CA2532189A1 - Method and apparatus for providing network security using role-based access control - Google Patents
Method and apparatus for providing network security using role-based access control Download PDFInfo
- Publication number
- CA2532189A1 CA2532189A1 CA002532189A CA2532189A CA2532189A1 CA 2532189 A1 CA2532189 A1 CA 2532189A1 CA 002532189 A CA002532189 A CA 002532189A CA 2532189 A CA2532189 A CA 2532189A CA 2532189 A1 CA2532189 A1 CA 2532189A1
- Authority
- CA
- Canada
- Prior art keywords
- user group
- destination
- source
- packet
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/04—Interdomain routing, e.g. hierarchical routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4645—Details on frame tagging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4675—Dynamic sharing of VLAN information amongst network nodes
Abstract
A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list (700). Such an access control list includes an access control list entry (710), which, in turn, includes one or more user group fields (730 and 740). Alternatively, a network device implementing such a method can include, for example, a forwarding table (300) that includes a plurality of forwarding table entries (310). In such a case, at least one of the forwarding table entries includes a user group field (350).
Claims (88)
1. ~A network device comprising:
an access control list, wherein said access control list comprises an access control list entry, and~
said access control list entry comprises a user group field.
an access control list, wherein said access control list comprises an access control list entry, and~
said access control list entry comprises a user group field.
2. ~The network device of claim 1, wherein said access control list comprises a plurality of access control list entries, and said access control list entries comprise said access control list entry.
3. ~The network device of claim 2, wherein said access control list entry further comprises:
a flow label field, wherein said flow label field allows said access control list entry to be identified as a role-based access control list (RBACL) entry.
a flow label field, wherein said flow label field allows said access control list entry to be identified as a role-based access control list (RBACL) entry.
4. ~The network device of claim 2, wherein said access control list entry further comprises:
a plurality of user group fields, wherein said user group fields comprise said user group field.
a plurality of user group fields, wherein said user group fields comprise said user group field.
5. ~The network device of claim 4, wherein said user group fields further comprise:
a source user group field; and a destination user group field.
a source user group field; and a destination user group field.
6. ~The network device of claim 5, wherein said source user group field stores a source user group identifier, and said source user group identifier identifies a user group of a source of a packet processed using said access control list.
7. ~The network device of claim 5, wherein said destination user group field stores a destination user group identifier, and said destination user group identifier identifies a user group of a destination of a packet processed using said access control list.
8. ~A network device comprising:
a forwarding table, wherein said forwarding table comprises a plurality of forwarding table entries, and at least one forwarding table entry of said forwarding table entries comprises a user group field.
a forwarding table, wherein said forwarding table comprises a plurality of forwarding table entries, and at least one forwarding table entry of said forwarding table entries comprises a user group field.
9. ~The network device of claim 8, wherein said at least one forwarding table entry further comprises:
a port identifier field, wherein a port identifier stored in said port identifier field identifies a port.
a port identifier field, wherein a port identifier stored in said port identifier field identifies a port.
10. ~The network device of claim 9, wherein a user group, identified by a user group identifier stored in said user group field, is associated with said port.
11. ~The network device of claim 10, wherein said at least one forwarding table entry further comprises:
a media access control (MAC) address field configured to store a MAC address;
and a virtual local area network (ULAN) identifier field, wherein a VLAN identifier stored in said VLAN identifier field identifies a ULAN, and a combination of said MAC address and said ULAN identifier identify said port and a user group identified by a user group identifier stored in said user group field.
a media access control (MAC) address field configured to store a MAC address;
and a virtual local area network (ULAN) identifier field, wherein a VLAN identifier stored in said VLAN identifier field identifies a ULAN, and a combination of said MAC address and said ULAN identifier identify said port and a user group identified by a user group identifier stored in said user group field.
12. ~The network device of claim 10, wherein said at least one forwarding table entry further comprises:
a media access control (MAC) address field configured to store a MAC address, wherein said MAC address is associated with a user group identified by a user group identifier stored in said user group field.
a media access control (MAC) address field configured to store a MAC address, wherein said MAC address is associated with a user group identified by a user group identifier stored in said user group field.
13. ~The network device of claim 8, wherein said at least one forwarding table entry further comprises:
a virtual local area network (VLAN) identifier field, wherein a VLAN identifier stored in said VLAN identifier field identifies a VLAN, and said ULAN is associated with a user group identified by a user group identifier stored in said user group field.
a virtual local area network (VLAN) identifier field, wherein a VLAN identifier stored in said VLAN identifier field identifies a VLAN, and said ULAN is associated with a user group identified by a user group identifier stored in said user group field.
14. ~A method comprising:~
comparing a user group of a packet with a user group of a destination of said packet.
comparing a user group of a packet with a user group of a destination of said packet.
15. The method of claim 14, wherein said user group of said destination of said packet is identified by a user group identifier, and said user group identifier is stored in a role-based access control list entry of an access control list.
16. The method of claim 14, wherein said user group of said packet is a source user group, and said user group of said destination of said packet is a destination user group.
17. The method of claim 16, wherein said source user group is assigned to a source of said packet based on a role of said source, and said destination user group is assigned to said destination based on a role of said destination.
18. The method of claim 16, further comprising:
retrieving said destination user group from a forwarding information base.
retrieving said destination user group from a forwarding information base.
19. The method of claim 18, further comprising:
storing said destination user group in an access control list.
storing said destination user group in an access control list.
20. The method of claim 16, wherein said source user group is indicated by a source user group identifier stored in said packet, and said destination user group is indicated by a destination user group stored in a network device receiving said packet.
21. The method of claim 16, further comprising:
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list.
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list.
22. The method of claim 21, wherein said destination user group is identified by a destination user group identifier, and said destination user group identifier is stored in a role-based access control list entry of said access control list.
23. The method of claim 21, wherein said access control list is a role-based access control list.
24. The method of claim 21, wherein said determining said source user group comprises:
extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
25. The method of claim 24, further comprising:
populating said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
populating said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
26. The method of claim 25, wherein said destination user group is assigned to said destination based on a role of said destination.
27. The method of claim 25, wherein said comparing and said populating are performed by a network device, and said populating comprises sending a request to another network device, and receiving a response from said another network device, wherein said response includes a destination user group identifier, and said destination user group identifier identifies said destination user group.
