Patent Issued for Firewall Permitting Access to Network Based on Accessing Party Identity
2012 JUL 18 (VerticalNews) -- By a News Reporter-Staff News Editor at Telecommunications Weekly -- A patent by the inventors Savage, James A. (San Jose, CA); Bucher, Tim (Los Altos, CA), filed on January 6, 2005, was cleared and issued on July 3, 2012, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.
Patent number 8214481 is assigned to Seagate Technology LLC (Cupertino, CA).
The following quote was obtained by the news editors from the background information supplied by the inventors: "The present invention relates generally to content management. More particularly, embodiments of the present invention relate to systems and methods for controlling access to and from a network through a network appliance.
"Computer networks continue to proliferate due to declining costs, increasing performance of computer and networking equipment, and increasing demand for communication bandwidth. Client networks, including wide area networks ('WANs') and local area networks ('LANs'), allow increased productivity and utilization of distributed computers or stations through the sharing of resources, the transfer of data, and the processing of data at the most efficient locations.
"Moreover, as organizations and individuals have recognized the economic benefits of using client networks, network applications such as electronic mail, voice and data transfer, host access, and shared and distributed databases, are increasingly used as a means to increase user productivity. This increased demand, together with the growing number of distributed computing resources, has resulted in a rapid expansion of the number of installed networks.
"As a result of the widespread use of computing devices and computer networks, many businesses have experienced, and continue to experience, enormous growth in network content volume. This growth has led to a need has arisen for systems, devices and software configured to implement schemes that allow users to locate, access, share, back up, and otherwise manage, network content. A number of approaches have been devised in an attempt to fulfill the aforementioned needs. Such approaches have proven problematic for various reasons.
"For example, some users have attempted to implement file-sharing and related functionality by using electronic mail, or 'email,' to transmit files to other users. However, sharing files in this way is problematic, at least because email software is generally not designed or intended for use in implementing file sharing schemes. For each content file or group of content files desired to be sent by email, the sender must specify in the email the name of each of the recipients to whom such content files will be sent. This approach to file sharing can be frustrating and time-consuming, particularly for users that frequently disseminate a variety of different content types to different groups of recipients. Moreover, attaching content files to an email can slow the operation of the email program and may, in some instances, result in corrupted or truncated content files.
"Further, some content files are too large to be sent by email and so must be loaded on electronic media that is then physically transported to the intended recipient. Such manual processes are time-consuming, expensive, and unreliable, particularly where a large amount of content or a large number of files is desired to be transferred.
"Yet other file-sharing schemes have been implemented in the form of servers and Internet-based storage sites. However, these types of systems and environments typically lack effective and reliable systems and software to search for and locate content. Such limited search capabilities compromise the ability of users to locate, access and share content. A further problem with the use of servers and Internet-based storage sites as a vehicle for implementation of file sharing schemes is that both servers and Internet storage sites can be quite expensive to purchase, use and maintain. Moreover, the storage capabilities of servers and Internet storage sites are typically rather limited. Content located at those sites may be vulnerable to hacking or other unauthorized access.
"Not only does the proliferation of content have implications with respect to content backup procedures and file sharing, but it is often the case that users desire to be able to effectively and reliably access such content from remote locations. Various types of hardware and software have been devised to this end, but have not proven particularly effective in implementing such remote content access functionality.
"By way of example, virtual private networks ('VPN') have been developed that essentially permit secure transmission of content over public communications networks, such as the Internet, thereby permitting VPN remote clients to access content located on an office network or device for example. While VPNs thus provide some useful functionality, the hardware and software necessary to implement the VPN is relatively expensive. Moreover, VPNs are often difficult to set up, configure and maintain. This is of particular concern for consumers in small to medium sized businesses, for example, that typically lack the sophisticated IT resources and personnel that are available to relatively larger business enterprises. For this reason, at least, VPNs often do not represent a viable avenue to implementation of remote content access.
"In addition to VPNs, various types of software have been developed with a view toward facilitating remote content access. However, such software is typically limited to the use of PCs for implementing its functionality. Moreover, these software products can be difficult to install, configure and run.
"In addition, systems for accessing and/or storing data remotely or between networks are subject to security risks. Thus, networks typically have one or more firewalls to prevent unauthorized access to or from a private network. For example, firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Conventional firewalls operate as a user or remote device uses access information to gain access to the network as desired. Such approaches have the drawback, however, in that the firewall acts independently from the network and is controlled by the remote user. Hence, the remote user needs the proper applications and/or codes to pass through the firewall.
"In view of the foregoing problems, and other problems in the art not specifically enumerated herein, what is needed are systems and methods that provide for effective and reliable content management enabling users to access data and or store data from remote locations without compromising security."
In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "These and other problems are addressed by embodiments of the present invention, which relate generally to systems and methods for managing communications between computing environments. More particularly, embodiments of the present invention relate to systems and methods for using a single computing device such as a network appliance to manage content within a network and facilitate content transmission through a firewall that separates the network from a larger networking environment, such as the World Wide Web.
"The firewall in a network appliance may be configured to monitor network traffic external to the network appliance, preferably on a dedicated port, to identify authentication requests. The firewall performs an authentication procedure to validate the identity of the party requesting authorization and application on the network. Once that party is validated it can make requests, such as for access for a certain duration on a certain port. After access to the network is granted, applications on the appliance are able to control and terminate the access as desired. These methods enable users of the network appliances to conveniently grant access to a local network, which facilitates the remark access of data for substantially any purpose, including remote sharing and collaborating.
"A network appliance according to the invention may serve as both a content management system and a firewall in a local area network. In one embodiment the appliance may also include each of the firewall, a policy engine having one or more rules, and a database having one or more data structures as part of the content management system. In one embodiment access to the network can be controlled via a comparison between the identity of an access requestor and the rules and data structures.
"According to one embodiment of the invention, a method of establishing a relationship between a network appliance on a network and one or more other computing devices, users, or applications external to the network is performed in the network appliance to manage content in and access to a network. External traffic is monitored to identify a request to authenticate from a requestor seeking access to the network at a network appliance which coordinates content within the network and acts as a firewall between the network and external networks. Upon identifying a request to authenticate, an authentication procedure is performed to validate the identity of the access requestor as one having permission to access the network. A request is received or processed from the authenticated access requestor to have direct access to a portion of the network, and the access is granted if the requested access is within the authorized scope of access.
"According to another exemplary embodiment of the invention, in a network appliance that manages content in and access to a network, a method is provided for establishing a relationship with one or more other network appliances, users, or applications external to the network. The network appliance includes a content management system, a firewall, a policy engine, and a database. The network appliance monitors traffic external to the network to identify a request to authenticate from a requestor seeking access to the network.
"Upon identifying a request to authenticate, an identity authentication procedure is performed to validate the identity of the access requestor as one having permission to access the network or content. The authentication procedure includes comparing an access requestor identity with one or more rules stored on the policy engine and/or one or more data structures stored on the database. Based upon the comparison between the access requestor's identity and the one or more rules and/or the one or more data structures, determining the permissible scope of access to the various devices, applications, and content on the network that the access requestor may be granted. Finally, access to the access requestor direct access to the permissible portion of the network or content is granted.
"Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter."
URL and more information on this patent, see: Savage, James A.; Bucher, Tim. Firewall Permitting Access to Network Based on Accessing Party Identity. U.S. Patent Number 8214481, filed January 6, 2005, and issued July 3, 2012. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=18&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=867&f=G&l=50&co1=AND&d=PTXT&s1=20120703.PD.&OS=ISD/20120703&RS=ISD/20120703
Keywords for this news article include: Intranet, Software, Local Area Network, Information Technology, Seagate Technology LLC, Information and Data Aggregation, Information and Data Architecture.
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2012, NewsRx LLC