SYSTEM AND METHOD FOR IMPROVED NETWORK SECURITY
First Claim
1. A system of establishing a secure link among multiple users on a single machine with a remote machine, comprising:
- a subsystem to filter traffic so that traffic from each user is separate, the subsystem comprising an Internet Key Exchange (IKE) module and a policy module, the IKE module adapted to provide User Mode negotiations in order to establish a secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic and employs the SA to establish the secure link.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).
52 Citations
34 Claims
-
1. A system of establishing a secure link among multiple users on a single machine with a remote machine, comprising:
-
a subsystem to filter traffic so that traffic from each user is separate, the subsystem comprising an Internet Key Exchange (IKE) module and a policy module, the IKE module adapted to provide User Mode negotiations in order to establish a secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic and employs the SA to establish the secure link. - View Dependent Claims (2, 3, 5, 6, 7, 8, 10, 11, 12, 13, 15, 22, 23, 24, 25)
-
-
4. (canceled)
-
9. (canceled)
-
14. The system of claims wherein the User Mode negotiation further comprises a responder packet including at least one of a user identification responder, security association attribute, and a nonce responder.
-
16. A system of establishing a secure link between a first machine and multiple services on a second machine, comprising:
-
a subsystem to filter traffic so that traffic from each service is separate subsystem comprising a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users;
wherein the subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the service and employs the SA to establish the secure link. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
26. A method of establishing a secure link among multiple users on a single machine with a remote machine, comprising the steps of:
-
filtering traffic so that traffic from each user is separate;
utilizing an Internet Key Exchange (IKE) module and a policy module, the IKE module providing User Mode negotiations to establish a secure link among users;
negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the user and the traffic; and
employing the SA to establish the secure link.
-
-
27. A method of establishing a secure link between a first machine and multiple services on a second machine, comprising the steps of:
-
filtering traffic so that traffic from each service is separate;
employing a policy module and an Internet Key Exchange (IKE) module to provide User Mode negotiations to establish a secure link among users;
negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the services and the traffic; and
employing the SA to establish the secure link.
-
-
28. A system for establishing a secure link among multiple users on a single machine with a remote machine, comprising:
-
means for filtering traffic so that traffic from each user is separate;
means for utilizing a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in establishing a secure link among users;
means for negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the user and the traffic; and
means for employing the SA to establish the secure link.
-
-
29. A system of establishing a secure link between a first machine and multiple services on a second machine, comprising:
-
means for filtering traffic so that traffic from each service is separate;
means for employing a policy module and an Internet Key Exchange (IKE) module to provide User Mode negotiations to establish a secure link among users;
means for negotiating and authenticating a Security Association (SA) with at least one filter corresponding to the services and the traffic; and
means for employing the SA to establish the secure link.
-
-
30. A computer readable medium having stored thereon computer executable components, comprising
a component to filter traffic between a first machine, having multiple users, and a second machine so that traffic for the first machine is separated in accordance with the respective users; - and
a component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the users and the respective traffic, and employs the SA to establish a secure link between the first and second machines, the component employing a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users.
- and
-
31. A data packet adapted to be transmitted between at least two processes, comprising:
-
a first component to filter traffic between a first process, associated with multiple users, and a second process so that traffic for the first process is separated in accordance with the respective users; and
a second component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the users and the respective traffic, and employs the SA to establish a secure link between the first and second processes, the second component utilizing a Policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users.
-
-
32. A computer readable medium having stored thereon computer executable components, comprising:
-
a component to filter traffic between a first machine, having multiple services, and a second machine so that traffic for the first machine is separated in accordance with the respective services; and
a component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the services and the respective traffic, and employs the SA to establish a secure link between the first and second machines, the component further comprising a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users.
-
-
33. A data packet adapted to be transmitted between at least two processes, comprising:
-
a first component to filter traffic between a first process, associated with multiple services, and a second process so that traffic for the first process is separated in accordance with the respective services; and
a second component to generate and associate a Security Association (SA) with at least one filter, corresponding to at least one of the services and the respective traffic, and employs the SA to establish a secure link between the first and second processes, the second component including a policy module and an Internet Key Exchange (IKE) module adapted to provide User Mode negotiations in order to establish a secure link among users. - View Dependent Claims (34)
-
Specification