GB2317539B - Generalized security policy management system and method - Google Patents

Generalized security policy management system and method

Info

Publication number
GB2317539B
GB2317539B GB9719818A GB9719818A GB2317539B GB 2317539 B GB2317539 B GB 2317539B GB 9719818 A GB9719818 A GB 9719818A GB 9719818 A GB9719818 A GB 9719818A GB 2317539 B GB2317539 B GB 2317539B
Authority
GB
United Kingdom
Prior art keywords
message
management system
security policy
protocol stack
policy management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB9719818A
Other versions
GB2317539A (en
GB9719818D0 (en
Inventor
Edward B Stockwell
Alan E Klietz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure Computing LLC
Original Assignee
Secure Computing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/715,668 external-priority patent/US5950195A/en
Priority claimed from US08/715,343 external-priority patent/US5983350A/en
Application filed by Secure Computing LLC filed Critical Secure Computing LLC
Publication of GB9719818D0 publication Critical patent/GB9719818D0/en
Publication of GB2317539A publication Critical patent/GB2317539A/en
Application granted granted Critical
Publication of GB2317539B publication Critical patent/GB2317539B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system (10) for regulating the flow of messages through a firewall (18) having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer where if the message is not encrypted, it passes the unencrypted message up the network protocol stack to an application level proxy (50), and if the message is encrypted, it decrypts the message and passes the decrypted message up the network protocol stack to the application level proxy. The step of decrypting the message includes the step of executing a process at the IP layer to decrypt the message.
GB9719818A 1996-09-18 1997-09-17 Generalized security policy management system and method Expired - Fee Related GB2317539B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/715,668 US5950195A (en) 1996-09-18 1996-09-18 Generalized security policy management system and method
US08/715,343 US5983350A (en) 1996-09-18 1996-09-18 Secure firewall supporting different levels of authentication based on address or encryption status

Publications (3)

Publication Number Publication Date
GB9719818D0 GB9719818D0 (en) 1997-11-19
GB2317539A GB2317539A (en) 1998-03-25
GB2317539B true GB2317539B (en) 2001-03-28

Family

ID=27109321

Family Applications (2)

Application Number Title Priority Date Filing Date
GB9719818A Expired - Fee Related GB2317539B (en) 1996-09-18 1997-09-17 Generalized security policy management system and method
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway

Country Status (2)

Country Link
DE (1) DE19741239C2 (en)
GB (2) GB2317539B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US8935311B2 (en) 1997-03-10 2015-01-13 Sonicwall, Inc. Generalized policy server

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7912856B2 (en) 1998-06-29 2011-03-22 Sonicwall, Inc. Adaptive encryption
US7580919B1 (en) 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7272625B1 (en) 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6104716A (en) * 1997-03-28 2000-08-15 International Business Machines Corporation Method and apparatus for lightweight secure communication tunneling over the internet
SE512440C2 (en) * 1998-05-27 2000-03-20 Telia Ab Method for secure telephony with mobility in a telephone and data communication system comprising an IP network
EP1105809A4 (en) * 1998-06-29 2005-10-05 Internet Dynamics Inc Generalized policy server
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
CA2723504C (en) 1998-10-30 2014-04-29 Virnetx, Inc. An agile network protocol for secure communications with assured system availability
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US6826616B2 (en) 1998-10-30 2004-11-30 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
FI106594B (en) * 1999-02-10 2001-02-28 Intrasecure Networks Communication method for sending a message through a firewall
GB2353676A (en) 1999-08-17 2001-02-28 Hewlett Packard Co Robust encryption and decryption of packetised data transferred across communications networks
GB0003018D0 (en) * 2000-02-11 2000-03-29 Secr Defence Computer security system
EP2375672A1 (en) * 2000-04-26 2011-10-12 VirnetX Inc. Improvements to an agile network protocol for secure communications with assured system availability
DE10031896C1 (en) * 2000-06-30 2002-01-24 Chris Holland Network coupling gateway for data telecommunications uses modular data format matching device configured using stored data set corresponding to subscriber device type
US6996842B2 (en) * 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
US7315537B2 (en) 2001-09-25 2008-01-01 Siemens Aktiengesellschaft Method for the transmission of data in a packet-oriented data network
US20030084319A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node, method and computer readable medium for inserting an intrusion prevention system into a network stack
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
CN100512278C (en) * 2003-11-13 2009-07-08 中兴通讯股份有限公司 A method for embedding IPSEC in IP protocol stack
CN100414929C (en) * 2005-03-15 2008-08-27 华为技术有限公司 Text transmission method in protocal network of mobile internet
US10708230B2 (en) * 2018-06-14 2020-07-07 Servicenow, Inc. Systems and methods for firewall configuration using block lists

