WO2001099371A3 - Credential/condition assertion verification optimization - Google Patents

Credential/condition assertion verification optimization Download PDF

Info

Publication number
WO2001099371A3
WO2001099371A3 PCT/US2001/019331 US0119331W WO0199371A3 WO 2001099371 A3 WO2001099371 A3 WO 2001099371A3 US 0119331 W US0119331 W US 0119331W WO 0199371 A3 WO0199371 A3 WO 0199371A3
Authority
WO
WIPO (PCT)
Prior art keywords
credential
condition
assertion verification
verification optimization
condition assertion
Prior art date
Application number
PCT/US2001/019331
Other languages
French (fr)
Other versions
WO2001099371A2 (en
Inventor
Geoffrey Cooper
Kieran Gerard Sherlock
Robert Shaw
Luis Filipe Pereira Valente
Original Assignee
Securify Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/826,602 external-priority patent/US20020093527A1/en
Priority claimed from US09/882,570 external-priority patent/US6871284B2/en
Application filed by Securify Inc filed Critical Securify Inc
Priority to AU2001268491A priority Critical patent/AU2001268491A1/en
Publication of WO2001099371A2 publication Critical patent/WO2001099371A2/en
Publication of WO2001099371A3 publication Critical patent/WO2001099371A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5061Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

A method and apparatus ascertain which credential and which condition both from a network security policy best describe, respectively, information about initiator and target principals involved in an interaction, and tests performed on a state of an associated protocol event.
PCT/US2001/019331 2000-06-16 2001-06-15 Credential/condition assertion verification optimization WO2001099371A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001268491A AU2001268491A1 (en) 2000-06-16 2001-06-15 Credential/condition assertion verification optimization

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US21212600P 2000-06-16 2000-06-16
US60/212,126 2000-06-16
US09/826,602 US20020093527A1 (en) 2000-06-16 2001-04-05 User interface for a security policy system and method
US09/826,602 2001-04-05
US09/882,570 2001-06-14
US09/882,570 US6871284B2 (en) 2000-01-07 2001-06-14 Credential/condition assertion verification optimization

Publications (2)

Publication Number Publication Date
WO2001099371A2 WO2001099371A2 (en) 2001-12-27
WO2001099371A3 true WO2001099371A3 (en) 2002-05-16

Family

ID=27395695

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/019331 WO2001099371A2 (en) 2000-06-16 2001-06-15 Credential/condition assertion verification optimization

Country Status (2)

Country Link
AU (1) AU2001268491A1 (en)
WO (1) WO2001099371A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849993B2 (en) 2000-06-16 2014-09-30 Intel Corporation Method and apparatus for rate limiting

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035583A2 (en) * 1997-12-22 1999-07-15 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US5991877A (en) * 1997-04-03 1999-11-23 Lockheed Martin Corporation Object-oriented trusted application framework
EP1006701A2 (en) * 1998-12-03 2000-06-07 Lucent Technologies Inc. Adaptive re-ordering of data packet filter rules

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5991877A (en) * 1997-04-03 1999-11-23 Lockheed Martin Corporation Object-oriented trusted application framework
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
WO1999035583A2 (en) * 1997-12-22 1999-07-15 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
EP1006701A2 (en) * 1998-12-03 2000-06-07 Lucent Technologies Inc. Adaptive re-ordering of data packet filter rules

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8849993B2 (en) 2000-06-16 2014-09-30 Intel Corporation Method and apparatus for rate limiting

Also Published As

Publication number Publication date
AU2001268491A1 (en) 2002-01-02
WO2001099371A2 (en) 2001-12-27

Similar Documents

Publication Publication Date Title
WO2004008683A3 (en) Automated network security system and method
WO2002014984A3 (en) Tokenless biometric authorization of electronic communications
WO2004102338A3 (en) Method and apparatus for authentication of users and web sites
EP1500206A4 (en) System and method for managing wireless devices in an enterprise
AU2002348547A1 (en) Method and system for getting on-line status, authentication, verification, authorization, communication and transaction services for web-enabled hardware and software, based on uniform telephone address related applications
WO2006063002A3 (en) Performing security functions on a message payload in a network element
WO2002057935A8 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
WO2005084149A3 (en) Method and system for detailed accounting of packet data
ATE454000T1 (en) AUTHENTICATION PROCEDURE
EP1244266A3 (en) Method and apparatus to facilitate secure network communications with a voice responsive network interface device
WO2002079949A3 (en) Internet security system
WO2007111721A3 (en) Network client validation of network management frames
WO2006093561A3 (en) Secure software communication method and system
WO2004049144A3 (en) Generic security infrastructure for com based systems
WO2006074294A3 (en) Methods and apparatus providing security to computer systems and networks
AU2003296236A1 (en) A system and method of network authentication, authorization and accounting
WO2004034213A3 (en) Localized network authentication and security using tamper-resistant keys
WO2004034720A3 (en) Method and system for establishing a connection via an access network
WO2001031886A3 (en) Systems and methods for redirecting users attempting to access a network site
CA2436096A1 (en) Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures
WO1999060750A3 (en) Preventing unauthorized use of service
CA2384772A1 (en) An access control method
AU2003253824A1 (en) System and method for add-on services, secondary authentication, authorization and/or secure communication for dialog based protocols and systems
WO2002067090A3 (en) System and method for selectively enabling and disabling access to software applications over a network
WO2005091890A3 (en) Method and apparatus for security in a wireless network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP