Processing

Please wait...

Settings

Settings

Goto Application

1. WO2007098052 - PEER BASED NETWORK ACCESS CONTROL

Publication Number WO/2007/098052
Publication Date 30.08.2007
International Application No. PCT/US2007/004192
International Filing Date 15.02.2007
IPC
G06F 15/16 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
15Digital computers in general; Data processing equipment in general
16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
CPC
H04L 29/12028
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
12characterised by the data terminal
12009Arrangements for addressing and naming in data networks
12018Mapping of addresses of different types; address resolution
12028across network layers, e.g. resolution of network layer into physical layer addresses, Address Resolution Protocol [ARP]
H04L 61/103
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
61Network arrangements or network protocols for addressing or naming
10Mapping of addresses of different types; Address resolution
103across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 63/0227
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
H04L 63/10
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
H04L 63/102
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
102Entity profiles
H04L 63/1433
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1433Vulnerability analysis
Applicants
  • INFOEXPRESS, INC. [US]/[US] (AllExceptUS)
  • LUM, Stacey, C. [US]/[US] (UsOnly)
Inventors
  • LUM, Stacey, C.
Agents
  • COLBY, Steven
Priority Data
11/356,55516.02.2006US
11/433,72311.05.2006US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) PEER BASED NETWORK ACCESS CONTROL
(FR) CONTRÔLE D'ACCÈS RÉSEAU DE TYPE PAIR
Abstract
(EN)
Systems and methods of securing a computing network are described. Communication from unauthorized devices is prevented by defining one or more dynamic policy enforcement points (DPEPs) on a network segment and specifying one of these DPEPs as an active policy enforcement point (APEP). The APEP prevents communication from unauthorized devices by spoofing an ARP response. If an APEP becomes unavailable, another of the one or more DPEPs is automatically selected as a new APEP. Members of the one or more DPEPs may be non-dedicated devices configured as DPEPs by the addition of security software. The number of DPEPs and APEPs can automatically scale with the number of devices on the computing network.
(FR)
L'invention concerne des systèmes et méthodes de sécurisation d'un réseau informatique. La communication à partir de dispositifs non autorisés est empêchée en définissant un ou plusieurs points dynamiques d'application de politique (DPEP) dans un segment de réseau et en spécifiant l'un de ces DPEP en tant que point actif d'application de politique (APEP). L'APEP empêche la communication à partir de dispositifs non autorisés en contrefaisant une réponse ARP. Si un APEP devient indisponible, un autre DPEP est automatiquement sélectionné en tant que nouvel APEP. Des éléments d'un ou de plusieurs DPEP peuvent être des dispositifs non dédiés configurés en tant que DPEP par ajout d'un logiciel de sécurité. Le nombre de DPEP et d'APEP peut s'adapter automatiquement au nombre de dispositifs du réseau informatique.
Also published as
Latest bibliographic data on file with the International Bureau