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996013113A1 (en) * 1994-10-12 1996-05-02 Secure Computing Corporation System and method for providing secure internetwork services
WO1997029413A2 (en) * 1996-02-09 1997-08-14 Secure Computing Corporation System and method for achieving network separation

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757924A (en) * 1995-09-18 1998-05-26 Digital Secured Networks Techolognies, Inc. Network security device which performs MAC address translation without affecting the IP address
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
AU1829897A (en) * 1996-01-16 1997-08-11 Raptor Systems, Inc. Transferring encrypted packets over a public network
AU2242697A (en) * 1996-01-16 1997-08-11 Raptor Systems, Inc. Data encryption/decryption for network communication
AU1748797A (en) * 1996-01-16 1997-08-11 Raptor Systems, Inc. Key management for network communication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996013113A1 (en) * 1994-10-12 1996-05-02 Secure Computing Corporation System and method for providing secure internetwork services
WO1997029413A2 (en) * 1996-02-09 1997-08-14 Secure Computing Corporation System and method for achieving network separation

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8935311B2 (en) 1997-03-10 2015-01-13 Sonicwall, Inc. Generalized policy server
US9154489B2 (en) 1997-03-10 2015-10-06 Dell Software Inc. Query interface to policy server
US9276920B2 (en) 1997-03-10 2016-03-01 Dell Software Inc. Tunneling using encryption
US9331992B2 (en) 1997-03-10 2016-05-03 Dell Software Inc. Access control
US9438577B2 (en) 1997-03-10 2016-09-06 Dell Software Inc. Query interface to policy server
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server

Also Published As

Publication number Publication date
GB9719816D0 (en) 1997-11-19
DE19741239C2 (en) 2000-08-24
GB2317539A (en) 1998-03-25
GB9719818D0 (en) 1997-11-19
GB2317792B (en) 2001-03-28
DE19741239A1 (en) 1998-05-07
GB2317792A (en) 1998-04-01

Similar Documents

Publication Publication Date Title
GB2317539B (en) Generalized security policy management system and method
US6260142B1 (en) Access and storage of secure group communication cryptographic keys
US5825891A (en) Key management for network communication
CA2278670A1 (en) Encryption and decryption method and apparatus
WO2000060846A3 (en) Selective and renewable encryption for secure distribution of video on-demand
WO1997041661A3 (en) Use of an encryption server for encrypting messages
WO2001078491A3 (en) Systems and methods for encrypting/decrypting data using a broker agent
MY119594A (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
EP0669741A3 (en) Method and apparatus for encrypted communication in data networks
AU3352000A (en) Multiple level public key hierarchy for performance and high security
WO1998002989B1 (en) Cryptographic communication system
AU2506397A (en) Method for providing a secure communication between two devices and application of this method
BR0112510A (en) Secure Packet-Based Data Broadcast Architecture
CA2299056A1 (en) A system and method for manipulating a computer file and/or program
WO1997026735A9 (en) Key management for network communication
WO2002101974A8 (en) Secure ephemeral decryptability
CA2213096A1 (en) Key management system for mixed-trust environments
DE69634415D1 (en) SYSTEM AND METHOD FOR ANALYZING UNIVERSAL NETWORKS
EP1251670A3 (en) Negotiating secure connections through a proxy server
WO2005089088A3 (en) Method, apparatus and system for use in distributed and parallel decryption
EP0872977A3 (en) System and method for efficiently implementing an authenticated communications channel that facilitates tamper detection
GB2404535B (en) Secure transmission of data within a distributed computer system
AU1207600A (en) System and method of authenticating a key and transmitting secure data
CA2226831A1 (en) Decryption of retransmitted data in an encrypted communication system
Aziz et al. Design and Implementation of SKIP

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20141009 AND 20141015

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20150917