Network zones
First Claim
1. A processor-readable storage memory having stored thereon processor-executable instructions that, responsive to execution by a client computer, cause the client computer to perform a method comprising:
- defining by a module locally at the client computer a plurality of network zones each of which includes a different set of network properties and connection policies to associate networks encountered by the client computer with one of the plurality of network zones, the plurality of network zones configured to be enforced by the module to control connections of the client computer to the encountered networks;
connecting to at least one of the encountered networks;
subsequent to the connecting, assigning the at least one of the encountered networks to one of the plurality of network zones that has network properties corresponding to properties of the at least one of the encountered networks;
receiving, from an application program executing on the computer, preference information that identifies one of the plurality of network zones as a preferred network zone;
permitting communications between the application program and a network connected to the client computer that is assigned to the preferred network zone, the application program being permitted to communicate with specific network locations on the network that are defined by the preference information received from the application program; and
preventing communications between the application program and a network connected to the client computer that is not assigned to the preferred network zone, the application program being prevented from communicating with network locations on the network that are not specified in the preferred network zone.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer assigns networks to network zones based on predefined properties for each zone and/or the properties of the networks. An application program installed on the computer provides the computer with preference information that indicates the network zone whose network policies or properties are best suited for the application program. Thereafter, when executing the application program, the computer limits network contact for the application program to the network(s) that is assigned to the network zone(s) identified as a preferred network zone(s) or identified by a preferred network property or properties by the preference information from the application program.
-
Citations
51 Claims
-
1. A processor-readable storage memory having stored thereon processor-executable instructions that, responsive to execution by a client computer, cause the client computer to perform a method comprising:
-
defining by a module locally at the client computer a plurality of network zones each of which includes a different set of network properties and connection policies to associate networks encountered by the client computer with one of the plurality of network zones, the plurality of network zones configured to be enforced by the module to control connections of the client computer to the encountered networks; connecting to at least one of the encountered networks; subsequent to the connecting, assigning the at least one of the encountered networks to one of the plurality of network zones that has network properties corresponding to properties of the at least one of the encountered networks; receiving, from an application program executing on the computer, preference information that identifies one of the plurality of network zones as a preferred network zone; permitting communications between the application program and a network connected to the client computer that is assigned to the preferred network zone, the application program being permitted to communicate with specific network locations on the network that are defined by the preference information received from the application program; and preventing communications between the application program and a network connected to the client computer that is not assigned to the preferred network zone, the application program being prevented from communicating with network locations on the network that are not specified in the preferred network zone. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A processor-readable storage memory having stored thereon processor-executable instructions that, responsive to execution by a client computer, cause the client computer to perform a method comprising:
-
defining via a zone module of an operating system of the client computer a plurality of network zones each of which includes a set of network properties and policies to associate networks encountered by the client computer with one of the plurality of network zones, the plurality of network zones configured to be enforced by the zone module locally at the client computer to control connections of the client computer to the encountered networks; recognizing a connection between the client computer and a first network; based on recognition of the connection, assigning the first network to a first network zone; permitting access to the first network for application programs that specify the first network zone as a preferred network zone, the application programs being permitted to communicate with network locations on the first network that are specified in the first network zone; preventing the application programs from communicating with one or more network locations on the first network that are not specified in the first network zone; and preventing access to the first network connected to the client computer for additional application programs that specify a second network zone as a preferred network zone. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A processor-readable storage memory having stored thereon processor-executable instructions that, responsive to execution by a client computer, cause the client computer to perform a method comprising:
-
