WO2007055684A3 - Determining security realm identity before permitting network connection - Google Patents

Determining security realm identity before permitting network connection Download PDF

Info

Publication number
WO2007055684A3
WO2007055684A3 PCT/US2005/040552 US2005040552W WO2007055684A3 WO 2007055684 A3 WO2007055684 A3 WO 2007055684A3 US 2005040552 W US2005040552 W US 2005040552W WO 2007055684 A3 WO2007055684 A3 WO 2007055684A3
Authority
WO
WIPO (PCT)
Prior art keywords
node
network connection
security realm
resource
before permitting
Prior art date
Application number
PCT/US2005/040552
Other languages
French (fr)
Other versions
WO2007055684A2 (en
Inventor
A David Shay
Original Assignee
Trusted Network Technologies I
A David Shay
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/164,085 external-priority patent/US20060098649A1/en
Application filed by Trusted Network Technologies I, A David Shay filed Critical Trusted Network Technologies I
Publication of WO2007055684A2 publication Critical patent/WO2007055684A2/en
Publication of WO2007055684A3 publication Critical patent/WO2007055684A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Abstract

An embodiment of a system of the invention includes a request node, an enforcement node, and a resource node. A request node generates a packet requesting access to a resource, includes its security realm identifier in the packet header, and transmits the same to the enforcement node via a network such as the Internet. The enforcement node receives the packet and applies the security policy of the resource node based on whether or not the request node is in the same security realm as the resource node. Related apparatuses, methods, and computer-readable media are also disclosed and claimed.
PCT/US2005/040552 2005-11-09 2005-11-11 Determining security realm identity before permitting network connection WO2007055684A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/165,085 2005-11-09
US11/164,085 US20060098649A1 (en) 2004-11-10 2005-11-09 System, apparatuses, methods, and computer-readable media for determining security realm identity before permitting network connection

Publications (2)

Publication Number Publication Date
WO2007055684A2 WO2007055684A2 (en) 2007-05-18
WO2007055684A3 true WO2007055684A3 (en) 2009-04-16

Family

ID=38024161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/040552 WO2007055684A2 (en) 2005-11-09 2005-11-11 Determining security realm identity before permitting network connection

Country Status (1)

Country Link
WO (1) WO2007055684A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012018605A1 (en) 2012-09-20 2014-03-20 Rolls-Royce Deutschland Ltd & Co Kg Rolling tool device
DE102012018604A1 (en) 2012-09-20 2014-03-20 Rolls-Royce Deutschland Ltd & Co Kg Rolling tool device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5204961A (en) * 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5689566A (en) * 1995-10-24 1997-11-18 Nguyen; Minhtam C. Network with secure communications sessions
US6119171A (en) * 1998-01-29 2000-09-12 Ip Dynamics, Inc. Domain name routing
EP1134938A1 (en) * 2000-03-17 2001-09-19 Nortel Networks Corporation System, device and method for supporting a label switched path across a non-MPLS compliant segment
US20030065944A1 (en) * 2001-09-28 2003-04-03 Mao Yu Ming Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device
US6606706B1 (en) * 1999-02-08 2003-08-12 Nortel Networks Limited Hierarchical multicast traffic security system in an internetwork
US20040215771A1 (en) * 2002-03-05 2004-10-28 Hayes John W. Concealing a network connected device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5204961A (en) * 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5689566A (en) * 1995-10-24 1997-11-18 Nguyen; Minhtam C. Network with secure communications sessions
US6119171A (en) * 1998-01-29 2000-09-12 Ip Dynamics, Inc. Domain name routing
US6606706B1 (en) * 1999-02-08 2003-08-12 Nortel Networks Limited Hierarchical multicast traffic security system in an internetwork
EP1134938A1 (en) * 2000-03-17 2001-09-19 Nortel Networks Corporation System, device and method for supporting a label switched path across a non-MPLS compliant segment
US20030065944A1 (en) * 2001-09-28 2003-04-03 Mao Yu Ming Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device
US20040215771A1 (en) * 2002-03-05 2004-10-28 Hayes John W. Concealing a network connected device

Also Published As

Publication number Publication date
WO2007055684A2 (en) 2007-05-18

Similar Documents

Publication Publication Date Title
US8850553B2 (en) Service binding
WO2007106687A3 (en) Role aware network security enforcement
EP2605471B1 (en) Relay-based media channel establishing method and the system thereof
WO2006031594A3 (en) Dynamic firewall capabilities for wireless access gateways
WO2006020095A3 (en) Security systems and services to provide identity and uniform resource identifier verification
WO2009151730A3 (en) Authentication for distributed secure content management system
WO2007021345A3 (en) System and method for authenticating internetwork resource requests
PL1876754T3 (en) Method system and server for implementing dhcp address security allocation
JP2006134312A5 (en)
WO2008155066A3 (en) Methods and apparatuses for detecting whether user equipment resides in a trusted or a non-trusted access network
BRPI0907712A2 (en) Dynamic dns system for private networks
WO2007015253A3 (en) Two-factor authentication employing a user's ip address
WO2009058686A3 (en) Variable dns responses based on client identity
WO2004061597A3 (en) Method and system for transmitting authentication context information
WO2006115679A3 (en) Cryptographic peer discovery, authentication, and authorization for on-path signaling
US9438583B2 (en) Certificate generation method, certificate generation apparatus, information processing apparatus, and communication device
WO2009106214A3 (en) Client/server system for communicating according to the standard protocol opc ua and having single sign-on mechanisms for authenticating, and method for performing single sign-on in such a system
WO2012058643A8 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
WO2009068945A3 (en) Using gaa to derive and distribute proxy mobile node home agent keys
US20170180518A1 (en) Authentication system, method, client and recording medium using tcp sync packet
US20160345170A1 (en) Wireless network segmentation for internet connected devices using disposable and limited security keys and disposable proxies for management
WO2016192608A3 (en) Authentication method, authentication system and associated device
SE1751328A1 (en) A system and method for network entity assisted honeypot access point detection
Kivinen et al. IEEE 802.15. 4 Information Element for the IETF
WO2008062353A3 (en) Method for authenticating nomadic user domains and nodes therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05818588

Country of ref document: EP

Kind code of ref document: A2