Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications

US 20020078377A1
Filed: 12/15/2000
Published: 06/20/2002
Est. Priority Date: 12/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method for managing a distributed port firewall system, the method comprising:

configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval;

deploying and starting a source endpoint firewall client;

deploying and starting a target endpoint firewall client on the specified user'"'"'s endpoint;

responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning requested port to the specified user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, apparatus, and computer program product are presented for a distributed port firewall system. The distributed port firewall system provides mapping of port usage to application needs, application action object (AAO) used to identify the use of ports. Application action object may be opened based on endpoint and user. Port firewall “properties” are added in order to configure firewall which are only configurable by certain trusted users or applications. Different policies applied to usage and the opening of ports based on both a collection of endpoints, managed regions, or on a per endpoint basis. Beyond just allowing an application to open a port, the allowed packet types are also configured to work in conjunction with a distributed packet snooper session.

92 Citations

View as Search Results

15 Claims

1. A method for managing a distributed port firewall system, the method comprising:
- configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval;
  
  deploying and starting a source endpoint firewall client;
  
  deploying and starting a target endpoint firewall client on the specified user'"'"'s endpoint;
  
  responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning requested port to the specified user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, further comprising:
    - monitoring data packets flowing through the source endpoint originating from the target endpoint.
  - 3. The method as recited in claim 1, further comprising:
    - monitoring data packets flowing through the source endpoint destined from the target endpoint.
  - 4. The method as recited in claim 2, wherein the data packets are specified types of data packets.
  - 5. The method as recited in claim 3, wherein the data packets are specified types of data packets.

6. A computer program product in a computer readable media for use in a data processing system for managing a distributed port firewall system, the computer program product comprising:
- first instructions for configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval;
  
  second instructions for deploying and starting a source endpoint firewall client;
  
  third instructions for deploying and starting a target endpoint firewall client on the specified user'"'"'s endpoint;
  
  fourth instructions for responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning requested port to the specified user.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product as recited in claim 6, further comprising:
    - fifth instructions for monitoring data packets flowing through the source endpoint originating from the target endpoint.
  - 8. The computer program product as recited in claim 6, further comprising:
    - fifth instructions for monitoring data packets flowing through the source endpoint destined from the target endpoint.
  - 9. The computer program product as recited in claim 7, wherein the data packets are specified types of data packets.
  - 10. The computer program product as recited in claim 8, wherein the data packets are specified types of data packets.

11. A system for managing a distributed port firewall system, the system comprising:
- first means for configuring a port for access by a specified user during a specified time interval and denying access to all other users during the specified time interval;
  
  second means for deploying and starting a source endpoint firewall client;
  
  third means for deploying and starting a target endpoint firewall client on the specified user'"'"'s endpoint;
  
  fourth means for responsive to a request by the specified user for access to the port and responsive to a determination that the requested port is assigned to the user for use at the time requested, returning requested port to the specified user.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system as recited in claim 11, further comprising:
    - fifth means for monitoring data packets flowing through the source endpoint originating from the target endpoint.
  - 13. The system as recited in claim 11, further comprising:
    - fifth means for monitoring data packets flowing through the source endpoint destined from the target endpoint.
  - 14. The system as recited in claim 12, wherein the data packets are specified types of data packets.
  - 15. The system as recited in claim 13, wherein the data packets are specified types of data packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Chang, Ching-Jye, Ullmann, Lorin Evan

Granted Patent

US 7,296,292 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0218 Distributed architectures, ...

H04L 63/0236 Filtering by address, proto...

Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links