Global Patent Index - EP 1105809 A4

EP 1105809 A4 20051005 - GENERALIZED POLICY SERVER

Title (en)

GENERALIZED POLICY SERVER

Title (de)

GENERALISIERTER VERFAHRENS-SERVER

Title (fr)

SERVEUR DE PROCEDURE GENERALISEE

Publication

EP 1105809 A4 20051005 (EN)

Application

EP 99931983 A 19990628

Priority

  • US 9914585 W 19990628
  • US 9113098 P 19980629

Abstract (en)

[origin: TW448387B] A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check. A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities for which policies can be made. Policies may now further have specifications for time intervals during which the policies are in force and the entities may be associated with attributes that specify how the entity is to be used when the policy applies.

IPC 1-7

G06F 15/00; H04L 29/06; G06F 1/00

IPC 8 full level

H04L 29/06 (2006.01)

CPC (source: EP)

G06F 21/6236 (2013.01)

Citation (search report)

  • [X] GB 2317539 A 19980325 - SECURE COMPUTING CORP [US]
  • [X] WO 9700471 A2 19970103 - CHECK POINT SOFTWARE TECH LTD [IL], et al
  • [A] EP 0736827 A2 19961009 - HEWLETT PACKARD CO [US]
  • [X] MARRIOTT D ET AL: "Management policy service for distributed systems", SERVICES IN DISTRIBUTED AND NETWORKED ENVIRONMENTS, 1996., PROCEEDINGS OF THIRD INTERNATIONAL WORKSHOP ON MACAU 3-4 JUNE 1996, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 3 June 1996 (1996-06-03), pages 2 - 9, XP010165520, ISBN: 0-8186-7499-7
  • [X] SHAI HERZOG USC/ISI: "Local Policy Modules (LPM): Policy Enforcement for Resource Reservation Protocols", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, vol. rsvp, 12 June 1996 (1996-06-12), XP015026988, ISSN: 0000-0004
  • [A] SANDHU R S ET AL: "ACCESS CONTROL: PRINCIPLES AND PRACTICE", IEEE COMMUNICATIONS MAGAZINE, IEEE SERVICE CENTER. PISCATAWAY, N.J, US, vol. 32, no. 9, 1 September 1994 (1994-09-01), pages 40 - 48, XP000476554, ISSN: 0163-6804
  • [A] FORD W R: "Administration in a multiple policy/domain environment: the administration and melding of disparate policies", NEW SECURITY PARADIGMS WORKSHOP, 1995. PROCEEDINGS LA JOLLA, CA, USA 22-25 AUG. 1995, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 22 August 1995 (1995-08-22), pages 42 - 52, XP010158975, ISBN: 0-8186-7318-4
  • See references of WO 0000879A2

Designated contracting state (EPC)

DE FR GB

DOCDB simple family (publication)

AU 4838699 A 20000117; AU 762061 B2 20030619; EP 1105809 A2 20010613; EP 1105809 A4 20051005; TW 448387 B 20010801

DOCDB simple family (application)

AU 4838699 A 19990628; EP 99931983 A 19990628; TW 88110985 A 19990906