System and methodology for managing internet access on a per application basis for client computers connected to the internet
DCFirst Claim
1. In a system comprising a plurality of client computers connected to a network and having Internet access, a method for managing Internet access for a particular client computer, the method comprising:
- providing at the particular client computer a client monitoring process;
providing at another computer on the network a supervisor process, said supervisor process specifying rules which govern Internet access by the client computers;
transmitting at least a subset of said rules to the particular client computer;
at the client monitoring process, trapping a request for Internet access from the particular client computer; and
processing the request for Internet access by performing substeps of;
(i) determining whether the request for Internet access violates any of the rules transmitted to the particular client computer, and(ii) if the request for Internet access violates any of the rules transmitted to the particular client computer, denying the request for Internet access.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A computing environment with methods for monitoring access to an open network, such as a WAN or the Internet, is described. The system includes one or more clients, each operating applications or processes (e.g., Netscape Navigator™ or Microsoft Internet Explorer™ browser software) requiring Internet (or other open network) access (e.g., an Internet connection to one or more Web servers). Client-based monitoring and filtering of access is provided in conjunction with a centralized enforcement supervisor. The supervisor maintains access rules for the client-based filtering and verifies the existence and proper operation of the client-based filter application. Access rules which can be defined can specify criteria such as total time a user can be connected to the Internet (e.g., per day, week, month, or the like), time a user can interactively use the Internet (e.g., per day, week, month, or the like), a list of applications or application versions that a user can or cannot use in order to access the Internet, a list of URLs (or WAN addresses) that a user application can (or cannot) access, a list of protocols or protocol components (such as Java Script™) that a user application can or cannot use, and rules to determine what events should be logged (including how long are logs to be kept). By intercepting process loading and unloading and keeping a list of currently-active processes, each client process can be checked for various characteristics, including checking executable names, version numbers, executable file checksums, version header details, configuration settings, and the like. With this information, the system can determine if a particular process in question should have access to the Internet and what kind of access (i.e., protocols, Internet addresses, time limitations, and the like) is permissible for the given specific user.
-
Citations
30 Claims
-
1. In a system comprising a plurality of client computers connected to a network and having Internet access, a method for managing Internet access for a particular client computer, the method comprising:
-
providing at the particular client computer a client monitoring process; providing at another computer on the network a supervisor process, said supervisor process specifying rules which govern Internet access by the client computers; transmitting at least a subset of said rules to the particular client computer; at the client monitoring process, trapping a request for Internet access from the particular client computer; and processing the request for Internet access by performing substeps of; (i) determining whether the request for Internet access violates any of the rules transmitted to the particular client computer, and (ii) if the request for Internet access violates any of the rules transmitted to the particular client computer, denying the request for Internet access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. In a system comprising a plurality of client computers connected to a network and having Internet access, a method for managing Internet access for a particular client computer on a per application basis, the method comprising:
-
storing at a supervisor computer a list of applications and versions thereof defining which applications are permitted Internet access; transmitting said list from the supervisor computer to the client computer; at the client computer, trapping a request for Internet access from a particular application; based on said list, determining whether the request for Internet access is from an application or version thereof which is permitted Internet access; and if the request for Internet access is from an application or version thereof which is not permitted Internet access, blocking Internet access for the application. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer system regulating access by client computers comprising:
-
a plurality of client computers which can connect to at least one open network; supervisor means provided at a computer which is in communication with each client computer to be regulated, said supervisor means including a database of enforcement rules governing access of client computers to said at least one open network; means for transferring rules from the database of enforcement rules to each computer requiring access to said at least one open network and which is to be regulated; and monitoring means provided at each client computer which is to be regulated, for selectively blocking access to said at least one open network based on said transferred rules. - View Dependent Claims (27, 28, 29, 30)
-
Specification