WO1998040992A3 - Methods and apparatus for controlling access to information - Google Patents

Methods and apparatus for controlling access to information Download PDF

Info

Publication number
WO1998040992A3
WO1998040992A3 PCT/US1998/004522 US9804522W WO9840992A3 WO 1998040992 A3 WO1998040992 A3 WO 1998040992A3 US 9804522 W US9804522 W US 9804522W WO 9840992 A3 WO9840992 A3 WO 9840992A3
Authority
WO
WIPO (PCT)
Prior art keywords
access
user
network
information
request
Prior art date
Application number
PCT/US1998/004522
Other languages
French (fr)
Other versions
WO1998040992A2 (en
Inventor
Daniel Jensen
Laurence R Lipstone
Michael B Ribet
David S Schneider
Original Assignee
Internet Dynamics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/034,507 external-priority patent/US6408336B1/en
Priority claimed from US09/034,587 external-priority patent/US6105027A/en
Priority claimed from US09/034,576 external-priority patent/US6178505B1/en
Application filed by Internet Dynamics Inc filed Critical Internet Dynamics Inc
Priority to EP98910236A priority Critical patent/EP0966822A2/en
Priority to AU64527/98A priority patent/AU733109B2/en
Publication of WO1998040992A2 publication Critical patent/WO1998040992A2/en
Publication of WO1998040992A3 publication Critical patent/WO1998040992A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Indexing, Searching, Synchronizing, And The Amount Of Synchronization Travel Of Record Carriers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.
PCT/US1998/004522 1997-03-10 1998-03-09 Methods and apparatus for controlling access to information WO1998040992A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP98910236A EP0966822A2 (en) 1997-03-10 1998-03-09 Methods and apparatus for controlling access to information
AU64527/98A AU733109B2 (en) 1997-03-10 1998-03-09 Methods and apparatus for controlling access to information

Applications Claiming Priority (12)

Application Number Priority Date Filing Date Title
US4026297P 1997-03-10 1997-03-10
US3954297P 1997-03-10 1997-03-10
US60/040,262 1997-03-10
US60/039,542 1997-03-10
US3450398A 1998-03-04 1998-03-04
US09/034,507 US6408336B1 (en) 1997-03-10 1998-03-04 Distributed administration of access to information
US09/034,587 US6105027A (en) 1997-03-10 1998-03-04 Techniques for eliminating redundant access checking by access filters
US09/034,503 1998-03-04
US09/034,576 US6178505B1 (en) 1997-03-10 1998-03-04 Secure delivery of information in a network
US09/034,507 1998-03-04
US09/034,587 1998-03-04
US09/034,576 1998-03-04

Publications (2)

Publication Number Publication Date
WO1998040992A2 WO1998040992A2 (en) 1998-09-17
WO1998040992A3 true WO1998040992A3 (en) 1999-04-15

Family

ID=27556273

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1998/004522 WO1998040992A2 (en) 1997-03-10 1998-03-09 Methods and apparatus for controlling access to information

Country Status (3)

Country Link
EP (1) EP0966822A2 (en)
AU (1) AU733109B2 (en)
WO (1) WO1998040992A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8843617B2 (en) 2000-03-01 2014-09-23 Printeron Inc. Multi-stage polling mechanism and system for the transmission and processing control of network resource data
US8970873B2 (en) 2010-09-17 2015-03-03 Printeron Inc. System and method for managing printer resources on an internal network
US9356882B2 (en) 2014-02-04 2016-05-31 Printeron Inc. Streamlined system for the transmission of network resource data

