116 results about "VLAN access control list" patented technology

A method of controlling a social network access control list (ACL) for a shared resource includes monitoring communications to and from a user. Social network data from the communications to and from the user is determined. An access level for the user is determined based on the social network data. The access control list is configured to provide the user the access level determined for accessing the shared resource.

A method of minimizing an amount of memory area required to store a plurality of rules associated with one or more access control lists (ACLs) includes selectively combining the plurality of rules into one or more groups depending upon similarities between the entries within each field and storing the groups in a database including a content addressable memory (CAM) device and a random access memory (RAM) device.

This invention addresses to execute an emergency access interception in a widely distributed environment.

An access controller 100 manages an access control list (ACL) 110 recording access right to each object, and a black list (BL) 120 recording user information corresponding to the emergency access interception. The access controller 100 receives a request for authentication to access right and judges whether or not the access right is proper, first according to the BL 120 then ACL110. In case where the user information corresponding to the request is recorded in the BL 120, the access controller 100 sends out the user information to other access controllers and instructs them to register it in the black list. This invention effectively actualizes the emergency access interception under the widely distributed environment in case where the interception is required for any user.

Various exemplary embodiments relate to a system for storing encrypted data and providing access to a group of users. The system may include: a record of user accounts including: a user identifier and a public encryption key; an access control list (ACL) defining an access control policy including: permissions defining access to data objects associated with the ACL and an ACL key list including copies of a an ACL key encrypted with the public keys of the users; a user-data storage medium including: encrypted user data, stored as a plurality of data objects, each object associated with an ACL and encrypted with the ACL key, and meta-data; and an access controller configured to: receive a request for a data object, and send a copy of the data object and the ACL key encrypted with the public key of the user if the user has permission to access the data object.

A method and system for implementing Access Control Lists (ACLs) using a Balanced Hash Table of ACL Binary Comparison Trees (ABCTs), where the Balanced Hash Table of ABCTs encodes the replaced ACL. In one embodiment, the method includes but is not limited to receiving at least one packet, and disposing of the received at least one packet in response to a walk of a Balanced Hash Table of ABCTs, where the Balanced Hash Table of ABCTs encodes an Access Control List. In another embodiment, the method further includes converting the Access Control List to the Balanced Hash Table of ABCTs, the Balanced Hash Table of ABCTs encoding the Access Control List. In one embodiment, the system receives at least one packet, and disposing disposes of the received at least one packet in response to a walk of a Balanced Hash Table of ABCTs, where the Balanced Hash Table of ABCTs encodes an Access Control List. In another embodiment, the system further includes converts the Access Control List to the Balanced Hash Table of ABCTs, where the Balanced Hash Table of ABCTs encodes the Access Control List.

The present invention discloses a becoming effective method for the access control list (ACL) rule. A special storage partition for the corresponding access control list (ACL) rule is arranged in the down sending module and the objective storage module. The method comprises the following part: The additional ACL rule is store in the storage partition of the down sending module according to the corresponding ACL rule. When a sorting is needed the down sending module will sort the additional ACL rule in the storage partition and execute the down sent according to the corresponding storage partition in the objective storage module. Otherwise the down sending module executes the down sent according to the corresponding storage partition in the objective storage module. The present invention also discloses a becoming effective device of the ACL rule which comprises the down sending module and the objective storage module.The present invention can reduce the time of moving and deleting the ACL rule when the ACL rule is sent, which can realize the ACL rule becoming effective in a millisecond.

A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.

A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.

A method and apparatus for enabling multiple application programs to control a system's physical resources by way of multiple resource proxies, while still enabling exclusive control of the physical resource by one application program. Control tokens are used to limit control to one proxy. The proxy having the control token is tracked in an access control list. Java API methods that can alter the state of a physical resource are marked with an access control attribute during grinding. A resource management module intercepts API methods attempting to obtain control of the physical resource. If a proxy controlled by the application program invoking the intercepted method has control the method is allowed to use the proxy to control the physical resource.

The present invention provides a network equipment and its access control methods. Said network equipment comprises an address resolution protocol (ARP) data frame filter module which is used for searching for access control list on the basis of identification information in the address resolution protocol data frames received by the network equipment, and filtrating the address resolution protocol data frames according to the corresponding states of the identification information in the access control list. Said network equipment comprises further an address resolution protocol (ARP) data frame inspection module which is used for inspecting the validity and correctness of the address resolution protocol data frames before the address resolution protocol data frame filter module filtrates the address resolution protocol data frames; and an address resolution protocol (ARP) data frame treatment module which is used for dealing with the address resolution protocol data frames permited by the address resolution protocol (ARP) data frame filter module. The present invention is capable of preventing an illegal equipment attacking viciously network equipments through address resolution protocol data frames, with improved security and reliability.

A network node, such as an Ethernet switch, is configured to monitor packet traffic using regular expressions corresponding to Access Control List (ACL) rules. In one embodiment, the regular expressions are expressed in the form of a state machine. In one embodiment, as packets are passed through the network node, an access control module accesses the packets and traverses the state machine according to certain qualification content of the packets in order to determine if respective packets should be permitted to pass through the network switch.

The invention discloses a control list conversing and accessing method of network address, which comprises the following steps: A. judging whether network address is conversed into network address conversion information through the user data pack; executing the step C if the judging result is to converse; executing the step B if the result is not to converse; B. generating the user data pack to converse the network address into the network address conversion information; recording the journal; C. conversing the network address of the user data pack according to the network address conversion information corresponding to the user data pack. The invention is convenient for user to access the historical information, on-line and off-line time, which is accurate to judge the attack source and attack time when the network is attached and off-line.

An embodiment of the invention discloses an ACL (access control list) authority control method and device. A user can set ACL authorities of a file and a directory by a Linux client, the set ACL authorities serve as extended attributes of the file and the directory and are stored in a metadata server, and the ACL authorities can include a read authority, a write authority, an execution authority,a deletion authority and a visual authority. A Windows client acquires the corresponding ACL authorities from the metadata server by calling a file system API (application program interface), and theACL authorities are verified and inherited. Based on the read authority, the write authority and the execution authority, the deletion authority and the visual authority are added. Compared with traditional ACL authority control, more advanced user access authority types are provided, diversified demands of enterprise users for data access authorities can be met, and users can control file readingand writing and authority granting capacity.

The embodiment of the invention discloses a method for verifying an intra-domain Internet protocol (IP) source address. The method comprises the following steps of: establishing a prefix of the source address, a prefix of a destination address and a mapping relation table which is called filter database (FTDB) in the invention of an inbound interface by a central controller; converting the mapping relational table which is called filter database (FTDB) in the invention into an access list and configuring the access list in an access control list (ACL) of a node; and filtering a false source address message passing through the node through the ACL by the node. In the scheme provided by the invention, the message is checked and verified by recording the source address, the destination address and an inlet port, so that the problem of the verification of the intra-domain IP source address under the conventional Ipv6 or Ipv4 protocol is solved.

The invention provides a method and a device for issuing ACL (access control list) items. The method includes determining target positions of slice where ACL items to be issued; identifying the target positions which are not idled, and looking for idle item positions nearest the target positions in the slice; transferring in a manner of copying action policy items corresponding to the ACL items from an action policy list, then copying the ACL items and deleting original policy items and original ACL items; sequentially transferring the ACL items and the correspondingly policy items one by one from the ACL item nearest the idle item position to the nearest positions of the idle item positions in the above transferring manner until the target positions are idled; and issuing the ACL items to be issued to the target positions.