System and method for improved network security
First Claim
Patent Images
1. A system of establishing a secure link among multiple users on a single machine with a remote machine, comprising:
- a subsystem to filter traffic so that traffic from each user is separate, the subsystem comprising an Internet Key Exchange (IKE) module and a policy module, the IKE module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one fitter corresponding to the user and the traffic and employs the SA to establish the secure link.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).
119 Citations
31 Claims
-
1. A system of establishing a secure link among multiple users on a single machine with a remote machine, comprising:
-
a subsystem to filter traffic so that traffic from each user is separate, the subsystem comprising an Internet Key Exchange (IKE) module and a policy module, the IKE module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one fitter corresponding to the user and the traffic and employs the SA to establish the secure link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system of establishing a secure link between a first machine and multiple services on a second machine, comprising:
-
a subsystem to filter traffic so that traffic from each service is separate, the subsystem comprising a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the service and employs the SA to establish the secure link. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A method of establishing a secure link among multiple users on a single machine with a remote machine, comprising the steps of:
-
filtering traffic so that traffic from each user is separate;
utilizing an Internet Key Exchange (IKE) module and a policy module, the IKE module providing User Mode negotiations to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the user and the traffic; and
employing the SA to establish the secure link.
-
-
24. A method of establishing a secure link between a first machine and multiple services on a second machine, comprising the steps of:
-
filtering traffic so that traffic from each service is separate;
employing a policy module and an Internet Key Exchange (IKE) module to provide User Mode negotiations to establish a source link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the services and the traffic; and
employing the SA to establish the secure link.
-
-
25. A system for establishing a secure link among multiple users on a single machine with a remote machine, comprising:
-
means for filtering traffic so that traffic from each user is separate;
means for utilizing a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in establishing a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
means for negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the user and the traffic; and
means for employing the SA to establish the secure link.
-
-
26. A system of establishing a secure link between a first machine and multiple services on a second machine, comprising:
-
means for filtering traffic so that traffic from each service is separate;
means for employing a policy module and an Internet Key Exchange (IKE) module to provide User Mode negotiations to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users;
means for negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the services and the traffic and means for employing the SA to establish the secure link.
-
-
27. A computer readable medium having stored thereon computer executable components, comprising:
-
a component to filter traffic between a first machine, having multiple users, and a second machine so that traffic for the first machine is separated in accordance with the respective users; and
a component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the user end the respective traffic, and employs the SA to establish a secure link between the first and second machines, the component employing a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users.
-
-
28. A data packet adapted to be transmitted between at least two processes, comprising:
-
a first component to filter traffic between a first process, associated with multiple users, and a second process so that traffic for the first process is separated in accordance with the respective users; and
a second component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the users and the respective traffic, and employs the SA to establish a secure link between the first and second processes, the second component utilizing a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users.
-
-
29. A computer readable medium having stored thereon computer executable components, comprising:
-
a component to fiber traffic between a first machine, having multiple services, and a second machine so that traffic for the first machine is separated in accordance with the respective services; and
a component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the services and the respective traffic, and employs the SA to establish a secure link between the first and second machines, the component further comprising a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users.
-
-
30. A data packet adapted to be transmitted between at least two processes, comprising:
-
a first component to filter traffic between a first process, associated with multiple services, and a second process so that traffic for the first process is separated in accordance with the respective services; and
a second component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the services and the respective traffic, and employs the SA to establish a secure link between the first and second processes, the second component including a policy module and an Internet Key Exchange (IKE) adapted to provide User Mode negotiations in order to establish a secure link among users wherein the User Mode negotiations utilize keying material derived from Main Mode negotiations in order to provide the secure link among users. - View Dependent Claims (31)
-
Specification