28. The method of claim 14, further comprising:
populating a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
populating a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
29. The method of claim 28, wherein said source user group is assigned to said source based on a role of said source.
30. The method of claim 28, wherein said user group is a source user group, and said user group identifier is a source user group identifier.
31. The method of claim 30, wherein said comparing and said populating are performed by a network device, and said populating comprises determining said source user group.
32. The method of claim 31, wherein said populating further comprises:
receiving an authentication message from another network device, wherein said response includes said source user group identifier.
receiving an authentication message from another network device, wherein said response includes said source user group identifier.
33. A computer program product comprising:
a first set of instructions, executable on a computer system, configured to compare a user group of a packet with a user group of a destination of said packet; and computer readable media, wherein said computer program product is encoded in said computer readable media.
a first set of instructions, executable on a computer system, configured to compare a user group of a packet with a user group of a destination of said packet; and computer readable media, wherein said computer program product is encoded in said computer readable media.
34. The computer program product of claim 33, wherein said user group of said packet is a source user group, and said user group of said destination of said packet is a destination user group.
35. The computer program product of claim 34, further comprising:
a second set of instructions, executable on said computer system, configured to retrieve said destination user group from a forwarding information base.
a second set of instructions, executable on said computer system, configured to retrieve said destination user group from a forwarding information base.
36. The computer program product of claim 35, further comprising:
a third set of instructions, executable on said computer system, configured to storing said destination user group in an access control list.
a third set of instructions, executable on said computer system, configured to storing said destination user group in an access control list.
37. The computer program product of claim 33, wherein said source user group is indicated by a source user group identifier stored in said packet, and said destination user group is indicated by a destination user group stored in a network device receiving said packet.
38. The computer program product of claim 34, further comprising:
a second set of instructions, executable on said computer system, configured to determine said source user group; and a third set of instructions, executable on said computer system, configured to determine said destination user group by looking up said destination user group in an access control list.
a second set of instructions, executable on said computer system, configured to determine said source user group; and a third set of instructions, executable on said computer system, configured to determine said destination user group by looking up said destination user group in an access control list.
39. The computer program product of claim 38, wherein said second set of instructions comprises:
a first subset of instructions, executable on said computer system, configured to extract a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
a first subset of instructions, executable on said computer system, configured to extract a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
40. The computer program product of claim 39, further comprising:
a fourth set of instructions, executable on said computer system, configured to populate said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
a fourth set of instructions, executable on said computer system, configured to populate said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
41. The computer program product of claim 33, further comprising:
a second set of instructions, executable on said computer system, configured to populate a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
a second set of instructions, executable on said computer system, configured to populate a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
42. The computer program product of claim 41, wherein said second set of instructions comprises:
a first subset of instructions, executable on said computer system, configured to determine said source user group.
a first subset of instructions, executable on said computer system, configured to determine said source user group.
43. The computer program product of claim 42, wherein said second set of instructions comprises:
a second subset of instructions, executable on said computer system, configured to receive an authentication message from another network device, wherein said response includes said source user group identifier.
a second subset of instructions, executable on said computer system, configured to receive an authentication message from another network device, wherein said response includes said source user group identifier.
44. An apparatus comprising:
means for comparing a user group of a packet with a user group of a destination of said packet.
means for comparing a user group of a packet with a user group of a destination of said packet.
45. The apparatus of claim 44, wherein said user group of said packet is a source user group, and said user group of said destination of said packet is a destination user group.
46. The apparatus of claim 45, further comprising:
means for retrieving said destination user group from a forwarding information base.
means for retrieving said destination user group from a forwarding information base.
47. The apparatus of claim 46, further comprising:
means for storing said destination user group in an access control list.
means for storing said destination user group in an access control list.
48. The apparatus of claim 45, wherein said source user group is indicated by a source user group identifier stored in said packet, and said destination user group is indicated by a destination user group stored in a network device receiving said packet.
49. The apparatus of claim 45, further comprising:
means for determining said source user group; and means for determining said destination user group by looking up said destination user group in an access control list.
means for determining said source user group; and means for determining said destination user group by looking up said destination user group in an access control list.
50. The apparatus of claim 49, wherein said means for determining said source user group comprises:
means for extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
means for extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
51. The apparatus of claim 50, further comprising:
means for populating said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
means for populating said access control list with a destination user group identifier, wherein said destination user group identifier identifies said destination user group.
52. The apparatus of claim 44, further comprising:
means for populating a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
means for populating a forwarding table with a user group identifier, wherein said user group identifier identifies said user group of said packet, and said user group of said packet indicates a user group of a source of said packet.
53. The apparatus of claim 52, wherein said means for comparing and said means for populating are included in a network device, and said means for populating comprises determining said source user group.
54. The apparatus of claim 53, wherein said means for populating further comprises:
means for receiving an authentication message from another network device, wherein said response includes said source user group identifier.
means for receiving an authentication message from another network device, wherein said response includes said source user group identifier.
55. A method comprising:
populating an access control list with a destination user group identifier, wherein said destination user group identifier identifies a destination user group of a destination.
populating an access control list with a destination user group identifier, wherein said destination user group identifier identifies a destination user group of a destination.
56. The method of claim 55, wherein said destination user group is assigned to said destination based on a role of said destination.
57. The method of claim 55, wherein said populating is performed by a network device and comprises sending a request to another network device, and receiving a response from said another network device, wherein said response includes said destination user group identifier, and said destination user group identifier identifies said destination user group.
58. The method of claim 55, further comprising:
comparing a user group of a packet with said destination user group.
comparing a user group of a packet with said destination user group.
59. The method of claim 58, wherein said user group of said packet is a source user group, said destination user group is a user group of a destination of said packet, and said destination is said destination of said packet.
60. The method of claim 59, wherein said source user group is assigned to a source of said packet based on a role of said source, and said destination user group is assigned to said destination based on a role of said destination.
61. The method of claim 59, wherein said source user group is indicated by a source user group identifier stored in said packet, and said destination user group is indicated by a destination user group stored in a network device receiving said packet.
62. The method of claim 59, further comprising:
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list.
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list.
63. The method of claim 62, wherein said access control list is a role-based access control list.
64. The method of claim 62, wherein said determining said source user group comprises:
extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
extracting a source user group identifier from said packet, wherein said source user group identifier identifies said source user group.
65. A method comprising:
populating a forwarding table with a user group identifier.
populating a forwarding table with a user group identifier.
66. The method of claim 65, wherein said user group identifier is a source user group identifier, and so identifies a source user group.
67. The method of claim 66, wherein a source of a packet is in said source user group.
68. The method of claim 67, wherein said source user group is assigned to said source based on a role of said source.
69. The method of claim 67, wherein said populating comprises determining said source user group.
70. The method of claim 69, wherein said populating is performed by a network device and further comprises:
receiving an authentication message from another network device, wherein said response includes said source user group identifier.
receiving an authentication message from another network device, wherein said response includes said source user group identifier.
71. The method of claim 67, wherein a destination of said packet is in a destination user group.
72. The method of claim 71, wherein said destination user group is assigned to said destination based on a role of said destination.
73. The method of claim 71, further comprising:
comparing a source user group of said packet with said destination user group.
comparing a source user group of said packet with said destination user group.
74. The method of claim 73, wherein said source user group of said packet is indicated by a source user group identifier stored in said packet, and said destination user group is indicated by a destination user group stored in a network device performing said comparison.
75. The method of claim 71, further comprising:
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list stored at said network device performing said comparison.
determining said source user group; and determining said destination user group by looking up said destination user group in an access control list stored at said network device performing said comparison.
76. The method of claim 75, wherein said determining said source user group comprises:
extracting said source user group identifier stored in said packet from said packet, wherein said source user group identifier stored in said packet identifies said source user group of said source of said packet.
extracting said source user group identifier stored in said packet from said packet, wherein said source user group identifier stored in said packet identifies said source user group of said source of said packet.
77. A method comprising:
indexing a row of a permissions matrix with a first user group; and indexing a column of said permissions matrix with a second user group.
indexing a row of a permissions matrix with a first user group; and indexing a column of said permissions matrix with a second user group.
78. The method of claim 77, wherein said first user group is a source user group, and said second user group is a destination user group.
79. The method of claim 78, wherein said permissions matrix comprises:
a plurality of permissions matrix entries.
a plurality of permissions matrix entries.
80. The method of claim 79, wherein each of said permissions matrix entries is a pointer to a data structure.
81. The method of claim 80, wherein said data structure is a permission list.
82. The method of claim 80, wherein said data structure is a permission list entry.
83. The method of claim 80, wherein said data structure is a pointer to a permission list.
84. The method of claim 83, wherein said data structure further comprises:
another pointer to another permission list.
another pointer to another permission list.
85. The method of claim 80, further comprising:
employing permission list chaining in said data structure.
employing permission list chaining in said data structure.
86. The method of claim 80, further comprising:
selecting a selected permissions matrix entry of said permissions matrix entries, wherein said selecting comprises identifying a row of said permissions matrix using a source user group identifier, identifying a column of said permissions matrix using a destination user group identifier, and identifying a permissions matrix entry of said permissions matrix entries in said row and said column as said selected permissions matrix entry.
selecting a selected permissions matrix entry of said permissions matrix entries, wherein said selecting comprises identifying a row of said permissions matrix using a source user group identifier, identifying a column of said permissions matrix using a destination user group identifier, and identifying a permissions matrix entry of said permissions matrix entries in said row and said column as said selected permissions matrix entry.
87. The method of claim 86, further comprising:
selecting a permission list from a plurality of permission lists using said selected permissions matrix entry.
selecting a permission list from a plurality of permission lists using said selected permissions matrix entry.
88. The method of claim 86, further comprising:
selecting a permission list entry from a permission list using said selected permissions matrix entry.
selecting a permission list entry from a permission list using said selected permissions matrix entry.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/659,614 | 2003-09-10 | ||
US10/659,614 US7530112B2 (en) | 2003-09-10 | 2003-09-10 | Method and apparatus for providing network security using role-based access control |
PCT/US2004/028359 WO2005027464A1 (en) | 2003-09-10 | 2004-08-31 | Method and apparatus for providing network security using role-based access control |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2532189A1 true CA2532189A1 (en) | 2005-03-24 |
CA2532189C CA2532189C (en) | 2012-12-18 |
Family
ID=34226987
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2532189A Active CA2532189C (en) | 2003-09-10 | 2004-08-31 | Method and apparatus for providing network security using role-based access control |
Country Status (6)
Country | Link |
---|---|
US (5) | US7530112B2 (en) |
EP (1) | EP1678912B1 (en) |
CN (1) | CN1823514B (en) |
CA (1) | CA2532189C (en) |
ES (1) | ES2574003T3 (en) |
WO (1) | WO2005027464A1 (en) |
Families Citing this family (101)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7530112B2 (en) | 2003-09-10 | 2009-05-05 | Cisco Technology, Inc. | Method and apparatus for providing network security using role-based access control |
US7523484B2 (en) | 2003-09-24 | 2009-04-21 | Infoexpress, Inc. | Systems and methods of controlling network access |
US7299493B1 (en) | 2003-09-30 | 2007-11-20 | Novell, Inc. | Techniques for dynamically establishing and managing authentication and trust relationships |
US7836490B2 (en) | 2003-10-29 | 2010-11-16 | Cisco Technology, Inc. | Method and apparatus for providing network security using security labeling |
US7971244B1 (en) * | 2003-11-19 | 2011-06-28 | Cisco Technology, Inc. | Method of determining network penetration |
JP4676782B2 (en) * | 2004-04-28 | 2011-04-27 | 株式会社リコー | Information processing apparatus, operation permission data generation method, operation permission data generation permission determination method, operation permission data generation program, operation permission data generation permission determination program, and recording medium |
US8990254B2 (en) | 2004-07-02 | 2015-03-24 | Ellie Mae, Inc. | Loan origination software system for processing mortgage loans over a distributed network |
DE602004002950T2 (en) * | 2004-08-05 | 2007-07-05 | Alcatel Lucent | Method and device for access control |
JP2006072486A (en) * | 2004-08-31 | 2006-03-16 | Konica Minolta Business Technologies Inc | Data management device, data management system and data management method |
US7669244B2 (en) | 2004-10-21 | 2010-02-23 | Cisco Technology, Inc. | Method and system for generating user group permission lists |
KR100677145B1 (en) * | 2004-10-28 | 2007-02-02 | 삼성전자주식회사 | Method and apparatus for auto-configuring network address |
US7877796B2 (en) | 2004-11-16 | 2011-01-25 | Cisco Technology, Inc. | Method and apparatus for best effort propagation of security group information |
US7886145B2 (en) * | 2004-11-23 | 2011-02-08 | Cisco Technology, Inc. | Method and system for including security information with a packet |
US7721323B2 (en) | 2004-11-23 | 2010-05-18 | Cisco Technology, Inc. | Method and system for including network security information in a frame |
US7827402B2 (en) | 2004-12-01 | 2010-11-02 | Cisco Technology, Inc. | Method and apparatus for ingress filtering using security group information |
US8245280B2 (en) * | 2005-02-11 | 2012-08-14 | Samsung Electronics Co., Ltd. | System and method for user access control to content in a network |
US20060218394A1 (en) * | 2005-03-28 | 2006-09-28 | Yang Dung C | Organizational role-based controlled access management system |
US20060225128A1 (en) * | 2005-04-04 | 2006-10-05 | Nokia Corporation | Measures for enhancing security in communication systems |
US7774827B2 (en) * | 2005-06-06 | 2010-08-10 | Novell, Inc. | Techniques for providing role-based security with instance-level granularity |
US9191396B2 (en) | 2005-09-08 | 2015-11-17 | International Business Machines Corporation | Identifying source of malicious network messages |
CN101263504B (en) | 2005-09-16 | 2010-06-16 | 皇家飞利浦电子股份有限公司 | Cryptographic role-based access control |
US8059647B2 (en) * | 2005-10-05 | 2011-11-15 | Nortel Networks Limited | Multicast implementation in a link state protocol controlled ethernet network |
JP4778062B2 (en) | 2005-10-05 | 2011-09-21 | ノーテル・ネットワークス・リミテッド | Provider link state bridging |
US20070100830A1 (en) * | 2005-10-20 | 2007-05-03 | Ganesha Beedubail | Method and apparatus for access control list (ACL) binding in a data processing system |
US20070214497A1 (en) * | 2006-03-10 | 2007-09-13 | Axalto Inc. | System and method for providing a hierarchical role-based access control |
US7814311B2 (en) * | 2006-03-10 | 2010-10-12 | Cisco Technology, Inc. | Role aware network security enforcement |
US7953089B1 (en) * | 2006-05-16 | 2011-05-31 | Cisco Technology, Inc. | Systems and methods for multicast switching in a private VLAN |
US9455990B2 (en) | 2006-07-21 | 2016-09-27 | International Business Machines Corporation | System and method for role based access control in a content management system |
US20080028445A1 (en) * | 2006-07-31 | 2008-01-31 | Fortinet, Inc. | Use of authentication information to make routing decisions |
CN100456747C (en) * | 2006-08-02 | 2009-01-28 | 华为技术有限公司 | Method and network equipment for implementing inspection of reversal path of unicast |
JP4923869B2 (en) * | 2006-08-30 | 2012-04-25 | 富士通株式会社 | Control program and control method |
US8607058B2 (en) * | 2006-09-29 | 2013-12-10 | Intel Corporation | Port access control in a shared link environment |
US8528102B2 (en) * | 2006-10-06 | 2013-09-03 | Broadcom Corporation | Method and system for protection of customer secrets in a secure reprogrammable system |
US9231911B2 (en) * | 2006-10-16 | 2016-01-05 | Aruba Networks, Inc. | Per-user firewall |
US20080148382A1 (en) * | 2006-12-15 | 2008-06-19 | International Business Machines Corporation | System, method and program for managing firewalls |
US7840708B2 (en) * | 2007-08-13 | 2010-11-23 | Cisco Technology, Inc. | Method and system for the assignment of security group information using a proxy |
US20090077656A1 (en) * | 2007-09-14 | 2009-03-19 | Kabushiki Kaisha Toshiba | Image forming apparatus, image forming system, and control method of image forming apparatus |
US20090328188A1 (en) * | 2008-05-01 | 2009-12-31 | Motorola, Inc. | Context-based semantic firewall for the protection of information |
KR101398631B1 (en) * | 2008-05-30 | 2014-05-22 | 삼성전자주식회사 | Method and Apparatus of Anti-Replay Attack over Wireless Network Environment |
US8201228B2 (en) * | 2008-09-23 | 2012-06-12 | Fujitsu Limited | System and method for securing a network |
US8826455B2 (en) * | 2009-02-17 | 2014-09-02 | International Business Machines Corporation | Method and apparatus for automated assignment of access permissions to users |
US7924717B2 (en) * | 2009-02-27 | 2011-04-12 | Hewlett-Packard Development Company, L.P. | Systems and methods of handling access control violations |
US8255419B2 (en) | 2009-06-17 | 2012-08-28 | Microsoft Corporation | Exclusive scope model for role-based access control administration |
US8560855B2 (en) * | 2009-08-27 | 2013-10-15 | Cleversafe, Inc. | Verification of dispersed storage network access control information |
US20120174194A1 (en) * | 2009-09-10 | 2012-07-05 | Nec Corporation | Role setting apparatus, and role setting method |
