Communication security system
First Claim
1. A method for enforcing a security policy at computers comprising:
- accepting credentials from a first user at a first computer;
receiving data characterizing a policy for use of the first computer by the first user; and
mediating access between applications executed on the first computer and computing resources according to the received policy.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for secure application-to-application communication over the Internet uses a combination of application message interception, centralized policy management, and generic secure data connectivity layer for applications. Intercepting messages at an application layer enables use of application-specific security policies prior to the messages for different applications merging at lower levels of a communication protocol stack, and enables securing of the application messages as early as possible in the path to a peer application. The centralized policy management enables enforcement of security policies on multiple computers, both within and outside and enterprise network and protects against circumvention of security features specified by the policies. Data is transported between applications executing on different computers using a generic connectivity layer, which enables communication through firewalls that limit to particular ports and protocols, for example, allowing only HTTP-based communication on standard IP ports. Optionally, the approach complements VPN solutions by passing application-specific control information to VPN endpoints to enable those endpoints to perform application-specific processing while maintaining confidentiality of the application messages themselves.
-
Citations
34 Claims
-
1. A method for enforcing a security policy at computers comprising:
-
accepting credentials from a first user at a first computer;
receiving data characterizing a policy for use of the first computer by the first user; and
mediating access between applications executed on the first computer and computing resources according to the received policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. Software stored on a computer-readable medium comprising instructions for causing a computer system to perform functions comprising:
-
accepting credentials from a first user at a first computer;
receiving data characterizing a policy for use of the first computer by the first user; and
mediating access between applications executed on the first computer and computing resources according to the received policy.
-
-
34. A system for enforcing a security policy at computers comprising:
-
means for accepting credentials from a first user at a first computer;
means for receiving data characterizing a policy for use of the first computer by the first user; and
means for mediating access between applications executed on the first computer and computing resources according to the received policy.
-
Specification