Restricting communication of selected processes to a set of specific network addresses

US 8,489,764 B2
Filed: 05/03/2010
Issued: 07/16/2013
Est. Priority Date: 02/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system for restricting network address based communication, comprising:

means for associating at least one selected process with at least two network addresses;

means for determining whether an attempted network address-based communication of a selected process is via an associated address; and

means for allowing the communication to proceed if the communication is via an associated address.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Selected processes are associated with sets of specific network addresses, and the associations are stored. When a selected process creates a child process, an association between the child process and the set of network addresses with which the parent process is associated is stored. When a selected process is deleted, the association between the selected process and its set of network addresses is deleted. Each selected process is restricted to network address-based communication via its associated set of network addresses. Certain communication protocol subroutines associated with network address-based communication are intercepted by an interception module. The interception module detects attempts by selected processes to communicate via network addresses. If a selected process attempts to communicate via an unassociated network addresses, the attempted communication is prohibited.

156 Citations

35 Claims

1. A computer system for restricting network address based communication, comprising:
- means for associating at least one selected process with at least two network addresses;
  
  means for determining whether an attempted network address-based communication of a selected process is via an associated address; and
  
  means for allowing the communication to proceed if the communication is via an associated address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer system of claim 1 further comprising:
    - means for loading at least one selected process into computer memory; and
      
      means for storing at least one association, between the process and at least one network address.
  - 3. The computer system of claim 1 wherein:
    - associations between selected processes and network addresses are stored in an association table in a computer memory of the computer system.
  - 4. The computer system of claim 3 wherein:
    - the association table is stored in operating system address space.
  - 5. The computer system of claim 1 wherein:
    - a network address-based communication comprises an attempt to designate a network address to be used for subsequent communication.
  - 6. The computer system of claim 1 wherein:
    - a network address-based communication comprises an attempt to associate a communication channel with a network address.
  - 7. The computer system of claim 1 wherein:
    - a network address-based communication comprises an attempt to communicate without designating a network address to be used for communication.
  - 8. The computer system of claim 1 wherein:
    - a network address-based communication comprises an attempt to establish a connection to a second process.
  - 9. The computer system of claim 1 wherein:
    - a network address-based communication comprises an attempt to transmit data to a second process.
  - 10. The computer system of claim 9 wherein:
    - the second process is executing in a computer memory of the computer system.
  - 11. The computer system of claim 9 wherein:
    - the second process executes in a computer memory of a second computer system.
  - 12. The computer system of claim 1 further comprising:
    - means for determining whether an attempted network address-based communication is via an associated address by intercepting system calls that pertain to network address-based communication.
  - 13. The computer system of claim 1 further comprising:
    - means for associating a child process of a selected process with a single network address with which the selected process is associated;
      
      means for determining whether network address-based communication of the child process is via the associated address; and
      
      means for allowing the communication to proceed if it is determined that the communication is via the associated address.
  - 14. The computer system of claim 1 further comprising:
    - means for associating a child process of a selected process with at least two network addresses with which the selected process is associated;
      
      means for determining whether network address-based communication of the child process is via an associated address; and
      
      means for allowing the communication to proceed if it is determined that the communication is via an associated address.
  - 15. The computer system of claim 1 further comprising:
    - means for detecting termination of a selected process; and
      
      means for deleting all associations between the process and network addresses.

16. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
- means for associating at least one selected process with at least two network addresses;
  
  means for determining whether an attempted network address-based communication of a selected process is via an associated address; and
  
  means for not allowing the attempted communication to proceed if it is determined that the attempted communication is not via an associated address.

17. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- means for associating at least two selected processes with at least one network address;
  
  means for detecting an attempt by a selected process to associate a communication channel with a network address; and
  
  means for determining whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process.
- View Dependent Claims (18)
- - 18. The computer system of claim 17 further comprising:
    - allowing the communication channel to be associated with the network address if it is determined that the network address is associated with the selected process.

19. A computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
- means for associating at least one selected process with at least two network addresses;
  
  means for detecting an attempt by a selected process to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; and
  
  means for associating the communication channel with a network address that is associated with the process.
- View Dependent Claims (20)
- - 20. The computer system of claim 19, the computer system further comprising:
    - means for associating the communication channel with one of the at least two network addresses, resulting in a communication channel-network address pair;
      
      means for establishing one communication channel per each additional one of the at least two network addresses;
      
      means for associating each established communication channel with one of the at least two network addresses, resulting in additional communication channel-network address pairs; and
      
      means for associating the communication channel with the communication channel, network address pairs.

21. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- means for associating at least two selected processes with a unique local host address;
  
  means for detecting an attempt by a selected process to communicate with a local host; and
  
  means for designating the unique local host address associated with the selected process to be used by the selected process to communicate with the local host.

22. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- means for associating at least one selected process with at least two network addresses;
  
  means for detecting an attempt by a selected process to communicate with a second process via a communication channel;
  
  means for determining if the communication channel is associated with a network address; and
  
  means for associating the communication channel with a network address that is associated with the process if it is determined that the communication channel is not associated with a network address.

23. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- means for associating at least one selected process with at least two network addresses;
  
  means for detecting an attempt by a selected process to establish a connection between a communication channel and a second process;
  
  means for determining if the communication channel is associated with a network address; and
  
  means for associating the communication channel with a network address that is associated with the selected process if it is determined that the communication channel is not associated with a network address.

24. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
- a processor and one or more memories;
  
  a component configured to associate at least two selected processes with at least one network address;
  
  a component configured to determine whether an attempted network address-based communication of a selected process is via an associated address; and
  
  a component configured to, in response to a determination that the communication is via an associated address, allow the communication to proceed.
- View Dependent Claims (25)
- - 25. The computer system of claim 24 further comprising:
    - a component configured to load at least one selected process into computer memory; and
      
      a component configured to store at least one association between the process and at least one network address.

26. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses:
- a processor and one or more memories;
  
  a component configured to associate at least one selected process with at least two network addresses;
  
  a component configured to determine whether an attempted network address-based communication of a selected process is via an associated address;
  
  a component configured to, in response to a determination that the communication is not via an associated address, not allow the attempted communication to proceed.

27. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- a component configured to associate at least one selected process with at least two network addresses;
  
  a component configured to detect an attempt by a selected process to associate a communication channel with a network address; and
  
  a component configured to determine whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process.

28. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- a processor and one or more memories;
  
  a component configured to associate at least two selected processes with at least one network address;
  
  a component configured to detect an attempt by a selected process to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; and
  
  a component configured to associate the communication channel with a network address that is associated with the process.
- View Dependent Claims (29)
- - 29. The computer system of claim 28 wherein the selected process is associated with multiple network addresses;
    - the computer system comprising;
      
      a component configured to associate the communication channel with one of the multiple network addresses, resulting in a communication channel-network address pair;
      
      a component configured to establish one communication channel per each additional one of the multiple network addresses;
      
      a component configured to associate each established communication channel with one of the multiple network addresses, resulting in additional communication channel-network address pairs; and
      
      a component configured to associate the communication channel with the communication channel, network address pairs.

30. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- a component configured to associate at least two selected processes with a unique local host address;
  
  a component configured to detect an attempt by a selected process to communicate with a local host; and
  
  a component configured to designate the unique local host address associated with the selected process to be used by the selected process to communicate with the local host.

31. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- a component configured to associate at least one selected process with at least two network addresses;
  
  a component configured to detect an attempt by a selected process to communicate with a second process via a communication channel;
  
  a component configured to determine if the communication channel is associated with a network address; and
  
  a component configured to, in response to determining that the communication channel is not associated with a network address, associate the communication channel with a network address that is associated with the process.

32. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
- a component configured to associate at least one selected process with at least two network addresses;
  
  a component configured to detect an attempt by a selected process to establish a connection between a communication channel and a second process;
  
  a component configured to determine if the communication channel is associated with a network address; and
  
  a component configured to, in response to determining that the communication channel is not associated with a network address, associate the communication channel with a network address that is associated with the selected process.
- View Dependent Claims (33)
- - 33. The computer system of claim 32 further comprising:
    - a component configured to, in response to a determination that the communication channel is associated with a network address that is not associated with the selected process, not allow the connection to be established.

34. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
- a component configured to associate at least two selected processes with at least one network address;
  
  a component configured to detect when a selected process attempts to communicate via an unassociated address; and
  
  a component configured to not allow the attempted communication to proceed.

35. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
- a component configured to associate at least one selected process with at least two network addresses;
  
  a component configured to detect when an elected process attempts to communicate via an unassociated address; and
  
  a component configured to not allow attempted communication to proceed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Longhorn HD LLC (Alpha Alpha Intellectual Partners LLC)
Original Assignee
Digital Asset Enterprises LLC (Intellectual Ventures LLC)
Inventors
Goyal, Pawan
Primary Examiner(s)
DONAGHUE, LARRY D

Application Number

US12/772,982
Publication Number

US 20110238832A1
Time in Patent Office

1,170 Days
Field of Search

709/238
US Class Current

709/238
CPC Class Codes

G06F 2209/542   Intercept

G06F 9/468   Specific access rights for ...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/544   Buffers; Shared memory; Pipes

Restricting communication of selected processes to a set of specific network addresses

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Restricting communication of selected processes to a set of specific network addresses

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links