Method and system to control access to a secure asset via an electronic communications network

US 20080072280A1
Filed: 07/16/2007
Published: 03/20/2008
Est. Priority Date: 08/30/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing security to an asset of an information technology network, the method comprising:

a. assigning the asset as a member of a first user group, wherein each member of the first user group interact with the information technology network in accordance with a first user group policy set;

b. merging the first user group policy set with an alternate set of policies of an alternate user group to form a derivative user group policy set; and

d. enabling each member of the alternate user group to interact with the information technology network in accordance with the derivative user group policy set.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for enabling a secure electronic network communications asset is provided. A computational engine networked with an electronic communications is configured to comprise a network endpoint. One, two or a group of particular applications or network services enabled by that endpoint are identified as an addressable secure asset. Policies are established and implemented to limit interactivity between the secure asset and any communications interface to which the asset is connected. The endpoint is configured to be accessible by one or more specific user groups under possibly unique sets policies assigned to each user group. Any network endpoint must be a member of one at least user group in order to access the secure asset and must abide by the policies imposed by the secure asset onto the including user group.

46 Citations

View as Search Results

21 Claims

1. A method for providing security to an asset of an information technology network, the method comprising:
- a. assigning the asset as a member of a first user group, wherein each member of the first user group interact with the information technology network in accordance with a first user group policy set;
  
  b. merging the first user group policy set with an alternate set of policies of an alternate user group to form a derivative user group policy set; and
  
  d. enabling each member of the alternate user group to interact with the information technology network in accordance with the derivative user group policy set.

2. A method for controlling access to a secure asset of an information technology network, the method comprising:
- a. assigning at least one user as a member of a first user group, wherein each member of the first user group is enabled to interact with the information technology network according to a first user group policy set;
  
  b. assigning the secure asset to a second user group, wherein each member of the second user group is enabled to interact with the information technology network according to a second user group policy set;
  
  c. forming a derivative user group, the derivative user group including all members of the second user group, wherein each member of the derivative user group may interact with the information technology network to access the secure asset in accordance with the first user group policy set and the second user group policy set.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 3. The method of claim 2, wherein the first user group policy set includes rules controlling communication of information from members of the first user group to the asset.
  - 4. The method of claim 2, wherein the first user group policy set includes rules controlling communication of information from the asset to members of the first user group.
  - 5. The method of claim 2, wherein the second user group policy set includes rules controlling communication of information from known members of the first user group to the asset.
  - 6. The method of claim 2, wherein the second user group policy set includes rules controlling communication of information from the asset to known members of the first user group.
  - 7. The method of claim 2, wherein the derivative user group policy set includes rules controlling communication of information from members of the first user group to the asset.
  - 8. The method of claim 2, wherein the derivative user group policy set includes rules controlling communication of information from the asset to members of the first user group.
  - 9. The method of claim 2, wherein at least one policy of the first user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 10. The method of claim 2, wherein at least one policy of the second user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 11. The method of claim 2, wherein at least one policy of the derivative user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 12. The method of claim 2, further comprising:
    - a. assigning at least one user as a member of a third user group, wherein each member of the third user group is enabled to interact with the information technology network according to a third user group policy set;
      
      b. forming a second derivative user group, the second derivative user group including all members of the third user group, wherein each member of the derivative user group may interact with the asset in accordance with the first user group policy set and the third user group policy set.
  - 13. The method of claim 12, wherein the second derivative user group policy set includes rules controlling communication of information from members of the third user group to the asset.
  - 14. The method of claim 12, wherein the second derivative user group policy set includes rules controlling communication of information from the asset to members of the third user group.
  - 15. The method of claim 12, wherein at least one policy of the third user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 16. The method of claim 12, wherein at least one policy of the second derivative user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.

17. A computational system, the system communicatively coupled with an asset of an information technology network, the system comprising:
- a. means to assign at least one user as a member of a first user group, wherein each member of the first user group is enabled to interact with the information technology network according to a first user group policy set;
  
  b. means to assign the secure asset to a second user group, wherein each member of the second user group is enabled to interact with the information technology network according to a second user group policy set, c. means to form a derivative user group, the derivative user group including all members of the second user group, wherein each member of the derivative user group may interact with the information technology network to access the secure asset in accordance with the first user group policy set and the second user group policy set.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein at least one policy of the first user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 19. The method of claim 17, wherein at least one policy of the second user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.
  - 20. The method of claim 17, wherein at least one policy of the derivative user group is selected from the group consisting of an access control policy, a virtual private network policy, an encryption policy, a communications policy, and a bandwidth control policy.

21. A method for managing the security provided to a secure asset by permitting a query of the access allowed by any individual user based on membership in a user group policy set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nevis Networks, Inc. (Qualys Incorporated)
Original Assignee
Nevis Networks, Inc. (Qualys Incorporated)
Inventors
Mahajani, Amol, Wilde, Dominic, Simonsen, Michael, Dalal, Sanjeev, Tardo, Joseph

Application Number

US11/879,224
Publication Number

US 20080072280A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/164   at the network layer

Method and system to control access to a secure asset via an electronic communications network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system to control access to a secure asset via an electronic communications network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links