System and method for a group-based network access control for computer

US 7,032,243 B2
Filed: 07/02/2001
Issued: 04/18/2006
Est. Priority Date: 12/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method for a group-based network access control system, the method comprising the steps of:

operating a software process on a computer, said software process including a network point attribute;

communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute;

establishing an association between said network endpoint attribute and said interface attribute;

placing said network endpoint attribute and said interface attribute in a table; and

comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute, further comprises a primary group identifier and a supplemental group identifier list.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for group-based network access control systems are provided. The group-based network access control system includes a software process operating on a computer. The software process is configured to communicate a packet through a group-based network protocol stack to a network interface card that includes an interface attribute. A table of network attributes, associated with a session filter module and a network filter module, compares the network endpoint attribute with the interface attribute in the table of network attributes to determine whether the software process can access the network interface card. Each network endpoint attribute comprises a primary group identifier and a supplemental group identifier list, and each interface attribute comprises a network group list. The method includes the steps of operating a software process that includes a network endpoint attribute. Next, packets are communicated through a network protocol stack to a network interface card, where the network interface card includes an interface attribute. Association between the network endpoint attribute and the interface attribute is established, and both the network endpoint attribute and the interface attribute are placed in a table. The network endpoint attribute is then compared with the interface attribute to determine whether the software process can access the network interface card. Each network endpoint attribute comprises a primary group identifier and a supplemental group identifier list, and each interface attribute comprises a network group list.

Citations

18 Claims

1. A method for a group-based network access control system, the method comprising the steps of:
- operating a software process on a computer, said software process including a network point attribute;
  
  communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute;
  
  establishing an association between said network endpoint attribute and said interface attribute;
  
  placing said network endpoint attribute and said interface attribute in a table; and
  
  comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute, further comprises a primary group identifier and a supplemental group identifier list.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said supplemental group identifier list further comprises:
    - at least one group identifier.
  - 3. The method of claim 1, wherein said supplemental group identifier list enables said software process to access a second process with a matching primary group identifier.
  - 4. The method of claim 1, further comprising the steps of:
    - receiving a communication packet in a session filter module;
      
      placing said network endpoint attribute in said table of network attributes;
      
      querying said table of network attributes to determine said network endpoint attribute said interface attribute; and
      
      determining whether said communication packet can be sent to said network protocol stack.
  - 5. The method of claim 1, further comprising the steps of:
    - receiving a communication packet in a network filter module;
      
      placing said interface attribute in said table of network attributes;
      
      querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      determining whether said communication packet can be sent to said network interface card.
  - 6. The method of claim 1, further comprising the steps of:
    - receiving a communication packet in a network filter module;
      
      querying said table to determine said network endpoint attribute and said interface attribute; and
      
      determining whether said communication packet can be sent to said network protocol Stack.

7. A computer readable medium for a group-based network access control system, comprising:
- logic for operating a software process on a computer, said software process including a network endpoint attribute;
  
  logic for communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute;
  
  logic for establishing an association between said network endpoint attribute and said interface attribute; and
  
  logic for comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute further comprises a primary group identifier and a supplemental group identifier list.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer readable medium of claim 7, wherein said supplemental group identifier list further comprises:
    - at least one group identifier.
  - 9. The computer readable medium of claim 7, wherein said supplemental group identifier list enables said software process to access a second process with a matching primary group identifier.
  - 10. The computer readable medium of claim 7, further comprising:
    - logic for a for receiving a communication packet;
      
      logic for placing said network endpoint attribute in a table of network attributes;
      
      logic for querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      logic for determining whether said communication packet can be sent to said network protocol stack.
  - 11. The computer readable medium of claim 7, further comprising logic configured to perform the steps of:
    - logic for receiving a communication packet;
      
      logic for placing said interface attribute a table of network attributes;
      
      logic for querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      logic for determining whether said communication packet can be sent to said network interface card.
  - 12. The computer readable medium of claim 7, further comprising the steps of:
    - logic for receiving a communication packet;
      
      logic, for querying a table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      logic for determining whether said communication packet can be sent to said network protocol stack.

13. A group-based network access control system, comprising:
- a means for operating a software process on a computer, said software process including network endpoint attribute;
  
  a means for communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute;
  
  a means for establishing an association between said network endpoint attributes and said interface attribute;
  
  a means for placing said network endpoint attributes and said interface attribute in a table;
  
  ana means for comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute further comprises a primary group identifier and a supplemental group identifier list.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein said supplemental group identifier list further comprises:
    - at least one group identifier.
  - 15. The system of claim 13, wherein said supplemental group identifier list enables a software process to access a second process with a matching primary group identifier.
  - 16. The system of claim 13, further comprising:
    - a means for receiving a communication packet in a session filter module;
      
      a means for placing said network endpoint attribute in said table of network attributes;
      
      a for querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      a means for determining whether said communication packet can be sent to said network protocol stack.
  - 17. The system of claim 13, further comprising:
    - a means for receiving a communication packet in a network filter module;
      
      a means for placing said interface attribute in said table of network attributes;
      
      a means for querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      a means for determining whether said communication packet can be sent to said network interface card.
  - 18. The system of claim 13, further comprising:
    - a means for receiving a communication packet in a network filter module;
      
      a means for querying said table of network attributes to determine said network endpoint attribute and said interface attribute; and
      
      a means for determining whether said communication packet can be sent to said network protocol stack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Leerssen, Scott Alan, Clark, Brett Miller
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/897,262
Publication Number

US 20020078383A1
Time in Patent Office

1,751 Days
Field of Search

726/14, 726/16, 726/17, 726/18, 726/27, 709/223, 709/225, 709/226, 709/229, 710/1, 710/5
US Class Current

726/17
CPC Class Codes

H04L 63/104 Grouping of entities

System and method for a group-based network access control for computer

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for a group-based network access control for computer

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links