defining via a software module integrated with the client computer a plurality of network zones such that each network zone corresponds to a different network connection policy and includes a set of network properties to assign networks encountered by the client computer with the plurality of network zones, the plurality of network zones configured to be enforced by the software module locally at the client computer to control connections of the client computer to the encountered networks; connecting to at least one of the networks encountered by the client computer; responsive to the connecting, assigning the at least one of the networks to one of the plurality of network zones that has network properties corresponding to properties of the at least one of the networks; receiving a network zone preference from an application program executed at the client computer indicating a preferred network connection policy for the application program; and based upon the network connection policy and network properties of each network zone, enforcing the preferred network connection policy according to the network zone preference during execution of the application program to control communication of the application program with networks to which the client computer is connected, the communication being controlled by at least limiting network contact for the application to communications with particular network locations that are expressed in the preferred network connection policy received from the application program, the application program being prevented from communicating with networks connected to the client computer that are not associated with a network zone that corresponds to the network zone preference, the application program being prevented from communicating with network locations that are not specified in the preferred network connection policy. - View Dependent Claims (19)
-
-
20. A method implemented at least in part by a mobile computer comprising:
-
defining in a module integrated with an operating system of the mobile computer a plurality of network zones each of which includes a set of network properties and policies to associate networks encountered by the mobile computer with the plurality of network zones; receiving from an application program executing on the mobile computer, a preference that specifies a preferred network zone of the plurality of network zones; assigning the application program to the preferred network zone via the module integrated with the operating system in accordance with the preference; detecting a connection between the mobile computer and a network; comparing network properties of the connected network with properties of each network zone; based on the comparison, assigning the connected network to the preferred network zone; and based on the assigning of the application program to the preferred network zone; permitting one or more communications between the application program and the network assigned to the preferred network zone, the application program being permitted to communicate with particular network locations on the network that are defined by instructions received from the application program; and preventing one or more communications between the application program and another network connected to the mobile computer that is not assigned to the preferred network zone, the application program being prevented from communicating with network locations on the network that are not specified in the preferred network zone. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A method implemented at least in part by a mobile computer comprising:
-
defining by a module integrated with an operating system of the mobile computer a plurality of network zones each of which includes a set of network properties and policies to associate networks encountered by the mobile computer with the plurality of network zones; recognizing a connection between the mobile computer and a first network; based on the connection, assigning the first network to a first network zone; permitting access to the first network for application programs that specify the first network zone as a preferred network zone, the application programs being permitted to communicate with network locations on the first network that are specified in the first network zone; preventing the application programs from communicating with one or more network locations on the first network that are not specified in the first network zone; and preventing access to the first network connected to the mobile computer for additional application programs that specify a second network zone as a preferred network zone. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method comprising:
-
defining in an operating system module of a client computer a plurality of network zones such that each network zone corresponds to a different network connection policy and includes a set of network properties to associate networks encountered by the client computer with the plurality of network zones; connecting the client computer to at least one encountered network; responsive to the connecting, assigning the at least one encountered network to one of the plurality of network zones that has network properties corresponding to properties of the at least one encountered network; receiving a network zone preference from an application program executed at the client computer indicating a preferred network connection policy for the application program; and based upon the network connection policy and network properties of each network zone, enforcing the preferred network connection policy according to the network zone preference during execution of the application program to control communication of the application program with networks to which the computer is connected, the communication being controlled by at least limiting communications between the application and specific network locations on the at least on encountered network that are specified in the network zone preference received from the application program, the application program being prevented from communicating with networks connected to the client computer that are not associated with a network zone that corresponds to the network zone preference, the application program being prevented from communicating with network locations on the at least one encountered network that are not specified in the network zone preference received from the application program. - View Dependent Claims (32)
-
-
33. A client computer comprising:
-
a processor; a memory; a zone module integrated with an operating system of the client computer stored in the memory and executable on the processor; and a plurality of network zones supported by the zone module each of which includes a set of network properties and policies to assign networks encountered by the client computer to one of the plurality of network zones, wherein the processor is configured to execute instructions in the memory to cause the zone module to; assign a network connected to the computer to a network zone when the network corresponds to the set of properties and policies for the network zone; and receive a zone preference from an application and control communication between the network and the application according to the zone preference by at least preventing the application from communicating with networks connected to the client computer that are not associated with the network zone, the communication between the network and the application being controlled by a least limiting network contact for the application to communications with specific network locations on the network that are specified in the zone preference received from the application, the application being prevented from communicating with network locations on the network that are not specified in the zone preference. - View Dependent Claims (34)
