Firewall control via remote system information

US 8,327,430 B2
Filed: 06/19/2007
Issued: 12/04/2012
Est. Priority Date: 06/19/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for controlling a firewall for a user computer system, said method comprising:

one or more processors of the user computer system receiving a control request to control a program of the user computer system by the firewall, said control request comprising a condition pertaining to at least one process of a remote computer system, said at least one process configured to be executed on the remote computer system, said firewall configured to protect the user computer system from external threats, said condition pertaining to the at least one process comprising a condition of the at least one process utilizing less than a specified percentage of CPU resources of the remote computer system;

said one or more processors storing a remote system condition associated with the program of the user computer system, said remote system condition comprising the condition pertaining to the at least one process;

said one or more processors receiving a data request for a transmission of data from or to the program of the user computer system to or from the remote computer system, respectively;

in response to said receiving the data request, said one or more processors requesting, from the remote computer system, information indicating a current state of the at least one process of the remote computer system;

said one or more processors ascertaining whether the remote system condition is satisfied based on a comparison of the information indicating the current state of the at least one process with the condition pertaining to the at least one process; and

said one or more processors directing the firewall to allow or block the transmission of data if said ascertaining ascertains that the remote system condition is satisfied or not satisfied, respectively.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally speaking, systems, methods and media for implementing a firewall control system responsive to remote system information are disclosed. Embodiments of a method may include receiving a data request at a firewall where the data request is associated with a program and determining whether a remote system condition exists for the associated program, where the remote system condition includes a condition to be satisfied based on information received from a particular remote system. Embodiments may also include, in response to determining that a remote system condition exists, determining whether the remote system condition is satisfied based on information received from the particular remote system. Embodiments may also include, in response to determining whether the remote system condition is satisfied, performing one or more firewall actions.

37 Citations

View as Search Results

12 Claims

1. A method for controlling a firewall for a user computer system, said method comprising:
- one or more processors of the user computer system receiving a control request to control a program of the user computer system by the firewall, said control request comprising a condition pertaining to at least one process of a remote computer system, said at least one process configured to be executed on the remote computer system, said firewall configured to protect the user computer system from external threats, said condition pertaining to the at least one process comprising a condition of the at least one process utilizing less than a specified percentage of CPU resources of the remote computer system;
  
  said one or more processors storing a remote system condition associated with the program of the user computer system, said remote system condition comprising the condition pertaining to the at least one process;
  
  said one or more processors receiving a data request for a transmission of data from or to the program of the user computer system to or from the remote computer system, respectively;
  
  in response to said receiving the data request, said one or more processors requesting, from the remote computer system, information indicating a current state of the at least one process of the remote computer system;
  
  said one or more processors ascertaining whether the remote system condition is satisfied based on a comparison of the information indicating the current state of the at least one process with the condition pertaining to the at least one process; and
  
  said one or more processors directing the firewall to allow or block the transmission of data if said ascertaining ascertains that the remote system condition is satisfied or not satisfied, respectively.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, said method further comprising:
    - prior to said storing the remote system condition, said one or more processors configuring the remote system condition for the program of the user computer system such that the remote system condition is specific to the program of the user computer system.
  - 3. The method of claim 1, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data of a specified protocol.
  - 4. The method of claim 1, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data in a specified direction of data flow, said specified direction of data flow being either inbound or outbound with respect to the user computer system.

5. A computer program product, comprising one or more computer-readable tangible storage devices and computer-readable program instructions which are stored on the one or more storage devices and are configured to be executed by one or more processors of a user computer system to perform a method for controlling a firewall for the user computer system, said method comprising:
- said one or more processors of the user computer system receiving a control request to control a program of the user computer system by the firewall, said control request comprising a condition pertaining to at least one process of a remote computer system, said at least one process configured to be executed on the remote computer system, said firewall configured to protect the user computer system from external threats, said condition pertaining to the at least one process comprising a condition of the at least one process utilizing less than a specified percentage of CPU resources of the remote computer system;
  
  said one or more processors storing a remote system condition associated with the program of the user computer system, said remote system condition comprising the condition pertaining to the at least one process;
  
  said one or more processors receiving a data request for a transmission of data from or to the program of the user computer system to or from the remote computer system, respectively;
  
  in response to said receiving the data request, said one or more processors requesting, from the remote computer system, information indicating a current state of the at least one process of the remote computer system;
  
  said one or more processors ascertaining whether the remote system condition is satisfied based on a comparison of the information indicating the current state of the at least one process with the condition pertaining to the at least one process; and
  
  said one or more processors directing the firewall to allow or block the transmission of data if said ascertaining ascertains that the remote system condition is satisfied or not satisfied, respectively.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product of claim 5, said method further comprising:
    - prior to said storing the remote system condition, said one or more processors configuring the remote system condition for the program of the user computer system such that the remote system condition is specific to the program of the user computer system.
  - 7. The computer program product of claim 5, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data of a specified protocol.
  - 8. The computer program product of claim 5, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data in a specified direction of data flow, said specified direction of data flow being either inbound or outbound with respect to the user computer system.

9. A user computer system, comprising one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions which are stored on the one or more storage devices for execution by the one or more processors via the one or more memories to perform a method for controlling a firewall for the user computer system, said method comprising:
- said one or more processors of the user computer system receiving a control request to control a program of the user computer system by the firewall, said control request comprising a condition pertaining to at least one process of a remote computer system, said at least one process configured to be executed on the remote computer system, said firewall configured to protect the user computer system from external threats, said condition pertaining to the at least one process comprising a condition of the at least one process utilizing less than a specified percentage of CPU resources of the remote computer system;
  
  said one or more processors storing a remote system condition associated with the program of the user computer system, said remote system condition comprising the condition pertaining to the at least one process;
  
  said one or more processors receiving a data request for a transmission of data from or to the program of the user computer system to or from the remote computer system, respectively;
  
  in response to said receiving the data request, said one or more processors requesting, from the remote computer system, information indicating a current state of the at least one process of the remote computer system;
  
  said one or more processors ascertaining whether the remote system condition is satisfied based on a comparison of the information indicating the current state of the at least one process with the condition pertaining to the at least one process; and
  
  said one or more processors directing the firewall to allow or block the transmission of data if said ascertaining ascertains that the remote system condition is satisfied or not satisfied, respectively.
- View Dependent Claims (10, 11, 12)
- - 10. The user computer system of claim 9, said method further comprising:
    - prior to said storing the remote system condition, said one or more processors configuring the remote system condition for the program of the user computer system such that the remote system condition is specific to the program of the user computer system.
  - 11. The user computer system of claim 9, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data of a specified protocol.
  - 12. The user computer system of claim 9, wherein the remote system condition further comprises a condition of the transmission of data being a transmission of data in a specified direction of data flow, said specified direction of data flow being either inbound or outbound with respect to the user computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hamilton, Rick A. II, O'Connell, Brian M., Pavesi, John R., Walker, Keith R.
Primary Examiner(s)
Chai, Longbit

Application Number

US11/765,004
Publication Number

US 20080320580A1
Time in Patent Office

1,995 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 41/082   the condition being updates...

H04L 63/0218   Distributed architectures, ...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

Firewall control via remote system information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall control via remote system information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links