[go: up one dir, main page]

WO2005062233A3 - Computer security system - Google Patents

Computer security system Download PDF

Info

Publication number
WO2005062233A3
WO2005062233A3 PCT/US2004/041958 US2004041958W WO2005062233A3 WO 2005062233 A3 WO2005062233 A3 WO 2005062233A3 US 2004041958 W US2004041958 W US 2004041958W WO 2005062233 A3 WO2005062233 A3 WO 2005062233A3
Authority
WO
WIPO (PCT)
Prior art keywords
computer system
addresses
access
port numbers
external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2004/041958
Other languages
French (fr)
Other versions
WO2005062233A2 (en
Inventor
Dennis Vance Pollutro
Andrew A Almquist
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Applied Identity Inc
Original Assignee
Applied Identity Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Applied Identity Inc filed Critical Applied Identity Inc
Publication of WO2005062233A2 publication Critical patent/WO2005062233A2/en
Publication of WO2005062233A3 publication Critical patent/WO2005062233A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method of providing an authenticated user with access to a computer system (200, 210 and 220) and restricting an unauthenticated user from access to the computer system (200, 210 and 220) is provided. The method includes mapping a plurality of internal IP addresses and port numbers associated with the computer system (200, 210 and 220) to a respective plurality of external IP addresses and port numbers. The method also includes determining whether a user is authenticated for access to external IP addresses and port numbers. The method also includes providing at least one of the external IP addresses and port numbers to an authenticated user of the computer system (200, 210 and 220) in response to a request from the authenticated user such that the authenticated user may access at least one resource of the computer System (200, 210 and 220). The method also includes restricting access to the external IP addresses and port numbers from a non-authenticated user of the computer System (200, 210 and 220).
PCT/US2004/041958 2003-12-16 2004-12-15 Computer security system Ceased WO2005062233A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US53001303P 2003-12-16 2003-12-16
US60/530,013 2003-12-16

Publications (2)

Publication Number Publication Date
WO2005062233A2 WO2005062233A2 (en) 2005-07-07
WO2005062233A3 true WO2005062233A3 (en) 2005-08-25

Family

ID=34710152

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/041958 Ceased WO2005062233A2 (en) 2003-12-16 2004-12-15 Computer security system

Country Status (1)

Country Link
WO (1) WO2005062233A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8274979B2 (en) 2005-12-30 2012-09-25 Telecom Italia S.P.A. Method and system for secure communication between a public network and a local network

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565287B (en) * 2020-12-18 2023-05-12 深信服科技股份有限公司 Asset exposure surface determination method, device, firewall and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061798A (en) * 1996-02-06 2000-05-09 Network Engineering Software, Inc. Firewall system for protecting network elements connected to a public network
EP1035702A2 (en) * 1999-03-04 2000-09-13 Sun Microsystems, Inc. Secure communication with mobile hosts
US20030009561A1 (en) * 2001-06-14 2003-01-09 Sollee Patrick N. Providing telephony services to terminals behind a firewall and /or network address translator
US20030043740A1 (en) * 2001-06-14 2003-03-06 March Sean W. Protecting a network from unauthorized access
US20030154399A1 (en) * 2002-02-08 2003-08-14 Nir Zuk Multi-method gateway-based network security systems and methods
US20030200318A1 (en) * 2002-03-29 2003-10-23 Realtek Semiconductor Corp. Apparatus and method for NAT/NAPT session management

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061798A (en) * 1996-02-06 2000-05-09 Network Engineering Software, Inc. Firewall system for protecting network elements connected to a public network
EP1035702A2 (en) * 1999-03-04 2000-09-13 Sun Microsystems, Inc. Secure communication with mobile hosts
US20030009561A1 (en) * 2001-06-14 2003-01-09 Sollee Patrick N. Providing telephony services to terminals behind a firewall and /or network address translator
US20030043740A1 (en) * 2001-06-14 2003-03-06 March Sean W. Protecting a network from unauthorized access
US20030154399A1 (en) * 2002-02-08 2003-08-14 Nir Zuk Multi-method gateway-based network security systems and methods
US20030200318A1 (en) * 2002-03-29 2003-10-23 Realtek Semiconductor Corp. Apparatus and method for NAT/NAPT session management

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8274979B2 (en) 2005-12-30 2012-09-25 Telecom Italia S.P.A. Method and system for secure communication between a public network and a local network

Also Published As

Publication number Publication date
WO2005062233A2 (en) 2005-07-07

Similar Documents

Publication Publication Date Title
Hwang et al. Securing embedded systems
WO2004003686A3 (en) Single system user identity
MY163665A (en) Delegated administration of a hosted resource
US9553858B2 (en) Hardware-based credential distribution
US20120137375A1 (en) Security systems and methods to reduce data leaks in enterprise networks
USH2279H1 (en) Method for prevention of cross site request forgery attack
EP1361723A3 (en) Maintaining authentification states for resources accessed in a stateless environment
GB2386291B (en) Integrated procedure for partitioning network data services among multiple subscribers
US20110315763A1 (en) Dynamic Remote Peripheral Binding
WO2007115209A3 (en) Identity and access management framework
WO2000030285A8 (en) Method and apparatus for secure distribution of authentication credentials to roaming users
WO2007040730A3 (en) Methods and systems for using data processing systems in order to authenticate parties
WO2001011452A3 (en) Access management system and method employing secure credentials
EP1638034A3 (en) Method and system for controlling access privileges for trusted network nodes
WO2005079459A3 (en) Ip for switch based acl's
WO2008016567A3 (en) Method and system for access authentication
WO2003065169A3 (en) Access system utilizing multiple factor identification and authentication
US20040098604A1 (en) Access protection system for serial bus systems and method for protecting computers against an unauthorized connection of peripheral devices
JP2008520018A5 (en)
WO2005062233A3 (en) Computer security system
NO20012463L (en) Procedure and apparatus for securely distributing authentication credentials to roaming users
US7743255B2 (en) Trust model for a database management system supporting multiple authorization domains
Richer et al. Vectors of trust
EP1209551A3 (en) System and method of preventing unauthorized access to computer resources
US20170064548A1 (en) Method of and system for gaining secure access to a service

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase