WO2001006727A3 - Method and system for a policy enforcing module - Google Patents

Method and system for a policy enforcing module Download PDF

Info

Publication number
WO2001006727A3
WO2001006727A3 PCT/US2000/040333 US0040333W WO0106727A3 WO 2001006727 A3 WO2001006727 A3 WO 2001006727A3 US 0040333 W US0040333 W US 0040333W WO 0106727 A3 WO0106727 A3 WO 0106727A3
Authority
WO
WIPO (PCT)
Prior art keywords
policy
ppm
certificate
module
meet
Prior art date
Application number
PCT/US2000/040333
Other languages
French (fr)
Other versions
WO2001006727A2 (en
WO2001006727A9 (en
Inventor
Charles R J Moore
Peter V O'connor
Original Assignee
Spyrus Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spyrus Inc filed Critical Spyrus Inc
Priority to EP00952769A priority Critical patent/EP1201058A2/en
Priority to AU65410/00A priority patent/AU6541000A/en
Publication of WO2001006727A2 publication Critical patent/WO2001006727A2/en
Publication of WO2001006727A3 publication Critical patent/WO2001006727A3/en
Publication of WO2001006727A9 publication Critical patent/WO2001006727A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • H04L9/007Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models involving hierarchical structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A programmable policy module (PPM) allows a user to configure specific policy elements available from a software application, in order to meet a particular assurance level. The policy will then be enforced by the PPM to meet a target set of policy requirements. In one embodiment, the PPM provides the linkage between the certificate policy identified in an X.509 certificate extension, and the execution of a module that enforces the specific policy elements during the process of digital certificate registration. The PPM can execute at the Registration Authority (RA) in a Public Key Infrastructure (PKI), and can permit enforcement of the policy elements in the Certificate Policy (CP) which governs the operations of the RA.
PCT/US2000/040333 1999-07-16 2000-07-10 Method and system for a policy enforcing module WO2001006727A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00952769A EP1201058A2 (en) 1999-07-16 2000-07-10 Method and system for a policy enforcing module
AU65410/00A AU6541000A (en) 1999-07-16 2000-07-10 Method and system for a policy enforcing module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/354,234 1999-07-16
US09/354,234 US6816965B1 (en) 1999-07-16 1999-07-16 Method and system for a policy enforcing module

Publications (3)

Publication Number Publication Date
WO2001006727A2 WO2001006727A2 (en) 2001-01-25
WO2001006727A3 true WO2001006727A3 (en) 2001-08-09
WO2001006727A9 WO2001006727A9 (en) 2002-08-15

Family

ID=23392416

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/040333 WO2001006727A2 (en) 1999-07-16 2000-07-10 Method and system for a policy enforcing module

Country Status (4)

Country Link
US (1) US6816965B1 (en)
EP (1) EP1201058A2 (en)
AU (1) AU6541000A (en)
WO (1) WO2001006727A2 (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2800540B1 (en) * 1999-10-28 2001-11-30 Bull Cp8 SECURE TERMINAL PROVIDED WITH A CHIP CARD READER FOR COMMUNICATING WITH A SERVER VIA AN INTERNET-TYPE NETWORK
US7168092B2 (en) * 2000-08-31 2007-01-23 Sun Microsystems, Inc. Configuring processing units
US20020099668A1 (en) * 2001-01-22 2002-07-25 Sun Microsystems, Inc. Efficient revocation of registration authorities
GB2372342A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co Determination of a credential attribute value of a digital certificate
GB2372343A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co Determination of a trust value of a digital certificate
JP4619042B2 (en) * 2003-06-16 2011-01-26 オセ−テクノロジーズ・ベー・ヴエー Information search system and information search method
US7500097B2 (en) * 2005-02-28 2009-03-03 Microsoft Corporation Extendable data-driven system and method for issuing certificates
US7478419B2 (en) * 2005-03-09 2009-01-13 Sun Microsystems, Inc. Automated policy constraint matching for computing resources
US7509489B2 (en) * 2005-03-11 2009-03-24 Microsoft Corporation Format-agnostic system and method for issuing certificates
US8090939B2 (en) * 2005-10-21 2012-01-03 Hewlett-Packard Development Company, L.P. Digital certificate that indicates a parameter of an associated cryptographic token
US8826411B2 (en) * 2006-03-15 2014-09-02 Blue Coat Systems, Inc. Client-side extensions for use in connection with HTTP proxy policy enforcement
US8984579B2 (en) * 2006-09-19 2015-03-17 The Innovation Science Fund I, LLC Evaluation systems and methods for coordinating software agents
US8627402B2 (en) 2006-09-19 2014-01-07 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US8607336B2 (en) 2006-09-19 2013-12-10 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
US8601530B2 (en) * 2006-09-19 2013-12-03 The Invention Science Fund I, Llc Evaluation systems and methods for coordinating software agents
EP2122900A4 (en) * 2007-01-22 2014-07-23 Spyrus Inc Portable data encryption device with configurable security functionality and method for file encryption
US7705847B2 (en) 2007-03-05 2010-04-27 Oracle International Corporation Graph selection method
US8126837B2 (en) 2008-09-23 2012-02-28 Stollman Jeff Methods and apparatus related to document processing based on a document type
US8464313B2 (en) * 2008-11-10 2013-06-11 Jeff STOLLMAN Methods and apparatus related to transmission of confidential information to a relying entity
US8549589B2 (en) * 2008-11-10 2013-10-01 Jeff STOLLMAN Methods and apparatus for transacting with multiple domains based on a credential
TW201116023A (en) * 2009-09-25 2011-05-01 Ibm A method and a system for providing a deployment lifecycle management of cryptographic objects
WO2013025785A1 (en) * 2011-08-15 2013-02-21 Arizona Board Of Regents, For And On Behalf Of, Arizona State University Systems methods, and media for policy-based monitoring and controlling of applications
CN103685021B (en) * 2014-01-02 2019-03-19 网神信息技术(北京)股份有限公司 Data transmission method and device
US9438428B2 (en) * 2014-05-12 2016-09-06 CertiPath, Inc. Method and system for email identity validation
GB2531247B (en) * 2014-10-07 2021-10-06 Arm Ip Ltd Method, hardware and digital certificate for authentication of connected devices

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0465016A2 (en) * 1990-06-25 1992-01-08 Digital Equipment Corporation Distributed multilevel computer security system and method

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4919545A (en) 1988-12-22 1990-04-24 Gte Laboratories Incorporated Distributed security procedure for intelligent networks
GB9010603D0 (en) 1990-05-11 1990-07-04 Int Computers Ltd Access control in a distributed computer system
US5164988A (en) * 1991-10-31 1992-11-17 International Business Machines Corporation Method to establish and enforce a network cryptographic security policy in a public key cryptosystem
US5412717A (en) 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5677953A (en) 1993-09-14 1997-10-14 Spyrus, Inc. System and method for access control for portable data storage media
IL110891A (en) 1993-09-14 1999-03-12 Spyrus System and method for data access control
US5483596A (en) 1994-01-24 1996-01-09 Paralon Technologies, Inc. Apparatus and method for controlling access to and interconnection of computer system resources
WO1996002993A2 (en) 1994-07-19 1996-02-01 Bankers Trust Company Method for securely using digital signatures in a commercial cryptographic system
US6381639B1 (en) * 1995-05-25 2002-04-30 Aprisma Management Technologies, Inc. Policy management and conflict resolution in computer networks
US5671412A (en) * 1995-07-28 1997-09-23 Globetrotter Software, Incorporated License management system for software applications
US5825883A (en) 1995-10-31 1998-10-20 Interval Systems, Inc. Method and apparatus that accounts for usage of digital applications
US5825877A (en) 1996-06-11 1998-10-20 International Business Machines Corporation Support for portable trusted software
US6148083A (en) 1996-08-23 2000-11-14 Hewlett-Packard Company Application certification for an international cryptography framework
US6055637A (en) 1996-09-27 2000-04-25 Electronic Data Systems Corporation System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential
US6105069A (en) 1997-01-22 2000-08-15 Novell, Inc. Licensing controller using network directory services
US6073124A (en) 1997-01-29 2000-06-06 Shopnow.Com Inc. Method and system for securely incorporating electronic information into an online purchasing application
EP0881559B1 (en) 1997-05-28 2003-08-20 Siemens Aktiengesellschaft Computer system for protecting software and a method for protecting software
US7127741B2 (en) * 1998-11-03 2006-10-24 Tumbleweed Communications Corp. Method and system for e-mail message transmission
US6128740A (en) * 1997-12-08 2000-10-03 Entrust Technologies Limited Computer security system and method with on demand publishing of certificate revocation lists
US6202157B1 (en) * 1997-12-08 2001-03-13 Entrust Technologies Limited Computer network security system and method having unilateral enforceable security policy provision
US6108788A (en) * 1997-12-08 2000-08-22 Entrust Technologies Limited Certificate management system and method for a communication security system
US6148290A (en) * 1998-09-04 2000-11-14 International Business Machines Corporation Service contract for managing service systems
US6138239A (en) 1998-11-13 2000-10-24 N★Able Technologies, Inc. Method and system for authenticating and utilizing secure resources in a computer system
US6510513B1 (en) * 1999-01-13 2003-01-21 Microsoft Corporation Security services and policy enforcement for electronic data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0465016A2 (en) * 1990-06-25 1992-01-08 Digital Equipment Corporation Distributed multilevel computer security system and method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
GRIMM R ET AL: "Security policies in OSI-management experiences from the DeTeBerkom project BMSec", COMPUTER NETWORKS AND ISDN SYSTEMS,NL,NORTH HOLLAND PUBLISHING. AMSTERDAM, vol. 28, no. 4, 1 February 1996 (1996-02-01), pages 499 - 511, XP004002982, ISSN: 0169-7552 *
LOPEZ L; CARRACEDO J: "Hierarchical organization of certification authorities for secure environments", IEEE. COMPUTER SOC. PRESS. PROCEEDINGS OF SNDSS'97: INTERNET SOCIETY 1997 SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM SECURITY, 10 February 1997 (1997-02-10) - 11 February 1997 (1997-02-11), San Diego, CA, USA, pages 112 - 121, XP002160493 *
YUNG-KAO HSU: "Development of an intranet security infrastructure and its application", IEEE COMPUT. SOC. PROCEEDINGS OF WET ICE'98 - IEEE SEVENTH INTERNATIONAL WORKSHOP ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, 17 June 1998 (1998-06-17) - 19 June 1998 (1998-06-19), Stanford, CA, USA, pages 334 - 339, XP002160492 *

Also Published As

Publication number Publication date
WO2001006727A2 (en) 2001-01-25
WO2001006727A9 (en) 2002-08-15
US6816965B1 (en) 2004-11-09
AU6541000A (en) 2001-02-05
EP1201058A2 (en) 2002-05-02

Similar Documents

Publication Publication Date Title
WO2001006727A3 (en) Method and system for a policy enforcing module
WO2005001653A3 (en) Access control
WO2005010688A3 (en) Controlling access using additional data
WO2003027924A1 (en) Content usage authority management system and management method
WO2004003812A3 (en) Method and system for authorizing reconfiguration of a vehicle
EP1914655A3 (en) Systems and methods for secure transaction management and electronic rights protection
WO2002037210A3 (en) Processing content for electronic distribution using a digital rights management system
EP1577735A3 (en) Method and system enforcing computer security utilizing an adaptive lattice mechanism
WO2004027588A3 (en) Certificate based authorized domains
ATE519323T1 (en) SECURING LDAP (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL) TRAFFIC
WO2004019550A3 (en) System and method for authenticating wireless component
EP1388777A3 (en) System and method for cryptographic control of system configurations
AU6538900A (en) Method and circuit for automatically tuning filter circuits over process, voltage, and temperature
WO2001037081A3 (en) Method and apparatus for concurrency control in a policy-based management system
WO2006039365A3 (en) Method and system of authentication on an open network
DE60317753D1 (en) Method and apparatus for automatic client authentication in a wireless network protected by PEAP, EAP-TLS or other extensible authentication protocols
WO2003014860A8 (en) System and method for managing network service access and enrollment
WO2003007397A3 (en) Solution influenced alignment
DE69535935D1 (en) Method and device for creating a cryptographic connection between elements of a system
WO2002014984A3 (en) Tokenless biometric authorization of electronic communications
EP1286514A3 (en) Method and apparatus for distributing authorization to provision mobile devices on a wireless network
WO2002093294A3 (en) Method and apparatus for automating the process of settling financial transactions
WO2002060112A3 (en) Apparatus, method and system for multiple resolution affecting information access
WO2002023801A3 (en) Method for controlling access
WO2002091178A3 (en) Method and apparatus for upgrading managed application state for a java based application

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000952769

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 65410/00

Country of ref document: AU

WWP Wipo information: published in national office

Ref document number: 2000952769

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

COP Corrected version of pamphlet

Free format text: PAGES 1/16-16/16, DRAWINGS, REPLACED BY NEW PAGES 1/16-16/16; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000952769

Country of ref document: EP