apparent to those skilled in the art. All such modifications, adaptations, or variations that rely upon the teachings of the present invention, and through which these teachings have advanced the art, are considered to be within the spirit and scope of the present invention. Hence, these descriptions and drawings should not be considered in a limiting sense, as it is understood that the present invention is in no way limited to only the embodiments illustrated. Referring now to FIG. 1 , a schematic diagram illustrates a web server 100 and a client computer 102 connected to the Internet 104. Excellent results can be obtained when the web server 100 is running
a Unix® operating system, however, other operating systems such as
Windows® can also be used. A qualified user or an administrator
using a client computer 102 has the ability to access the server 100 through the Internet 104 in order to manage the server 100 and to pseudo lock the server 100 so that no unauthorized access can be gained.
FIG. 2 is a block diagram of the web server computer 100 shown in FIG. 1. Computer 100 includes a CPU 202, RAM 204, non-volatile memory 206, an input device 208, a display 210, and an Internet interface 212 for providing access to the Internet. FIG. 3 is a block diagram of one embodiment of the non-volatile memory module 206 located within the web server computer 100 of FIG. 2. The non-volatile memory 206 includes a database of secure keys 302, a listing of trusted IP addresses 304, and an access engine 306. The database of secure keys 302 includes at least one authorized key or password that is known or held by the server administrator. The access engine 306 provides the administrator with various features for managing the web server computer 100, these features include: a remove supervisor rights engine 308, a restore supervisor rights engine 310, and management tools 312. During the initial installation of the access engine 306 a password or a secure key 302 is established by the server administrator. The access engine 306 is programmed so that it is only accessible from an external client computer having a trusted IP address. The administrator is able to specify IP addresses that would allow access to the access engine 306.
FIG. 4 is a flowchart of a method illustrating how to secure and manage the web server computer from an authorized client computer through the Internet in accordance with the invention. The administrator begins his request for access to the web server
computer from a client computer at step 400 by starting the access engine. Next at step 402 it is determined if the request from the client computer is from a trusted IP address. The web server computer checks to see if the IP address of the requesting client computer is in the list of trusted IP addresses 304.
If the IP address of the requesting client is not in the list of trusted IP addresses 304 then at step 404 the client request to manage the web server computer is rejected. If the IP address of the requesting client is found in the listing of trusted IP addresses 304, then at step 406 a key or password is requested from the client. It is possible for computer hackers to "spoof an IP address from an untrusted IP address, therefore an additional security measure of requiring a password is provided for a higher level of security.
If the password entered from the client is not in the database of secure keys 302 then at step 404 the client request to manage the web server computer is rejected. If the key entered from the client is in the database of secure keys 302, then the requesting client is authorized to manage the web server computer.
After being authorized to manage the web server computer, at step 410 the administrator decides whether to lock the server. If the administrator decides to lock the server then at step 412 supervisor rights on the web server computer are then physically removed thereby locking the server computer from any unauthorized access, and at step 424 the process ends. Prior to removing the supervisor
rights on the web server, a telnet session and an ftp session are established with the web server so that the web server can still be accessed over the Internet by, and only by, the client 102.
In order to lock the server, the root, or alias root, is physically removed from the server. This requires rewriting the password file without any supervisory rights in it. In a UNIX operating system, in order to physically remove the root or the supervisory rights from the server, the User ID = 0 (UID=0) and the Group ID = 0 (GID=0) are removed from the computer's user list and group list. After the root is removed, the web server computer is functionally dead or secure and no supervisory commands can be issued at the console of the web server, but the telnet session and the ftp session stay connected and allow the trusted client to access the server over the Internet. Even though the server is functionally dead and nobody can access the server as a supervisor, other applications on the web server continue to run and allow access from users on the Internet.
If, at step 410, the administrator does not lock the server, then at step 414 the administrator has the option to unlock the web server if the server has been previously locked. If the administrator chooses to unlock the server then at step 416 supervisor rights on the server are restored, and at step 424 the process ends. In order to restore the supervisor rights, the supervisor is added to the user list and the group list (i.e. UID=0 and GID=0 is added).
If, at step 414, the server is not unlocked, then at step 418 the administrator can choose to process other requests, such as managing the files on the server. At step 420 any requests by the administrator from the trusted client are processed, and at step 424 the process then ends. If no requests are made by the administrator, then at step 422 the access engine goes through error processing and at step 424 the process ends.
Claims
1. A system for securing a server computer from unauthorized access, comprising: an access engine for removing supervisor rights on the server computer.
