WO2001018634A1 - Access validation system - Google Patents

Access validation system Download PDF

Info

Publication number
WO2001018634A1
WO2001018634A1 PCT/IL2000/000519 IL0000519W WO0118634A1 WO 2001018634 A1 WO2001018634 A1 WO 2001018634A1 IL 0000519 W IL0000519 W IL 0000519W WO 0118634 A1 WO0118634 A1 WO 0118634A1
Authority
WO
WIPO (PCT)
Prior art keywords
workstation
firewall
user
server
access
Prior art date
Application number
PCT/IL2000/000519
Other languages
French (fr)
Inventor
Moshe Elgressy
Noam Ziv
David Wine
Original Assignee
First Access
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by First Access filed Critical First Access
Priority to AU67233/00A priority Critical patent/AU6723300A/en
Publication of WO2001018634A1 publication Critical patent/WO2001018634A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Definitions

  • the invention relates to a system for permitting the continued access of a user to computer resources. More particularly, the invention relates to a system that utilizes a time-dependent firewall to administrate the continued access of validated users to computer resources.
  • proximity sensor uses contactless communication technology, such as RF,
  • It is another purpose of this invention is to provide a system which does not require the presence of complicated security software on the servers of the LAN or WAN.
  • the invention is directed to a method of controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, comprising: a) providing a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) providing user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) validating the user to the firewall; and d) disallowing access to one or more resources of the workstation if the user is not validated or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
  • the method further comprises generating an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, by carrying out the following steps: e) determining whether the user is physically located within said predefined distance from the workstation; and f) when the distance of the user from the workstation exceeds said predefined value, disallowing access to one or more resources of the workstation or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
  • the decision on whether a user who is physically absent from his workstation will cause the workstation to become inactive in some aspects, viz., to have its input devices deactivated, or whether the workstation must be logged-off altogether from the server, is a decision that is taken, according to a preferred embodiment of the invention, at the workstation level. Different security policies may result in different commands to the firewall. However, the server is not involved in any part of the process, since the physical proximity of the user, as well as the logical results thereof, are supervised by the workstation security software, and the connection or disconnection of the user to the server or network is carried out by the firewall, as a result of input received from the workstation security software.
  • step (d) above is repeated periodically, at a preselected time interval, and the relevant decisions are also made by the workstation security software at the appropriate time intervals.
  • the communication gate is a switch.
  • the user/workstation validation means comprise a token and a transceiver connected to the workstation.
  • a signal indicative of a presence state is generated and transmitted to the firewall.
  • the firewall is provided with preset instructions and with logic means, and the decision as to whether the connection of the workstation to the server should be reset is made at the firewall level, rather than at the workstation security software level, and this decision is made on the basis of signals received from the workstation.
  • the firewall will allow the workstation to connect to the server when a signal indicative of a presence state is received by it.
  • the firewall allows the connection between the workstation and the server to continue, as long as signals are sent by the workstation and are received by the firewall at preset time intervals.
  • the invention is directed to a system for controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, or results in an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, comprising:
  • a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) signal generating means to generate signals indicative of successful validation or connection reset and to transmit said signal to said firewall when the user/workstation validation means determine that a security policy so requires; and d) circuitry provided in said firewall for discontinuing and/or preventing the connection of the workstation to the server for a predefined period of time, when a command is sent by the security software of the workstation to the firewall.
  • a time-dependent firewall assembly comprises firewall circuitry coupled to communication gate means.
  • the firewall circuitry is integral with the gate means.
  • the gate means is a switch.
  • - Fig. 1 is a schematic representation of a LAN, according to a preferred embodiment of the invention.
  • a simple IAN is schematically shown, in which a plurality of workstations, la - le, each of which is coupled with a token, 2a - 2e.
  • the workstations are connected to a server 3, through a switch 4.
  • the switch 4 is equipped with firewall circuitry that performs the following activities: 1. It identifies the workstation connecting to the server via the switch;
  • firewall circuitry If all security policies are observed, the firewall circuitry does not intervene. If any of the security policies has been violated, however, the firewall circuitry resets the connection with the server, thereby preventing the workstation user from accessing it.
  • firewall The operation of the firewall, and the means used to reset the communication between the user and the server, are well known in the art and are therefore not discussed herein in detail, for the sake of brevity.
  • means for authenticating a user with a workstation are also well known in the art, for instance from WO 97/39553 or from PCT/IL99/00115 of the same applicants hereof, and the skilled person will easily select the validation method that is best suited for a specific purpose.
  • Prior art firewalls determine whether a user is authorized to access a given server and, if the user is authorized, allow him to connect. At this point, the role of the firewall has ended, and any other task (such as the establishment of permissions to access given folders, areas or resources) is handed over by the firewall to the server. The firewall is no longer concerned with the activities of the user. Thus, prior art firewalls operate in what can be termed a "time-independent mode". Furthermore, prior art firewalls require an independent firewall server, which is connected to the LAN and is logically located before the server.
  • the firewall is not only coupled to, and preferably integral with, the switch, hub or the like communication gate, but it also operates in cooperation with the distance-dependent security software and hardware coupled to the workstation, which is responsible for ensuring in a time-dependent mode, that the resources of the workstation are not made available if a user has left his working position by a distance greater than a predetermined value.
  • the validation of the user is carried out at the firewall, while his presence near the workstation is determined as a function of token proximity data received from the workstation, which data is analyzed by the software running on the workstation level. In other words, the identity of the user is validated at the firewall server at the time of log-in, while his continued presence is checked at the workstation level.
  • the workstation security software may decide to disallow access to certain resources, such as the keyboard or the mouse, or may decide, under certain conditions, to log-off the user entirely. If the workstation software decides to log-off the user, a corresponding signal is transmitted from the workstation to the firewall that resets the communication of the user with the server(s).
  • the invention solves a number of problems: it is simple in operation, since it does not require the installation of complicated software on the server(s).
  • the time-dependent firewall of the invention is essentially plug-and-play with respect to the server, and only requires a simple installation of hardware and software at the workstations.

Abstract

A method for controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, comprises: a) providing a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) providing user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) validating the user to the firewall; and d) disallowing access to one or more resources of the workstation if the user is not validated or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.

Description

ACCESS VALIDATION SYSTEM
Field of the Invention
The invention relates to a system for permitting the continued access of a user to computer resources. More particularly, the invention relates to a system that utilizes a time-dependent firewall to administrate the continued access of validated users to computer resources.
Background of the Invention
The problem of preventing the unauthorized access to a computer
workstation has been addressed in the art. Several solutions have been
offered during the years, ranging from mechanical solutions, such as the
use of a key, to logical solutions, such as the use of passwords to be
keyed-in, and including electronic solutions, such as the use of magnetic or
smart cards for gaining access to the workstation.
Most early solutions did not solve a very critical problem, viz., that of the
unauthorized access to a workstation when the authorized user, who has
logged into the workstation, temporarily leaves his position without turning
off the workstation or relevant program. Some attempts have been made to
solve the problem by providing programs which automatically turn-off the
workstation after a given idle time, or require a renewed access procedure
to gain access again to the workstation. These solutions, however, are
unpractical and cumbersome, and have not been very successful. An improved solution to the problem is based on proximity sensors that
auto-detect whether the user (token) left the computer site and
automatically disable any access to all or selected computer resources. The
proximity sensor uses contactless communication technology, such as RF,
IR, sound, ultra-sound, etc. Although prior art systems employing proximity
sensors are convenient for the users, the present severe drawbacks,
particularly inasmuch as they do not afford a high level of security against
unauthorized access, since they can be duplicated, and because of the low
flexibility of the system which pairs a user (token) with a predetermined
workstation.
The problem is relatively simple when a stand-alone workstation is involved. However, most systems of interest are large LANs or WANs, involving a large number of users, sometimes up to several hundreds, and a plurality of servers, all of which may be decentralized and may operate from a number of remote sites. All the existing solutions present a severe drawback inasmuch as they require that suitable security software be installed in the server (s) and workstation(s), so that the servers and the workstations may cooperate in maintaining a preset security policy. This need is accompanied by the need to maintain and service the servers constantly, in order to update security policies, user's data, software versions, etc. This is a severe drawback inasmuch as it is undesirable to upload and service software on servers that serve the regular needs of the LAN or WAN, which may cause downtime, compatibility and maintenance problems, particularly when a number of physically remote servers is involved. Additionally, the initial installation of the software is normally complicated and time consuming, and may also require some downtime. However, the art has so far failed to provide means to obviate this severe problem.
It is therefore an object of this invention to provide a method and a security system that overcomes the aforementioned drawbacks of the prior art.
It is another purpose of this invention is to provide a system which does not require the presence of complicated security software on the servers of the LAN or WAN.
It is yet another object of the invention to provide a security system that can be put in place quickly and simply, without the need for complicated software installation on the server (s).
Other purposes and advantages of this invention will appear as the description proceeds.
Summary of the Invention
In one aspect the invention is directed to a method of controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, comprising: a) providing a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) providing user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) validating the user to the firewall; and d) disallowing access to one or more resources of the workstation if the user is not validated or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
According to a preferred embodiment of the invention, the method further comprises generating an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, by carrying out the following steps: e) determining whether the user is physically located within said predefined distance from the workstation; and f) when the distance of the user from the workstation exceeds said predefined value, disallowing access to one or more resources of the workstation or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
The decision on whether a user who is physically absent from his workstation will cause the workstation to become inactive in some aspects, viz., to have its input devices deactivated, or whether the workstation must be logged-off altogether from the server, is a decision that is taken, according to a preferred embodiment of the invention, at the workstation level. Different security policies may result in different commands to the firewall. However, the server is not involved in any part of the process, since the physical proximity of the user, as well as the logical results thereof, are supervised by the workstation security software, and the connection or disconnection of the user to the server or network is carried out by the firewall, as a result of input received from the workstation security software.
According to a preferred embodiment of the invention step (d) above is repeated periodically, at a preselected time interval, and the relevant decisions are also made by the workstation security software at the appropriate time intervals.
According to a preferred embodiment of the invention the communication gate is a switch.
According to another preferred embodiment of the invention the user/workstation validation means comprise a token and a transceiver connected to the workstation.
According to a preferred embodiment of the invention, when the distance of the user from the workstation is less than a predefined value, a signal indicative of a presence state is generated and transmitted to the firewall. According to this particular embodiment of the invention, the firewall is provided with preset instructions and with logic means, and the decision as to whether the connection of the workstation to the server should be reset is made at the firewall level, rather than at the workstation security software level, and this decision is made on the basis of signals received from the workstation. In a typical embodiment of the invention the firewall will allow the workstation to connect to the server when a signal indicative of a presence state is received by it.
According to another preferred embodiment of the invention the firewall allows the connection between the workstation and the server to continue, as long as signals are sent by the workstation and are received by the firewall at preset time intervals.
In another aspect the invention is directed to a system for controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, or results in an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, comprising:
a) a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) signal generating means to generate signals indicative of successful validation or connection reset and to transmit said signal to said firewall when the user/workstation validation means determine that a security policy so requires; and d) circuitry provided in said firewall for discontinuing and/or preventing the connection of the workstation to the server for a predefined period of time, when a command is sent by the security software of the workstation to the firewall.
A time-dependent firewall assembly according to a preferred embodiment of the invention comprises firewall circuitry coupled to communication gate means. According to a preferred embodiment of the invention the firewall circuitry is integral with the gate means. Preferably, but non limitatively, the gate means is a switch.
Brief Description of the Drawing
- Fig. 1 is a schematic representation of a LAN, according to a preferred embodiment of the invention.
Detailed Description of Preferred Embodiments
Looking now at Fig. 1, a simple IAN is schematically shown, in which a plurality of workstations, la - le, each of which is coupled with a token, 2a - 2e. The workstations are connected to a server 3, through a switch 4. The switch 4 is equipped with firewall circuitry that performs the following activities: 1. It identifies the workstation connecting to the server via the switch;
2. It determines whether the workstation is being operated using a valid token, which grants access rights to the server;
3. It determines whether any other preset security policies are been observed, such as the time of the day or the day of the week during which access must be denied;
4. If all security policies are observed, the firewall circuitry does not intervene. If any of the security policies has been violated, however, the firewall circuitry resets the connection with the server, thereby preventing the workstation user from accessing it.
5. It repeats the above operations every time a user logs-in, after logging-off from his workstation.
The operation of the firewall, and the means used to reset the communication between the user and the server, are well known in the art and are therefore not discussed herein in detail, for the sake of brevity. Likewise, the means for authenticating a user with a workstation are also well known in the art, for instance from WO 97/39553 or from PCT/IL99/00115 of the same applicants hereof, and the skilled person will easily select the validation method that is best suited for a specific purpose.
Although, as said, the way in which the access of the user is prevented is conventional, the firewall coupled to the switch, according to the invention, does not operate in any other sense as prior art firewalls. Prior art firewalls determine whether a user is authorized to access a given server and, if the user is authorized, allow him to connect. At this point, the role of the firewall has ended, and any other task (such as the establishment of permissions to access given folders, areas or resources) is handed over by the firewall to the server. The firewall is no longer concerned with the activities of the user. Thus, prior art firewalls operate in what can be termed a "time-independent mode". Furthermore, prior art firewalls require an independent firewall server, which is connected to the LAN and is logically located before the server.
According to the invention, however, the firewall is not only coupled to, and preferably integral with, the switch, hub or the like communication gate, but it also operates in cooperation with the distance-dependent security software and hardware coupled to the workstation, which is responsible for ensuring in a time-dependent mode, that the resources of the workstation are not made available if a user has left his working position by a distance greater than a predetermined value. According to the invention the validation of the user is carried out at the firewall, while his presence near the workstation is determined as a function of token proximity data received from the workstation, which data is analyzed by the software running on the workstation level. In other words, the identity of the user is validated at the firewall server at the time of log-in, while his continued presence is checked at the workstation level. The workstation security software may decide to disallow access to certain resources, such as the keyboard or the mouse, or may decide, under certain conditions, to log-off the user entirely. If the workstation software decides to log-off the user, a corresponding signal is transmitted from the workstation to the firewall that resets the communication of the user with the server(s). As will be appreciated by the skilled person, the invention solves a number of problems: it is simple in operation, since it does not require the installation of complicated software on the server(s). It is efficient, inasmuch as access to the workstation resources can be prevented, when the token/workstation validation procedure reveals that the user is no longer near the workstation, and a physical disconnection of the workstation from the network can be effected at the firewall level, as a result of a security policy determination made at the workstation level. Furthermore, the time-dependent firewall of the invention is essentially plug-and-play with respect to the server, and only requires a simple installation of hardware and software at the workstations.
While embodiments of the invention have been described by way of illustration, it will be understood that the invention can be carried out by persons skilled in the art with many modifications, variations and adaptations, without departing from its spirit or exceeding the scope of the claims.

Claims

1. A method of controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, comprising: a) providing a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) providing user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) validating the user to the firewall; and d) disallowing access to one or more resources of the workstation if the user is not validated or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
2. A method according to claim 1, further comprising generating an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, by carrying out the following steps: e) determining whether the user is physically located within said predefined distance from the workstation; and f) when the distance of the user from the workstation exceeds said predefined value, disallowing access to one or more resources of the workstation or, if the security policy so requires, transmitting to the firewall a command to disconnect the workstation from the server.
3. A method according to claim 2, wherein steps (e) and (f) are repeated periodically, at a preselected time interval.
4. A method according to claim 1, wherein the communication gate is a switch.
5. A method according to claim 1, wherein the user/workstation validation means comprise a token and a transceiver connected to the workstation.
6. A method according to claim 1, further comprising, when the distance of the user from the workstation is less than a predefined value, generating a signal indicative of a presence state and transmitting said signal to the firewall.
7. A method according to claim 6, wherein the firewall allows the workstation to connect to the server when a signal indicative of a presence state is received by it.
8. A method according to claim 6, wherein the firewall allows the connection between the workstation and the server to continue, as long as presence signals are received by the firewall at preset time intervals.
9. A method according to claim 1, wherein the firewall is provided with preset instructions and with logic means, and the decision as to whether the connection of the workstation to the server should be reset is made at the firewall level, rather than at the workstation security software level, and this decision is made on the basis of signals received from the workstation.
10. A system for controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, or results in an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, comprising
a) a firewall coupled to, or integral with, a communication gate located between the workstation and the server; b) user/workstation validation means suitable to determine whether the user is physically located within a predefined distance from the workstation; c) signal generating means to generate signals indicative of successful validation or connection reset and to transmit said signal to said firewall when the user/workstation validation means determine that a security policy so requires; d) circuitry provided in said firewall for discontinuing and/or preventing the connection of the workstation to the server for a predefined period of time, when a command is sent by the security software of the workstation to the firewall.
11. A time-dependent firewall assembly comprising firewall circuitry coupled to communication gate means.
12. An assembly according to claim 11, wherein the firewall circuitry is integral with the gate means.
13. An assembly according to claim 11 or 12, wherein the gate means is a switch.
14. A method of controlling the connection of a workstation to a server so as to allow its access when a token/workstation validation process is successfully completed, and to prevent or discontinue the connection of the workstation to the server when a token/workstation validation process fails to identify an authorized user, or results in an indication that the user is not within a predefined distance from the workstation and that the security policy requires that access be discontinued, essentially as described and illustrated.
PCT/IL2000/000519 1999-09-09 2000-08-31 Access validation system WO2001018634A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU67233/00A AU6723300A (en) 1999-09-09 2000-08-31 Access validation system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL131847 1999-09-09
IL13184799A IL131847A0 (en) 1999-09-09 1999-09-09 Access validation system

Publications (1)

Publication Number Publication Date
WO2001018634A1 true WO2001018634A1 (en) 2001-03-15

Family

ID=11073239

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2000/000519 WO2001018634A1 (en) 1999-09-09 2000-08-31 Access validation system

Country Status (3)

Country Link
AU (1) AU6723300A (en)
IL (1) IL131847A0 (en)
WO (1) WO2001018634A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2942894A1 (en) * 2009-03-05 2010-09-10 Frederic Glaubert Computing equipment managing method for defined zone e.g. office, involves changing state of computer allocated to person by remote control unit in response to detection of person outside zone, based on pre-established rules

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2060228A (en) * 1979-10-09 1981-04-29 Mastiff Security Syst Ltd Computer System
EP0737907A2 (en) * 1992-04-17 1996-10-16 Secure Computing Corporation Cryptographic data security in a secured computer system
WO1997039553A1 (en) * 1996-04-17 1997-10-23 Intel Corporation An authentication system based on periodic challenge/response protocol
US5784463A (en) * 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2060228A (en) * 1979-10-09 1981-04-29 Mastiff Security Syst Ltd Computer System
EP0737907A2 (en) * 1992-04-17 1996-10-16 Secure Computing Corporation Cryptographic data security in a secured computer system
WO1997039553A1 (en) * 1996-04-17 1997-10-23 Intel Corporation An authentication system based on periodic challenge/response protocol
US5898830A (en) * 1996-10-17 1999-04-27 Network Engineering Software Firewall providing enhanced network security and user transparency
US5784463A (en) * 1996-12-04 1998-07-21 V-One Corporation Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2942894A1 (en) * 2009-03-05 2010-09-10 Frederic Glaubert Computing equipment managing method for defined zone e.g. office, involves changing state of computer allocated to person by remote control unit in response to detection of person outside zone, based on pre-established rules

Also Published As

Publication number Publication date
AU6723300A (en) 2001-04-10
IL131847A0 (en) 2001-03-19

Similar Documents

Publication Publication Date Title
US20200302462A1 (en) Using a wireless transmitter and receiver to prevent unauthorized access to restricted computer systems
US7343488B2 (en) Method and apparatus for providing discrete data storage security
EP2076078B1 (en) Defining a boundary for wireless network using physical access control systems
EP2087690B1 (en) Secure access to a protected network resource within a restricted area
US20040263315A1 (en) Information security system interworking with entrance control device and control method thereof
CN105278337A (en) Access control method and apparatus of intelligent household system
US20080120699A1 (en) Method and system for assessing and mitigating access control to a managed network
KR102024142B1 (en) A access control system for detecting and controlling abnormal users by users’ pattern of server access
CN105813069A (en) Smart lock with MAC address and control method of the smart lock
US20160226883A1 (en) Using a wireless transmitter and receiver to prevent unauthorized access to restricted computer systems
KR20220166237A (en) Access control system and access control method using the same
KR20230007984A (en) Access control system and access control method using the same
KR20220166238A (en) Access control system and access control method using the same
WO2018160407A1 (en) Compact encoding of static permissions for real-time access control
KR100832804B1 (en) Database security system and method based on profiling
US20130038448A1 (en) Access Control System
KR102473187B1 (en) Access control system and access control method using the same
WO2001018634A1 (en) Access validation system
US10298588B2 (en) Secure communication system and method
US7523503B2 (en) Method for protecting security of network intrusion detection sensors
CN110417769A (en) A kind of industry internet platform Multi Identity Attestation method
CN106558131A (en) A kind of entrance guard controlling method and system
WO1999049378A2 (en) Multiuser computer environment access system and method
CN109714149B (en) Login control method and device for preventing brute force cracking
US9239915B2 (en) Synchronizing between host and management co-processor for network access control

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP