Access control management system utilizing network and application layer access control lists
First Claim
Patent Images
1. A method comprising:
- determining a private network address for a user in connection with the user accessing a network resource on a network;
determining an application layer access control list entry for the user based on an access control policy;
generating a network layer access control list entry for the user based on the determined private network address;
sending the determined application layer access control list entry to nodes on the network that do not support network layer packet filtering;
sending the generated network layer access control list entry to nodes on the network that support network layer packet filtering;
translating a public network address to the private network address for the user accessing the network resource; and
allowing or blocking the user access to the network resource based on at least one of the application layer access control list entry and the network layer access control list entry.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of access control management includes determining a private network address for a user in connection with the user accessing a network resource, determining an access control list entry for the user based on an access control policy, translating a public network address to the private network address for the user accessing the network resource, and allowing or blocking the user access based on the access control list entry, wherein determining the access control list entry is performed before translating the public network address to the private network address.
150 Citations
18 Claims
-
1. A method comprising:
-
determining a private network address for a user in connection with the user accessing a network resource on a network; determining an application layer access control list entry for the user based on an access control policy; generating a network layer access control list entry for the user based on the determined private network address; sending the determined application layer access control list entry to nodes on the network that do not support network layer packet filtering; sending the generated network layer access control list entry to nodes on the network that support network layer packet filtering; translating a public network address to the private network address for the user accessing the network resource; and allowing or blocking the user access to the network resource based on at least one of the application layer access control list entry and the network layer access control list entry. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article comprising a machine-readable medium that stores machine-executable instructions, the instructions causing a machine to:
-
determine a private network address for a user in connection with the user accessing a network resource on a network; determine an application layer access control list entry for the user based on an access control policy; generate a network layer access control list entry for the user based on the determined private network address; send the determined application layer access control list entry to nodes on the network that do not support network layer packet filtering; send the generated network layer access control list entry to nodes on the network that support network layer packet filtering; translate a public network address to the private network address for the user accessing the network resource; and allow or block the user access to the network resource based on at least one of the application layer access control list entry and the network control access list entry. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a first memory that stores executable instructions; a first processor that executes the instructions from the first memory to; determine a private network address for a user in connection with the user accessing a network resource on a network; determine an application layer access control list entry for the user based on an access control policy; generate a network layer access control list entry for the user based on the determine private network address; send the determined application layer access control list entry to nodes on the network that do not support network layer packet filtering; send the generated network layer access control list entry to nodes on the network that support network layer packet filtering; translate a public network address to the private network address for the user accessing the network resource; and allow or block the user access to the network resource based on at least one of the application layer access control list entry and the network layer access control list entry. - View Dependent Claims (16, 17, 18)
-
Specification