Patent · US Active

Role aware network security enforcement

US7814311B2 · kind B2 · utility

8Cited by

3References

27Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Sean Convery · Mountain View, US
David R. Oran · Acton, US
James Paul Rivers · Saratoga, US
John M. Schnizlein · San Jose, US
Ralph Droms · Boxborough, US
Mark Stapp · Belmont, US

Key dates

Filing date	Mar 10, 2006
Grant date	Oct 12, 2010
Priority date	—
Expiry date	Jan 25, 2027

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0236
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.