Personal firewall with location dependent functionality

US 7,325,248 B2
Filed: 11/19/2001
Issued: 01/29/2008
Est. Priority Date: 11/19/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling a personal firewall in a client computer, said method comprisingproviding said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks,determining by said personal firewall a current location of said client computer based solely on an Internet Protocol(IP) address currently used by said client computer,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, ordetermining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer device is provided with a local security mechanism, a personal firewall, for protecting the computer device from attacks from a foreign network, in addition to or instead of a firewall in the internal network which protects the computer when connected to a home network. The personal firewall is provided with different sets of security rules for the home network and foreign networks. The personal firewall is arranged to detect its current location, i.e. determine to which network it is connected to at each particular moment. The personal firewall activates one of the given sets of security rules according to the detected current location of the computer device, i.e. the personal firewall automatically uses the security rules predefined for the network to which the computer device is connected at each particular moment. Upon detecting a change in the location, the personal firewall immediately adapts to use security rules predefined for the new location.

Citations

15 Claims

1. A method of controlling a personal firewall in a client computer, said method comprisingproviding said personal firewall with at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks,determining by said personal firewall a current location of said client computer based solely on an Internet Protocol(IP) address currently used by said client computer,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, ordetermining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said providing comprises providing said client computer with said set of security rules in form of at least two rule bases, said step of selecting a set of security rules comprises enabling one of said rule bases at a time according to the current location of said client computer.
  - 3. A method according to claim 1, wherein said providing comprises providing said client computer with said set of security rules in form of one rule base, and said step of selecting a set of security rules comprises enabling and disabling rules in said one rule base in different combinations according to the current location of said client computer.
  - 4. A method according to claim 1, wherein said determining comprisesstoring in said client computer an IP address space of said home network,comparing the current IP address of said client computer with said IP address space, andif the current IP address of said client computer matches said IP address space, determining said personal firewall to be located in said home network.
  - 5. A method according to any one of claims 1, 2 or 3, wherein said determining comprises storing in said client computer a list of IP addresses of said home network, comparing the current IP address of said client computer with said list of IP addresses, and if the current IP address of said client computer matches one of said addresses on said list, determining said client computer to be located in said home network.
  - 6. A method according to claim 1, wherein said specific identity data is a Media Access Control (MAC) address of said predetermined network element.

7. A method of managing a personal firewall in a client computer, comprisingstoring in said personal firewall at least one set of security rules to be used when said client computer is connected to a home network of said client computer, and at least one set of security rules to be used when said client computer is connected to foreign networks,storing updated sets of security rules, if any, in a centralized unit in said home network of said client computer,determining by said personal firewall a current location of said client computer based solely on an internet Protocol (IP) address currently used by said client computer,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address, sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verities the current location determined based solely on the IP address currently used by said client computer, or determining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer, and further comprisingconfiguring said personal firewall to periodically query the availability of said updated sets of security rules from said centralized rule base server when being located in said home network, or when having a remote access to said home network while being located in a foreign network, andloading said updated sets of security rules from said centralized rule base server to said personal firewall in response to said query, if such updated sets of security rules are available.
- View Dependent Claims (8, 9)
- - 8. A method according to claim 7, comprising monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, and automatically activating said periodical query, when the current location of said client computer is in said home network.
  - 9. A method according to claim 7, comprising monitoring the current location of said client computer based on an Internet Protocol (IP) address currently used by said client computer, sending log files to a centralized log server from said personal firewall when the current location of said client computer is in said home network, said log files containing information on communication transactions in said client computer, collecting log files locally at said personal firewall, when the current location of said client computer is not in said home network, and transferring said locally collected log files from said personal firewall to said centralized log server, when said client computer is connected to said home network.

10. A computer terminal, comprisinga personal firewall provided with at least one set of security rules to be used when said computer terminal is connected to a home network of said computer terminal, andat least one set of security rules to be used when said computer terminal is connected to foreign networks,said personal firewall having a mechanism determining the current location of said computer terminal based solely on an Internet Protocol (IP) address currently used by said computer terminal,said personal firewall having a mechanism selecting a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer,said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,said personal firewall having a mechanism sending to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element,said personal firewall having a mechanism automatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer terminal, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, orsaid personal firewall having a mechanism automatically determining the current location unverified and selecting a default set of security rules, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer.

11. A computer-readable medium, containing a computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprisingstoring by said personal firewall at least one set of security rules to be used when said computer device is connected to a home network of said computer device, and at least one set of security rules to be used when said computer device is connected to foreign networks,determining by said personal firewall the current location of said computer device based solely on an Internet Protocol (IP) address currently used by said computer device,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting one of said sets of security rules by said personal firewall according to said current location of said computer device, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, ordetermining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location.

12. A computer device, comprising a personal firewall routine configured tostore security rules for a home network of said computer device, and for foreign networks,determine current location of said client computer based solely on an Internet Protocol (IP) address currently used by said computer device,select a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said computer device, said predetermined network element being able to respond only if said computer device is located in the network in which it is assumed to be on the basis of the current IP address,send to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically select security rules for said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said computer device, ordetermine the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based on the IP address currently used by said computer device, and further toperiodically query the availability of updated security rules from a centralized rule base server in said home network of said computer device when said computer device is located in said home network, anddownload said updated security rules from said centralized rule base server, if such updated security rules are available in said centralized rule base server.
- View Dependent Claims (13)
- - 13. A computer device according to claim 12, said personal firewall routine being further configured to activate said periodical query also when said computer device has a remote access to said home network while being located in a foreign network.

14. A computer device, comprising a personal firewall routine configured todetermine current location of said client computer based solely on an Internet Protocol (IP) address currently used by said computer device,select a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said computer device,said predetermined network element being able to respond only if said computer device is located in the network in which it is assumed to be on the basis of the current IP address,send to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically select security rules for said personal firewall according to said current location of said client computer,if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said computer device, ordetermine the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said computer device, and further tosend log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device,collect log files locally in said computer device, when the current location of said client device is not in said home network, andtransfer said locally collected log files to said centralized log server, when said computer device is reconnected to said home network.

15. A computer-readable medium, containing computer software which, when executed in a computer device, causes the computer device to provide a personal firewall routine comprisingdetermining by said personal firewall a current location of said client computer based solely on an Internet Protocol (IP) address currently used by said client computer,selecting by said personal firewall a predetermined network element that should be available for verification from the current location determined based solely on the IP address currently used by said client computer, said predetermined network element being able to respond only if said client computer is located in the network in which it is assumed to be on the basis of the current IP address,sending by the personal firewall to the selected predetermined network element a request to send a response with some data proving an identity of the selected predetermined network element, andautomatically selecting by the personal firewall one of said sets of security rules by said personal firewall according to said current location of said client computer, if the selected predetermined network element sends a response with the required identity data to the personal firewall and thereby verifies the current location determined based solely on the IP address currently used by said client computer, ordetermining the current location unverified and selecting a default set of security rules by the personal firewall, if the personal firewall fails to receive from the selected predetermined network element a response with the required identity data which verifies the current location determined based solely on the IP address currently used by said client computer, andsending log files to a centralized log server, when a current location of said computer device is in a home network of said computer device, said log files containing information on communication transactions in said computer device,collecting log files locally in said computer device, when the current location of said client device is not in said home network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC (Francisco Partners Management LLC)
Original Assignee
Stonesoft Corporation
Inventors
Syvänne, Tuomo
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Brown; Christopher J

Application Number

US09/988,356
Publication Number

US 20030097590A1
Time in Patent Office

2,262 Days
Field of Search

726/11, 726/12, 713/166
US Class Current

726/11
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/107   wherein the security polici...

Personal firewall with location dependent functionality

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Personal firewall with location dependent functionality

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links