Method and system for sharing labeled information between different security realms

Invention Grant

US08607302B2 Method and system for sharing labeled information between different security realms 有权

Title translation: 在不同安全领域之间共享标签信息的方法和系统

Please log in to see more content

Patent Title: Method and system for sharing labeled information between different security realms
Patent Title (中): 在不同安全领域之间共享标签信息的方法和系统
Application No.: US11564774

Application Date: 2006-11-29
Publication No.: US08607302B2

Publication Date: 2013-12-10
Inventor: James Morris
Applicant: James Morris
Applicant Address: US NC Raleigh
Assignee: Red Hat, Inc.
Current Assignee: Red Hat, Inc.
Current Assignee Address: US NC Raleigh
Agency: Lowenstein Sandler LLP
Main IPC: G06F21/00
IPC: G06F21/00

Method and system for sharing labeled information between different security realms

Abstract:

Embodiments of the present invention extend protection of network traffic between different security realms based on security labeling. In particular, embodiments of the present invention label provide for implicit labeling of traffic shared between different security realms. The traffic may be shared using IPsec protocols. A gateway inspects the IPsec traffic and identifies security associations (SAs) of the IPsec traffic. The gateway then determines a security label of the SA. Various access control policies may then be applied to the traffic based on its security label.

Abstract(Chinese):

本发明的实施例基于安全标签来扩展不同安全领域之间的网络流量保护。特别地，本发明标签的实施例提供了在不同安全领域之间共享的业务的隐式标签。可以使用IPsec协议共享流量。网关检查IPsec流量，并识别IPsec流量的安全关联（SA）。然后，网关确定SA的安全标签。然后可以基于其安全标签将各种访问控制策略应用于流量。

Public/Granted literature

US20080127297A1 METHOD AND SYSTEM FOR SHARING LABELED INFORMATION BETWEEN DIFFERENT SECURITY REALMS Public/Granted day:2008-05-29

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F21/00	防止未授权行为的保护计算机、其部件、程序或数据的安全装置