Containment of network communication
First Claim
Patent Images
1. A method to be executed by a processor within a network having a client, comprising:
- intercepting a connection request within the network, wherein the connection request is initiated from the client to establish a communication conduit between the client and a server in order to access a specific service on the server;
identifying the communication conduit corresponding to the client, the server, and the specific service;
identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; and
determining whether the one or more usage conditions permit the connection request to be sent to the server, and wherein one of the one or more usage conditions that would permit the connection request to be sent includes a persistent usage condition in which the communication conduit was previously authorized and a designated time interval for the persistent usage condition has not lapsed.
11 Assignments
0 Petitions
Accused Products
Abstract
Invention selectively enables usage of services and communication conduits in a computer network, wherein the enablement is contingent on usage conditions, resulting in containment of the spread of unauthorized activity within a networked computer system and limiting the scope of results when an element becomes part of a hostile execution environment. Instead of protecting individual networked elements from a potentially hostile execution environment, the elements'"'"' usage of the networked environment is restricted to the extent of selectively allowing usage of needed resources explicitly authorized for use by such elements.
149 Citations
41 Claims
-
1. A method to be executed by a processor within a network having a client, comprising:
-
intercepting a connection request within the network, wherein the connection request is initiated from the client to establish a communication conduit between the client and a server in order to access a specific service on the server; identifying the communication conduit corresponding to the client, the server, and the specific service; identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; and determining whether the one or more usage conditions permit the connection request to be sent to the server, and wherein one of the one or more usage conditions that would permit the connection request to be sent includes a persistent usage condition in which the communication conduit was previously authorized and a designated time interval for the persistent usage condition has not lapsed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method to be executed by a processor within a network having a client, comprising:
-
intercepting a service-initiation request within the network, wherein the service-initiation request is initiated from the client in order to access a specific service on a server; identifying a request-type corresponding to the service-initiation request and the specific service; identifying one or more service conditions associated with the request-type, wherein the one or more service conditions are defined to permit conditional use of the request-type by the client; and determining whether the one or more service conditions permit the service-initiation request to be sent to the server, and wherein one of the one or more service conditions that would permit the service-initiation request to be sent include a persistent usage condition in which the request-type was previously authorized and a designated time interval for the persistent usage condition has not lapsed. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system within a network having a client, comprising:
-
a communication proxy for intercepting a connection request within the network, wherein the connection request is initiated from the client to establish a communication conduit between the client and a server in order to access a specific service on the server, wherein the communication proxy comprises one or more processors programmed to execute one or more sequences of instructions, including; identifying the communication conduit corresponding to the client, the server, and the specific service; identifying one or more usage conditions associated with the communication conduit, wherein the one or more usage conditions are defined to permit conditional use of the communication conduit by the client; determining whether the one or more usage conditions permit the connection request to be sent to the server, and wherein one of the one or more usage conditions that would permit the connection request to be sent includes a persistent usage condition in which the communication conduit was previously authorized and a designated time interval for the persistent usage condition has not lapsed. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A system within a network having a client, comprising:
-
a service-proxy for intercepting a service-initiation request within the network, wherein the service-initiation request is initiated from the client in order to access a specific service on a server, wherein the service-proxy comprises one or more processors configured to execute one or more sequences of instructions, including; identifying a request-type corresponding to the service-initiation request and the specific service; identifying one or more service-conditions associated with the request-type, wherein the one or more service-conditions are defined to permit conditional use of the request-type by the client; determining whether the one or more service-conditions permit the service-initiation request to be sent to the server, and wherein one of the one or more service-conditions that would permit the service-initiation request to be sent include a persistent usage condition in which the request-type was previously authorized and a designated time interval for the persistent usage condition has not lapsed. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
Specification