×

Method and apparatus for selectively enforcing network security policies using group identifiers

  • US 7,249,374 B1
  • Filed: 01/22/2001
  • Issued: 07/24/2007
  • Est. Priority Date: 01/22/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of selectively enforcing a security policy in a network, the method comprising the computer-implemented steps of:

  • receiving information defining one or more group lists, resource definitions, and definitions of users as members of one or more groups in the group lists, wherein the definitions include network addresses for the users, wherein the network addresses have been assigned by an address server;

    creating and storing one or more access controls in a policy enforcement point device that controls access of clients to the network, wherein each of the access controls specifies that a named abstract group is allowed access to a particular resource;

    receiving, from an external binding process separate from the address server, a binding of a network address to an authenticated user of one of the clients for which the policy enforcement point controls access to the network;

    updating the named group to include the bound network address of the authenticated user at the policy enforcement point; and

    permitting a packet flow originating from the network address to pass from the policy enforcement point into the network only if the network address is in the named group identified in one of the access controls that specifies that the named group is allowed access to the network.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×