2. The system of claim 1 , wherein removing supervisor rights includes removing a root from the server.
3. The system of claim 1 , wherein the access engine allows removing supervisor rights from an external client computer.
4. The system of claim 3, wherein the access engine allows supervisor rights to be restored on the server computer from an external client computer.
5. The system of claim 3, further including a list of trusted IP addresses, wherein the external client computer can only remove supervisor rights on the server computer if the external client computer has an IP address in the list of trusted IP addresses.
6. The system of claim 5, further including a password key, wherein the external client computer can only remove supervisor rights on the server computer if the password key is provided by a user of the external client computer.
7. The system of claim 1 , wherein the server computer is a world- wide-web server computer connected to an Internet.
8. A method of securing a server computer from unauthorized access, comprising the steps of: removing supervisor rights on the server computer; and allowing external access to applications on the server computer.
9. The method of claim 8, further including the steps of: providing a list of trusted IP addresses; and authorizing an external client computer to remove supervisor rights only if the external client computer has an IP address in the list of trusted IP addresses.
10. The method of claim 9, further including the steps of: providing a password key; and authorizing the external client computer to remove supervisor rights only if the password key is provided by a user of the external client computer.
11. The method of claim 8, wherein removing supervisor rights includes removing a root from the server computer.
12. The method of claim 8, wherein removing supervisor rights can be done from an external client computer over an internet.
13. A computer- readable medium comprising program instructions for securing a server computer from unauthorized access, by performing the steps of: removing supervisor rights on the server computer from an external client computer; and allowing external access to applications on the server computer.
14. The computer-readable medium of claim 13, further performing the steps of: providing a list of trusted IP addresses; and authorizing the external client computer to remove supervisor rights only if the external client computer has an IP address in the list of trusted IP addresses.
15. The computer-readable medium of claim 14, further performing the steps of: providing a password key; and authorizing the external client computer to remove supervisor rights only if the password key is provided by a user of the external client computer.
16. The computer- readable medium of claim 13, wherein removing supervisor rights includes removing a root from the server computer.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10427098P | 1998-10-14 | 1998-10-14 | |
US104270P | 1998-10-14 | ||
PCT/US1999/024088 WO2000022510A1 (en) | 1998-10-14 | 1999-10-14 | System and method of securing a computer from unauthorized access |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1038217A1 true EP1038217A1 (en) | 2000-09-27 |
Family
ID=22299551
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99956566A Withdrawn EP1038217A1 (en) | 1998-10-14 | 1999-10-14 | System and method of securing a computer from unauthorized access |
EP99960133A Withdrawn EP1038369A2 (en) | 1998-10-14 | 1999-10-14 | System and method of sending and receiving secure data using anonymous keys |
EP99970527A Ceased EP1040616A4 (en) | 1998-10-14 | 1999-10-14 | System and method of authenticating a key and transmitting secure data |
EP99970526A Expired - Lifetime EP1125393B1 (en) | 1998-10-14 | 1999-10-14 | Method of sending and receiving secure data with a shared key |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99960133A Withdrawn EP1038369A2 (en) | 1998-10-14 | 1999-10-14 | System and method of sending and receiving secure data using anonymous keys |
EP99970527A Ceased EP1040616A4 (en) | 1998-10-14 | 1999-10-14 | System and method of authenticating a key and transmitting secure data |
EP99970526A Expired - Lifetime EP1125393B1 (en) | 1998-10-14 | 1999-10-14 | Method of sending and receiving secure data with a shared key |
Country Status (7)
Country | Link |
---|---|
EP (4) | EP1038217A1 (en) |
AT (1) | ATE456103T1 (en) |
AU (4) | AU1207600A (en) |
CA (4) | CA2312980A1 (en) |
