Computer security system
First Claim
1. A method of packet management for restricting access to a resource of a computer system using client parameters and network parameters, as packet management information, said method comprising:
- inserting, at a first device, the packet management information and a session ID into at least a portion of information packets sent from the first device to a second device;
monitoring, at the second device, the packet management information of the portion of the information packets sent from the first device;
filtering out respective information packets sent to the second device from the first device when the monitored packet management information indicates that access to the resource is restricted;
extracting a client ID unique to the first device from the monitored information packets;
re-generating a digital signature in the second device using a session key associated with the extracted client ID; and
comparing the digital signature regenerated in the second device with the digital signature embedded in the monitored information packets.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.
212 Citations
25 Claims
-
1. A method of packet management for restricting access to a resource of a computer system using client parameters and network parameters, as packet management information, said method comprising:
-
inserting, at a first device, the packet management information and a session ID into at least a portion of information packets sent from the first device to a second device; monitoring, at the second device, the packet management information of the portion of the information packets sent from the first device; filtering out respective information packets sent to the second device from the first device when the monitored packet management information indicates that access to the resource is restricted; extracting a client ID unique to the first device from the monitored information packets; re-generating a digital signature in the second device using a session key associated with the extracted client ID; and comparing the digital signature regenerated in the second device with the digital signature embedded in the monitored information packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for restricting access to a resource of a computer system using packet management information that includes network and device parameters, comprising:
-
a first device for inserting the packet management information into information packets destined for the resource of the computer system; and a second device including; a packet processor for removing at least the packet management information inserted by the first device into information packets received from the first device, and a packet manager for monitoring the removed packet management information in the information packets from the client device and for controlling the packet processor to filter out respective information packets when the network and client parameters indicate that access to the resource is restricted. wherein the packet management information in each of the information packets is a variable length security tag and a login message to establish a session between the client and server devices includes device parameters including control flags indicating (1) a set length of the security tag and (2) whether none, a part or an entire payload is used for encryption of the security tag. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification