GB2317539B - Generalized security policy management system and method - Google Patents

Generalized security policy management system and method

Info

Publication number
GB2317539B
GB2317539B GB9719818A GB9719818A GB2317539B GB 2317539 B GB2317539 B GB 2317539B GB 9719818 A GB9719818 A GB 9719818A GB 9719818 A GB9719818 A GB 9719818A GB 2317539 B GB2317539 B GB 2317539B
Authority
GB
Grant status
Grant
Patent type
Prior art keywords
message
protocol stack
method
network protocol
management system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB9719818A
Other versions
GB2317539A (en )
GB9719818D0 (en )
Inventor
Edward B Stockwell
Alan E Klietz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure Computing LLC
Original Assignee
Secure Computing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/16Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/16Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A system (10) for regulating the flow of messages through a firewall (18) having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer where if the message is not encrypted, it passes the unencrypted message up the network protocol stack to an application level proxy (50), and if the message is encrypted, it decrypts the message and passes the decrypted message up the network protocol stack to the application level proxy. The step of decrypting the message includes the step of executing a process at the IP layer to decrypt the message.
GB9719818A 1996-09-18 1997-09-17 Generalized security policy management system and method Expired - Fee Related GB2317539B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US08715343 US5983350A (en) 1996-09-18 1996-09-18 Secure firewall supporting different levels of authentication based on address or encryption status
US08715668 US5950195A (en) 1996-09-18 1996-09-18 Generalized security policy management system and method

Publications (3)

Publication Number Publication Date
GB9719818D0 GB9719818D0 (en) 1997-11-19
GB2317539A true GB2317539A (en) 1998-03-25
GB2317539B true GB2317539B (en) 2001-03-28

Family

ID=27109321

Family Applications (2)

Application Number Title Priority Date Filing Date
GB9719818A Expired - Fee Related GB2317539B (en) 1996-09-18 1997-09-17 Generalized security policy management system and method
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Country Status (2)

Country Link
DE (1) DE19741239C2 (en)
GB (2) GB2317539B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US8935311B2 (en) 1997-03-10 2015-01-13 Sonicwall, Inc. Generalized policy server

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7580919B1 (en) 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7272625B1 (en) 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6104716A (en) * 1997-03-28 2000-08-15 International Business Machines Corporation Method and apparatus for lightweight secure communication tunneling over the internet
EP1105809A4 (en) * 1998-06-29 2005-10-05 Internet Dynamics Inc Generalized policy server
US7912856B2 (en) 1998-06-29 2011-03-22 Sonicwall, Inc. Adaptive encryption
WO1999062222A3 (en) * 1998-05-27 2000-02-03 Eskil Aahlin Method for safe telephony with mobility in a tele and data communications system which includes an ip-network
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7010604B1 (en) 1998-10-30 2006-03-07 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7188180B2 (en) 1998-10-30 2007-03-06 Vimetx, Inc. Method for establishing secure communication link between computers of virtual private network
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
FI106594B (en) * 1999-02-10 2001-02-28 Intrasecure Networks A communication method for transmitting a message through a firewall
GB9919444D0 (en) * 1999-08-17 1999-10-20 Hewlett Packard Co Robust encryption and decryption of packetized data transferred across communications networks
GB0003018D0 (en) * 2000-02-11 2000-03-29 Secr Defence Computer security system
EP1755315A3 (en) * 2000-04-26 2010-07-07 VirnetX Inc. Improvements to an agile network protocol for secure communications with assured system availability
DE10031896C1 (en) * 2000-06-30 2002-01-24 Chris Holland Network coupling gateway for data telecommunications uses modular data format matching device configured using stored data set corresponding to subscriber device type
US6996842B2 (en) * 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
DE50207130D1 (en) 2001-09-25 2006-07-20 Siemens Ag A method for transmitting data in a packet-oriented data network
US20030084319A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node, method and computer readable medium for inserting an intrusion prevention system into a network stack
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
CN100512278C (en) * 2003-11-13 2009-07-08 中兴通讯股份有限公司 A method for embedding IPSEC in IP protocol stack
CN100414929C (en) 2005-03-15 2008-08-27 华为技术有限公司 Text transmission method in protocal network of mobile internet

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996013113A1 (en) * 1994-10-12 1996-05-02 Secure Computing Corporation System and method for providing secure internetwork services
WO1997029413A2 (en) * 1996-02-09 1997-08-14 Secure Computing Corporation System and method for achieving network separation

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757924A (en) * 1995-09-18 1998-05-26 Digital Secured Networks Techolognies, Inc. Network security device which performs MAC address translation without affecting the IP address
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
WO1997026731A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Data encryption/decryption for network communication
WO1997026734A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network
WO1997026735A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Key management for network communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996013113A1 (en) * 1994-10-12 1996-05-02 Secure Computing Corporation System and method for providing secure internetwork services
WO1997029413A2 (en) * 1996-02-09 1997-08-14 Secure Computing Corporation System and method for achieving network separation

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8935311B2 (en) 1997-03-10 2015-01-13 Sonicwall, Inc. Generalized policy server
US9154489B2 (en) 1997-03-10 2015-10-06 Dell Software Inc. Query interface to policy server
US9276920B2 (en) 1997-03-10 2016-03-01 Dell Software Inc. Tunneling using encryption
US9331992B2 (en) 1997-03-10 2016-05-03 Dell Software Inc. Access control
US9438577B2 (en) 1997-03-10 2016-09-06 Dell Software Inc. Query interface to policy server
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server

Also Published As

Publication number Publication date Type
DE19741239C2 (en) 2000-08-24 grant
GB2317792B (en) 2001-03-28 grant
GB2317539A (en) 1998-03-25 application
GB9719818D0 (en) 1997-11-19 grant
GB2317792A (en) 1998-04-01 application
DE19741239A1 (en) 1998-05-07 application
GB9719816D0 (en) 1997-11-19 grant

Similar Documents

Publication Publication Date Title
US6449721B1 (en) Method of encrypting information for remote access while maintaining access control
US6341164B1 (en) Method and apparatus for correcting improper encryption and/or for reducing memory storage
US7086086B2 (en) System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
US5757924A (en) Network security device which performs MAC address translation without affecting the IP address
US6178244B1 (en) Cryptosystem
US6092191A (en) Packet authentication and packet encryption/decryption scheme for security gateway
US5633933A (en) Method and apparatus for a key-management scheme for internet protocols
Blaze et al. Trust management for IPsec
US6675225B1 (en) Method and system for algorithm-based address-evading network snoop avoider
US5745572A (en) Cryptographic key management
US7310730B1 (en) Method and apparatus for communicating an encrypted broadcast to virtual private network receivers
US6996842B2 (en) Processing internet protocol security traffic
US7305548B2 (en) Using atomic messaging to increase the security of transferring data across a network
US6484257B1 (en) System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
US20040202328A1 (en) Data transmission controlling method and data transmission system
US20080037787A1 (en) Secure transport for mobile communication network
US7039946B1 (en) Piggy-backed key exchange protocol for providing secure, low-overhead browser connections when a client requests a server to propose a message encoding scheme
US20040057579A1 (en) Roaming hardware paired encryption key generation
US5956406A (en) Method of setting up secure communications and associated encryption/decryption system
US6694431B1 (en) Piggy-backed key exchange protocol for providing secure, low-overhead browser connections when a server will not use a message encoding scheme proposed by a client
US6775772B1 (en) Piggy-backed key exchange protocol for providing secure low-overhead browser connections from a client to a server using a trusted third party
US20090052660A1 (en) Method For Encrypting And Decrypting Instant Messaging Data
Goldschlag et al. Hiding routing information
US20080235508A1 (en) Reducing processing load in proxies for secure communications

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20141009 AND 20141015

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20150917