Application-specific network access management system
First Claim
1. A method, to manage network security and accessibility to external internet services and applications, comprising the steps of i. requesting from a remote server a downloadable network discovery surveyor, ii. requesting from a remote server downloadable code fragments and port numbers according to the results of the operation of the network discovery surveyor, iii. assembling a unique selection application for the owner/responsible parent of the network to choose to enable or disable access from his network to external internet applications, iv. compiling microcode according to the selection by the owner/responsible parent to control the hardware of the network equipment to reflect the configuration choices by means of port numbers, and v. configuring the network by programming the network hardware to enable or disable port numbers.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of network management, enabling a user to control access by configuring network equipment, comprising discovering and selecting from a matrix of users and applications.
37 Citations
7 Claims
-
1. A method, to manage network security and accessibility to external internet services and applications, comprising the steps of
i. requesting from a remote server a downloadable network discovery surveyor, ii. requesting from a remote server downloadable code fragments and port numbers according to the results of the operation of the network discovery surveyor, iii. assembling a unique selection application for the owner/responsible parent of the network to choose to enable or disable access from his network to external internet applications, iv. compiling microcode according to the selection by the owner/responsible parent to control the hardware of the network equipment to reflect the configuration choices by means of port numbers, and v. configuring the network by programming the network hardware to enable or disable port numbers.
-
2. The network discovery surveyor of claim one, comprising a process of identifying all participating nodes on a local area network in terms other than their ip or mac addresses such as user'"'"'s names or manufacturer names.
-
3. The selection application of claim one, comprising a process which builds a table of common applications by name as well as those encountered by the discovery surveyor on pc'"'"'s and nodes in the network and builds a selection screen for the owner/responsible parent to select enablement or schedule accessibility and converts the selection to port number or process type.
-
4. The process of compiling microcode of claim one, comprising steps of:
-
i. creating a command sequence to put the network hardware into and out of protected configuration mode, ii. assembling a table of port numbers that should be always enabled according to the owner/responsible parent'"'"'s selection of applications iii. assembling a table of port numbers that should be always disabled according to the owner/responsible parent'"'"'s selection of applications iv. assembling a list of text strings that would cause an application to be blocked according to the owner/responsible parents direction, and v. creating additional command sequences which change access to specific ports according to a schedule specified by the owner/responsible parent.
-
-
5. The process of configuring the network of claim one, comprising steps of:
-
i. disabling port numbers typically used by Internet applications according to user'"'"'s selection of enabling or disabling the applications by name, ii. emitting an explanatory message to user when traffic to a disabled port number occurs so that it is not perceived as unscheduled outage, iii. enabling specific pc or appliances to exchange information through specific port numbers to limit access to Internet applications and services, iv. blocking access to port numbers when packets contain strings specified by the owner/responsible parent, v. emitting an explanatory message to user when ports have been blocked so that it is not perceived as low quality of service, vi. comparing current timestamp with owner/responsible parent'"'"'s selection of windows of access to specific Internet applications and enabling or disabling port numbers through the router, and vii. scheduling the execution of configuration processes according to the time windows selected by the owner/responsible parent for changing accessibility to Internet applications and services.
-
-
6. A method for configuring and administrating a computer network consisting of the steps of
i. surveying the network for resources and applications, ii. downloading from a database a current matrix of port numbers and applications, iii. presenting to the owner or parent a matrix of likely internet applications for selection or deselection, and receiving selection or deselection data, iv. reading from a storage server appropriate code and compiling configuration code to configure the network, and v. programmatically changing the port authorizations of the network gateway, or router to enable or disable access to internet based applications to fulfill the selections on said matrix by time, by content, or by computer, thereby controlling access without the need for advanced network programming skill.
-
7. A computer program product on stored media consisting of machine readable and executable instructions comprising the following:
-
i. instructions to log in and obtain administrative control over a network management device and its network of local nodes, ii. instructions to obtain from an external server an updated mapping of applications to specific port numbers, and iii. instructions to select from a matrix of user nodes and applications and further compile instructions corresponding to those applications which control access over specific port numbers at particular times or on particular members of the network.
-
Specification