Remote access-controlled communication
First Claim
Patent Images
1. A method for establishing an access-controlled communications path between a client and an access-controlled network resource, the client having a client network address associated therewith, said method comprising:
- determining whether the client is authorized to access the access-controlled network resource;
in response to a determination that the client is authorized to access the access-controlled network resource, configuring a firewall to selectively accept future communications having the client network address associated therewith;
receiving a communication;
determining whether said communication has the client network address associated therewith; and
in response to a determination that said communication has the client network address associated therewith, allowing said communication to pass through the firewall to the access-controlled network resource, thereby establishing an access-controlled communications path between the client and the access-controlled network resource.
3 Assignments
0 Petitions
Accused Products
Abstract
To establish an access-controlled communications path between a client and an access-controlled network resource, a determination is initially made as to whether the client is authorized to access the access-controlled resource. If the client is authorized to access the access-controlled resource, then a validated parameter associated with the client (e.g. the client'"'"'s network address) is established. Thereafter, a firewall is configured to selectively accept future communications having the validated parameter associated therewith. Upon receiving a communication, a determination is made as to whether the communication has the validated parameter associated therewith. If it does (thereby indicating that the communication is from the authorized client), then the communication is allowed to pass through the firewall to the access-controlled network resource. In this manner, an access-controlled communications path is established between the client and the access-controlled network resource.
163 Citations
27 Claims
-
1. A method for establishing an access-controlled communications path between a client and an access-controlled network resource, the client having a client network address associated therewith, said method comprising:
-
determining whether the client is authorized to access the access-controlled network resource;
in response to a determination that the client is authorized to access the access-controlled network resource, configuring a firewall to selectively accept future communications having the client network address associated therewith;
receiving a communication;
determining whether said communication has the client network address associated therewith; and
in response to a determination that said communication has the client network address associated therewith, allowing said communication to pass through the firewall to the access-controlled network resource, thereby establishing an access-controlled communications path between the client and the access-controlled network resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
in response to a determination that said communication does not have the client network address associated therewith, preventing said communication from passing through the firewall to the access-controlled network resource.
-
-
3. The method of claim 2, wherein said communication comprises one or more packets, and wherein preventing comprises dropping said one or more packets.
-
4. The method of claim 1, further comprising:
-
determining whether the access-controlled communications path has been terminated by the client; and
in response to a determination that the access-controlled communications path has been terminated by the client, configuring the firewall to no longer accept future communications having the client network address associated therewith.
-
-
5. The method of claim 1, further comprising:
-
maintaining the access-controlled communications path for a predetermined period of time; and
upon expiration of said predetermined period of time, configuring the firewall to no longer accept future communications having the client network address associated therewith.
-
-
6. The method of claim 1, further comprising:
-
maintaining the access-controlled communications path for a first predetermined period of time;
determining whether the access-controlled communications path should be further maintained beyond said first predetermined period of time; and
in response to a determination that the access-controlled communications path should be further maintained, maintaining the access-controlled communications path for a second predetermined period of time.
-
-
7. The method of claim 6, wherein determining whether the access-controlled communications path should be further maintained comprises:
-
determining whether the client wishes to have the access-controlled communications path further maintained; and
in response to a determination that the client wishes to have the access-controlled communications path further maintained, determining whether the client is still authorized to access the access-controlled network resource.
-
-
8. The method of claim 7, further comprising:
providing information to the client regarding said first predetermined time period.
-
9. The method of claim 8, wherein said information regarding said first predetermined time period comprises information on time remaining in said first predetermined time period.
-
10. The method of claim 9, wherein said information regarding said first predetermined time period further comprises information on how to further maintain the access-controlled communications path.
-
11. The method of claim 1, wherein determining whether the client is authorized to access the access-controlled network resource comprises:
-
receiving one or more validation codes from the client; and
determining whether said one or more validation codes are valid.
-
-
12. The method of claim 11, wherein said one or more validation codes are single use codes.
-
13. The method of claim 1, wherein a derivative client shares the client network address with the client, wherein the client causes the access-controlled communications path to be established for a first period of time, and the derivative client causes the communications path to be established for a second period of time, the method further comprising:
maintaining the access-controlled communications path until both said first and second periods of time have expired.
