Cloud to local router security
First Claim
Patent Images
1. A router, comprising:
- a memory, the memory being configured to store a plurality of instructions; and
a processor coupled to the memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to;
download, from a policy control server, at least one policy;
associate the at least one policy to each uniquely-identified client device coupled to the router;
receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router;
send the received URL to a remote site over a computer network;
responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;
allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient;
disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and
periodically poll the policy control server and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated.
8 Assignments
0 Petitions
Accused Products
Abstract
A router may be configured to receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router; send the received URL to a first remote site over a computer network; receive, from the first remote site, a value to which the first remote site has associated the URL; determine whether the received value is sufficient to allow the uniquely-identified client device to access the URL; and allow the uniquely-identified client device to access the URL if the received value is determined to be sufficient and disallow access to the URL by the uniquely-identified client device if the received value is determined not to be sufficient.
-
Citations
28 Claims
-
1. A router, comprising:
-
a memory, the memory being configured to store a plurality of instructions; and a processor coupled to the memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to; download, from a policy control server, at least one policy; associate the at least one policy to each uniquely-identified client device coupled to the router; receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router; send the received URL to a remote site over a computer network; responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device; apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient; disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and periodically poll the policy control server and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of operating a router, comprising:
-
downloading, over a computer network, at least one policy from a remote policy control server; associating the at least one policy to each uniquely-identified client device coupled to the router; receiving a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router; sending the received URL to a remote site over the computer network; responsive to having sent the URL to the remote site, receiving, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device; applying the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; allowing the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient; disallowing access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and periodically polling the remote policy control server over the computer network and downloading at least a portion of the at least one policy from the policy control server if the at least one policy has been undated. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A tangible machine-readable data storage device having data stored thereon representing sequences of instructions which, when executed by a router, causes the router to:
-
download, over a computer network, at least one policy from a remote policy control server; associate the at least one policy to each uniquely-identified client device coupled to the router; receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router; send the received URL to a remote site over the computer network; responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device; apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; and allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient; disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and periodically poll the remote policy control server over the computer network and download at least a portion of the at least one policy from the policy control server if the at least one policy has been undated.
-
-
27. A method of operating a router, comprising:
-
downloading, over a computer network, at least one policy from a remote policy control server; associating the at least one policy to each uniquely-identified client device coupled to the router; receiving a request for a Uniform Resource Locator (URL) from a client device coupled to the router; checking at least one of a locally-stored first list and a locally-stored second list and allowing access to the received URL if the received URL is present in the first list and disallowing access to the received URL if the received URL is present in the second list; checking a cache memory for a presence of an entry comprising the received URL and an associated value and, if the entry comprising the received URL is not present in the cache, sending the received URL to a remote site over the computer network and, responsive to having sent the URL to the remote site, receiving, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device; applying the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the value received from the remote site or the associated value stored in the cache is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; allowing the client device to access the URL if the value received from the remote site or the associated value stored in the cache, as applied to the at least one associated policy, is determined to be sufficient; disallowing access to the URL by the client device if the value received from the first site or the associated value stored in the cache, as applied to the at least one associated policy, is determined not to be sufficient; and periodically polling the remote policy control server over the computer network and downloading at least a portion of the at least one policy from the policy control server if the at least one policy has been undated.
-
-
28. A router, comprising:
-
a memory, the memory being configured to store a plurality of instructions; a cache memory; and a processor coupled to the memory and to the cache memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to; download, over a computer network, at least one policy from a remote policy control server; associate the at least one policy to each uniquely-identified client device coupled to the router; receive a request for a Uniform Resource Locator (URL) from a client device coupled to the router; check at least one of a locally-stored first list and a locally-stored second list and allow access to the received URL if the received URL is present in the first list and disallow access to the received URL if the received URL is present in the second list; check the cache memory for a presence of an entry comprising the received URL and an associated value and, if the entry comprising the received URL is not present in the cache, send the received URL to a remote site over the computer network and, responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device; apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the value received from the remote site or the associated value stored in the cache is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; allow the client device to access the URL if the value received from the remote site or the associated value stored in the cache, as applied to the at least one associated policy, is determined to be sufficient; disallow access to the URL by the client device if the value received from the first site or the associated value stored in the cache, as applied to the at least one associated policy, is determined not to be sufficient; and periodically poll the remote policy control server over the computer network and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated.
-
Specification