GENERALIZED POLICY SERVER
First Claim
1. A method for controlling access to network information, the method comprising:
- storing a local copy of one or more policies in memory, the one or more policies limiting access to the network information;
receiving a request from a user concerning access to information in a network;
executing instructions stored in memory, wherein execution of the instructions by a processor;
determines that the user is authorized to access the requested network information based on at least the local copy of the one or more policies,identifies a path through a plurality of devices in the network, the plurality of devices including a server hosting the requested network information, a plurality of access filters, and a user device associated with the user, andencrypts a message containing the requested network information for transmission between the server and a first access filter from the plurality of access filters, wherein a plurality of transmissions of the message between device pairs in the path is encrypted separately.
24 Assignments
0 Petitions
Accused Products
Abstract
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control database to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets.
-
Citations
15 Claims
-
1. A method for controlling access to network information, the method comprising:
-
storing a local copy of one or more policies in memory, the one or more policies limiting access to the network information; receiving a request from a user concerning access to information in a network; executing instructions stored in memory, wherein execution of the instructions by a processor; determines that the user is authorized to access the requested network information based on at least the local copy of the one or more policies, identifies a path through a plurality of devices in the network, the plurality of devices including a server hosting the requested network information, a plurality of access filters, and a user device associated with the user, and encrypts a message containing the requested network information for transmission between the server and a first access filter from the plurality of access filters, wherein a plurality of transmissions of the message between device pairs in the path is encrypted separately. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for controlling access to network information, the apparatus comprising:
-
memory for storing a local copy of one or more policies, the one or more policies limiting access to the network information; a network interface for receiving a request from a user concerning access to information in a network; a processor for executing instructions stored in memory, wherein execution of the instructions by the processor; determines that the user is authorized to access the requested network information based on at least the local copy of the one or more policies, identifies a path through a plurality of devices in the network, the plurality of devices including a server hosting the requested network information, a plurality of access filters, and a user device associated with the user, and encrypts a message containing the requested network information for transmission between the server and a first access filter from the plurality of access filters, wherein a plurality of transmissions of the message between device pairs in the path is encrypted separately. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium, having embodied thereon a program executable by a processor to perform a method for controlling access to network information, the method comprising:
-
storing a local copy of one or more policies, the one or more policies limiting access to the network information; receiving a request from a user concerning access to information in a network; determining that the user is authorized to access the information based on at least the local copy of the one or more policies; identifying a path through a plurality of devices in the network, the plurality of devices including a server, a plurality of access filters, and a user device associated with the user; and encrypting a message containing the requested information for transmission between the server and a first access filter from the plurality of access filters, wherein each transmission between device pairs in the path is encrypted separately.
-
Specification