FIREWALL CONTROL SYSTEM

US 20080320584A1
Filed: 06/21/2007
Published: 12/25/2008
Est. Priority Date: 06/21/2007
Status: Active Grant

First Claim

Patent Images

1. A method for controlling a firewall for a user computer system, the method comprising:

receiving a data request at a firewall, the data request being associated with a program of the user computer system;

determining whether an authentication plan is required to be matched for the associated program;

in response to determining that matching an authentication plan is required for the associated program, accessing a stored authentication plan associated with the program, the stored authentication plan having one or more authentication records each having expected information relating to user access to a particular server;

accessing a current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a particular server;

comparing the stored authentication plan with the received current authentication plan to determine whether they match; and

in response to the comparison between the stored authentication plan and the current authentication plan, performing one or more firewall actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally speaking, systems, methods and media for implementing a firewall control system responsive to user authentications are disclosed. Embodiments of a method may include receiving a data request at a firewall where the data request is associated with a program. Embodiments may include determining whether an authentication plan is required to be matched for the associated program and, if so, accessing a stored authentication plan associated with the program and having one or more authentication records each having expected information relating to user access to a particular server. Embodiments may include accessing a current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having information relating to user access to a particular server. Embodiments may include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response, performing one or more firewall actions.

50 Citations

View as Search Results

20 Claims

1. A method for controlling a firewall for a user computer system, the method comprising:
- receiving a data request at a firewall, the data request being associated with a program of the user computer system;
  
  determining whether an authentication plan is required to be matched for the associated program;
  
  in response to determining that matching an authentication plan is required for the associated program, accessing a stored authentication plan associated with the program, the stored authentication plan having one or more authentication records each having expected information relating to user access to a particular server;
  
  accessing a current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a particular server;
  
  comparing the stored authentication plan with the received current authentication plan to determine whether they match; and
  
  in response to the comparison between the stored authentication plan and the current authentication plan, performing one or more firewall actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising processing the data request according to existing firewall steps.
  - 3. The method of claim 2, wherein processing the data request according to existing firewall steps is performed before performing one or more firewall actions.
  - 4. The method of claim 2, wherein processing the data request according to existing firewall steps is performed after performing one or more firewall actions.
  - 5. The method of claim 2, wherein processing the data request according to existing firewall steps is performed simultaneously with performing one or more firewall actions.
  - 6. The method of claim 1, further comprising in response to determining that the stored authentication plan and the current authentication plan do not match, resolving the authentication plan with the user.
  - 7. The method of claim 1, wherein comparing the stored authentication plan with the current authentication plan to determine whether they match comprises comparing authentication records of each authentication plan to determine whether at least a specified subset of authentication records match between the authentication plans.
  - 8. The method of claim 1, wherein performing one or more firewall actions comprises modifying access to the data request by the program.
  - 9. The method of claim 1, wherein performing one or more firewall actions comprises redirecting the data request.
  - 10. The method of claim 1, wherein performing one or more firewall actions comprises performing one or more firewall actions associated with a mismatch of the stored authentication plan and the current authentication plan.
  - 11. The method of claim 1, wherein performing one or more firewall actions comprises performing one or more firewall actions associated with a match of the stored authentication plan and the current authentication plan.

12. A computer program product comprising a computer-useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receiving a data request at a firewall, the data request being associated with a program of the user computer system;
  
  determining whether an authentication plan is required to be matched for the associated program;
  
  in response to determining that matching an authentication plan is required for the associated program, accessing a stored authentication plan associated with the program, the stored authentication plan having one or more authentication records each having expected information relating to user access to a particular server;
  
  accessing a current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a particular server;
  
  comparing the stored authentication plan with the received current authentication plan to determine whether they match; and
  
  in response to the comparison between the stored authentication plan and the current authentication plan, performing one or more firewall actions.
- View Dependent Claims (13, 14)
- - 13. The computer program product of claim 12, further comprising processing the data request according to existing firewall steps.
  - 14. The computer program product of claim 12, further comprising in response to determining that the stored authentication plan and the current authentication plan do not match, resolving the authentication plan with the user.

15. A firewall system implemented on a computer system, the firewall system comprising:
- a network stack to interrogate incoming and outgoing data packets and to apply one or more firewall rules against them to allow or deny the data packets access to a program; and
  
  an authentication verifier in communication with the network stack to further control access to data packets, the authentication verifier comprising;
  
  an authentication module to access a stored authentication plan for a program associated with a particular data packet, the stored authentication plan comprising one or more authentication records each having expected information relating to access by a user to a particular server;
  
  an authentication store interface module to receive a current authentication plan for the associated program, the current authentication plan comprising one or more authentication records each having current information relating to access by a user to a particular server;
  
  wherein the authentication module compares the stored authentication plan with the received current authentication plan to determine whether they match; and
  
  a firewall action manager to perform one or more firewall actions in response to a determination of whether the stored authentication plan and the received current authentication plan match.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The firewall system of claim 15, further comprising an authentication store in communication with the authentication verifier to store a current authentication plan associated with a user, the current authentication plan comprising one or more authentication records each having current information relating to access by a user to a particular server.
  - 17. The firewall system of claim 16, wherein the authentication store executes on a trusted third party computer system.
  - 18. The firewall system of claim 15, wherein the firewall system is a personal firewall implemented on a user computer system.
  - 19. The firewall system of claim 15, wherein the firewall system is a network firewall in communication with a plurality of user computer systems.
  - 20. The firewall system of claim 15, wherein the network stack and authentication verifier execute in parallel in a parallel processing architecture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hamilton, Rick A. II, O'Connell, Brian M., Walker, Keith R., Pavesi, John R.

Granted Patent

US 8,272,043 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/102 Entity profiles

FIREWALL CONTROL SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FIREWALL CONTROL SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links