Enhanced personal firewall for dynamic computing environments
First Claim
1. A personal firewall system comprising:
- a processor, a computer readable, tangible storage device, a computer readable memory, and program instructions, stored on the storage device for execution by the processor via the memory, the program instructions comprising;
program instructions to bind to a specified communications port, and to listen for incoming firewall trust requests; and
program instructions, responsive to detecting an incoming firewall trust request;
to establish an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewalls;
to transmit a communication handshake identification response to the remote firewall responsive to receipt of a communication handshake identification request from the remote firewall;
responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall;
responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the signed trusted computer request is signed using the received remote firewall public encryption key; and
responsive to determining that the remote firewall has not been previously authorized to establish trusted access, to modify local firewall rules to allow data communications through the remote firewall and through the local firewall;
wherein the communication handshake identification request and the communication handshake identification response utilize a pre-determined port for negotiations of a trusted relationship, and wherein the communication handshake identification request and communication handshake identification response indicate a supported protocol version and an acceptable key algorithm.
0 Assignments
0 Petitions
Accused Products
Abstract
An enhanced personal firewall system having an inter-firewall connection listener which binds to a specified communications port and listens for inbound and/or outbound connection requests; and an inter-firewall controller which establishes a trusted communications through a local firewall and a remote firewall by exchanging public keys, a signed trusted computer firewall request, and using the keys to determine if a local key storage indicates previous authorization to trusted communications. If not, then a user of the targeted resource is notified and prompted to authorize the access. If so, then the firewall rules protecting the targeted resource are modified, even if temporarily, to allow the requesting firewall to have trusted access.
66 Citations
9 Claims
-
1. A personal firewall system comprising:
-
a processor, a computer readable, tangible storage device, a computer readable memory, and program instructions, stored on the storage device for execution by the processor via the memory, the program instructions comprising; program instructions to bind to a specified communications port, and to listen for incoming firewall trust requests; and program instructions, responsive to detecting an incoming firewall trust request; to establish an incoming connection by an application program protected by a remote firewall to a resource protected by a local firewalls; to transmit a communication handshake identification response to the remote firewall responsive to receipt of a communication handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, to transmit a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, to verify that the signed trusted computer request is signed using the received remote firewall public encryption key; and responsive to determining that the remote firewall has not been previously authorized to establish trusted access, to modify local firewall rules to allow data communications through the remote firewall and through the local firewall; wherein the communication handshake identification request and the communication handshake identification response utilize a pre-determined port for negotiations of a trusted relationship, and wherein the communication handshake identification request and communication handshake identification response indicate a supported protocol version and an acceptable key algorithm. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method for providing an enhanced firewall comprising the steps of:
-
binding a listener portion of a computing platform to a specified communications port; listening by the listener for incoming firewall trust requests; responsive to detection of an incoming firewall connection request by an application program protected by a remote firewall to a resource protected by a local firewall; transmitting a communication handshake identification response to the remote firewall responsive to receipt of a communication handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, transmitting a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, verifying that the signed trusted computer request is signed using the received remote firewall public encryption key; and responsive to determining that the remote firewall has not been previously authorized to establish trusted access, modifying local firewall rules to allow data communications through the remote firewall and through the local firewall; wherein the communication handshake identification request and the communication handshake identification response utilize a pre-determined port for negotiations of a trusted relationship, and wherein the communication handshake identification request and communication handshake identification response indicate a supported protocol version and an acceptable key algorithm. - View Dependent Claims (5, 6)
-
-
7. A computer readable storage memory device comprising:
-
a tangible, computer readable storage memory device; first computer instructions for binding a listener to a specified communications port; second computer instructions for listening by the listener for incoming firewall trust requests; third computer instructions for, responsive to detection of an incoming firewall trust request; transmitting a communication handshake identification response to the remote firewall responsive to receipt of a communication handshake identification request from the remote firewall; responsive to receipt of a remote firewall public encryption key, transmitting a local firewall public encryption key to the remote firewall; responsive to receiving a signed trusted computer request from the remote firewall, and responsive to checking a local public key store to determine that the remote firewall has not previously requested a trusted access, verifying that the signed trusted computer request is signed using the received remote firewall public encryption key; and responsive to determining that the remote firewall has not been previously authorized to establish trusted access, modifying local firewall rules to allow data communications through the remote firewall and through the local firewall; wherein the first, second and third computer instructions are stored by the tangible, computer readable storage memory device, and wherein the communication handshake identification request and the communication handshake identification response utilize a pre-determined port for negotiations of a trusted relationship, and wherein the communication identification handshake request and the communication identification handshake response indicate a supported protocol version and an acceptable key algorithm. - View Dependent Claims (8, 9)
-
Specification