Cloud to local router security

US 9,397,978 B1
Filed: 12/21/2012
Issued: 07/19/2016
Est. Priority Date: 12/21/2012
Status: Active Grant

First Claim

Patent Images

1. A router, comprising:

a memory, the memory being configured to store a plurality of instructions; and

a processor coupled to the memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to;

download, from a policy control server, at least one policy;

associate the at least one policy to each uniquely-identified client device coupled to the router;

receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router;

send the received URL to a remote site over a computer network;

responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;

apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;

allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient;

disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and

periodically poll the policy control server and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A router may be configured to receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router; send the received URL to a first remote site over a computer network; receive, from the first remote site, a value to which the first remote site has associated the URL; determine whether the received value is sufficient to allow the uniquely-identified client device to access the URL; and allow the uniquely-identified client device to access the URL if the received value is determined to be sufficient and disallow access to the URL by the uniquely-identified client device if the received value is determined not to be sufficient.

Citations

28 Claims

1. A router, comprising:
- a memory, the memory being configured to store a plurality of instructions; and
  
  a processor coupled to the memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to;
  
  download, from a policy control server, at least one policy;
  
  associate the at least one policy to each uniquely-identified client device coupled to the router;
  
  receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router;
  
  send the received URL to a remote site over a computer network;
  
  responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
  
  apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;
  
  allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient;
  
  disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and
  
  periodically poll the policy control server and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The router of claim 1, wherein the execution of the plurality of instructions further configures the router to determine whether the received value identifies the URL as belonging to a first list of URLs, the access to which is always allowed.
  - 3. The router of claim 2, wherein the execution of the plurality of instructions further configures the router to:
    - download and locally store, in the router, the first list from the remote site; and
      
      thereafter, allow access to a later-requested URL without sending the later-requested URL to the remote site if the later-requested URL is present in the first list.
  - 4. The router of claim 1, wherein the execution of the plurality of instructions further configures the router to determine whether the received value identifies the URL as belonging to a second list of URLs, the access to which is never allowed.
  - 5. The router of claim 4, wherein the execution of the plurality of instructions further configures the router to:
    - download and locally store, in the router, the second list from the remote site; and
      
      thereafter, disallow access to a later-requested URL without sending the later-requested URL to the remote site if the later-requested URL is present in the second list.
  - 6. The router of claim 1, wherein the execution of the plurality of instructions further configures the router to disallow access to the URL without sending the received URL to the remote site if the request for the URL was received outside of a predetermined time window.
  - 7. The router of claim 1, wherein the at least one policy comprises at least one entry specific to the uniquely-identified client device.
  - 8. The router of claim 1, wherein the execution of the plurality of instructions further configures the router to uniquely identify the client device using at least a Media Access Control (MAC) of the client device.
  - 9. The router of claim 1, wherein the execution of the plurality of instructions further configures the router to enable a selective override of a disallowed access to thereby enable the uniquely-identified client device to access the requested URL after the disallowed access has been overridden.
  - 10. The router of claim 9, wherein the selective override is configured to enable an overridden URL to be one of added to a first list of URLs, the access to which is always allowed and added to a second list of URLs, the access to which is always disallowed.
  - 11. The router of claim 9, wherein the selective override is configured to enable a category to which the overridden URL belongs to be one of added to a first list of categories of URLs, the access to which is always allowed and added to a second list of categories of URLs, the access to which is always disallowed.
  - 12. The router of claim 1, wherein the memory is a volatile memory, and wherein the router further comprises a non-volatile memory configured to store the plurality of instructions, and wherein the processor is further configured to, upon startup of the router, load a copy of the plurality of instructions stored in the non-volatile memory into the volatile memory.
  - 13. The router of claim 1, further comprising a modem.

14. A method of operating a router, comprising:
- downloading, over a computer network, at least one policy from a remote policy control server;
  
  associating the at least one policy to each uniquely-identified client device coupled to the router;
  
  receiving a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router;
  
  sending the received URL to a remote site over the computer network;
  
  responsive to having sent the URL to the remote site, receiving, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
  
  applying the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;
  
  allowing the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient;
  
  disallowing access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and
  
  periodically polling the remote policy control server over the computer network and downloading at least a portion of the at least one policy from the policy control server if the at least one policy has been undated.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The method of claim 14, further comprising determining whether the received value identifies the URL as belonging to a first list of URLs, the access to which is always allowed.
  - 16. The method of claim 15, further comprising:
    - downloading and locally storing, in the router, the first list from the remote site; and
      
      thereafter, allowing access to a later-requested URL without sending the later-requested URL to the remote site if the later-requested URL is present in the first list.
  - 17. The method of claim 14, further comprising determining whether the received value identifies the URL as belonging to a second list of URLs, the access to which is never allowed.
  - 18. The method of claim 17, further comprising:
    - downloading and locally storing, in the router, the second list from the remote site; and
      
      thereafter, disallowing access to a later-requested URL without sending the later-requested URL to the remote site if the later-requested URL is present in the second list.
  - 19. The method of claim 14, further comprising disallowing access to the URL without sending the received URL to the remote site if the request for the URL was received outside of a predetermined time window.
  - 20. The method of claim 14, wherein the first and second remote sites are a same remote site.
  - 21. The method of claim 14, wherein the at least one policy comprises at least one entry specific to the uniquely-identified client device.
  - 22. The method of claim 14, further comprising uniquely identifying the client device using at least a Media Access Control (MAC) of the client device.
  - 23. The method of claim 14, further comprising enabling a selective override of a disallowed access to thereby enable the uniquely-identified client device to access the requested URL after the disallowed access has been overridden.
  - 24. The method of claim 23, wherein the selective override is configured to enable an overridden URL to be one of added to a first list of URLs, the access to which is always allowed and added to a second list of URLs, the access to which is always disallowed.
  - 25. The method of claim 23, wherein the selective override is configured to enable a category to which the overridden URL belongs to be one of added to a first list of categories of URLs, the access to which is always allowed and added to a second list of categories of URLs, the access to which is always disallowed.

26. A tangible machine-readable data storage device having data stored thereon representing sequences of instructions which, when executed by a router, causes the router to:
- download, over a computer network, at least one policy from a remote policy control server;
  
  associate the at least one policy to each uniquely-identified client device coupled to the router;
  
  receive a request for a Uniform Resource Locator (URL) from a uniquely-identified client device coupled to the router;
  
  send the received URL to a remote site over the computer network;
  
  responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
  
  apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the received value is sufficient for the associated policy to allow the uniquely-identified client device to access the URL; and
  
  allow the uniquely-identified client device to access the URL if the received value, as applied to the at least one associated policy, is determined to be sufficient;
  
  disallow access to the URL by the uniquely-identified client device if the received value, as applied to the at least one associated policy, is determined not to be sufficient; and
  
  periodically poll the remote policy control server over the computer network and download at least a portion of the at least one policy from the policy control server if the at least one policy has been undated.

27. A method of operating a router, comprising:
- downloading, over a computer network, at least one policy from a remote policy control server;
  
  associating the at least one policy to each uniquely-identified client device coupled to the router;
  
  receiving a request for a Uniform Resource Locator (URL) from a client device coupled to the router;
  
  checking at least one of a locally-stored first list and a locally-stored second list and allowing access to the received URL if the received URL is present in the first list and disallowing access to the received URL if the received URL is present in the second list;
  
  checking a cache memory for a presence of an entry comprising the received URL and an associated value and, if the entry comprising the received URL is not present in the cache, sending the received URL to a remote site over the computer network and, responsive to having sent the URL to the remote site, receiving, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
  
  applying the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the value received from the remote site or the associated value stored in the cache is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;
  
  allowing the client device to access the URL if the value received from the remote site or the associated value stored in the cache, as applied to the at least one associated policy, is determined to be sufficient;
  
  disallowing access to the URL by the client device if the value received from the first site or the associated value stored in the cache, as applied to the at least one associated policy, is determined not to be sufficient; and
  
  periodically polling the remote policy control server over the computer network and downloading at least a portion of the at least one policy from the policy control server if the at least one policy has been undated.

28. A router, comprising:
- a memory, the memory being configured to store a plurality of instructions;
  
  a cache memory; and
  
  a processor coupled to the memory and to the cache memory, wherein the processor is configured to execute the plurality of instructions, the execution of the plurality of instructions configuring the router to;
  
  download, over a computer network, at least one policy from a remote policy control server;
  
  associate the at least one policy to each uniquely-identified client device coupled to the router;
  
  receive a request for a Uniform Resource Locator (URL) from a client device coupled to the router;
  
  check at least one of a locally-stored first list and a locally-stored second list and allow access to the received URL if the received URL is present in the first list and disallow access to the received URL if the received URL is present in the second list;
  
  check the cache memory for a presence of an entry comprising the received URL and an associated value and, if the entry comprising the received URL is not present in the cache, send the received URL to a remote site over the computer network and, responsive to having sent the URL to the remote site, receive, from the remote site, a value to which the remote site has associated the URL, the value being one of a plurality of values, each of the plurality of values corresponding to a greater or lesser scope of URL access rights associated with the uniquely-identified client device;
  
  apply the received value to the at least one policy associated with the uniquely-identified device from which the URL request was received to determine whether the value received from the remote site or the associated value stored in the cache is sufficient for the associated policy to allow the uniquely-identified client device to access the URL;
  
  allow the client device to access the URL if the value received from the remote site or the associated value stored in the cache, as applied to the at least one associated policy, is determined to be sufficient;
  
  disallow access to the URL by the client device if the value received from the first site or the associated value stored in the cache, as applied to the at least one associated policy, is determined not to be sufficient; and
  
  periodically poll the remote policy control server over the computer network and download at least a portion of the at least one policy from the policy control server if the at least one policy has been updated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Cha, Derek Hee Jun, Chen, Paul
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Chiang, Jason C

Application Number

US13/724,875
Time in Patent Office

1,306 Days
Field of Search

726/11
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

Cloud to local router security

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud to local router security

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links