Processing

Please wait...

Settings

Settings

Goto Application

1. WO2005062233 - COMPUTER SECURITY SYSTEM

Publication Number WO/2005/062233
Publication Date 07.07.2005
International Application No. PCT/US2004/041958
International Filing Date 15.12.2004
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 29/12 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
12characterised by the data terminal
CPC
H04L 29/12009
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
12characterised by the data terminal
12009Arrangements for addressing and naming in data networks
H04L 29/12367
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
12characterised by the data terminal
12009Arrangements for addressing and naming in data networks
1233Mapping of addresses of the same type; Address translation
12339Internet Protocol [IP] address translation
12349Translating between special types of IP addresses
12367between local and global IP addresses
H04L 61/2514
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
61Network arrangements or network protocols for addressing or naming
25mapping of addresses of the same type; address translation
2503Internet protocol [IP] address translation
2507translating between special types of IP addresses
2514between local and global IP addresses
H04L 63/0236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
H04L 63/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
H04L 63/10
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
Applicants
  • APPLIED IDENTITY [US]/[US] (AllExceptUS)
  • POLLUTRO, Dennis, Vance [US]/[US] (UsOnly)
  • ALMQUIST, Andrew, A. [US]/[US] (UsOnly)
Inventors
  • POLLUTRO, Dennis, Vance
  • ALMQUIST, Andrew, A.
Agents
  • COHEN, Joshua, L.
Priority Data
60/530,01316.12.2003US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) COMPUTER SECURITY SYSTEM
(FR) SYSTEME DE SECURITE INFORMATIQUE
Abstract
(EN)
A method of providing an authenticated user with access to a computer system (200, 210 and 220) and restricting an unauthenticated user from access to the computer system (200, 210 and 220) is provided. The method includes mapping a plurality of internal IP addresses and port numbers associated with the computer system (200, 210 and 220) to a respective plurality of external IP addresses and port numbers. The method also includes determining whether a user is authenticated for access to external IP addresses and port numbers. The method also includes providing at least one of the external IP addresses and port numbers to an authenticated user of the computer system (200, 210 and 220) in response to a request from the authenticated user such that the authenticated user may access at least one resource of the computer System (200, 210 and 220). The method also includes restricting access to the external IP addresses and port numbers from a non-authenticated user of the computer System (200, 210 and 220).
(FR)
La présente invention se rapporte à un procédé permettant à un utilisateur authentifié d'accéder à un système informatique (200, 210 et 220), et interdisant à un utilisateur non authentifié d'accéder audit système informatique (200, 210 et 220). Le procédé selon l'invention consiste : à mettre une pluralité d'adresses IP et de numéros de ports internes associés au système informatique (200, 210 et 220) en correspondance avec une pluralité respective d'adresses IP et de numéros de ports externes ; à déterminer si un utilisateur est authentifié comme ayant accès aux adresses IP et numéros de ports externes ; à fournir au moins l'un des adresses IP et numéros de ports externes à un utilisateur authentifié du système informatique (200, 210 et 220), en réponse à une demande émanant de l'utilisateur authentifié et visant à lui donner accès à au moins une ressource du système informatique (200, 210 et 220) ; et à refuser l'accès aux adresses IP et numéros de ports externes émanant d'un utilisateur non authentifié du système informatique (200, 210 et 220).
Latest bibliographic data on file with the International Bureau