Processing

Please wait...

Settings

Settings

Goto Application

1. WO2002003178 - METHOD AND APPARATUS FOR NETWORK ASSESSMENT AND AUTHENTICATION

Publication Number WO/2002/003178
Publication Date 10.01.2002
International Application No. PCT/US2001/017275
International Filing Date 29.05.2001
Chapter 2 Demand Filed 11.01.2002
IPC
G06F 21/00 2006.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
H04L 29/06 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/31
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
G06F 21/577
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
577Assessing vulnerabilities and evaluating computer system security
G06F 2211/009
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2211Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
009Trust
G06F 2221/2113
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2113Multi-level security, e.g. mandatory access control
H04L 63/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
H04L 63/102
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
102Entity profiles
Applicants
  • INTERNET SECURITY SYSTEMS, INC. [US]/[US]
Inventors
  • IDE, Curtis E.
  • BRASS, Philip C.
  • DOTY, Theodore R.
Agents
  • PETTY, W. Scott
Priority Data
09/607,37530.06.2000US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND APPARATUS FOR NETWORK ASSESSMENT AND AUTHENTICATION
(FR) PROCEDE ET APPAREIL D'EVALUATION ET D'AUTHENTIFICATION DE RESEAU
Abstract
(EN) Providing a user with assurance that a networked computer is secure, typically before completion of the log-in operation. This can be accomplished by extending the local log-in process to perform a host assessment of the workstation prior to requesting the user's credentials. If the assessment finds a vulnerability, the log-in process can inform the user that the machine is or may be compromised, or repair the vulnerability, prior to completion of the log in operation. By performing vulnerability assessment at the level of the workstation, a network server is able to determine whether the workstation is a 'trusted' platform from which to accept authentication requests. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can elect to fail the authentication on the grounds that the workstation cannot be trusted. Optionally, a vulnerability assessment tool may be able to repair the vulnerability of the workstation, and then allow the authentication to proceed.
(FR) L'invention concerne l'assurance à donner à l'utilisateur qu'un ordinateur en réseau est sécurisé, d'ordinaire avant l'ouverture d'une session, ce que l'on peut réaliser en étendant le processus local de cette ouverture de façon à effectuer une évaluation d'hôte du poste de travail avant de demander les références de l'utilisateur. Si l'évaluation révèle une vulnérabilité, le processus d'ouverture de session peut informer l'utilisateur que l'intégrité de la machine est, ou peut être, compromise, ou réparer ladite vulnérabilité, avant l'exécution de l'ouverture de la session. En procédant à l'évaluation de la vulnérabilité au niveau du poste de travail, un serveur de réseau peut déterminer si ledit poste de travail constitue une plate-forme 'fiable' qui permet d'accepter des demandes d'authentification. Si l'évaluation de la vulnérabilité révèle que l'intégrité du poste de travail est compromise, ou si la probabilité de compromission à distance est élevée, le serveur de réseau peut décider de faire échec à l'authentification compte tenu du fait que le poste de travail ne peut être fiable. Eventuellement, la vulnérabilité du poste de travail peut être réparée à l'aide d'un outil d'évaluation de la vulnérabilité, ce qui permet de poursuivre l'authentification.
Latest bibliographic data on file with the International Bureau