Abstract: A system and method for secure group communications is provided. One embodiment provides a method for implementing a virtual private group network. The method includes creating a virtual private group definition on a policy server, establishing a plurality of secure connections between the policy server and a plurality of group nodes, sending a copy of the virtual private group definition from the policy server to the group nodes, sending a shared traffic encryption key from the policy server to each of the group nodes, and sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition.

Abstract: A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.

Abstract: A security framework for wrapping standard, commercially-available software applications in order to limit the amount of potential damage that a successful attacker or corrupt program can cause. The security framework includes a security master that coordinates installation and removal of kernel-based security modules and that provides a means for managing these modules. The security module are loadable kernel modules that include security information for enforcing application-specific or resource-specific policies. The security module are easy to install and require no modification to the existing operating system or to the software applications that they are monitoring. The security framework has a number of potential applications, including protecting a computing system from malicious software downloaded via a web browser, for wrapping web servers and firewalls in order to limit possible compromise and for replicating file operations.

Abstract: A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.

Abstract: A system and method of implementing a security policy, comprising the steps of providing a plurality of access policies, defining a process and connecting the access policies and the process to form a security policy.

Abstract: A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.

Abstract: A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.

Abstract: A secure commerce server system and method. A secure commerce server system includes a plurality of regions or burbs, including an internal burb and an external burb, a commerce server and an administration server. Processes and data objects associated with the administration server are bound to the internal burb. Processes and data objects associated with the commerce server are bound to the external burb. Processes bound to one burb cannot communicate directly to processes and data objects bound to other burbs. The administration server cannot be manipulated by a process bound to the external burb.

Abstract: A secure commerce server system and method. A secure commerce server system includes a plurality of regions or burbs, including an internal burb and an external burb, a commerce server and an administration server. Processes and data objects associated with the administration server are bound to the internal burb. Processes and data objects associated with the commerce server are bound to the external burb. Processes bound to one burb cannot communicate directly to processes and data objects bound to other burbs. The administration server cannot be manipulated by a process bound to the external burb.

Abstract: A communication security system is described which uses a server to communicate to an unprotected network, such as the Internet. The system intercepts an IP packet prior to stack incursion and replaces the destination address with that of a firewall's network interface address. Because of the modification to the IP header destination address, an IP header checksum is recalculated prior to presentation to the local stack. The system uses a shim to replace the destination address and store the original destination address. When a communication is authorized, the firewall performs a system call to retrieve the original destination address such that the data communication can be routed to the indented destination address.

Abstract: A method and system for efficiently authenticating digital certificates issued by an organization's authentication hierarchy. The system includes a verification server that manages a certificate repository and a verification cache having entries for verified digital certificates and certification revocation lists. Each cache entry includes a corresponding timestamp that indicates when the item was last authenticated. The verification server incrementally updates the verification cache using a recursive procedure to traverse the hierarchy's chain of authority signatures. The procedure performs costly verifications of digital signatures and scans of certification revocation lists only when an item's timestamp is out of date with respect to its issuer's digital certificate, certification revocation list or other security information.

Abstract: A system and method of achieving network separation within a computing system having a plurality of network interfaces. A plurality of burbs or regions is defined, wherein the plurality of burbs includes a first and a second burb and wherein each burb includes a protocol stack. Each of the plurality of network interfaces is assigned to one of the plurality of burbs and more than one network interface can be assigned to a particular burb. Processes are bound to specific burbs when they try to access that burb's protocol stack and communication between processes assigned to different burbs is restricted so that a communication between a process bound to one burb must pass through a proxy before being sent to a different burb.

Abstract: An adaptive security system having a hierarchy of security servers. The security system maintains a primary security server for each task or process executing within a computing environment. An enforcement mechanism receives resource requests from the tasks and queries the corresponding primary security server which resolves the request based on a set of security associations. If the primary security server is unable to resolve the request, the enforcement mechanism queries a parent security server. Security servers are dynamically created and terminated in response to changing organizational policies. The present invention facilitates the dynamic creation and termination of security servers to adapt to organizational policy changes.

Abstract: A firewall is used to achieve network separation within a computing system having a plurality of network interfaces. A plurality of regions is defined within the firewall and a set of policies is configured for each of the plurality of regions. The firewall restricts communication to and from each of the plurality of network interfaces in accordance with the set of policies configured for the one of the plurality of regions to which the one of the plurality of network interfaces has been assigned.

Abstract: An electronic message filtering system and method is described. A message is received as input to the filter and decomposed into a set of components. The set of components is then processed through a pattern matching algorithm to determine if the message contents contains patterns inherent in a specified pattern, such as a natural language. The results of the pattern match analysis are output by the filter.

Abstract: A system and method for filtering electronic mail messages is described. A message is received an processed through a one or more filter flows. Each filter flow is comprised of one or more self-contained nodes which can be combined in whatever order is required to enforce a given security policy. Node independence provides a policy-neutral environment for constructing filter flows. A filter flow may be as simple as forwarding the mail to the intended recipient, or may perform one or more checks where it decides whether to forward, reject, return (or some combination thereof) the message. Certain node types are also able to append information on to a mail message, while others are able to modify certain parts of a mail message. Several of the node types are able to generate audit or log messages in concert with processing a mail message.

Abstract: A proxy which is part of a firewall program controls exchanges of information between two application entities. The proxy interrogates attempts to establish a communication session by requesting entities with a server entity in lower layers in accordance with defined authentication procedures. The proxy interfaces with networking software to direct a communication stack to monitor connection requests to any address on specific ports. The requestor's address, and the server's address are checked against an access control list. If either address is invalid, the proxy closes the connection. If both are valid, a new connection is setup such that both the requestor and server are transparently connected to the proxy with variable higher levels being connected in a relay mode. Protocol data units are interrogated for conformance to a protocol session, and optionally further decoded to add additional application specific filtering. In one embodiment, an OSI architecture comprises the levels.

Abstract: A system and method for regulating the flow of messages through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising establishing a security policy, determining, at the IP layer, if a message is encrypted, if the message is not encrypted, passing the unencrypted message up the network protocol stack to an application level proxy, and if the message is encrypted, decrypting the message and passing the decrypted message up the network protocol stack to the application level proxy, wherein decrypting the message includes executing a process at the IP layer to decrypt the message.

Abstract: An external portion or burb of a host computer receives messages from external servers representative of accurate time from one or more peer computers coupled by a network. A process called a client on the external burb processes the messages and then accurately sets a host computer clock. Processes called servers running on an internal burb which may not communicate directly with peers, then access the clock to obtain a correct indication of network time without having to communicate directly with the peer computers. The time is then provided to internal clients. This allows a host computer without an expensive clock to update its clock and enable it to provide accurate time to processes running on the host.

Abstract: A system and method for regulating the flow of internetwork connections through a firewall having a network protocol stack which includes an Internet Protocol (IP) layer. A determination is made of the parameters characteristic of a connection request, including a netelement parameter characteristic of where the connection request came from. A query is generated and a determination is made whether there is a rule corresponding to that query. If there is a rule corresponding to the query, a determination is made whether authentication is required by the rule. If authentication is required by the rule, an authentication protocol is activated and the connection is activated if the authentication protocol is completed successfully.