Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

US 7,676,836 B2
Filed: 07/05/2005
Issued: 03/09/2010
Est. Priority Date: 07/09/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A firewall system comprising a community of interconnectable appliances sharing at least one common global security rule, wherein the firewall system is characterized such that:

each appliance of the firewall system stores a local security policy comprising the at least one common global security rule, a list of the members of the community as well as of their state of connection, and a list of services offered locally;

each appliance comprising a filter for messages destined for and originating from a network to which each appliance is connected; and

each appliance calculates firewall rules used by the filter as a function of the local security policy.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to the protection by firewall of a domestic community of interconnectable appliances.

The invention allows distributed and totally decentralized management of the firewall policy, implemented at the level of each appliance, which is consistent and adapts dynamically to the changes occurring within the domestic network. We shall speak of ubiquitous firewalls.

Citations

13 Claims

1. A firewall system comprising a community of interconnectable appliances sharing at least one common global security rule, wherein the firewall system is characterized such that:
- each appliance of the firewall system stores a local security policy comprising the at least one common global security rule, a list of the members of the community as well as of their state of connection, and a list of services offered locally;
  
  each appliance comprising a filter for messages destined for and originating from a network to which each appliance is connected; and
  
  each appliance calculates firewall rules used by the filter as a function of the local security policy.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system according to claim 1, wherein each appliance of the community updates the local security policy and triggers a new calculation of the firewall rules used by the filter.
  - 3. The system according to claim 2, wherein the interconnectable appliances reside on a network and wherein the new calculation of the firewall rules used by the filter is in reaction to changes occurring on the network.
  - 4. The system according to claim 3, where the changes occurring on the network are at least one among the following:
    - a change of network address of an appliance of the community, an addition, removal, or banishing of an appliance of the community, and a change of status of a service hosted on an appliance of the community.
  - 5. The system according to claim 1, wherein each appliance of the community determines a list of the appliances outside the community possessing privileged accesses to at least one service offered by an appliance of the community, the list of the appliances outside the community being integrated with the local security policy.

6. An appliance belonging to a community of interconnectable appliances sharing a set of at least one common global security rule, the appliance storing a local security policy having global security rules, a list of the members of the community as well as of their state of connection, and a list of services offered locally, the appliance possessing a firewall comprising a filter of messages destined for and originating from a network to which the appliance is connected, the appliance calculating firewall rules used by the filter as a function of the local security policy, wherein a firewall device is located on each aDDliance on the network.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The appliance according to claim 6, which updates the local security policy and automatically triggers a new calculation of the firewall rules used by the filter.
  - 8. The appliance according to claim 7, wherein the new calculation of the firewall rules used by the filter is effected in reaction to changes occurring on the network.
  - 9. The appliance according to claim 8, wherein where the changes occurring on the network affect that trigger a new calculation of the firewall rules used by the filter are at least one among the following:
    - a change of network address of an appliance of the community, an addition, removal, or banishing of an appliance of the community, and a change of status of a service hosted on an appliance of the community.
  - 10. The appliance according to claim 6, wherein the appliance determines a list of the appliances outside the community possessing privileged accesses to at least one service offered by an appliance of the community, the list of the appliances outside the community being integrated with the local security policy.

11. A method of updating firewall rules used by an appliance having a firewall, the firewall having a filter of the messages destined for and originating from a network connected to the appliance, the appliance forming part of a community of interconnectable appliances sharing at least one common global security rule, the appliance storing a local security policy, a list of members of the community as well as of their state of connection, and a list of services offered locally, the firewall rules being calculated as a function of the local security policy, the method comprising the following steps:
- detection of addition, removal, and banishing of an appliance of the community;
  
  detection of changes of network address of an appliance of the community; and
  
  triggering of a new calculation of the firewall rules in response to a change of the local security policy.
- View Dependent Claims (12, 13)
- - 12. The method according to claim 11 further comprising a step of detecting the changes of status of services hosted by the appliance.
  - 13. The method according to claim 12 wherein triggering of a new calculation of the firewall rules is related to:
    - detection of addition, removal, and banishing of an appliance of the community; and
      
      detection of change of IP address of an appliance of the community, and detection of a change of status of a service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
Andreaux, Jean-Pierre, Bidan, Christophe, Heen, Olivier, Prigent, Nicolas, Courtay, Olivier
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US11/174,830
Publication Number

US 20060010491A1
Time in Patent Office

1,708 Days
Field of Search

726 1- 4, 726/11
US Class Current

726/11
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 12/40104   Security; Encryption; Conte...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall system protecting a community of appliances, appliance participating in the system and method of updating the firewall rules within the system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links