Method and apparatus for controlling access to services within a computer network
First Claim
1. A method for providing access control to services in a computer network including one or more server systems and one or more client systems, the method comprising the steps of:
- providing a filtering profile for each service, each filtering profile including one or more filtering rules,establishing the identity of a network user that is using a host client system,selecting one of more filtering profiles in accordance with the identity of the network user, andestablishing a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for controlling access to services within a computer network is provided. More specifically, the present invention includes a services management system, or SMS. The SMS manages network connections between a series of client systems and a router. An access network control server (ANCS) manages the configuration of the router. For each network user, the SMS maintains a profile of filtering rules. When the user accesses the network, the SMS downloads the user'"'"'s filtering profiles to the ANCS. The ANCS then uses the downloaded filtering profiles to reconfigure the router. The router then uses the filtering rules to selectively forward IP packets originating from the user'"'"'s host system and directed at the network services.
-
Citations
18 Claims
-
1. A method for providing access control to services in a computer network including one or more server systems and one or more client systems, the method comprising the steps of:
-
providing a filtering profile for each service, each filtering profile including one or more filtering rules, establishing the identity of a network user that is using a host client system, selecting one of more filtering profiles in accordance with the identity of the network user, and establishing a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14)
-
-
11. A computer program product comprising:
a computer usable medium having computer readable code embodied therein for providing access control to services in a computer network including one or more server systems and one or more client systems, the computer program product comprising; first computer readable program code devices configured to cause a computer system to maintain a filtering profile for each service, each filtering profile including one or more filtering rules, second computer readable program code devices configured to cause a computer system to establishing the identity of a network user that is using a host client system, third computer readable program code devices configured to cause a computer system to select one of more filtering profiles in accordance with the identity of the network user, and fourth computer readable program code devices configured to cause a computer system to establish a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network. - View Dependent Claims (12, 13)
-
15. An apparatus for providing access control to services in a computer network including one or more server systems and one or more client systems, the apparatus comprising:
-
a filtering profile for each service, each filtering profile including one or more filtering rules, a first portion configured to cause a computer system to establish the identity of a network user that is using a host client system, a second portion configured to cause a computer system to select one of more filtering profiles in accordance with the identity of the network user, and a third portion configured to cause a computer system to establish a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network. - View Dependent Claims (16, 17, 18)
-
Specification