US20110202384A1 (en) * | 2010-02-17 | 2011-08-18 | Rabstejnek Wayne S | Enterprise Rendering Platform |
CN102263774B (en) | 2010-05-24 | 2014-04-16 | 杭州华三通信技术有限公司 | Method and device for processing source role information |
JP5581141B2 (en) * | 2010-07-29 | 2014-08-27 | 株式会社Pfu | Management server, communication cutoff device, information processing system, method, and program |
US8750144B1 (en) * | 2010-10-20 | 2014-06-10 | Google Inc. | System and method for reducing required memory updates |
US9178910B2 (en) * | 2010-12-24 | 2015-11-03 | Nec Corporation | Communication system, control apparatus, policy management apparatus, communication method, and program |
US9767268B2 (en) | 2011-04-20 | 2017-09-19 | International Business Machines Corporation | Optimizing a compiled access control table in a content management system |
CN102316002B (en) * | 2011-10-31 | 2014-04-30 | 华为技术有限公司 | Method and apparatus for configuration of virtual local area network |
CN102495985B (en) * | 2011-12-13 | 2014-06-25 | 桂林电子科技大学 | Role access control method based on dynamic description logic |
US20130326580A1 (en) * | 2012-05-09 | 2013-12-05 | Computer Security Products, Inc. | Methods and apparatus for creating and implementing security policies for resources on a network |
TWI476627B (en) * | 2012-05-11 | 2015-03-11 | Chunghwa Telecom Co Ltd | The management system and method of network service level and function of cloud virtual desktop application |
KR101401794B1 (en) * | 2012-06-29 | 2014-06-27 | 인텔렉추얼디스커버리 주식회사 | Method and apparatus for providing data sharing |
CN102833227A (en) * | 2012-07-11 | 2012-12-19 | 武汉虹信通信技术有限责任公司 | Method and system for realizing access control list in wireless access controller |
US9197498B2 (en) | 2012-08-31 | 2015-11-24 | Cisco Technology, Inc. | Method for automatically applying access control policies based on device types of networked computing devices |
US9258208B2 (en) | 2012-10-30 | 2016-02-09 | Cisco Technology, Inc. | Multiple path availability between walkable clusters |
US9043874B2 (en) * | 2012-11-28 | 2015-05-26 | Wal-Mart Stores, Inc. | System and method for protecting data in an enterprise environment |
CN103051609B (en) * | 2012-12-07 | 2015-11-18 | 东软集团股份有限公司 | The virtual interactive interface method of gateway device and the NS software by its execution |
US9019837B2 (en) | 2013-02-19 | 2015-04-28 | Cisco Technology, Inc. | Packet modification to facilitate use of network tags |
CN103220287B (en) * | 2013-04-11 | 2016-12-28 | 汉柏科技有限公司 | Utilize the method that ACL carries out business coupling to message |
US9191404B2 (en) * | 2013-06-05 | 2015-11-17 | Cisco Technology, Inc. | Probabilistic flow management |
CN103581018B (en) * | 2013-07-26 | 2017-08-11 | 北京华为数字技术有限公司 | File transmitting method, router and operation exchange device |
CN104580116B (en) * | 2013-10-25 | 2018-09-14 | 新华三技术有限公司 | A kind of management method and equipment of security strategy |
US20150124824A1 (en) * | 2013-11-05 | 2015-05-07 | Cisco Technology, Inc. | Incast drop cause telemetry |
CN103595711A (en) * | 2013-11-06 | 2014-02-19 | 神州数码网络(北京)有限公司 | Adjusting safety access method and exchanger |
CN103605916A (en) * | 2013-12-06 | 2014-02-26 | 山东高速信息工程有限公司 | RBAC (Role-Based policies Access Control) accessing control model based on organization |
US9973904B2 (en) * | 2014-09-15 | 2018-05-15 | Bank Of America Corporation | Matrix access review |
US9917839B2 (en) * | 2014-10-17 | 2018-03-13 | Aruba Networks, Inc. | Communication model based on user role |
US9992202B2 (en) * | 2015-02-28 | 2018-06-05 | Aruba Networks, Inc | Access control through dynamic grouping |
US9755939B2 (en) * | 2015-06-26 | 2017-09-05 | Cisco Technology, Inc. | Network wide source group tag binding propagation |
CN106549793B (en) * | 2015-09-23 | 2020-08-07 | 华为技术有限公司 | Flow control method and device |
US20170187700A1 (en) * | 2015-12-28 | 2017-06-29 | Paypal, Inc. | Pregenerated two-factor authentication tokens |
US11611564B2 (en) * | 2016-02-15 | 2023-03-21 | Luigius Caramico | Methods and systems of dual-layer computer-system security |
CN106506468A (en) * | 2016-10-31 | 2017-03-15 | 盛科网络(苏州)有限公司 | A kind of method that minimizing ACE entries are consumed |
CN106533693B (en) * | 2016-11-03 | 2021-01-19 | 中车青岛四方机车车辆股份有限公司 | Access method and device of railway vehicle monitoring and overhauling system |
TWI585600B (en) * | 2016-12-02 | 2017-06-01 | 亞洲大學 | CBR-based Negotiation RBAC Method for Enhancing Ubiquitous Resources Management |
CN108347376B (en) * | 2017-01-24 | 2020-01-31 | 华为技术有限公司 | method, device and system for adjusting forwarding path |
CN108418776B (en) * | 2017-02-09 | 2021-08-20 | 上海诺基亚贝尔股份有限公司 | Method and apparatus for providing secure services |
US10673863B2 (en) | 2017-02-24 | 2020-06-02 | International Business Machines Corporation | Managing inter-object operations in a domain role-based access control (RBAC) system |
US10397116B1 (en) * | 2017-05-05 | 2019-08-27 | Amazon Technologies, Inc. | Access control based on range-matching |
US10958622B2 (en) | 2018-01-10 | 2021-03-23 | Cisco Technology, Inc. | Hierarchical security group identifiers |
CN108549797A (en) * | 2018-03-26 | 2018-09-18 | 安徽笛申科技有限公司 | A kind of user and user group and the System right management method of role |
EP3550791B1 (en) | 2018-04-03 | 2023-12-06 | Palantir Technologies Inc. | Controlling access to computer resources |
US11212257B2 (en) | 2018-06-22 | 2021-12-28 | Aeronix, Inc. | Multi-level secure ethernet switch |
US11483313B2 (en) * | 2018-06-28 | 2022-10-25 | Intel Corporation | Technologies for updating an access control list table without causing disruption |
US11070458B2 (en) * | 2018-07-17 | 2021-07-20 | Cisco Technology, Inc. | Encrypted traffic analysis control mechanisms |
US11258794B2 (en) * | 2019-01-09 | 2022-02-22 | Hewlett Packard Enterprise Development Lp | Device category based authentication |
US10764177B2 (en) * | 2019-01-21 | 2020-09-01 | Mellanox Technologies Tlv Ltd. | Efficient implementation of complex network segmentation |
US11704441B2 (en) * | 2019-09-03 | 2023-07-18 | Palantir Technologies Inc. | Charter-based access controls for managing computer resources |
CN113728600B (en) * | 2019-09-11 | 2023-10-24 | Oppo广东移动通信有限公司 | Access control method, equipment and storage medium |
