Abstract: The method for roaming in a network environment utilizes a token created by a first bridge device. The token comprises an identity of a context associated with the mobile device. The first bridge device creates the token and securely provides it to the mobile device. When the mobile device roams to a second bridge device in the network, the token is securely provided to the second bridge device. The second bridge device uses the token to establish to the first bridge device that it is a genuine agent of the mobile device. Once the first bridge authenticates the second bridge device's authority, it securely sends the context associated with the mobile device to the second bridge device. The second bridge device uses the context to properly connect the mobile device to the network. In this manner, secure roaming within a bridged network is provided.

Abstract: The method for roaming in a network environment utilizes a token created by a first bridge device. The token comprises an identity of a context associated with the mobile device. The first bridge device creates the token and securely provides it to the mobile device. When the mobile device roams to a second bridge device in the network, the token is securely provided to the second bridge device. The second bridge device uses the token to establish to the first bridge device that it is a genuine agent of the mobile device. Once the first bridge authenticates the second bridge device's authority, it securely sends the context associated with the mobile device to the second bridge device. The second bridge device uses the context to properly connect the mobile device to the network. In this manner, secure roaming within a bridged network is provided.

Abstract: The present invention provides a method for performing local due diligence for accepting certificates. The method creates override certificates which add or modify at least one attribute of a certificate issued by a third party for a remote user, based upon due diligence performed locally. In this manner, finer control than accepting or rejecting a certificate is provided to a local user. The local user can also accept certificates absent a trusted third party. The method thus adds flexibility in the acceptance of certificates in a network.

Abstract: A method and system for structuring an object in security policies of a computer system includes: receiving a request to access a virtual volume with a virtual name; mapping the virtual name to the real object; and providing the real object. The method and system uses virtual objects which map to real objects in a computer system. The access control mediator grants or denies access to a virtual object using a discretionary or a mandatory policy. A virtual name is mapped to a real object. This mapping is transparent to the subject. In this manner, security policies can be enforced over objects stored in file systems without regard to the policies of the file systems. The system can also be used as a gateway to remote file systems built on top of existing file systems. These advantages provide more flexibility in controlling a subject's access to real objects.

Abstract: The method for configuring encryption strengths for data includes: providing a piece of the data with a sensitivity level; authenticating a remote user with a clearance level for accessing the data; selecting an encryption strength for the piece of the data based on the clearance level of the remote user, if the clearance level of the remote user allows access to the piece of the data with the sensitivity level; encrypting the piece of the data; and providing access to the encrypted piece of the data to the remote user. Remote users have varying levels of clearance to access data. Data is assigned varying sensitivity levels. Each clearance level allows the remote user to access data at that sensitivity level or below. The strength of the data encryption is based upon the remote user's clearance level or a requested session sensitivity level. Access control to data is thus more flexible.