MULTILAYER ACCESS CONTROL SECURITY SYSTEM
First Claim
1. A method of providing secure access via a network device, the method comprising:
- (a) receiving, by a device intermediary to a client and one or more servers, a request of a user to access a server, the device controlling access via a plurality of security layers, each of the plurality of security layers operating at a different layer of network communications;
(b) generating, by the device, an access rule for the user for each of the plurality of security layers based on a set of access policies corresponding to the user;
(c) converting, by the device, each access rule for each of the plurality of security layers to a user specific filter for a corresponding security layer; and
(d) installing, by the device, each user specific filter to the corresponding security layer of the device.
9 Assignments
0 Petitions
Accused Products
Abstract
A computer-based system provides secure, configurable access to computer network resources. A human-readable language is provided for defining access policy rules. Rules in this language are converted in an automated fashion into filters applied within the various subsystems and components in a multi-layer security system. Network users are authenticated by an access control security system that obtains basic information about that user. Based on the user ID, a set of abstract policies can be retrieved. The retrieved policies are associated with the user and the groups associated with that user. Based on the retrieved rules, a set of rules for multiple layers of the network are generated and applied to those subsystems. Two or more of the subsystems may be placed in series with different types of processing occurring in each of the subsystems, reducing the workload of subsequent subsystems.
119 Citations
20 Claims
-
1. A method of providing secure access via a network device, the method comprising:
-
(a) receiving, by a device intermediary to a client and one or more servers, a request of a user to access a server, the device controlling access via a plurality of security layers, each of the plurality of security layers operating at a different layer of network communications; (b) generating, by the device, an access rule for the user for each of the plurality of security layers based on a set of access policies corresponding to the user; (c) converting, by the device, each access rule for each of the plurality of security layers to a user specific filter for a corresponding security layer; and (d) installing, by the device, each user specific filter to the corresponding security layer of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system of providing secure access via a network device, the method comprising:
-
a device intermediary to a client and one or more servers, receiving a request of a user to access a server, the device controlling access via a plurality of security layers, each of the plurality of security layers operating at a different layer of network communications; a policy engine of the device generating an access rule for the user for each of the plurality of security layers based on a set of access policies corresponding to the user and converts each access rule for each of the plurality of security layers to a user specific filter for a corresponding security layer; and wherein the device installs each user specific filter to the corresponding security layer of the device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification