Firewall protocol providing additional information
First Claim
1. A method for a firewall program to control communication between an application program and a wide area network, comprising:
- receiving at least one access request definition from the application program, wherein each access request definition comprises a unique identifier of the application program, a destination address on a wide area network, a port, and a corresponding justification statement;
intercepting an access request directed from the application program to a destination address on the wide area network;
identifying one of the at least one access request definitions that matches the intercepted access request; and
prompting a user to approve or deny the intercepted access request accompanied by the justification statement from the identified access request definition.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program product that allow a firewall program to control whether an application program is granted access to a wide area network (WAN), such as the Internet. The method allows the firewall to receive an access request definition from the application program through a well-known port. A preferred request definition comprises the application unique identifier, a destination address, the port, and a corresponding justification statement. The firewall intercepts access requests sent by the application program and identifies a matching access request definition. The firewall then prompts a user to approve or deny the request, wherein the prompt is accompanied by the justification statement from the identified access request definition. Accordingly, the user is better able to make an informed decision whether or not to grant the access request.
76 Citations
30 Claims
-
1. A method for a firewall program to control communication between an application program and a wide area network, comprising:
-
receiving at least one access request definition from the application program, wherein each access request definition comprises a unique identifier of the application program, a destination address on a wide area network, a port, and a corresponding justification statement;
intercepting an access request directed from the application program to a destination address on the wide area network;
identifying one of the at least one access request definitions that matches the intercepted access request; and
prompting a user to approve or deny the intercepted access request accompanied by the justification statement from the identified access request definition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product acting as a firewall to control access by an application program to a wide area network, comprising:
-
receiving instructions for receiving at least one access request definition from the application program, wherein each access request definition comprises a unique identification of the application program, a destination address on a wide area network, a port, and a corresponding justification statement;
intercepting instructions for intercepting an access request directed from the application program to a destination address on the wide area network;
identifying instructions for identifying one of the at least one access request definitions that matches the intercepted access request; and
prompting instructions for prompting a user to approve or deny the intercepted access request accompanied by the justification statement from the identified access request definition. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification