Enhanced personal firewall for dynamic computing environments
First Claim
1. A personal firewall system comprising:
- a computing platform having a processor or electronic circuit configured to perform a logical process;
an inter-firewall connection listener portion of the computing platform comprising instructions which when executed or logical circuit which when operated bind to a specified communications port, to listen for incoming, outgoing, or both incoming and outgoing firewall trust requests, and upon detection of a connection, to transfer firewall control to an inter-firewall controller; and
an inter-firewall controller portion of the computing platform comprising instructions which when executed or logical circuit which when operated establish trusted communications through a local firewall and a remote firewall by performing one or both of the processes of;
upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall;
to initiate and transmit a handshake identification request from a local firewall to a remote firewall;
responsive to receipt of a handshake response from the remote firewall, to transmit a local firewall public encryption key to the remote firewall;
responsive to receiving a remote firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to the remote firewall;
upon receipt of a grant of trusted access from the remote firewall, to allow an application program from behind the local firewall to communicate through the remote firewall, otherwise to block the application program from communication through the remote firewall; and
upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall;
to transmit a firewall identification handshake response to the remote firewall upon receipt of a handshake identification request from the remote firewall;
responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall;
responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the trusted computer request is signed using the received remote firewall public encryption key;
responsive to determining that the remote firewall has been previously authorized to establish trusted access, to modify local firewall rules to allow data communications to and from one or more addresses associated with the remote firewall to be transceived through the local firewall;
wherein the handshake identification request and the handshake response utilize a pre-determined port for negotiations of a trusted relationship, wherein the handshake identification request and handshake response indicate a supported protocol version and an acceptable key algorithm, and wherein the identification information in the generation of a trusted computer request comprises one or more identifiers selected from the group consisting of a name of a computer protected by the local firewall, a username of a user associated with a computer protected by the local firewall, and an electronic mail address of a user associated with a computer protected by the local firewall.
1 Assignment
0 Petitions
Accused Products
Abstract
An enhanced personal firewall system having an inter-firewall connection listener which binds to a specified communications port and listens for inbound and/or outbound connection requests; and an inter-firewall controller which establishes a trusted communications through a local firewall and a remote firewall by exchanging public keys, a signed trusted computer firewall request, and using the keys to determine if a local key storage indicates previous authorization to trusted communications. If not, then a user of the targeted resource is notified and prompted to authorize the access. If so, then the firewall rules protecting the targeted resource are modified, even if temporarily, to allow the requesting firewall to have trusted access.
51 Citations
12 Claims
-
1. A personal firewall system comprising:
-
a computing platform having a processor or electronic circuit configured to perform a logical process; an inter-firewall connection listener portion of the computing platform comprising instructions which when executed or logical circuit which when operated bind to a specified communications port, to listen for incoming, outgoing, or both incoming and outgoing firewall trust requests, and upon detection of a connection, to transfer firewall control to an inter-firewall controller; and an inter-firewall controller portion of the computing platform comprising instructions which when executed or logical circuit which when operated establish trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall; to initiate and transmit a handshake identification request from a local firewall to a remote firewall; responsive to receipt of a handshake response from the remote firewall, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a remote firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to the remote firewall; upon receipt of a grant of trusted access from the remote firewall, to allow an application program from behind the local firewall to communicate through the remote firewall, otherwise to block the application program from communication through the remote firewall; and upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall; to transmit a firewall identification handshake response to the remote firewall upon receipt of a handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the trusted computer request is signed using the received remote firewall public encryption key; responsive to determining that the remote firewall has been previously authorized to establish trusted access, to modify local firewall rules to allow data communications to and from one or more addresses associated with the remote firewall to be transceived through the local firewall; wherein the handshake identification request and the handshake response utilize a pre-determined port for negotiations of a trusted relationship, wherein the handshake identification request and handshake response indicate a supported protocol version and an acceptable key algorithm, and wherein the identification information in the generation of a trusted computer request comprises one or more identifiers selected from the group consisting of a name of a computer protected by the local firewall, a username of a user associated with a computer protected by the local firewall, and an electronic mail address of a user associated with a computer protected by the local firewall. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method providing an enhanced personal firewall comprising:
-
binding a listener portion of a computing platform to a specified communications port; listening by the listener for incoming, outgoing, or both incoming and outgoing firewall trust requests; responsive to detection of a connection, performing logical processes by a computing platform establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall; to initiate and transmit a handshake identification request from a local firewall to a remote firewall; responsive to receipt of a handshake response from the remote firewall, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a remote firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to the remote firewall; upon receipt of a grant of trusted access from the remote firewall, to allow an application program from behind the local firewall to communicate through the remote firewall, otherwise to block the application program from communication through the remote firewall; and upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall; to transmit a firewall identification handshake response to the remote firewall upon receipt of a handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the trusted computer request is signed using the received remote firewall public encryption key; responsive to determining that the remote firewall has been previously authorized to establish trusted access, to modify local firewall rules to allow data communications to and from one or more addresses associated with the remote firewall to be transceived through the local firewall; wherein the handshake identification request and the handshake response utilize a pre-determined port for negotiations of a trusted relationship, wherein the handshake identification request and handshake response indicate a supported protocol version and an acceptable key algorithm, and wherein the identification information in the generation of a trusted computer request comprises one or more identifiers selected from the group consisting of a name of a computer protected by the local firewall, a username of a user associated with a computer protected by the local firewall, and an electronic mail address of a user associated with a computer protected by the local firewall. - View Dependent Claims (6, 7, 8)
-
-
9. A computer readable storage memory device comprising:
-
a tangible, computer readable storage memory device; first computer instructions for binding a listener to a specified communications port; second computer instructions for listening by the listener for incoming, outgoing, or both incoming and outgoing firewall trust requests; third computer instructions for, responsive to detection of a connection, performing logical processes for establishing trusted communications through a local firewall and a remote firewall by performing one or both of the processes of; upon establishing an outgoing connection by an application program protected by a local firewall to a resource protected by a remote firewall; to initiate and transmit a handshake identification request from a local firewall to a remote firewall; responsive to receipt of a handshake response from the remote firewall, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a remote firewall public encryption key, to generate, sign, and transmit a trusted computer request with identification information to the remote firewall; upon receipt of a grant of trusted access from the remote firewall, to allow an application program from behind the local firewall to communicate through the remote firewall, otherwise to block the application program from communication through the remote firewall; and upon establishing an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewall; to transmit a firewall identification handshake response to the remote firewall upon receipt of a handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the trusted computer request is signed using the received remote firewall public encryption key; responsive to determining that the remote firewall has been previously authorized to establish trusted access, to modify local firewall rules to allow data communications to and from one or more addresses associated with the remote firewall to be transceived through the local firewall; wherein the first, second and third computer instructions are stored by the tangible, computer readable storage memory device, wherein the handshake identification request and the handshake response utilize a pre-determined port for negotiations of a trusted relationship, wherein the handshake identification request and handshake response indicate a supported protocol version and an acceptable key algorithm, and wherein the identification information in the generation of a trusted computer request comprises one or more identifiers selected from the group consisting of a name of a computer protected by the local firewall, a username of a user associated with a computer protected by the local firewall, and an electronic mail address of a user associated with a computer protected by the local firewall. - View Dependent Claims (10, 11, 12)
-
Specification