-
-
35. A mobile computer comprising:
-
one or more processors configured to execute instructions stored in a memory associated with the mobile computer; a zone module configured to, responsive to execution by the one or more processors; define a plurality of network zones; and based on properties and policies included with each network zone, assign a network to which the mobile computer is connected to one or more of the plurality of network zones; a zone preference received by the zone module from an application program; and a preferred network zone of the plurality of network zones specified by the zone preference; wherein the zone module is further configured to; prevent communication between the application program and any network connected to the mobile computer that is not assigned to the preferred network zone; and limit network contact for the application program to communications with specific network locations on the network that are specified in the zone preference received from the application program, the application program being prevented from communicating with network locations on the network that are not specified in the zone preference. - View Dependent Claims (36, 37)
-
-
38. A client computer comprising:
-
one or more processors; and a memory having instructions that are executable by the one or more processors to implement a zone module that is configured to; define within an operating system of the client computer a plurality of network zones each of which includes a set of network properties and policies to associate networks encountered by the client computer with the plurality of network zones plurality of network zones; connect the client computer to at least one of the encountered networks; after connecting to the at least one of the encountered networks, assign the at least one of the encountered networks to one of the plurality of network zones that has network properties corresponding to properties of the at least one of the encountered networks; receive, from an application program executed at the client computer, a preference that specifies a preferred network zone of the plurality of network zones; permit communications between the application program and a network connected to the client computer that is assigned to the preferred network zone, the application program being permitted to communicate with specific network locations on the network that are defined by the instructions in the preference received from the application program; and prevent communications between the application program and a network connected to the client computer that is not assigned to the preferred network zone, the application program being prevented from communicating with network locations on the network that are not specified in the preferred network zone. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. A mobile computer comprising:
-
one or more processors; and a memory having instructions that are executable by the one or more processors to implement a zone module that is configured to; define within an operating system of the mobile computer a plurality of network zones each of which includes a set of network properties and policies to associate networks encountered by the mobile computer with the plurality of network zones; recognize a connection between the mobile computer and a first network; assign the first network to a first network zone in response to the connection being recognized between the mobile computer and the first network; permit access to the first network for application programs that specify the first network zone as a preferred network zone, the application programs being permitted to communicate with network locations on the first network that are specified in the first network zone; prevent the application programs from communicating with one or more network locations on the first network that are not specified in the first network zone; and prevent access to the first network connected to the mobile computer for application programs that specify a second network zone as a preferred network zone. - View Dependent Claims (47, 48, 49)
-
-
50. A client computer comprising:
-
one or more processors; and a memory having instructions that are executable by the one or more processors to implement a zone module that is configured to; define within an operating system of the client computer a plurality of network zones such that each network zone corresponds to a different network connection policy and includes a set of network properties to associate networks encountered by the client computer with the plurality of network zones; connect the client computer to at least one encountered network; responsive to the connecting, assign the at least one encountered network to one of the plurality of network zones that has network properties corresponding to properties of the at least one encountered network; receive a network zone preference from an application program indicating a preferred network connection policy for the application program; and based upon the network connection policy and network properties of each network zone, enforce the preferred network connection policy according to the network zone preference during execution of the application program to control communications between the application program and networks to which the computer is connected, the communications of the application program being controlled by at least preventing the application program from communicating with networks connected to the client computer that are not associated with a network zone corresponding to the network zone preference, the communications being further controlled by at least; limiting network contact for the application to communications with particular network locations on the at least one network that are expressed in the preferred network connection policy received from the application program; and preventing the application program from communicating with network locations on the at least one network that are not specified in the zone preference. - View Dependent Claims (51)
-
Specification