会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 9. 发明申请
    • Generalized policy server
    • 广义策略服务器
    • US20080028436A1
    • 2008-01-31
    • US11897626
    • 2007-08-31
    • Clifford HannelLaurence LipstoneDavid Schneider
    • Clifford HannelLaurence LipstoneDavid Schneider
    • G06F17/00
    • H04L63/0218H04L63/0227H04L63/0263H04L63/0272H04L63/04H04L63/101H04L63/102H04L63/20
    • A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control database to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check. A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities for which policies can be made. Policies may now further have specifications for time intervals during which the policies are in force and the entities may be associated with attributes that specify how the entity is to be used when the policy applies.
    • 可扩展访问过滤器,与虚拟专用网络中的其他人一起使用,以控制网络中客户端的用户对网络中的服务器提供的信息资源的访问。 每个访问过滤器使用访问控制数据库的本地副本来确定用户是否进行访问请求。 本地副本中的管理员进行的更改将传播到所有其他本地副本。 每个用户属于一个或多个用户组,每个信息资源属于一个或多个信息集。 根据用户组和信息集定义访问的访问策略允许或拒绝访问。 管理员的权利也由管理政策确定。 仅当用户的识别模式和进行访问的网络中的路径的信任级别足以满足信息资源的敏感度级别时,才允许访问。 如有必要,访问过滤器将以信任级别足够的加密方式自动加密请求。 路径中的第一个访问过滤器执行访问检查并加密和验证请求; 路径中的其他访问过滤器不重复访问检查。 访问过滤器的策略服务器组件已经与访问过滤器分离,并且策略已被推广,以允许策略服务器的管理员定义新类型的操作和可以为其制定策略的新类型的实体。 政策现在可以进一步规定策略生效的时间间隔,并且实体可以与指定在策略适用时如何使用实体的属性相关联。