Personal firewall with location dependent functionality

US 20030097590A1
Filed: 11/19/2001
Published: 05/22/2003
Est. Priority Date: 11/19/2001
Status: Active Grant

First Claim

Patent Images

1. A method of controlling a personal firewall in a client computer, said method comprising providing said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks, monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, and automatically selecting one of said sets of security rules by said personal firewall according to said current location of said client computer.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer device is provided with a local security mechanism, a personal firewall, for protecting the computer device from attacks from a foreign network, in addition to or instead of a firewall in the internal network which protects the computer when connected to a home network. The personal firewall is provided with different sets of security rules for the home network and foreign networks. The personal firewall is arranged to detect its current location, i.e. determine to which network it is connected to at each particular moment. The personal firewall activates one of the given sets of security rules according to the detected current location of the computer device, i.e. the personal firewall automatically uses the security rules predefined for the network to which the computer device is connected at each particular moment. Upon detecting a change in the location, the personal firewall immediately adapts to use security rules predefined for the new location.

157 Citations

20 Claims

1. A method of controlling a personal firewall in a client computer, said method comprising providing said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks, monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, and automatically selecting one of said sets of security rules by said personal firewall according to said current location of said client computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, wherein said step of providing comprises providing said client computer with said set of security rules in form of at least two rule bases, said step of selecting comprises enabling one of said rule bases at a time according to the current location of said client computer.
  - 3. A method according to claim 1, wherein said step of providing comprises providing said client computer with said set of security rules in form of one rule base, and said step of selecting comprises enabling and disabling rules in said one rule base in different combinations according to the current location of said client computer.
  - 4. A method according to claim 1, wherein said step of monitoring comprises storing in said client computer an IP address space of said home network, comparing the current IP address of said client computer with said IP address space, and if the current IP address of said client computer matches said IP address space, determining said personal firewall to be located in said home network.
  - 5. A method according to any one of claims 1, 2 or 3, wherein said step of monitoring comprises storing in said client computer a list of IP addresses of said home network, comparing the current IP address of said client computer with said list of IP addresses, and if the current IP address of said client computer matches one of said addresses on said list, determining said client computer to be located in said home network.
  - 6. A method according to any one of claims 1, 2 or 3, comprising verifying the current location determined on the basis of the current IP address of said client computer by carrying out a location verification procedure with a predetermined network element.
  - 7. A method according to claim 6, wherein said step of verifying comprises checking availability of said predetermined network element related to the current IP address, said predetermined network element responding only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, verifying the current location determined based on said current IP address, if said predetermined network element responses with a specific identity data.
  - 8. A method according to claim 7, wherein said specific identity data is a Media Access Control (MAC) address of said predetermined network element.

9. A method of managing a personal firewall in a client computer, comprising storing in said personal firewall at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks, storing updated sets of security rules, if any, in a centralized unit in said home network of said client computer, configuring said personal firewall to periodically query the availability of said updated sets of security rules from said centralized rule base server when being located in said home network, or when having a remote access to said home network while being located in a foreign network, and loading said updated sets of security rules from said centralized rule base server to said personal firewall in response to said query, if such updated sets of security rules are available.
- View Dependent Claims (10, 11)
- - 10. A method according to claim 9, comprising monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, and automatically activating said periodical query, when the current location of said client computer is in said home network.
  - 11. A method according to claim 9, comprising monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, sending log files to a centralized log server from said personal firewall, when the current location of said client computer is in said home network, said log files containing information on communication transactions in said client computer, collecting log files locally at said personal firewall, when the current location of said client computer is not in said home network, and transferring said locally collected log files from said personal firewall to said centralized log server, when said client computer is connected to said home network.

12. A computer terminal, comprising a personal firewall provided with at least one set of security rules to be used when said computer terminal is connected to a home network of said computer terminal, and at least one set of security rules to be used when said computer terminal is connected to foreign networks, said personal firewall having a mechanism monitoring the current location of said computer terminal based on an Internet Protocol (IP) address currently used by said computer terminal, and said personal firewall having a mechanism automatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer terminal.
- View Dependent Claims (13)
- - 13. A computer terminal according to claim 12, further comprising a mechanism verifying the current location determined on the basis of the current IP address of said computer terminal by carrying out a location verification procedure with a predetermined network element.

14. A computer-readable medium, containing a computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprising storing at least one set of security rules to be used when said computer device is connected to a home network of said computer device, and at least one set of security rules to be used when said computer device is connected to foreign networks, monitoring the current location of said computer device based on an Internet Protocol (IP) address currently used by said computer device, and automatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer device.
- View Dependent Claims (15)
- - 15. A computer-readable medium according to claim 14, said personal firewall routine further comprising verifying the current location determined on the basis of the current IP address of said client computer by carrying out a location verification procedure with a predetermined network element

16. A computer device, comprising a personal firewall routine configured to store security rules for a home network of said computer device, and for foreign networks, periodically query the availability of updated security rules from a centralized rule base server in said home network of said computer device when said computer device is located in said home network, and download said updated security rules from said centralized rule base server, if such updated security rules are available in said centralized rule base server.
- View Dependent Claims (17)
- - 17. A computer device according to claim 16, said personal firewall routine being further configured to activate said periodical query also when said computer device has a remote access to said home network while being located in a foreign network.

18. A computer device, comprising a personal firewall routine configured to send log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device, collect log files locally in said computer device, when the current location of said client device is not in said home network, transfer said locally collected log files to said centralized log server, when said computer device is reconnected to said home network.

19. A computer-readable medium, containing computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprising storing security rules for a home network of said computer device, and for foreign networks, periodically querying the availability of updated security rules from a centralized rule base server in said home network of said computer device when said computer device is located in said home network, and downloading said updated security rules from said centralized rule base server, if such updated security rules are available in said centralized rule base server.

20. A computer-readable medium, containing computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprising sending log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device, collecting log files locally in said computer device, when the current location of said client device is not in said home network, transferring said locally collected log files to said centralized log server, when said computer device is reconnected to said home network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Stonesoft Corporation
Inventors
Syvanne, Tuomo

Granted Patent

US 7,325,248 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/107   wherein the security polici...

Personal firewall with location dependent functionality

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Personal firewall with location dependent functionality

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links