DE (1) | DE69941958D1 (en) |
IL (4) | IL136745A0 (en) |
WO (4) | WO2000022496A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106790412A (en) * | 2016-11-30 | 2017-05-31 | 深圳市吉祥腾达科技有限公司 | A kind of Telnet simulates the method and system of consoled equipment |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
HUP0203134A2 (en) | 2000-02-21 | 2003-01-28 | Trek 2000 Int Ltd | A portable data storage device |
US9767167B2 (en) * | 2000-04-27 | 2017-09-19 | Proquest Llc | Method and system for retrieving search results from multiple disparate databases |
EP1295457A2 (en) * | 2000-05-11 | 2003-03-26 | Sun Microsystems, Inc. | Network library service |
GB2393007B (en) | 2001-06-28 | 2005-08-03 | Trek 2000 Int Ltd | Method and devices for data transfer |
GB2386518A (en) * | 2002-02-08 | 2003-09-17 | Microbar Security Ltd | Associative encryption and decryption |
TW588243B (en) | 2002-07-31 | 2004-05-21 | Trek 2000 Int Ltd | System and method for authentication |
JP4102290B2 (en) * | 2003-11-11 | 2008-06-18 | 株式会社東芝 | Information processing device |
CN100370460C (en) * | 2005-07-21 | 2008-02-20 | 曾致中 | Database cryptogram search method |
DE102005045119A1 (en) * | 2005-09-21 | 2007-02-15 | Siemens Ag | Identification code generating method for bio-bank, involves providing biometric information, and associating or combining deoxyribonucleic acid information and biometric information of person into identification code according to algorithm |
US20130283060A1 (en) * | 2012-04-23 | 2013-10-24 | Raghavendra Kulkarni | Seamless Remote Synchronization and Sharing of Uniformly Encrypted Data for Diverse Platforms and Devices |
US9264221B2 (en) | 2014-01-31 | 2016-02-16 | Google Inc. | Systems and methods for faster public key encryption using the associated private key portion |
EP3888039A4 (en) * | 2018-11-30 | 2022-08-24 | RB Global Mobile Solutions, LLC | Digital identity management device |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4193131A (en) * | 1977-12-05 | 1980-03-11 | International Business Machines Corporation | Cryptographic verification of operational keys used in communication networks |
EP0085130A1 (en) * | 1982-02-02 | 1983-08-10 | Omnet Associates | Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission |
US4802217A (en) * | 1985-06-07 | 1989-01-31 | Siemens Corporate Research & Support, Inc. | Method and apparatus for securing access to a computer facility |
US5148479A (en) * | 1991-03-20 | 1992-09-15 | International Business Machines Corp. | Authentication protocols in communication networks |
US5596718A (en) * | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
JP2519390B2 (en) * | 1992-09-11 | 1996-07-31 | インターナショナル・ビジネス・マシーンズ・コーポレイション | DATA COMMUNICATION METHOD AND DEVICE |
US5649118A (en) * | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
US5544246A (en) * | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
US5590199A (en) * | 1993-10-12 | 1996-12-31 | The Mitre Corporation | Electronic information network user authentication and authorization system |
EP0734556B1 (en) * | 1993-12-16 | 2002-09-04 | Open Market, Inc. | Network based payment system and method for using such system |
US5475757A (en) * | 1994-06-07 | 1995-12-12 | At&T Corp. | Secure data transmission method |
US5864683A (en) * | 1994-10-12 | 1999-01-26 | Secure Computing Corporartion | System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights |
US5790668A (en) * | 1995-12-19 | 1998-08-04 | Mytec Technologies Inc. | Method and apparatus for securely handling data in a database of biometrics and associated data |
US5719941A (en) * | 1996-01-12 | 1998-02-17 | Microsoft Corporation | Method for changing passwords on a remote computer |
US5872847A (en) * | 1996-07-30 | 1999-02-16 | Itt Industries, Inc. | Using trusted associations to establish trust in a computer network |
AU4196497A (en) * | 1996-09-18 | 1998-04-14 | Dew Engineering And Development Limited | Biometric identification system for providing secure access |
US5949882A (en) * | 1996-12-13 | 1999-09-07 | Compaq Computer Corporation | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm |
US5887131A (en) * | 1996-12-31 | 1999-03-23 | Compaq Computer Corporation | Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password |
-
1999
- 1999-10-14 IL IL13674599A patent/IL136745A0/en unknown
- 1999-10-14 WO PCT/US1999/024191 patent/WO2000022496A2/en not_active Application Discontinuation
- 1999-10-14 CA CA002312980A patent/CA2312980A1/en not_active Abandoned
- 1999-10-14 CA CA002312967A patent/CA2312967C/en not_active Expired - Lifetime
- 1999-10-14 AU AU12076/00A patent/AU1207600A/en not_active Abandoned
- 1999-10-14 WO PCT/US1999/024088 patent/WO2000022510A1/en not_active Application Discontinuation
- 1999-10-14 EP EP99956566A patent/EP1038217A1/en not_active Withdrawn
- 1999-10-14 AU AU12072/00A patent/AU1207200A/en not_active Abandoned
- 1999-10-14 EP EP99960133A patent/EP1038369A2/en not_active Withdrawn
- 1999-10-14 WO PCT/US1999/024157 patent/WO2000022774A1/en active Search and Examination
- 1999-10-14 AT AT99970526T patent/ATE456103T1/en not_active IP Right Cessation
- 1999-10-14 IL IL13674799A patent/IL136747A0/en unknown
- 1999-10-14 IL IL13674899A patent/IL136748A0/en unknown
- 1999-10-14 AU AU17067/00A patent/AU1706700A/en not_active Abandoned
- 1999-10-14 IL IL13647699A patent/IL136746A0/en unknown
- 1999-10-14 CA CA002312981A patent/CA2312981A1/en not_active Abandoned
- 1999-10-14 AU AU13151/00A patent/AU1315100A/en not_active Abandoned
- 1999-10-14 WO PCT/US1999/024142 patent/WO2000022773A1/en active Search and Examination
- 1999-10-14 CA CA002313081A patent/CA2313081A1/en not_active Abandoned
- 1999-10-14 DE DE69941958T patent/DE69941958D1/en not_active Expired - Lifetime
- 1999-10-14 EP EP99970527A patent/EP1040616A4/en not_active Ceased
- 1999-10-14 EP EP99970526A patent/EP1125393B1/en not_active Expired - Lifetime
Non-Patent Citations (1)
Title |
---|
See references of WO0022510A1 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106790412A (en) * | 2016-11-30 | 2017-05-31 | 深圳市吉祥腾达科技有限公司 | A kind of Telnet simulates the method and system of consoled equipment |
Also Published As
Publication number | Publication date |
---|---|
EP1125393A1 (en) | 2001-08-22 |
CA2312981A1 (en) | 2000-04-20 |
EP1038369A2 (en) | 2000-09-27 |
WO2000022510A1 (en) | 2000-04-20 |
CA2312980A1 (en) | 2000-04-20 |
ATE456103T1 (en) | 2010-02-15 |
AU1207200A (en) | 2000-05-01 |
CA2312967C (en) | 2008-02-05 |
EP1040616A4 (en) | 2000-12-27 |
IL136748A0 (en) | 2001-06-14 |
IL136746A0 (en) | 2001-06-14 |
WO2000022496A2 (en) | 2000-04-20 |
AU1207600A (en) | 2000-05-01 |
WO2000022773A1 (en) | 2000-04-20 |
AU1706700A (en) | 2000-05-01 |
EP1125393B1 (en) | 2010-01-20 |
EP1125393A4 (en) | 2001-12-19 |
AU1315100A (en) | 2000-05-01 |
DE69941958D1 (en) | 2010-03-11 |
CA2313081A1 (en) | 2000-04-20 |
WO2000022774A1 (en) | 2000-04-20 |
EP1040616A1 (en) | 2000-10-04 |
IL136747A0 (en) | 2001-06-14 |
WO2000022496A3 (en) | 2000-07-06 |
CA2312967A1 (en) | 2000-04-20 |
IL136745A0 (en) | 2001-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP3466025B2 (en) | Method and apparatus for protecting masquerade attack in computer network | |
Ioannidis et al. | Implementing a distributed firewall | |
US8528047B2 (en) | Multilayer access control security system | |
EP1311930B1 (en) | System and method for authenticating a user to a web server | |
US7770222B2 (en) | Creating an interrogation manifest request | |
US8255973B2 (en) | Provisioning remote computers for accessing resources | |
US20030177376A1 (en) | Framework for maintaining information security in computer networks | |
EP1104613A1 (en) | Access control using attributes contained within public key certificates | |
US20090193503A1 (en) | Network access control | |
EP1038217A1 (en) | System and method of securing a computer from unauthorized access | |
US20050044405A1 (en) | System and method of securing a computer from unauthorized access | |
Cisco | Configuring the Device-Specific Settings of Network Objects | |
Cisco | Configuring the Device-Specific Settings of Network Objects | |
Cisco | Configuring Lock-and-Key Security (Dynamic Access Lists) | |
Cisco | Configuring the Device-Specific Settings of Network Objects | |
Cisco | Configuring Traffic Filters | |
Cisco | Configuring Lock-and-Key Security (Dynamic Access Lists) | |
Cisco | Configuring Lock-and-Key Security (Dynamic Access Lists) | |
KR100383442B1 (en) | security method of server system | |
KR102214162B1 (en) | A user-based object access control system using server's hooking | |
Cordis et al. | Considerations in Mitigating Kerberos Vulnerabilities for Active Directory | |
Nilausen | NetSP—Network Security Program | |
Norberg | Building a Windows NT bastion host in practice | |
Slabihoud et al. | Forefront TMG 2010 Common Criteria Evaluation | |
Honeyman et al. | Hijacking afs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
17P | Request for examination filed |
Effective date: 20001011 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20050503 |