Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

US 20060010491A1
Filed: 07/05/2005
Published: 01/12/2006
Est. Priority Date: 07/09/2004
Status: Active Grant

First Claim

Patent Images

1. Firewall system making it possible to secure a community of interconnectable appliances sharing a set of at least one common global security rule, each appliance of the community possessing means for storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, a plurality of appliances of the community comprising a filter of messages destined for and originating from the network to which it is connected, the system comprising no centralized means, it possesses on each appliance of the community local means of calculating the rules used by the filter as a function of the local security policy.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to the protection by firewall of a domestic community of interconnectable appliances. The invention allows distributed and totally decentralized management of the firewall policy, implemented at the level of each appliance, which is consistent and adapts dynamically to the changes occurring within the domestic network. We shall speak of ubiquitous firewalls.

68 Citations

View as Search Results

16 Claims

1. Firewall system making it possible to secure a community of interconnectable appliances sharing a set of at least one common global security rule, each appliance of the community possessing means for storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, a plurality of appliances of the community comprising a filter of messages destined for and originating from the network to which it is connected, the system comprising no centralized means, it possesses on each appliance of the community local means of calculating the rules used by the filter as a function of the local security policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. System according to claim 1 which possesses on each appliance of the community means for updating the local security policy and of triggering a new calculation of the rules used by the filter.
  - 3. System according to claim 2 possessing means of triggering a new calculation of the rules used by the filter in reaction to changes occurring on the network.
  - 4. System according to claim 3 where the changes taken into account for triggering a new calculation of the rules used by the filter are at least one among the following:
    - the change of network address of an appliance of the community, the addition, the removal or the banishing of an appliance of the community and the change of status of a service hosted on an appliance of the community.
  - 5. System according to claim 3 where the changes taken into account to trigger a new calculation of the firewall rules used by the filter are at least one among the following:
    - the change of network address of an appliance of the community, the addition, the removal or the banishing of an appliance of the community and the change of status of a service hosted locally on the appliance.
  - 6. System according to claim 1 which possesses on each appliance of the community means for determining the list of the appliances outside the community possessing privileged accesses to at least one service offered by an appliance of the community, this list being integrated with the local security policy.

7. Appliance comprising means for belonging to a community of interconnectable appliances sharing a set of at least one common global security rule, possessing means of storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and of a list of services offered locally, the said appliance possessing a firewall comprising a filter of the messages destined for and originating from the network to which it is connected, further possessing local means of calculating the firewall rules used by the filter as a function of the local security policy, calling upon no centralized means.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. Appliance according to claim 7 which possesses means of updating the local security policy and of automatically triggering a new calculation of the rules used by the filter.
  - 9. Appliance according to claim 8 which possesses means of triggering a new calculation of the rules used by the filter is effected in reaction to changes occurring on the network.
  - 10. Appliance according to claim 9 where the changes taken into account for triggering a new calculation of the rules used by the filter are at least one among the following:
    - the change of network address of an appliance of the community, the addition, the removal or the banishing of an appliance of the community and the change of status of a service hosted on an appliance of the community.
  - 11. Appliance according to claim 9 where the changes taken into account to trigger a new calculation of the firewall rules used by the filter are at least one among the following:
    - the change of network address of an appliance of the community, the addition, the removal or the banishing of an appliance of the community and the change of status of a service hosted locally on the appliance.
  - 12. Appliance according to claim 7 which possesses means for determining the list of the appliances outside the community possessing privileged accesses to at least one service offered by an appliance of the community, this list being integrated with the local security policy.

13. Method of updating rules used by a firewall consisting of a filter of the messages destined for and originating from the network to which is connected the appliance implementing the method, the appliance forming part of a community of interconnectable appliances sharing a set of at least one common global security rule, the appliance possessing means of storing a local security policy consisting at least of global security rules, of a list of the members of the community as well as of their state of connection and a list of services offered locally, the said rules being calculated as a function of the local security policy, comprising at least the following steps:
- the detection of the addition, the removal and the banishing of an appliance of the community;
  
  the detection of the changes of network address of an appliance of the community;
  
  the triggering of a new calculation of the rules in response to the change of the local security policy.
- View Dependent Claims (14, 15, 16)
- - 14. Method according to claim 13 furthermore possessing a step of detecting the changes of status of the services hosted by the appliance.
  - 15. Method according to claim 13 furthermore possessing a step of detecting the changes of status of the services hosted by an appliance of the community.
  - 16. Method according to claim 14 where the triggering of a new calculation of the firewall rules is related to the detection of the addition, the removal and the banishing of an appliance of the community, to the detection of the change of IP address of an appliance of the community and of the change of status of a service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Heen, Olivier, Prigent, Nicolas, Andreaux, Jean-Pierre, Courtay, Olivier, Bidan, Christophe

Granted Patent

US 7,676,836 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 12/40104   Security; Encryption; Conte...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links