×

Method to apply network encryption to firewall decisions

  • US 8,695,081 B2
  • Filed: 04/10/2007
  • Issued: 04/08/2014
  • Est. Priority Date: 04/10/2007
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer system for preventing backdoor vulnerability while handling network access requests, the computer system comprising:

  • one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions, stored on the one or more storage devices and when executed by the one or more processors,responsive to detecting an incoming firewall trusted request from a first client device at a specified communications port, establishing a trusted network communication through a local firewall and a remote firewall by;

    transmitting a firewall identification handshake response to the remote firewall upon receipt of a handshake identification request from the remote firewall;

    transmitting a local firewall public encryption key to the remote firewall responsive to receipt of a remote firewall public encryption key;

    responsive to receiving a signed trusted computer request from the remote firewall and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, verifying that the trusted computer request is signed using the received remote firewall public encryption key; and

    modifying local firewall rules to allow data communications to and from one or more addresses associated with the remote firewall to be transmitted and received, respectively, with the first client device through the local firewall responsive to determining that the first client device has been previously authorized to establish trusted access with the remote firewall;

    wherein the handshake identification request and the firewall identification handshake response indicate a supported protocol version and an acceptable key algorithm, and wherein the trusted computer request comprises one or more identifiers selected from the group consisting of a name of a computer protected by the local firewall, a username of a user associated with a computer protected by the local firewall, and an electronic mail address of a user associated with a computer protected by the local firewall;

    determining that network communications on the specified communications port comprise a wireless communication; and

    applying a first security policy to establish the trusted network communication responsive to determining the network communications on the specified port comprises a wireless communication, and applying a second, different security policy to establish the trusted network communication responsive to determining the network communication on the specified port comprises a wired communication;

    thereby allowing the first client device to use the local firewall as a wireless bridge according to the first security policy, and as a wired bridge according to the second security policy, wherein the first security policy and the second security policy include encryption.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×