Enhanced Personal Firewall for Dynamic Computing Environments
First Claim
1. An enhanced personal firewall system comprising:
- an inter-firewall connection listener configured to bind to a specified communications port, to listen for incoming, outgoing, or both incoming and outgoing firewall trust requests, and upon detection of a connection, to transfer firewall control to an inter-firewall controller; and
an inter-firewall controller configured to perform logical processes for establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of;
(a) upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall, to;
(1) initiate and transmit a handshake identification request from a local firewall to a remote firewall;
(2) responsive to receipt of a handshake response from said remote firewall, to transmit a local firewall public encryption key to said remote firewall;
(3) responsive to receiving a host firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to said remote firewall;
(4) upon receipt of a grant of trusted access from said remote firewall, to allow an application program from behind said local firewall to communicate to said remote firewall, otherwise to block said application program from communication with said remote firewall; and
(b) upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall, to;
(1) transmit a firewall identification handshake response to said remote firewall upon receipt of a handshake identification request from said remote firewall;
(2) responsive to receipt of remote firewall public encryption key, transmitting a local firewall public encryption key to said remote firewall;
(3) responsive to receiving a signed trusted computer request from said remote firewall, if said remote firewall has previously requested a trusted access by checking a local public key store, using the signature of said trusted computer request using said received remote firewall public encryption key;
(4) responsive to determining that said remote firewall has been previously authorized to establish trusted access, modifying local firewall rules to allow data communications to and from one or more addresses associated with said remote firewall to be transceived through said local firewall.
1 Assignment
0 Petitions
Accused Products
Abstract
An enhanced personal firewall system having an inter-firewall connection listener which binds to a specified communications port and listens for inbound and/or outbound connection requests; and an inter-firewall controller which establishes a trusted communications through a local firewall and a remote firewall by exchanging public keys, a signed trusted computer firewall request, and using the keys to determine if a local key storage indicates previous authorization to trusted communications. If not, then a user of the targeted resource is notified and prompted to authorize the access. If so, then the firewall rules protecting the targeted resource are modified, even if temporarily, to allow the requesting firewall to have trusted access.
74 Citations
18 Claims
-
1. An enhanced personal firewall system comprising:
-
an inter-firewall connection listener configured to bind to a specified communications port, to listen for incoming, outgoing, or both incoming and outgoing firewall trust requests, and upon detection of a connection, to transfer firewall control to an inter-firewall controller; and an inter-firewall controller configured to perform logical processes for establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; (a) upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall, to; (1) initiate and transmit a handshake identification request from a local firewall to a remote firewall; (2) responsive to receipt of a handshake response from said remote firewall, to transmit a local firewall public encryption key to said remote firewall; (3) responsive to receiving a host firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to said remote firewall; (4) upon receipt of a grant of trusted access from said remote firewall, to allow an application program from behind said local firewall to communicate to said remote firewall, otherwise to block said application program from communication with said remote firewall; and (b) upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall, to; (1) transmit a firewall identification handshake response to said remote firewall upon receipt of a handshake identification request from said remote firewall; (2) responsive to receipt of remote firewall public encryption key, transmitting a local firewall public encryption key to said remote firewall; (3) responsive to receiving a signed trusted computer request from said remote firewall, if said remote firewall has previously requested a trusted access by checking a local public key store, using the signature of said trusted computer request using said received remote firewall public encryption key; (4) responsive to determining that said remote firewall has been previously authorized to establish trusted access, modifying local firewall rules to allow data communications to and from one or more addresses associated with said remote firewall to be transceived through said local firewall. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing an enhanced personal firewall comprising the steps of:
-
binding a listener to a specified communications port; listening by said listener for incoming, outgoing, or both incoming and outgoing firewall trust requests; upon detection of a connection, performing logical processes for establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; (a) upon establishing an outgoing connection by an application program protected by a local firewall to resource protected by a remote firewall; (1) initiating and transmitting a handshake identification request from a local firewall to a remote firewall; (2) responsive to receipt of a handshake response from said remote firewall, to transmitting a local firewall public encryption key to said remote firewall; (3) responsive to receiving a host firewall public encryption key, to generating, signing, and transmitting a trusted computer request with identification information to said remote firewall; (4) upon receipt of a grant of trusted access from said remote firewall, allowing an application program from behind said local firewall to communicate to said remote firewall, otherwise blocking said application program from communication with said remote firewall; and (b) upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall; (1) transmit a firewall identification handshake response to said remote firewall upon receipt of a handshake identification request from said remote firewall; (2) responsive to receipt of remote firewall public encryption key, transmitting a local firewall public encryption key to said remote firewall; (3) responsive to receiving a signed trusted computer request from said remote firewall, if said remote firewall has previously requested a trusted access by checking a local public key store, using the signature of said trusted computer request using said received remote firewall public encryption key; (4) responsive to determining that said remote firewall has been previously authorized to establish trusted access, modifying local firewall rules to allow data communications to and from one or more addresses associated with said remote firewall to be transceived through said local firewall. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An article of manufacture comprising:
-
a computer readable medium suitable for storage of computer program code; and one or more computer program codes stored in or on said computer readable medium configured to cause a processor to perform steps of; binding a listener to a specified communications port; listening by said listener for incoming, outgoing, or both incoming and outgoing firewall trust requests; upon detection of a connection, performing logical processes for establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; (a) upon establishing an outgoing connection by an application program protected by a local firewall to resource protected by a remote firewall; (1) initiating and transmitting a handshake identification request from a local firewall to a remote firewall; (2) responsive to receipt of a handshake response from said remote firewall, to transmitting a local firewall public encryption key to said remote firewall; (3) responsive to receiving a host firewall public encryption key, to generating, signing, and transmitting a trusted computer request with identification information to said remote firewall; (4) upon receipt of a grant of trusted access from said remote firewall, allowing an application program from behind said local firewall to communicate to said remote firewall, otherwise blocking said application program from communication with said remote firewall; and (b) upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall; (1) transmit a firewall identification handshake response to said remote firewall upon receipt of a handshake identification request from said remote firewall; (2) responsive to receipt of remote firewall public encryption key, transmitting a local firewall public encryption key to said remote firewall; (3) responsive to receiving a signed trusted computer request from said remote firewall, if said remote firewall has previously requested a trusted access by checking a local public key store, using the signature of said trusted computer request using said received remote firewall public encryption key; (4) responsive to determining that said remote firewall has been previously authorized to establish trusted access, modifying local firewall rules to allow data communications to and from one or more addresses associated with said remote firewall to be transceived through said local firewall. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification