System and method for a group-based network access control for computer
First Claim
1. A method for a group-based network access control system, the method comprising the steps of:
- operating a software process on a computer, said software process including a network point attribute;
communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute;
establishing an association between said network endpoint attribute and said interface attribute;
placing said network endpoint attribute and said interface attribute in a table; and
comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute, further comprises a primary group identifier and a supplemental group identifier list.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for group-based network access control systems are provided. The group-based network access control system includes a software process operating on a computer. The software process is configured to communicate a packet through a group-based network protocol stack to a network interface card that includes an interface attribute. A table of network attributes, associated with a session filter module and a network filter module, compares the network endpoint attribute with the interface attribute in the table of network attributes to determine whether the software process can access the network interface card. Each network endpoint attribute comprises a primary group identifier and a supplemental group identifier list, and each interface attribute comprises a network group list. The method includes the steps of operating a software process that includes a network endpoint attribute. Next, packets are communicated through a network protocol stack to a network interface card, where the network interface card includes an interface attribute. Association between the network endpoint attribute and the interface attribute is established, and both the network endpoint attribute and the interface attribute are placed in a table. The network endpoint attribute is then compared with the interface attribute to determine whether the software process can access the network interface card. Each network endpoint attribute comprises a primary group identifier and a supplemental group identifier list, and each interface attribute comprises a network group list.
-
Citations
18 Claims
-
1. A method for a group-based network access control system, the method comprising the steps of:
-
operating a software process on a computer, said software process including a network point attribute; communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute; establishing an association between said network endpoint attribute and said interface attribute; placing said network endpoint attribute and said interface attribute in a table; and comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute, further comprises a primary group identifier and a supplemental group identifier list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer readable medium for a group-based network access control system, comprising:
-
logic for operating a software process on a computer, said software process including a network endpoint attribute; logic for communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute; logic for establishing an association between said network endpoint attribute and said interface attribute; and logic for comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute further comprises a primary group identifier and a supplemental group identifier list. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A group-based network access control system, comprising:
-
a means for operating a software process on a computer, said software process including network endpoint attribute; a means for communicating packets through a network protocol stack to a network interface card, said network interface card including an interface attribute; a means for establishing an association between said network endpoint attributes and said interface attribute; a means for placing said network endpoint attributes and said interface attribute in a table;
ana means for comparing said network endpoint attribute with said interface attribute to determine whether said software process can access said network interface card, wherein said interface attribute comprises a network group list, and wherein said network endpoint attribute further comprises a primary group identifier and a supplemental group identifier list. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification