COMMUNICATION TERMINAL DEVICE, RULE DISTRIBUTION DEVICE, AND PROGRAM

US 20100180331A1
Filed: 02/09/2007
Published: 07/15/2010
Est. Priority Date: 03/30/2006
Status: Abandoned Application

First Claim

Patent Images

1. A communication terminal device provided with a communication device that connects to a network and a firewall that controls passage and blocking of data between its own device and the network in accordance with firewall rules that are set;

said communication terminal device comprising;

a rule storage unit that holds identification information of networks and firewall rules in association with each other for each network;

a rule storage control unit that stores in said rule storage unit firewall rules received from a prescribed rule-distributing device in association with identification information of networks to which these firewall rules are to be applied; and

a firewall control unit that detects identification information of a network to both monitor and, when the identification information is newly detected or changes, and reads from said rule storage unit firewall rules that are placed in association with the identification information that has been detected or has changed to set or update to said firewall.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication terminal device (10) that is provided with a communication device (11) that connects to a network and a firewall (12) that functions in accordance with firewall rules further includes: a rule storage unit (14) that holds network identification information and firewall rules in association with each other for each network; a rule storage control unit (15) that stores in the rule storage unit (14) firewall rules that are received from rule-distributing device (20) and the identification information of a network that is the object of application in association with each other; and a firewall control unit (13) that detects network identification information to both monitor and, when the identification information is newly detected or changes, reads from the rule storage unit (14) firewall rules that are placed in association with the identification information that has been detected or that has changed to set or update in the firewall (12).

53 Citations

View as Search Results

13 Claims

1. A communication terminal device provided with a communication device that connects to a network and a firewall that controls passage and blocking of data between its own device and the network in accordance with firewall rules that are set;
- said communication terminal device comprising;
  
  a rule storage unit that holds identification information of networks and firewall rules in association with each other for each network;
  
  a rule storage control unit that stores in said rule storage unit firewall rules received from a prescribed rule-distributing device in association with identification information of networks to which these firewall rules are to be applied; and
  
  a firewall control unit that detects identification information of a network to both monitor and, when the identification information is newly detected or changes, and reads from said rule storage unit firewall rules that are placed in association with the identification information that has been detected or has changed to set or update to said firewall.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The communication terminal device according to claim 1, wherein, when identification information of a network has been placed in association with firewall rules that are received from a prescribed rule-distributing device, said rule storage control unit stores the identification information in said rule storage unit in association with the firewall rules, and when identification information of a network has not been placed in association with said firewall rules, said rule storage control unit stores identification information detected by said firewall control unit in said rule storage unit in association with said firewall rules.
  - 3. The communication terminal device according to claim 1, wherein, when firewall rules and network identification information are stored in association with each other in said rule storage unit, said firewall control unit compares the identification information with currently detected identification information, and if the two match, reads firewall rules that have been placed in association with the identification information from said rule storage unit to update the firewall rules that are set in said firewall to the firewall rules that were read.
  - 4. The communication terminal device according to claim 1, wherein said rule storage control unit confirms that firewall rules are received from a prescribed rule-distributing device by verifying a prescribed electronic signature.
  - 5. The communication terminal device according to claim 1, further comprising:
    - an attack detection unit that monitors data received in said communication device to detect a network attack that matches a prescribed pattern; and
      
      an attack notification unit that, when said attack detection unit detects a network attack, places identification information detected by said firewall control unit in association with pattern information of the network attack and transmits the pattern information and the identification information addressed to a prescribed rule-distributing device.
  - 6. The communication terminal device according to claim 5, wherein said attack notification unit appends an electronic signature that is requested by a prescribed rule-distributing device to said pattern information of a network attack and then transmits the pattern information.

