Tunneling using encryption
US-9276920-B2 · Mar 1, 2016 · US
Distributed administration of access to information and interface for same
USRE46439E · US · E1
| Field | Value |
|---|---|
| Publication number | US-RE46439-E |
| Application number | US-51342706-A |
| Country | US |
| Kind code | E1 |
| Filing date | Aug 31, 2006 |
| Priority date | Mar 10, 1997 |
| Publication date | Jun 13, 2017 |
| Grant date | Jun 13, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.
First claim
Opening claim text (preview).
What is claimed is: 1. A graphical user interface for an An access control system that controls access by users to information resources according to an access policy that is defined using definitions of user subsets of the users made explicitly for access control, definitions of information subsets of the information resources made explicitly for access control, and explicit access policy definitions indicating which user subsets may access which information subsets, the graphical user interface system comprising: a processor; a computing device configured to display upon which is displayed a graphical user interface via a display device, the graphical user interface comprising: a list of previously-defined user subsets, a list of previously-defined information subsets, and a list of previously-defined access policies, and at least an indication of a create status of the previously-defined access policy operation policies, the indication visually indicating whether the policies are currently active; and a selection device for selecting a user subset from the list thereof, an information subset from the list thereof, and the indication at least one of the create previously-defined access policy operation policies, the access control system responding to the selection of the user subset, the information subset, and the indication of the create access at least one policy operation by defining applying the at least one policy to at least one of the previously-defined access policies to define a new access policy for the selected user subset and the selected information subset. 2. The graphical user interface access control system set forth in claim 1 further comprising: an indication of a delete access policy operation; and the selection device further selects an access policy from the list thereof and the indication of the delete access policy operation, the access control system responding to the selection of the access policy and the indication of the delete access policy operation by deleting the selected access policy from the list thereof. 3. The graphical user interface access control system set forth in claim 1 wherein each access policy specifies one of a plurality of access types and the graphical user interface further comprises: indications in the access policies on the list of their access types and an indication of a change access type operation; and the selection device further selects an access policy on the list thereof and the indication of the change access type operation, the access control system responding to the selection of the access policy and the selection of the indication of the change access type operation by changing the access type of the selected access policy as specified by the indication of the change access type operation. 4. The graphical user interface access control system set forth in any one of claims 1 through 3 wherein: a user subset may itself have user subsets and an information subset may itself have information subsets; and the list of user subsets shows the subset relationships among user subsets and the list of information subsets shows the subset relationships among the information subsets. 5. The graphical user interface access control system set forth in any one of claims 1 through 3 , the graphical user interface further comprising: an indication of an evaluate operation, the access control system responding to a selection of a user subset and a selection of the indication of the evaluate operation by the selection device by indicating the information subsets in the list thereof that the selected user subset may and/or may not access. 6. The graphical user interface access control system set forth in claim 5 wherein: the access control system further responds to the selection of the user subset and the selection of the indication of the evaluate operation by the selection device by indicating the policies in the list thereof that apply to the selected user subset. 7. The graphical user interface access control system set forth in any one of claims 1 through 3 the graphical user interface further comprising: an indication of an evaluate operation, the access control system responding to a selection of an information subset and a selection of the indication of the evaluate operation by the selection device by indicating the user subsets in the list thereof that may and/or may not access the selected information subset. 8. The graphical user interface access control system set forth in claim 7 wherein: the access control system further responds to the selection of the information subset and the selection of the indication of the evaluate operation by the selection device by indicating the policies in the list thereof that apply to the selected information subset. 9. The graphical user interface access control system set forth in any one of claims 1 through 3 , the graphical user interface further comprising: an indication of an evaluate operation, the access control system responding to a selection of an access policy from the list thereof and a selection of the indication of the evaluate operation by the selection device by indicating the user subsets and information subsets in the lists thereof to which the selected policy applies. 10. A data storage device for use having code stored thereon in a the access control system including a processor of claim 1, the data storage device being characterized in that: the data storage device contains code which, when executed in response to execution by the processor, implements causes the processor to implement the graphical user interface set forth in any one of claims 1 through 3 . 11. A graphical user interface for an An administrative access control system that permits a user who belongs to an administrative subset of users to administer a set of objects according to an administrative policy that is defined using an explicit definition of the set of objects and an explicit definition of the administrative subset, the graphical user interface system comprising: a processor; a display upon which is displayed device configured to present a graphical user interface comprising: a list which indicates the set of objects that may be administered by the user according to the administrative policy and an indication of an a status of a previously-defined administration operation, the indication visually indicating: a type of the previously-defined administration operation, and whether the policy is currently active; and a selection device for selecting an object from the list thereof and the indication of the status of the previously-defined administration operation, the administrative access control system responding to the selection of the object and the indication of the status of the previously-defined administration operation by performing the administration operation with regard to the object. 12. The graphical user interface administrative access control system set forth in claim 1 11 wherein: the display further displays a list of objects; the administration operation is an add object operation; and the selection device further selects an object from the list thereof, the administrative access control system responding to the selection of the object and the add object operation by adding the object. 13. The graphical user interface administrative access control system of either claim 1 11 or 2 12 wherein: the objects are in the alternative user subsets, information subsets of information resources, and available resources. 14. The graphical user interface administrative access c
Assignees
Inventors
Classifications
- H04L63/0218Primary
Distributed architectures, e.g. distributed firewalls · CPC title
Virtual private networks · CPC title
Access control lists [ACL] · CPC title
Rule management · CPC title
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent USRE46439E cover?
- A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated…
- Who is the assignee on this patent?
- Schneider David S, Ribet Michael B, Lipstone Laurence R, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0218. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 13 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (E1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).