US11336695B2 (en) | 2019-11-15 | 2022-05-17 | Cisco Technology, Inc. | Conversation-based policy distribution |
CN110958334B (en) * | 2019-11-25 | 2022-08-09 | 新华三半导体技术有限公司 | Message processing method and device |
CN111049840B (en) * | 2019-12-17 | 2022-04-26 | 锐捷网络股份有限公司 | Message detection method and device |
CN112632525A (en) * | 2020-12-30 | 2021-04-09 | 南京中孚信息技术有限公司 | Method and device for limiting user to access electronic document |
US20230089819A1 (en) * | 2021-09-22 | 2023-03-23 | Hewlett Packard Enterprise Development Lp | Source port-based identification of client role |
US11936658B2 (en) | 2021-11-15 | 2024-03-19 | Bank Of America Corporation | Intelligent assignment of a network resource |
CN114095231B (en) * | 2021-11-16 | 2023-11-17 | 锐捷网络股份有限公司 | Message filtering method, device, equipment and medium |
US20230179604A1 (en) * | 2021-12-08 | 2023-06-08 | Capital One Services, Llc | Access control systems and methods for automatically assigning roles |
Family Cites Families (95)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4922486A (en) * | 1988-03-31 | 1990-05-01 | American Telephone And Telegraph Company | User to network interface protocol for packet communications networks |
US5017917A (en) * | 1988-12-30 | 1991-05-21 | At&T Bell Laboratories | Restriction of communication service accessibility among subscriber communities |
US5113442A (en) | 1989-03-06 | 1992-05-12 | Lachman Associates, Inc. | Method and apparatus for providing access control in a secure operating system |
US5204961A (en) | 1990-06-25 | 1993-04-20 | Digital Equipment Corporation | Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols |
US5251205A (en) | 1990-09-04 | 1993-10-05 | Digital Equipment Corporation | Multiple protocol routing |
EP0697662B1 (en) | 1994-08-15 | 2001-05-30 | International Business Machines Corporation | Method and system for advanced role-based access control in distributed and centralized computer systems |
US5615264A (en) | 1995-06-08 | 1997-03-25 | Wave Systems Corp. | Encrypted data package record for use in remote transaction metered data system |
US5941947A (en) * | 1995-08-18 | 1999-08-24 | Microsoft Corporation | System and method for controlling access to data entities in a computer network |
JP3688830B2 (en) | 1995-11-30 | 2005-08-31 | 株式会社東芝 | Packet transfer method and packet processing apparatus |
US5787427A (en) * | 1996-01-03 | 1998-07-28 | International Business Machines Corporation | Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies |
US6272538B1 (en) * | 1996-07-30 | 2001-08-07 | Micron Technology, Inc. | Method and system for establishing a security perimeter in computer networks |
US6023765A (en) * | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US5845068A (en) | 1996-12-18 | 1998-12-01 | Sun Microsystems, Inc. | Multilevel security port methods, apparatuses, and computer program products |
US6292900B1 (en) | 1996-12-18 | 2001-09-18 | Sun Microsystems, Inc. | Multilevel security attribute passing methods, apparatuses, and computer program products in a stream |
US6212558B1 (en) | 1997-04-25 | 2001-04-03 | Anand K. Antur | Method and apparatus for configuring and managing firewalls and security devices |
US6088659A (en) | 1997-09-11 | 2000-07-11 | Abb Power T&D Company Inc. | Automated meter reading system |
US5968177A (en) * | 1997-10-14 | 1999-10-19 | Entrust Technologies Limited | Method and apparatus for processing administration of a secured community |
US6014666A (en) * | 1997-10-28 | 2000-01-11 | Microsoft Corporation | Declarative and programmatic access control of component-based server applications using roles |
US6202066B1 (en) * | 1997-11-19 | 2001-03-13 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role/group permission association using object access type |
US6052456A (en) | 1997-12-23 | 2000-04-18 | Alcatel Usa Sourcing, L.P. | Graphical shelf navigator for a telecommunications switch management system |
US6233618B1 (en) * | 1998-03-31 | 2001-05-15 | Content Advisor, Inc. | Access control of networked data |
US6449643B1 (en) * | 1998-05-14 | 2002-09-10 | Nortel Networks Limited | Access control with just-in-time resource discovery |
US6304973B1 (en) * | 1998-08-06 | 2001-10-16 | Cryptek Secure Communications, Llc | Multi-level security network system |
US6292798B1 (en) * | 1998-09-09 | 2001-09-18 | International Business Machines Corporation | Method and system for controlling access to data resources and protecting computing system resources from unauthorized access |
JP2000099738A (en) * | 1998-09-28 | 2000-04-07 | Sony Corp | Information recorder and information recording method, measuring instrument and its method, image processor and image processing method, image processing system, and providing medium |
WO2000019324A1 (en) * | 1998-09-28 | 2000-04-06 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
US6405259B1 (en) * | 1998-12-08 | 2002-06-11 | International Business Machines Corporation | Data processing system and method for transmission of a network packet specifying a group identifier identifying a selected plurality of clients |
US6271946B1 (en) | 1999-01-25 | 2001-08-07 | Telcordia Technologies, Inc. | Optical layer survivability and security system using optical label switching and high-speed optical header generation and detection |
US6973057B1 (en) * | 1999-01-29 | 2005-12-06 | Telefonaktiebolaget L M Ericsson (Publ) | Public mobile data communications network |
US7881477B2 (en) | 1999-02-05 | 2011-02-01 | Avaya Inc. | Method for key distribution in a hierarchical multicast traffic security system for an internetwork |
US6678827B1 (en) | 1999-05-06 | 2004-01-13 | Watchguard Technologies, Inc. | Managing multiple network security devices from a manager device |
US6754214B1 (en) | 1999-07-19 | 2004-06-22 | Dunti, Llc | Communication network having packetized security codes and a system for detecting security breach locations within the network |
US6711172B1 (en) * | 1999-08-02 | 2004-03-23 | Nortel Networks Corp. | Network packet routing |
JP3163496B2 (en) * | 1999-08-20 | 2001-05-08 | 株式会社光栄 | Group character moving method, recording medium, and game device |