7. A rule-distributing device provided with a communication device that connects to a network, said rule-distributing device comprising:
- a rule storage unit that holds network identification information and firewall rules in association with each other for each network;
  
  a terminal device storage unit that holds, for each communication terminal device, data transmission destination information of communication terminal devices that are being managed; and
  
  a rule notification unit that reads firewall rules from said rule storage unit, and according to necessity, places identification information of a network that is the object of application of firewall rules in association with the firewall rules and transmits the firewall rules and the identification information addressed to communication terminal devices that are being managed.
- View Dependent Claims (8, 9)
- - 8. The rule-distributing device according to claim 7, wherein said rule notification unit transmits said firewall rules and said identification information in addition to a prescribed electronic signature.
  - 9. The rule-distributing device according to claim 7, further comprising:
    - a rule investigation unit that, based on network identification information and pattern information of a network attack that is received from a communication terminal device, investigates whether the network attack can be handled by firewall rules that have been placed in association with the identification information; and
      
      a rule creation unit that, when said rule investigation unit has confirmed that the network attack cannot be handled, creates firewall rules that can handle the network attack;
      
      wherein said rule notification unit places the network identification information in association with firewall rules that said rule creation unit has created and transmits the firewall rules and the identification information addressed to communication terminal devices that are being managed.

10. A computer readable recording medium in which a program is embedded, the program causing a computer that is provided with a communication device that connects to a network and a firewall that controls passage or blockage of data between networks and the computer in accordance with firewall rules that are set, to function as:
- a rule storage control unit that stores, in a rule storage unit that holds identification information of networks and firewall rules in association with each other for each network, firewall rules received from a prescribed rule-distributing device in association with the identification information of a network in which the firewall rules are to be applied; and
  
  a firewall control unit that detects identification information of networks both to monitor and, when the identification information is newly detected or changes, reads from said rule storage unit firewall rules that have been placed in association with the identification information that has been detected or that has changed to set or update in said firewall.

11. A computer readable recording medium in which a program is embedded, the program causing a computer that is provided with a communication device that connects to a network to functions as:
- a terminal device storage unit that holds, for each communication terminal device, data transmission destination information of communication terminal devices that are being managed; and
  
  a rule notification unit that reads firewall rules from a rule storage unit that holds network identification information and firewall rules in association with each other for each network, and according to necessity, places the identification information of a network that is the object of application of the firewall rules in association with the firewall rules and transmits the firewall rules and the identification information addressed to communication terminal devices that are being managed.

12. A communication terminal device provided with a communication device that connects to a network and a firewall that controls passage and blocking of data between its own device and the network in accordance with firewall rules that are set;
- said communication terminal device comprising;
  
  rule storage means for holding identification information of networks and firewall rules in association with each other for each network;
  
  rule storage control means for storing in said rule storage means firewall rules received from a prescribed rule-distributing device in association with identification information of networks to which these firewall rules are to be applied; and
  
  firewall control means for detecting identification information of a network to both monitor and, when the identification information is newly detected or changes, and reading from said rule storage means firewall rules that are placed in association with the identification information that has been detected or has changed to set or update to said firewall.

13. A rule-distributing device provided with a communication device that connects to a network, said rule-distributing device comprising:
- rule storage means for holding network identification information and firewall rules in association with each other for each network;
  
  terminal device storage means for holding, for each communication terminal device, data transmission destination information of communication terminal devices that are being managed; and
  
  rule notification means for reading firewall rules from said rule storage means, and according to necessity, placing identification information of a network that is the object of application of firewall rules in association with the firewall rules and transmits the firewall rules and the identification information addressed to communication terminal devices that are being managed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Itoh, Masashi, Murakami, Takuya, Okuyama, Yoshiaki

Application Number

US12/295,216
Publication Number

US 20100180331A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/0263   Rule management

H04L 63/1441   Countermeasures against mal...

COMMUNICATION TERMINAL DEVICE, RULE DISTRIBUTION DEVICE, AND PROGRAM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

COMMUNICATION TERMINAL DEVICE, RULE DISTRIBUTION DEVICE, AND PROGRAM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others