×

System and method for on-demand dynamic control of security policies/rules by a client computing device

  • US 7,475,424 B2
  • Filed: 09/02/2004
  • Issued: 01/06/2009
  • Est. Priority Date: 09/02/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method, in a data processing system, for configuring a data flow filtering mechanism that filters data flows to a plurality of client computing devices, comprising:

  • establishing one or more portions of configuration information for the data flow filtering mechanism that are modifiable by a protected client computing device in a plurality of protected client computing devices and one or more portions of configuration information for the data flow filtering mechanism that are not modifiable by the protected client computing device;

    receiving a request from the protected client computing device to modify a portion of configuration information for the data flow filtering mechanism that is established as a client computing device modifiable portion of configuration information; and

    storing a client computing device configuration profile incorporating the modification to the client computing device modifiable portion of the configuration information, wherein the client computing device configuration profile is used by the data flow filtering mechanism to filter a data flow to or from the protected client computing device, wherein the client computing device configuration profile filters data flowing between the protected client computing device and one or more non-protected client computing devices, and wherein the client computing device configuration profile applies only to data flows to and from the protected client computing device through the data flow filtering mechanism and does not affect data flows to other protected client computing devices in the plurality of protected client computing devices through the data flow filtering mechanism;

    receiving a data flow;

    determining if the data flow is associated with the protected client computing device that is protected by the data flow filtering mechanism;

    filtering the data flow based on the client computing device configuration profile associated with the protected client computing device in response to a determination that the data flow is associated with the protected client computing device;

    determining if there is a conflict between a security policy/rule in the client computing device configuration profile and a security policy/rule in default configuration information; and

    resolving the conflict based on a security policy/rule conflict resolution policy, wherein the security policy/rule conflict resolution policy selects a more restrictive security policy/rule to be used by the data flow filtering mechanism.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×