US7072343B1 (en) | 1999-09-27 | 2006-07-04 | Cisco Technology, Inc. | Methods and apparatus for controlling a data stream using a host agent acting on behalf of a host computer |
US7023863B1 (en) | 1999-10-29 | 2006-04-04 | 3Com Corporation | Apparatus and method for processing encrypted packets in a computer network device |
US7000120B1 (en) | 1999-12-23 | 2006-02-14 | Nokia Corporation | Scheme for determining transport level information in the presence of IP security encryption |
US6985948B2 (en) | 2000-03-29 | 2006-01-10 | Fujitsu Limited | User's right information and keywords input based search query generating means method and apparatus for searching a file |
US20020026592A1 (en) | 2000-06-16 | 2002-02-28 | Vdg, Inc. | Method for automatic permission management in role-based access control systems |
CN1334519A (en) * | 2000-07-13 | 2002-02-06 | 王信 | Method and system for treating differences between network game roles |
JP4813006B2 (en) | 2000-07-14 | 2011-11-09 | イルデト・アクセス・ベスローテン・フェンノートシャップ | Secure packet-based data broadcasting architecture |
JP2002077213A (en) | 2000-09-05 | 2002-03-15 | Hitachi Kokusai Electric Inc | System for accessing subscriber's radio |
US6823462B1 (en) * | 2000-09-07 | 2004-11-23 | International Business Machines Corporation | Virtual private network with multiple tunnels associated with one group name |
EP1209644A1 (en) | 2000-11-23 | 2002-05-29 | Telefonaktiebolaget L M Ericsson (Publ) | Traffic management system including a layered management structure |
JP4183379B2 (en) | 2000-11-27 | 2008-11-19 | 富士通株式会社 | Network and edge router |
US7032243B2 (en) * | 2000-12-15 | 2006-04-18 | Hewlett-Packard Development Company, L.P. | System and method for a group-based network access control for computer |
US7284271B2 (en) | 2001-03-14 | 2007-10-16 | Microsoft Corporation | Authorizing a requesting entity to operate upon data structures |
US7136374B1 (en) | 2001-03-19 | 2006-11-14 | Juniper Networks, Inc. | Transport networks supporting virtual private networks, and configuring such networks |
US7380271B2 (en) | 2001-07-12 | 2008-05-27 | International Business Machines Corporation | Grouped access control list actions |
US7207062B2 (en) * | 2001-08-16 | 2007-04-17 | Lucent Technologies Inc | Method and apparatus for protecting web sites from distributed denial-of-service attacks |
US7207061B2 (en) | 2001-08-31 | 2007-04-17 | International Business Machines Corporation | State machine for accessing a stealth firewall |
JP2003110609A (en) | 2001-09-28 | 2003-04-11 | Fujitsu Ltd | Communication apparatus |
US8713185B2 (en) | 2001-12-07 | 2014-04-29 | Rockstar Bidco, LP | Methods of establishing virtual circuits and of providing a virtual private network service through a shared network, and provider edge device for such network |
US7591020B2 (en) | 2002-01-18 | 2009-09-15 | Palm, Inc. | Location based security modification system and method |
US7743415B2 (en) | 2002-01-31 | 2010-06-22 | Riverbed Technology, Inc. | Denial of service attacks characterization |
US7574735B2 (en) | 2002-02-13 | 2009-08-11 | Nokia Corporation | Method and network element for providing secure access to a packet data network |
US7305704B2 (en) | 2002-03-16 | 2007-12-04 | Trustedflow Systems, Inc. | Management of trusted flow system |
US7185365B2 (en) | 2002-03-27 | 2007-02-27 | Intel Corporation | Security enabled network access control |
US20030196108A1 (en) | 2002-04-12 | 2003-10-16 | Kung Kenneth C. | System and techniques to bind information objects to security labels |
US8910241B2 (en) | 2002-04-25 | 2014-12-09 | Citrix Systems, Inc. | Computer security system |
US7284269B2 (en) | 2002-05-29 | 2007-10-16 | Alcatel Canada Inc. | High-speed adaptive structure of elementary firewall modules |
US7548541B2 (en) | 2002-06-04 | 2009-06-16 | Alcatel-Lucent Usa Inc. | Managing VLAN traffic in a multiport network node using customer-specific identifiers |
US7415723B2 (en) | 2002-06-11 | 2008-08-19 | Pandya Ashish A | Distributed network security system and a hardware processor therefor |
US7594262B2 (en) | 2002-09-04 | 2009-09-22 | Secure Computing Corporation | System and method for secure group communications |
US7023963B1 (en) * | 2002-09-18 | 2006-04-04 | Adtran, Inc. | DSL line card echo canceler-based mechanism for locating telecommunication line fault |
KR100933167B1 (en) | 2002-10-02 | 2009-12-21 | 삼성전자주식회사 | Transmission Method for Authentication and Privacy Guarantee in Tree-structured Networks |
US7350077B2 (en) | 2002-11-26 | 2008-03-25 | Cisco Technology, Inc. | 802.11 using a compressed reassociation exchange to facilitate fast handoff |
US7417950B2 (en) * | 2003-02-03 | 2008-08-26 | Ciena Corporation | Method and apparatus for performing data flow ingress/egress admission control in a provider network |
US7567510B2 (en) * | 2003-02-13 | 2009-07-28 | Cisco Technology, Inc. | Security groups |
US7434045B1 (en) | 2003-04-21 | 2008-10-07 | Cisco Technology, Inc. | Method and apparatus for indexing an inbound security association database |
US20040223497A1 (en) | 2003-05-08 | 2004-11-11 | Onvoy Inc. | Communications network with converged services |
US20040268123A1 (en) | 2003-06-27 | 2004-12-30 | Nokia Corporation | Security for protocol traversal |
US7397922B2 (en) | 2003-06-27 | 2008-07-08 | Microsoft Corporation | Group security |
US7519989B2 (en) * | 2003-07-17 | 2009-04-14 | Av Thenex Inc. | Token device that generates and displays one-time passwords and that couples to a computer for inputting or receiving data for generating and outputting one-time passwords and other functions |
US7734844B2 (en) * | 2003-08-19 | 2010-06-08 | General Dynamics Advanced Information Systems, Inc. | Trusted interface unit (TIU) and method of making and using the same |
US7530112B2 (en) | 2003-09-10 | 2009-05-05 | Cisco Technology, Inc. | Method and apparatus for providing network security using role-based access control |
US7965653B2 (en) | 2003-09-25 | 2011-06-21 | Cisco Technology, Inc. | System and method for registering and un-registering membership in virtual local area networks |
US7519986B2 (en) | 2003-10-01 | 2009-04-14 | Tara Chand Singhal | Method and apparatus for network security using a router based authentication system |
US7836490B2 (en) * | 2003-10-29 | 2010-11-16 | Cisco Technology, Inc. | Method and apparatus for providing network security using security labeling |