-
14. An apparatus for establishing an access-controlled communications path between a client and an access-controlled network resource, the client having a client network address associated therewith, said apparatus comprising:
-
a publicly accessible communications port coupled to a network for communicating with the client;
an access-controlled communications port coupled to the access-controlled network resource;
a configurable firewall coupled to said publicly accessible communications port and said access-controlled communications port, said firewall selectively passing communications received from said publicly accessible communications port on to said access-controlled communications port; and
a validation system coupled to said publicly accessible communications port and said firewall, said validation system determining whether the client is authorized to access the access-controlled network resource, and in response to a determination that the client is authorized to access the access-controlled resource, said validation system configuring said firewall to cause said firewall to pass future communications having the client network address associated therewith on to said access-controlled communications port, thereby establishing an access-controlled communications path between the client and the access-controlled network resource. - View Dependent Claims (15, 16)
a timer coupled to said firewall for maintaining a predetermined time period, and after expiration of said time period, said timer configuring said firewall to cause said firewall to no longer pass communications having the client network address associated therewith on to said access-controlled communications port.
-
-
17. A computer readable medium having stored thereon instructions, which when executed by one or more processors, cause the one or more processors to establish an access-controlled communications path between a client and an access-controlled network resource, the client having a client network address associated therewith, said computer readable medium comprising:
-
instructions for causing one or more processors to determine whether the client is authorized to access the access-controlled network resource;
instructions for causing one or more processors to configure, in response to a determination that the client is authorized to access the access-controlled network resource, a firewall to selectively accept future communications having the client network address associated therewith;
instructions for causing one or more processors to receive a communication;
instructions for causing one or more processors to determine whether said communication has the client network address associated therewith; and
instructions for causing one or more processors to allow, in response to a determination that said communication has the client network address associated therewith, said communication to pass through the firewall to the access-controlled network resource, thereby establishing an access-controlled communications path between the client and the access-controlled network resource. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
instructions for causing one or more processors to prevent, in response to a determination that said communication does not have the client network address associated therewith, said communication from passing through the firewall to the access-controlled network resource.
-
-
19. The computer readable medium of claim 17, further comprising:
-
instructions for causing one or more processors to determine whether the access-controlled communications path has been terminated by the client; and
instructions for causing one or more processors to configure, in response to a determination that the access-controlled communications path has been terminated by the client, the firewall to no longer accept future communications having the client network address associated therewith.
-
-
20. The computer readable medium of claim 17, further comprising:
-
instructions for causing one or more processors to maintain the access-controlled communications path for a predetermined period of time; and
instructions for causing one or more processors to configure, upon expiration of said predetermined period of time, the firewall to no longer accept future communications having the client network address associated therewith.
-
-
21. The computer readable medium of claim 17, further comprising:
-
instructions for causing one or more processors to maintain the access-controlled communications path for a first predetermined period of time;
instructions for causing one or more processors to determine whether the access-controlled communications path should be further maintained beyond said first predetermined period of time; and
instructions for causing one or more processors to maintain, in response to a determination that the access-controlled communications path should be further maintained, the access-controlled communications path for a second predetermined period of time.
-
-
22. The computer readable medium of claim 21, wherein the instructions for causing one or more processors to determine whether the access-controlled communications path should be further maintained comprises:
-
instructions for causing one or more processors to determine whether the client wishes to have the access-controlled communications path further maintained; and
instructions for causing one or more processors to determine, in response to a determination that the client wishes to have the access-controlled communications path further maintained, whether the client is still authorized to access the access-controlled network resource.
-
-
23. The computer readable medium of claim 22, further comprising:
instructions for causing one or more processors to provide information to the client regarding said first predetermined time period.
-
24. The computer readable medium of claim 23, wherein said information regarding said first predetermined time period comprises information on time remaining in said first predetermined time period.
-
25. The computer readable medium of claim 24, wherein said information regarding said first predetermined time period further comprises information on how to further maintain the access-controlled communications path.
-
26. The computer readable medium of claim 17, wherein the instructions for causing one or more processors to determine whether the client is authorized to access the access-controlled network resource comprises:
-
instructions for causing one or more processors to receive one or more validation codes from the client; and
instructions for causing one or more processors to determine whether said one or more validation codes are valid.
-
-
27. The computer readable medium of claim 26, wherein said one or more validation codes are single use codes.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeOracle America, Inc. (Oracle Corporation)
-
Original AssigneeSun Microsystems Incorporated (Oracle Corporation)
-
InventorsKalajan, Kevin E.
-
Primary Examiner(s)Wright, Norman M.
-
Application NumberUS08/928,360Time in Patent Office1,278 DaysField of Search395/187.01, 395/200.57, 395/200.59, 395/200.55, 370/352, 370/389, 713/201, 713/202, 713/200, 709/225, 709/227, 709/229US Class Current726/11CPC Class CodesH04L 63/0236 Filtering by address, proto...H04L 63/108 when the policy decisions a...H04L 9/40 Network security protocols
