Secure delivery of information in a network
DC CAFCFirst Claim
1. Apparatus that provides an information resource in response to a request from a user, the request including an identification of the user according to a mode of identification and the apparatus comprising:
- access control information including a sensitivity level associated with the resource and a trust level associated with the mode of identification; and
an access checker which permits the apparatus to provide the resource only if the trust level for the mode of identification is sufficient for the sensitivity level of the resource.
15 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.
-
Citations
26 Claims
-
1. Apparatus that provides an information resource in response to a request from a user, the request including an identification of the user according to a mode of identification and the apparatus comprising:
-
access control information including a sensitivity level associated with the resource and a trust level associated with the mode of identification; and
an access checker which permits the apparatus to provide the resource only if the trust level for the mode of identification is sufficient for the sensitivity level of the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
a plurality of the modes of identification are associated with the user, the plurality including at least authentication by means of a certificate for the user.
-
-
3. The apparatus set forth in claim 2 wherein:
the plurality of modes of identification further include at least authentication by token, authentication by IP address and/or domain name, and authentication by an operating system-provided ID.
-
4. The apparatus set forth in claim 1 wherein:
-
a plurality of modes of identification are associated with the user;
the identification of the user identifies the user according to one or more of the modes of identification; and
if the trust level associated with none of the identification'"'"'s modes of identification presently known to the apparatus is sufficient for the sensitivity level, the apparatus requests further identification from the user.
-
-
5. The apparatus set forth in any one of claims 1 through 4 wherein:
-
the request is transferred via a path in a network;
the access control information further includes a path trust level associated with the path, the access checker further determining whether to permit the apparatus to provide the resource on the basis of the path trust level.
-
-
6. The apparatus set forth in any one of claims 1 through 4 wherein:
-
the access control information further includes an encryption trust level associated with an encryption method, the access checker further determining whether to permit the apparatus to provide the resource on the basis of the encryption trust level of the encryption method used to encrypt the access request.
-
-
7. The apparatus set forth in claim 6 wherein:
the access checker permits the apparatus to provide the resource only if the access request has been encrypted with an encryption method whose encryption trust level is sufficient for the sensitivity level.
-
8. The apparatus set forth in any one of claims 1 through 4 wherein:
-
the access request is transferred via a path in a network; and
the access control information further includes a path trust level associated with the path and an encryption trust level associated with an encryption method, the access checker further permitting the apparatus to provide the resource only if either the path trust level is sufficient for the sensitivity level or the access request has been encrypted with an encryption method whose encryption trust level is sufficient for the sensitivity level.
-
-
9. The apparatus set forth in claim 8 wherein:
-
the path is made up of one or more links;
the access control information further includes a link trust level associated with each link; and
the path trust level is the link trust level of the link with the least sufficient trust level.
-
-
10. The apparatus set forth in claim 8 wherein:
-
a request made via the path is encrypted according to an encryption method; and
the path trust level is the encryption trust level of the encryption method.
-
-
11. The apparatus set forth in claim 1 wherein:
the resource is a World Wide Web page.
-
12. A data storage device for use in a system including a processor, the data storage device being characterized in that:
the data storage device contains code which, when executed in the processor, implements the apparatus set forth in claim 1.
-
13. The apparatus set forth in claim 1 wherein:
the apparatus is implemented at least in part as an application program executing under an operating system.
-
14. The apparatus set forth in claim 1 wherein:
the apparatus is implemented at least in part as a component of an operating system.
-
15. The apparatus set forth in claim 1 wherein:
the apparatus is implemented at least in part as a component of a router in a network.
-
16. Apparatus that provides an information resource via a path through a network to a user in response to a request from the user, the apparatus comprising:
-
access control information including a sensitivity level associated with the resource, a path trust level associated with the path, and an encryption trust level associated with an encryption method; and
an access checker which permits the apparatus to provide the resource only if either the path trust level is sufficient for the sensitivity level or the encryption trust level is sufficient for the sensitivity level and the request is encrypted with the encryption method. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
the path is made up of one or more links;
the access control information further includes a link trust level associated with each link; and
the path trust level is the link trust level of the link with the least sufficient link trust level.
-
-
18. The apparatus set forth in claim 16 wherein:
-
a request made via the path is encrypted according to an encryption method; and
the path trust level is the encryption trust level of the encryption method.
-
-
19. The apparatus set forth in claim 16 wherein:
-
the apparatus is located in the path between the user and the information resource; and
when the portion of the path that is located between the apparatus and the resource has a path trust level that is not sufficient, the apparatus encrypts the request using an encryption method whose encryption trust level is sufficient for the sensitivity level.
-
-
20. The apparatus set forth in claim 19 wherein:
when a portion of the path with a path trust level that is not sufficient is located between the apparatus and the user, the access checker permits the access only if the user has encrypted the request using an encryption method whose encryption trust level is sufficient for the sensitivity level.
-
21. The apparatus set forth in claim 16 wherein:
-
the apparatus is located in the path between the user and the information resource; and
when a portion of the path with a path trust level that is not sufficient is located between the one apparatus and the user, the access checker permits the access only if the user has encrypted the request using an encryption method whose encryption trust level is sufficient for the sensitivity level.
-
-
22. The apparatus set forth in any one of claims 16 through 21 wherein:
-
the path trust level is subject to change; and
the access checker checks the path trust level for every request.
-
-
23. A data storage device for use in a system including a processor, the data storage device being characterized in that:
the data storage device contains code which, when executed in the processor, implements the apparatus set forth in claim 16.
-
24. The apparatus set forth in claim 16 wherein:
the apparatus is implemented at least in part as an application program executing under an operating system.
-
25. The apparatus set forth in claim 16 wherein:
the apparatus is implemented at least in part as a component of an operating system.
-
26. The apparatus set forth in claim 16 wherein:
the apparatus is implemented at least in part as a component of a router in the network.
Specification