Adaptive encryption

US 7,912,856 B2
Filed: 10/29/2007
Issued: 03/22/2011
Est. Priority Date: 06/29/1998
Status: Expired due to Fees

First Claim

Patent Images

1. An adaptive encryption apparatus, the apparatus comprising:

memory that stores a sensitivity level in association with a data resource, wherein the sensitivity level is further associated with an encryption technique; and

an access filter executable by a processor to;

determine a trust level of a user based on at least an identification technique used to identify the user and a network path used by the user to request the data resource,authorize the user to access a requested data resource based on at least the determined trust level and the sensitivity level associated with the requested data resource stored in memory, andencrypt a session for providing the requested data resource, the session being encrypted based on an encryption technique associated with the sensitivity level of the requested data resource.

View all claims

28 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scalable access filter is used in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The access filter in the path performs the access check, encrypts and authenticates the request.

128 Citations

View as Search Results

17 Claims

1. An adaptive encryption apparatus, the apparatus comprising:
- memory that stores a sensitivity level in association with a data resource, wherein the sensitivity level is further associated with an encryption technique; and
  
  an access filter executable by a processor to;
  
  determine a trust level of a user based on at least an identification technique used to identify the user and a network path used by the user to request the data resource,authorize the user to access a requested data resource based on at least the determined trust level and the sensitivity level associated with the requested data resource stored in memory, andencrypt a session for providing the requested data resource, the session being encrypted based on an encryption technique associated with the sensitivity level of the requested data resource.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, further comprising encryption hardware that determines the physical security of the network path, and wherein the trust level of the user is further based on the physical security of the network path.
  - 3. The apparatus of claim 1, wherein the processor further executes instructions stored in memory to determine the trust level of the user further based on an access policy, the access policy based on group membership of the user and an information set including the requested data resource.
  - 4. The apparatus of claim 1, further comprising a database in memory, the database storing information concerning the identification technique in association with a minimum trust level.
  - 5. The apparatus of claim 1, further comprising a database in memory, the database storing information concerning an order of trust levels ranging from a minimum level to a maximum level as designated by an administrator.

6. A method for adaptive encryption in sessions providing data resources, the method comprising:
- assigning a sensitivity level to a data resource in a database in memory, wherein the sensitivity level is further associated with an encryption technique; and
  
  executing instructions stored in memory, wherein execution of the instructions by a processor;
  
  determines a trust level of a user based at least on an identification technique used to identify the user and a network path used by the user to request the data resource, the determination of the trust level taking place at an access filter;
  
  determines authorization of a user to access a requested data resource based on at least the determined trust level and the sensitivity level associated with the requested data resource, the determination of the authorization taking place at the access filter; and
  
  encrypts a session for providing the requested data resource to the authorized user, the session being encrypted based on an encryption technique associated with the sensitivity level of the requested data resource, the encryption taking place at the access filter.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, wherein determining the trust level of the user is further based on physical security of the network path.
  - 8. The method of claim 6, wherein determining the trust level of the user is further based on an access policy, the access policy based on group membership of the user and an information set including the requested data resource.
  - 9. The method of claim 6, further comprising establishing an order of trust levels ranging from a minimum level to a maximum level.
  - 10. The method of claim 9, further comprising associating the sensitivity level of the requested data resource with a range of trust levels, and wherein determining authorization to access the requested data resource includes determining whether the trust level of the user is within the range of trust levels associated with the sensitivity level of the requested data resource.
  - 11. The method of claim 6, further comprising establishing an order of encryption levels ranging from a minimum level to a maximum level.
  - 12. The method of claim 11, further comprising associating the sensitivity level of the requested data resource with a range of encryption levels and wherein permitting the encrypted session for providing the requested data resource includes determining that the encryption technique is within the range of encryption levels associated with the sensitivity level of the requested data resource.
  - 13. The method of claim 6, further comprising establishing an order of sensitivity levels ranging from a minimum level to a maximum level.
  - 14. The method of claim 12, further comprising associating the trust level of the user with a range of sensitivity levels and wherein determining authorization to access the requested data resource includes determining whether the sensitivity level of the requested data resource is within the range of sensitivity levels associated with the trust level of the user.

15. A non-transitory computer-readable storage medium, having embodied thereon a program, the program being executable by a processor to perform a method for adaptive encryption in sessions providing data resources, the method comprising:
- assigning a sensitivity level to a data resource in a database, wherein the sensitivity level is further associated with an encryption technique;
  
  determining a trust level of a user based at least on an identification technique used to identify the user and a network path used by the user to request the data resource;
  
  determining authorization of a user to access a requested data resource based on at least the determined trust level and the sensitivity level associated with the requested data resource; and
  
  encrypting a session for providing the requested data resource to the authorized user, the session being encrypted based on an encryption technique associated with the sensitivity level of the requested data resource.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the trust level is further based on physical security of the network path.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the program is further executable to determine the trust level of the user further based on an access policy, the access policy based on group membership of the user and an information set including the requested data resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Hannel, Clifford Lee, May, Anthony
Primary Examiner(s)
LEROUX, ETIENNE PIERRE

Application Number

US11/927,214
Publication Number

US 20080172366A1
Time in Patent Office

1,240 Days
Field of Search

707/2, 707/3, 707/101, 707/781
US Class Current

707/781
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Adaptive encryption

First Claim

28 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive encryption

First Claim

28 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links