Network session management
First Claim
Patent Images
1. A network system, comprising:
- first and second devices, whereinthe first device is adapted to;
deliver a set of policies to the second device during initialization of a virtual private network between the first and second devices; and
the second device is remote from the first device and adapted to;
run an application;
use both said policies and a priority assigned to the application to detect data packets from unauthorized activities; and
reject data packets from the unauthorized activities.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention uses network stack information to enforce context-based policies. The combination of policies, user/application context information and packet filtering is used to enable fine-grained control of network resources.
179 Citations
25 Claims
-
1. A network system, comprising:
first and second devices, wherein the first device is adapted to; deliver a set of policies to the second device during initialization of a virtual private network between the first and second devices; and the second device is remote from the first device and adapted to; run an application; use both said policies and a priority assigned to the application to detect data packets from unauthorized activities; and reject data packets from the unauthorized activities. - View Dependent Claims (2, 3, 4, 8)
-
5. A network stack, comprising:
-
a policy engine; a policy store adapted to interact with the policy engine and store a set of policies from the policy engine; a socket interceptor coupled to the policy engine; a packet guard coupled to the policy engine; a configurable management process adapted to reconfigure the network stack and having instructions to; receive policies in the policy engine from the policy server during a virtual private network session with a remote device; use the socket interceptor to detect and reject data packets from unauthorized users and applications and provide the packet guard with context information about the unauthorized users and applications including at least information about a running state of the application; use the packet guard to filter unauthorized activities received from the network interface; use the packet guard to filter the data packets from unauthorized users and applications based on the context information received by the socket interceptor; and use the packet guard to filter data packets based on the policies. - View Dependent Claims (6, 7)
-
-
9. A method comprising:
-
establishing a virtual private network (VPN) session between a primary computing system and a remote computing system, wherein the primary computing system includes a security policy engine, and wherein the remote computing system includes a network stack; transmitting information indicative of security parameters from the primary computing system to the remote computing system using the security policy engine during initialization of the VPN; configuring the network stack based on the information indicative of security parameters; subsequently running a particular application program on the remote computing system; selecting information indicative of updated security parameters based on a priority of the particular application program; and dynamically reconfiguring the network stack based on the information indicative of the updated security parameters. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method comprising:
-
establishing a secure virtual private network connection between a server and a remote system; delivering security policies from the server to the remote system during initialization of the secure private network connection; and regulating access to nodes accessible via the server by the remote system based on the security policies and a priority associated with at least one application program running on the remote system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. An article comprising a computer-readable medium which stores computer-executable instructions, the instructions causing a computer to:
-
establish a secure virtual private network connection between a server and a remote system; deliver security policies from the server to the remote system during initialization of the secure private network connection; and regulate access to nodes accessible via the server by the remote system based on the security policies and a priority associated with at least one application program running on the remote system. - View Dependent Claims (22, 23, 24, 25)
-
Specification