Electrical computers and digital processing systems: multicomput – Computer-to-computer protocol implementing – Computer-to-computer data streaming
Reexamination Certificate
2000-12-15
2004-10-05
Barot, Bharat (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer protocol implementing
Computer-to-computer data streaming
C709S220000, C709S230000, C709S250000, C370S230000, C370S235000, C370S254000, C370S401000
Reexamination Certificate
active
06801948
ABSTRACT:
TECHNICAL FIELD
The present invention relates generally to computer systems, and, more particularly, to a system and method for implementing a streams based network access control for a computer.
BACKGROUND OF THE INVENTION
Modern computer systems perform a variety of processing and communication tasks. For example, computers execute application programs such as word processing programs, scheduling programs, design programs, etc. Computers are also used to connect to other computers in order to exchange information. For example, a computer may execute a program that enables the computer to access information stored on other computers. In another example, a computer may execute what is referred to as a “web browser” program in order to access the Internet. The web browser is an application program, similar to that described above, that enables the computer to navigate through the Internet.
When a computer starts an application program, the computer creates what is referred to as a “process” corresponding to the program. The process contains an instance of the application program and a number of attributes that associate the process to the computer user and to other elements associated with the process. For each instance of the program, another process is invoked. Multiple programs having corresponding processes may operate on a computer simultaneously. Furthermore, one application program may have multiple processes running at the same time.
Some processes, such as, for example but not limited to, a word processing program, may interact with files that are stored on the computer that is executing the process, and also may interact with other computers over a network. The network may be a local area network (LAN) or a wide area network (WAN). Such networks allow multiple computers to communicate with each other.
Typically, each process and each file includes a set of attributes, which may determine, for example, access control. For example, a process executing on a computer has a set of attributes assigned, which may determine whether it may access a particular file, which also includes a (generally) different set of attributes. Some of the attributes assigned to the file define the required set of attributes that a process must have in order to access the file. For example in the UNIX operating system, each file includes permission attributes, which specify the owner, group and world (everyone) access to the file. If the file attributes specify that a particular group has “read” and “write” access, but not “execute” access, a process possessing that group in its attribute set will only be able to read and write to the file, but not execute it.
When a process that is executing on a computer wishes to communicate with another computer over a network, the process typically sends and receives messages through a network interface card (NIC) associated with the computer. The NIC connects the computer to a network, to which the other computer is also attached through its own associated NIC.
In some current computer systems, a process executing on a computer has access to and can use all the NICs on the computer. Unfortunately, there is no way to restrict access of a process executing on a computer to one or a set of NICs (and therefore the network to which the NIC is connected) and associated computers.
Thus, a heretofore unaddressed need exists in the industry to address the aforementioned deficiencies and inadequacies.
SUMMARY OF THE INVENTION
The invention provides a system and method for implementing a streams based network access control for a computer. The invention may be conceptualized as a streams based network access control system that includes a software process operating on a computer and having a network endpoint attribute. The software process is configured to communicate a packet through a streams-based network protocol stack to a network interface card that includes an interface attribute. A session filter module and a network filter module are in communication with the network protocol stack. A table of network attributes, associated with the session filter module and network filter module, compares the network endpoint attribute with the interface attribute in the table of network attributes to determine whether the software process can access the network interface card.
The invention may also be conceptualized as a method for a streams based network access control system, the method comprising the steps of: (1) operating a software process, that includes a network endpoint attribute, on a computer; (2) communicating packets through a network protocol stack to a network interface card, where the network interface card includes an interface attribute; (3) establishing an association between the network endpoint attribute and the interface attribute; (4) placing the network endpoint attribute and the interface attribute in a table; (5) comparing the network endpoint attribute with the interface attribute; and (6) determining whether the software process can access the network interface card.
REFERENCES:
patent: 5640399 (1997-06-01), Rostoker et al.
patent: 5699350 (1997-12-01), Kraslavsky
patent: 6363432 (2002-03-01), Laber
patent: 6442612 (2002-08-01), Hugosson et al.
patent: 6446200 (2002-09-01), Ball et al.
patent: 6477143 (2002-11-01), Ginossar
patent: 6591304 (2003-07-01), Sitaraman et al.
patent: 6625657 (2003-09-01), Bullard
patent: 6665724 (2003-12-01), Lawrence
patent: 6732191 (2004-05-01), Baker et al.
Clark Brett Miller
Leima Patricia Joyce
Barot Bharat
Hewlett--Packard Development Company, L.P.
LandOfFree
System and method for a streams based network access control... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for a streams based network access control..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for a streams based network access control... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3322489