EP1531645A1 (en) | 2003-11-12 | 2005-05-18 | Matsushita Electric Industrial Co., Ltd. | Context transfer in a communication network comprising plural heterogeneous access networks |
US8146148B2 (en) | 2003-11-19 | 2012-03-27 | Cisco Technology, Inc. | Tunneled security groups |
US7568098B2 (en) | 2003-12-02 | 2009-07-28 | Microsoft Corporation | Systems and methods for enhancing security of communication over a public network |
US7624431B2 (en) | 2003-12-04 | 2009-11-24 | Cisco Technology, Inc. | 802.1X authentication technique for shared media |
US20050177717A1 (en) * | 2004-02-11 | 2005-08-11 | Grosse Eric H. | Method and apparatus for defending against denial on service attacks which employ IP source spoofing |
US20050190758A1 (en) * | 2004-03-01 | 2005-09-01 | Cisco Technology, Inc. | Security groups for VLANs |
US7882544B2 (en) * | 2004-07-12 | 2011-02-01 | International Business Machines Corporation | Inherited role-based access control system, method and program product |
US7660259B1 (en) | 2004-10-20 | 2010-02-09 | Extreme Networks, Inc. | Methods and systems for hybrid hardware- and software-base media access control (MAC) address learning |
US7669244B2 (en) | 2004-10-21 | 2010-02-23 | Cisco Technology, Inc. | Method and system for generating user group permission lists |
US7877796B2 (en) | 2004-11-16 | 2011-01-25 | Cisco Technology, Inc. | Method and apparatus for best effort propagation of security group information |
US7886145B2 (en) | 2004-11-23 | 2011-02-08 | Cisco Technology, Inc. | Method and system for including security information with a packet |
US7721323B2 (en) | 2004-11-23 | 2010-05-18 | Cisco Technology, Inc. | Method and system for including network security information in a frame |
US7827402B2 (en) | 2004-12-01 | 2010-11-02 | Cisco Technology, Inc. | Method and apparatus for ingress filtering using security group information |
US7437755B2 (en) | 2005-10-26 | 2008-10-14 | Cisco Technology, Inc. | Unified network and physical premises access control server |
US7506102B2 (en) | 2006-03-28 | 2009-03-17 | Cisco Technology, Inc. | Method and apparatus for local access authorization of cached resources |
US7840708B2 (en) | 2007-08-13 | 2010-11-23 | Cisco Technology, Inc. | Method and system for the assignment of security group information using a proxy |
-
2003
- 2003-09-10 US US10/659,614 patent/US7530112B2/en active Active
-
2004
- 2004-08-31 ES ES04782780.3T patent/ES2574003T3/en active Active
- 2004-08-31 EP EP04782780.3A patent/EP1678912B1/en active Active
- 2004-08-31 CA CA2532189A patent/CA2532189C/en active Active
- 2004-08-31 CN CN2004800205383A patent/CN1823514B/en active Active
- 2004-08-31 WO PCT/US2004/028359 patent/WO2005027464A1/en active Application Filing
-
2009
- 2009-05-05 US US12/435,870 patent/US7954163B2/en not_active Expired - Lifetime
-
2011
- 2011-05-27 US US13/118,042 patent/US8661556B2/en active Active
-
2014
- 2014-02-24 US US14/188,227 patent/US9237158B2/en not_active Expired - Lifetime
-
2015
- 2015-11-30 US US14/954,308 patent/US9860254B2/en not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
EP1678912B1 (en) | 2016-04-27 |
US20160255087A1 (en) | 2016-09-01 |
CA2532189C (en) | 2012-12-18 |
CN1823514B (en) | 2012-01-04 |
US20110231907A1 (en) | 2011-09-22 |
US9237158B2 (en) | 2016-01-12 |
ES2574003T3 (en) | 2016-06-14 |
WO2005027464A1 (en) | 2005-03-24 |
US20140173703A1 (en) | 2014-06-19 |
US9860254B2 (en) | 2018-01-02 |
US8661556B2 (en) | 2014-02-25 |
US20050055573A1 (en) | 2005-03-10 |
US20090217355A1 (en) | 2009-08-27 |
US7530112B2 (en) | 2009-05-05 |
US7954163B2 (en) | 2011-05-31 |
EP1678912A1 (en) | 2006-07-12 |
CN1823514A (en) | 2006-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2532189A1 (en) | Method and apparatus for providing network security using role-based access control | |
US11102120B2 (en) | Storing keys with variable sizes in a multi-bank database | |
CN103581363B (en) | To malice domain name and the control method and device of unauthorized access | |
JP2009532989A (en) | Method for performing a table lookup operation using a table index that exceeds the CAM key size | |
JP5594171B2 (en) | Communication processing apparatus, address learning program, and address learning method | |
US20110188503A1 (en) | Ethernet Forwarding Database Method | |
GB2386291B (en) | Integrated procedure for partitioning network data services among multiple subscribers | |
CN104025544B (en) | Sensitive information leakage prevention system, and sensitive information leakage prevention method | |
EP1026603A3 (en) | Apparatus and method for depersonalizing information | |
CN104053154B (en) | A kind of wireless network access controlling method, device and access point apparatus | |
JP2012164031A (en) | Data processor, data storage device, data processing method, data storage method and program | |
Guo | Fragile watermarking scheme for tamper detection of relational database | |
EP3012747B1 (en) | Tcam-based table query processing method and apparatus | |
RU2005108108A (en) | METHOD AND SYSTEM FOR DISPLAYING AND MANAGING INFORMATION RELATING TO SAFETY | |
CN100362812C (en) | Managing method for user multicast power | |
CN102571355A (en) | Method and device for importing secret key without landing | |
US20120134360A1 (en) | Device and method for processing network packet | |
CN108664808B (en) | A kind of user's sensitivity theme guard method and system towards books search service | |
CN102143151B (en) | Deep packet inspection based protocol packet spanning inspection method and deep packet inspection based protocol packet spanning inspection device | |
EP1357722A1 (en) | Method for controlling network access for fragments | |
CN105978868A (en) | Method and apparatus for searching IP address authority | |
CN106130903A (en) | SDN switch stream table encryption method based on FPGA | |
JP2011150388A (en) | System for converting file storage destination path based on secrecy section information, and method | |
CA2538443A1 (en) | System and method for sending encrypted messages to a distribution list | |
US20220231945A1 (en) | Message matching table lookup method, system, storage medium, and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request |