CONTAINMENT OF NETWORK COMMUNICATION
11 Assignments
0 Petitions
Accused Products
Abstract
Invention selectively enables usage of services and communication conduits in a computer network, wherein the enablement is contingent on usage conditions, resulting in containment of the spread of unauthorized activity within a networked computer system and limiting the scope of results when an element becomes part of a hostile execution environment. Instead of protecting individual networked elements from a potentially hostile execution environment, the elements'"'"' usage of the networked environment is restricted to the extent of selectively allowing usage of needed resources explicitly authorized for use by such elements.
160 Citations
63 Claims
-
1-43. -43. (canceled)
-
44. A method to be executed by a processor, comprising:
-
intercepting a connection request initiated from a client in a computer network to establish a communication conduit between the client and a server; identifying the communication conduit corresponding to the client, the server, and a service associated with the communication conduit; identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; and determining whether the one or more usage conditions permit the connection request to be sent to the server, wherein if at least one of the usage conditions is met, then the connection request is sent to the server. - View Dependent Claims (45, 46, 47, 48, 49, 50)
-
-
51. Logic encoded in one or more tangible media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
intercepting a connection request initiated from a client in a computer network to establish a communication conduit between the client and a server; identifying the communication conduit corresponding to the client, the server, and a service associated with the communication conduit; identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; and determining whether the one or more usage conditions permit the connection request to be sent to the server, wherein if at least one of the usage conditions is met, then the connection request is sent to the server. - View Dependent Claims (52, 53, 54, 55, 56, 57)
-
-
58. An apparatus, comprising:
-
a communication proxy for intercepting a connection request from a client in a computer network to establish a communication conduit between the client and a server; and one or more processors operable to execute instructions associated with the communication proxy, including; identifying the communication conduit corresponding to the client, the server, and a service associated with the communication conduit; identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; and determining whether the one or more usage conditions permit the connection request to be sent to the server, wherein if at least one of the usage conditions is met, then the connection request is sent to the server. - View Dependent Claims (59, 60, 61, 62, 63)
-
Specification