公开(公告)号：WO2008155429A3

公开(公告)日：2009-04-09

申请号：PCT/EP2008057938

申请日：2008-06-23

Applicant: IBM ,  IBM UK ,  HAMILTON RICK ALLEN II ,  O'CONNELL BRIAN MARSHALL ,  WALKER KEITH RAYMOND ,  PAVESI JOHN

Inventor： HAMILTON RICK ALLEN II ,  O'CONNELL BRIAN MARSHALL ,  WALKER KEITH RAYMOND ,  PAVESI JOHN

IPC: H04L29/06 ,  H04L12/22

CPC classification number: H04L63/0263

Abstract: The present invention provides a system, method and computer program for implementing a firewall control system responsive to process interrogations are disclosed. Embodiments of a method may include receiving a data request at a firewall where the data request is associated with a program and determining whether a process rule exists for the associated program, where the process rule includes a condition to be satisfied for a process of the user computer system. Preferred embodiments may also include, in response to determining that a process rule does exist, determining a method for evaluating a status of the process and determining a current status of the process. Preferred embodiments may also include determining whether the process rule is satisfied based on the current status of the process and using the determined evaluation method. Preferred embodiments may also include, in response to determining whether the condition of the process rule is satisfied, performing one or more firewall actions.

Abstract translation: 本发明提供一种用于实现响应于过程询问的防火墙控制系统的系统，方法和计算机程序。 方法的实施例可以包括在防火墙处接收数据请求，其中数据请求与程序相关联并且确定是否存在用于相关联的程序的处理规则，其中处理规则包括要为用户的进程满足的条件 电脑系统。 响应于确定存在过程规则，优选实施例还可以包括确定用于评估过程的状态并确定过程的当前状态的方法。 优选实施例还可以包括基于过程的当前状态来确定过程规则是否被满足并且使用所确定的评估方法。 响应于确定是否满足处理规则的条件，优选实施例还可以包括执行一个或多个防火墙动作。

公开(公告)号：WO2008155188A3

公开(公告)日：2009-07-23

申请号：PCT/EP2008056192

申请日：2008-05-20

Applicant: IBM ,  IBM UK ,  HAMILTON II RICK ALLEN ,  O'CONNELL BRIAN MARSHALL ,  PAVESI JOHN ,  WALKER KEITH RAYMOND

Inventor： HAMILTON II RICK ALLEN ,  O'CONNELL BRIAN MARSHALL ,  PAVESI JOHN ,  WALKER KEITH RAYMOND

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L63/0254 ,  G06F21/57 ,  H04L41/082 ,  H04L63/0218 ,  H04L63/0263

Abstract: A firewall control method includes receiving a data request at a firewall where the data request is associated with a program and determining whether a remote system condition exists for the associated program, where the remote system condition includes a condition to be satisfied based on information received from a particular remote system. Embodiments may also include, in response to determining that a remote system condition exists, determining whether the remote system condition is satisfied based on information received from the particular remote system. Embodiments may also include, in response to determining whether the remote system condition is satisfied, performing one or more firewall actions.

Abstract translation: 防火墙控制方法包括在防火墙处接收数据请求，其中数据请求与程序相关联，并且确定是否存在用于相关程序的远程系统条件，其中远程系统条件包括基于从 一个特定的远程系统。 响应于确定存在远程系统状况，实施例还可以包括：基于从特定远程系统接收到的信息来确定是否满足远程系统条件。 响应于确定是否满足远程系统条件，实施例还可以包括执行一个或多个防火墙动作。

公开(公告)号：CA2673950A1

公开(公告)日：2008-11-06

申请号：CA2673950

申请日：2008-04-11

Applicant: IBM

Inventor： WALKER KEITH RAYMOND ,  PAVESI JOHN ,  HAMILTON RICK ALLEN II ,  O'CONNELL BRIAN MARSHALL

IPC: G06F21/20

Abstract: Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other serversare disclosed. Embodiments of amethod for authenticating a user to a servermay include rec eiving a request to authenticate the user to the server and determining whet her authenticating the user requires matching an authentication plan.If a pl an is required, the method may also include accessing a stored authenticatio n plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user s current authentication plan from an authenticat ion store where the plan has authorization records each having current infor mation relating to user access. Embodiments ofthe method may also include co mparing the stored authentication plan with the received current authenticat ion plan to determine whether they match and, in response to a match, authen ticating the user.

公开(公告)号：CA2673950C

公开(公告)日：2015-03-31

申请号：CA2673950

申请日：2008-04-11

Applicant: IBM

Inventor： HAMILTON RICK ALLEN II ,  O'CONNELL BRIAN MARSHALL ,  PAVESI JOHN ,  WALKER KEITH RAYMOND

IPC: G06F21/31 ,  H04L9/32

Abstract: Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other serversare disclosed. Embodiments of amethod for authenticating a user to a servermay include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan.If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user s current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments ofthe method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user.