Access Control Manager
First Claim
1. A method for domain-based network access management in a computer, comprising:
- receiving a session data transfer packet specifying a network address;
determining whether the network address corresponds to a session on a session graylist, the graylist indicating sessions that are associated with an network address that is not permitted access and at least one domain that is permitted access;
determining a domain associated with the session data transfer packet;
determining whether the domain is a permissible domain; and
responsive to determining that the network address corresponds to a session on the session graylist and the domain is a permissible domain, associating the session with a session whitelist and permitting the session data transfer packet access to a network interface.
6 Assignments
0 Petitions
Accused Products
Abstract
A network access manager controls access to a network interface according to a set of access control instructions specifying permissible and impermissible addresses and domains on a network. The network access manager establishes a graylist of addresses based on a domain request that is associated with a whitelisted domain that is accessed via a blacklisted address. When a request to establish a connection is received directed to a graylisted address, the connection is permitted to establish and the connection is added to a session graylist. When a session data transfer packet is received, if the session corresponds to a session on the session graylist, the session data transfer packet is examined to determine if it matches a whitelisted domain, in which case the session is associated with a session whitelist and permitted access to the network. The access control instructions may be automatically updated from a trusted access control management system.
19 Citations
14 Claims
-
1. A method for domain-based network access management in a computer, comprising:
-
receiving a session data transfer packet specifying a network address; determining whether the network address corresponds to a session on a session graylist, the graylist indicating sessions that are associated with an network address that is not permitted access and at least one domain that is permitted access; determining a domain associated with the session data transfer packet; determining whether the domain is a permissible domain; and responsive to determining that the network address corresponds to a session on the session graylist and the domain is a permissible domain, associating the session with a session whitelist and permitting the session data transfer packet access to a network interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 13, 14)
-
-
8. A computer system comprising:
-
a network interface configured for accessing a network; and a processor configured to receive a session data transfer packet specifying a network address; determine whether the network address corresponds to a session on a session graylist, the graylist indicating sessions that are associated with an network address that is not permitted access and at least one domain that is permitted access; determine a domain associated with the session data transfer packet; determine whether the domain is a permissible domain; and responsive to determining that the network address corresponds to a session on the session graylist and the domain is a permissible domain, associate the session with a session whitelist and permit the session data transfer packet access to the network interface. - View Dependent Claims (9, 10, 11, 12)
-
Specification