Patent
Method and apparatus for passing security configuration information between a client and a security policy server
Geoffrey Huang,Jan Vilhuber +1 more
TLDR
In this article, the authors describe a technique for passing security configuration information between a security policy server and a client, which allows client configuration extensions to be added by modifying the policy server or security client without modifying the gateway.Abstract:
Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.read more
Citations
More filters
Patent
System and method for secure cloud service delivery with prioritized services in a network environment
TL;DR: In this paper, the authors propose a method to offload a virtual private network (VPN) tunnel between a subscriber and a cloud using the Internet Security Association and Key Management Protocol (ISAKMP) packet.
Patent
Distributed service processing of network gateways using virtual machines
TL;DR: In this paper, a load balancing module is configured to determine a set of a plurality of processes corresponding to a connections session associated with the packet based on a policy, and the packet is then transmitted to the egress interface of the gateway device to be forwarded to a destination.
Patent
Target-based access check independent of access request
TL;DR: In this paper, a context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource, and an authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource.
Patent
Methods and systems for improving analytics in distributed networks
TL;DR: In this paper, the authors describe a distributed system consisting of at least one processor, an analytics module, and a security policy module, where the security policy is executed by the processor on a network packet and the processor collects network information from the network packet.
Patent
Industrial network security
TL;DR: A private overlay network is introduced into an existing core network infrastructure to control information flow between private secure environments, and can be used to connect a factory automation network linking operations devices to a corporate network linking various business units, with enhanced network security.
References
More filters
Security Architecture for the Internet Protocol
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
The Internet Key Exchange (IKE)
D. Harkins,D. Carrel +1 more
TL;DR: ISAKMP ([MSST98]) provides a framework for authentication and key exchange but does not define them.
Internet Security Association and Key Management Protocol (ISAKMP)
TL;DR: A Security Association protocol that negotiates, establishes, modifies and deletes Security Associations and their attributes is required for an evolving Internet, where there will be numerous security mechanisms and several options for each security mechanism.
Patent
System and method for managing security objects
TL;DR: In this article, a data model for abstracting customer-defined VPN security policy information is proposed, where a VPN node can gather policy configuration information for itself through a GUY, or some distributed policy source, store this information in a system-defined database, and use this information to dynamically negotiate, create, delete, and maintain secure connections at the IP level with other VPN nodes.
Patent
Method and system for common control of virtual private network devices
TL;DR: In this paper, the authors propose a method and system for common control of virtual private network devices by configuring one or more VNOs, connected to both an open network and private local area networks, to authenticate clients through a centralized database or directory.