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
JP2002523973A (en) * 1998-08-21 2002-07-30 ヴィスト・コーポレーション System and method for enabling secure access to services in a computer network
GB2385969B (en) * 1998-10-28 2004-01-14 Crosslogix Inc Providing access to securable components
US6158010A (en) 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6804778B1 (en) 1999-04-15 2004-10-12 Gilian Technologies, Ltd. Data quality assurance
WO2001013289A2 (en) * 1999-08-16 2001-02-22 Trivnet Ltd. A retail method over a wide area network
GB0004178D0 (en) 2000-02-22 2000-04-12 Nokia Networks Oy Integrity check in a communication system
CA2299824C (en) 2000-03-01 2012-02-21 Spicer Corporation Network resource control system
CA2301996A1 (en) 2000-03-13 2001-09-13 Spicer Corporation Wireless attachment enabling
WO2001082092A1 (en) * 2000-04-20 2001-11-01 Securenet Limited Secure system access
US6772157B2 (en) * 2000-10-19 2004-08-03 General Electric Company Delegated administration of information in a database directory
FI20010267A0 (en) 2001-02-13 2001-02-13 Stonesoft Oy Synchronization of security gateway status information
EP1296252B1 (en) * 2001-09-21 2007-08-01 Koninklijke KPN N.V. Computer system, data communication network, computer program and data carrier, all for filtering a received message comprising mark-up language content
US7024693B2 (en) * 2001-11-13 2006-04-04 Sun Microsystems, Inc. Filter-based attribute value access control
GB2383438B (en) * 2001-12-20 2005-07-20 Inventec Corp Authorization method and system for storing and retrieving data
US7302488B2 (en) 2002-06-28 2007-11-27 Microsoft Corporation Parental controls customization and notification
EP1551145A1 (en) * 2003-12-29 2005-07-06 Alcatel Canada Inc. Embedded filtering policy manager using system-on-chip
JP4296111B2 (en) * 2004-03-23 2009-07-15 株式会社エヌ・ティ・ティ・ドコモ Access control system and access control method
RU2471304C2 (en) * 2006-06-22 2012-12-27 Конинклейке Филипс Электроникс, Н.В. Improved control of access for medical special networks of physiological sensors
NO327332B1 (en) * 2007-12-14 2009-06-08 Fast Search & Transfer Asa Procedures for improving security when distributing electronic documents
US8886672B2 (en) * 2009-03-12 2014-11-11 International Business Machines Corporation Providing access in a distributed filesystem
US8570566B2 (en) 2010-09-17 2013-10-29 Printeron Inc. System and method that provides user interface on mobile network terminal for releasing print jobs based on location information
EP2646899B1 (en) 2010-11-30 2020-02-26 Hewlett-Packard Development Company, L.P. System for internet enabled printing
JP6724951B2 (en) * 2018-07-24 2020-07-15 横河電機株式会社 Device, method, program and recording medium
US11507695B2 (en) 2020-05-27 2022-11-22 At&T Intellectual Property I, L.P. Trusted system for sharing user data with internet content providers
US11483397B2 (en) 2021-03-19 2022-10-25 At&T Intellectual Property I, L.P. Trusted system for providing customized content to internet service provider subscribers
US11611623B2 (en) 2021-03-19 2023-03-21 At&T Intellectual Property I, L.P. Trusted system for providing customized content to internet service provider subscribers

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996005549A1 (en) * 1994-08-09 1996-02-22 Shiva Corporation Apparatus and method for restricting access to a local computer network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6178505B1 (en) * 1997-03-10 2001-01-23 Internet Dynamics, Inc. Secure delivery of information in a network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996005549A1 (en) * 1994-08-09 1996-02-22 Shiva Corporation Apparatus and method for restricting access to a local computer network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHE-FN YU: "ACCESS CONTROL AND AUTHORIZATION PLAN FOR CUSTOMER CONTROL OF NETWORK SERVICES", COMMUNICATIONS TECHNOLOGY FOR THE 1990'S AND BEYOND, DALLAS, NOV. 27 - 30, 1989, vol. 2, 27 November 1989 (1989-11-27), INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 862 - 869, XP000144900 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8843617B2 (en) 2000-03-01 2014-09-23 Printeron Inc. Multi-stage polling mechanism and system for the transmission and processing control of network resource data
US8970873B2 (en) 2010-09-17 2015-03-03 Printeron Inc. System and method for managing printer resources on an internal network
US9356882B2 (en) 2014-02-04 2016-05-31 Printeron Inc. Streamlined system for the transmission of network resource data

Also Published As

Publication number Publication date
EP0966822A2 (en) 1999-12-29
WO1998040992A2 (en) 1998-09-17
AU733109B2 (en) 2001-05-10
AU6452798A (en) 1998-09-29

Similar Documents

Publication Publication Date Title
WO1998040992A3 (en) Methods and apparatus for controlling access to information
Sampemane et al. Access control for active spaces
US6449721B1 (en) Method of encrypting information for remote access while maintaining access control
EP1662696B1 (en) Method and system for delegating authority with restricted access right in an online collaborative environment
US20020169986A1 (en) Resource authorization
US20020138632A1 (en) System and method for providing positional authentication for client-server systems
JP2723365B2 (en) Protected distribution protocol for keying and certified materials
CA2771485C (en) Authorized data access based on the rights of a user and a location
CN102571873B (en) Bidirectional security audit method and device in distributed system
WO2000000879A3 (en) Generalized policy server
WO2022148182A1 (en) Key management method and related device
MXPA04007410A (en) Moving principals across security boundaries without service interruption.
Stell et al. Comparison of advanced authorisation infrastructures for grid computing
Yamai et al. NFS‐based secure file sharing over multiple administrative domains with minimal administration
Reiher et al. Truffles—a secure service for widespread file sharing
Holmström User-centered design of secure software
Chadwick et al. Using SAML to link the GLOBUS toolkit to the PERMIS authorisation infrastructure
WO2007090866A1 (en) Collaborative access control in a computer network
Kahan A capability-based authorization model for the world-wide web
Bertino et al. Protecting information on the Web
JP2008287359A (en) Authentication apparatus and program
Abendroth et al. Partial outsourcing: a new paradigm for access control
Varadharajan et al. Security model for distributed object framework and its applicability to CORBA
Louwrens et al. Selection of secure single sign-on solutions for heterogeneous computing environments
Reiher et al. Truffles—secure file sharing with minimal system administrator intervention

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1998910236

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 64527/98

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 1998910236

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1998539649

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

WWG Wipo information: grant in national office

Ref document number: 64527/98

Country of ref document: AU

WWW Wipo information: withdrawn in national office

Ref document number: 1998910236

Country of ref document: EP