Personal firewall with location dependent functionality
First Claim
1. A method of controlling a personal firewall in a client computer, said method comprisingproviding said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks,determining by said personal firewall a current location of said client computer based solely on an Internet Protocol(IP) address currently used by said client computer,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, ordetermining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.
9 Assignments
0 Petitions
Accused Products
Abstract
A computer device is provided with a local security mechanism, a personal firewall, for protecting the computer device from attacks from a foreign network, in addition to or instead of a firewall in the internal network which protects the computer when connected to a home network. The personal firewall is provided with different sets of security rules for the home network and foreign networks. The personal firewall is arranged to detect its current location, i.e. determine to which network it is connected to at each particular moment. The personal firewall activates one of the given sets of security rules according to the detected current location of the computer device, i.e. the personal firewall automatically uses the security rules predefined for the network to which the computer device is connected at each particular moment. Upon detecting a change in the location, the personal firewall immediately adapts to use security rules predefined for the new location.
-
Citations
15 Claims
-
1. A method of controlling a personal firewall in a client computer, said method comprising
providing said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks, determining by said personal firewall a current location of said client computer based solely on an Internet Protocol(IP) address currently used by said client computer, selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, or determining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.
-
7. A method of managing a personal firewall in a client computer, comprising
storing in said personal firewall at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks, storing updated sets of security rules, if any, in a centralized unit in said home network of said client computer, determining by said personal firewall a current location of said client computer based solely on an internet Protocol (IP) address currently used by said client computer, selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verities the current location determined based solely on the IP address currently used by said client computer, or determining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer, and further comprising configuring said personal firewall to periodically query the availability of said updated sets of security rules from said centralized rule base server when being located in said home network, or when having a remote access to said home network while being located in a foreign network, and loading said updated sets of security rules from said centralized rule base server to said personal firewall in response to said query, if such updated sets of security rules are available.
-
10. A computer terminal, comprising
a personal firewall provided with at least one set of security rules to be used when said computer terminal is connected to a home network of said computer terminal, and at least one set of security rules to be used when said computer terminal is connected to foreign networks, said personal firewall having a mechanism determining the current location of said computer terminal based solely on an Internet Protocol (IP) address currently used by said computer terminal, said personal firewall having a mechanism selecting a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, said personal firewall having a mechanism sending to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, said personal firewall having a mechanism automatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer terminal, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, or said personal firewall having a mechanism automatically determining the current location unverified and selecting a default set of security rules, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.
-
11. A computer-readable medium, containing a computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprising
storing by said personal firewall at least one set of security rules to be used when said computer device is connected to a home network of said computer device, and at least one set of security rules to be used when said computer device is connected to foreign networks, determining by said personal firewall the current location of said computer device based solely on an Internet Protocol (IP) address currently used by said computer device, selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer device, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, or determining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location.
-
12. A computer device, comprising a personal firewall routine configured to
store security rules for a home network of said computer device, and for foreign networks, determine current location of said client computer based solely on an Internet Protocol (IP) address currently used by said computer device, select a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said computer device, said predetermined network element being able to respond only if said computer device is located in the network in which it is assumed to be on the basis of the current IP address, send to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically select security rules for said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said computer device, or determine the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based on the IP address currently used by said computer device, and further to periodically query the availability of updated security rules from a centralized rule base server in said home network of said computer device when said computer device is located in said home network, and download said updated security rules from said centralized rule base server, if such updated security rules are available in said centralized rule base server.
-
14. A computer device, comprising a personal firewall routine configured to
determine current location of said client computer based solely on an Internet Protocol (IP) address currently used by said computer device, select a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said computer device, said predetermined network element being able to respond only if said computer device is located in the network in which it is assumed to be on the basis of the current IP address, send to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically select security rules for said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said computer device, or determine the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said computer device, and further to send log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device, collect log files locally in said computer device, when the current location of said client device is not in said home network, and transfer said locally collected log files to said centralized log server, when said computer device is reconnected to said home network.
-
15. A computer-readable medium, containing computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprising
determining by said personal firewall a current location of said client computer based solely on an Internet Protocol (IP) address currently used by said client computer, selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, and automatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, or determining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer, and sending log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device, collecting log files locally in said computer device, when the current location of said client device is not in said home network.
Specification