Personalized firewall
First Claim
1. A method of matching a data packet to a rule in a network gateway having a rule base, comprising determining one or more identification values on the basis of the data packet, querying and receiving property value(s) associated with said one or more identification values, comparing said property value(s) to at least one rule in the rule base, said at least one rule comprising property value(s) and an action, and taking the action defined in said at least one rule, if said property value(s) of the rule match corresponding property value(s) associated with said one or more identification values.
9 Assignments
0 Petitions
Accused Products
Abstract
A personalized firewall or other network gateway is provided by a method of matching a data packet to a rule in a network gateway having a rule base. One or more identification values are determined (302) on the basis of the data packet and property value(s) associated with said one or more identification values are queried (304) and received from a property server. The property value(s) describe for example allowed connections and services for an entity associated with the identification value(s). The property value(s) are compared (306) to at least one rule in the rule base, said at least one rule comprising property value(s) and an action, and the action defined in said at least one rule is taken (310), if said property value(s) of the rule match corresponding property value(s) associated with said one or more identification values.
70 Citations
21 Claims
-
1. A method of matching a data packet to a rule in a network gateway having a rule base, comprising
determining one or more identification values on the basis of the data packet, querying and receiving property value(s) associated with said one or more identification values, comparing said property value(s) to at least one rule in the rule base, said at least one rule comprising property value(s) and an action, and taking the action defined in said at least one rule, if said property value(s) of the rule match corresponding property value(s) associated with said one or more identification values.
-
19. A network gateway comprising memory for a rule base, and mechanism for matching a data packet to a rule of the rule base, said mechanism including
mechanism for determining one or more identification values on the basis of the data packet, mechanisms for querying and receiving property value(s) associated with said one or more identification values, mechanism for comparing said property value(s) to at least one rule in the rule base, said at least one rule comprising property value(s) and an action, and mechanism for taking the action defined in said at least one rule, if said property value(s) of the rule match corresponding property value(s) associated with said one or more identification values.
-
20. A property server, comprising
memory for storing property value(s) in association with one or more identification values, mechanism for receiving from a network gateway a query for property value(s) associated with certain one or more identification values, mechanism for sending to the network gateway the property value(s) associated with certain one or more identification values as a response to the query, to be used in the network gateway for matching a data packet to a rule, said one or more identification values having been determined on the basis of the data packet, mechanism for receiving from the network gateway a request to send a notification, if the property value(s) associated to certain identification values are updated in the property server, and mechanism for sending said notification to the network gateway, as a response to receiving updated property value(s) associated to said certain identification values, said notification comprising the updated property value(s) and the associated identification values.
-
21. A computer-readable medium, containing a computer software which, when executed in a computer device having a rule base, causes the computer device to provide a routine of matching a data packet to a rule of the rule base, said routine comprising
determining one or more identification values on the basis of the data packet, querying and receiving property value(s) associated with said one or more identification values, comparing said property value(s) to at least one rule in the rule base, said at least one rule comprising property value(s) and an action, and taking the action defined in said at least one rule, if said property value(s) of the rule match corresponding property value(s) associated with said one or more identification values.
Specification