Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present disclosure greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.

Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present disclosure greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present invention greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.