Browse Prior Art Database

Method and System for Dynamically Applying Context Specific Firewall Rules Disclosure Number: IPCOM000239477D
Publication Date: 2014-Nov-11
Document File: 4 page(s) / 164K

Publishing Venue

The Prior Art Database


Disclosed is a method and system for dynamically applying context specific firewall rules. The context specific firewall rules can be applied for one of, but not limited to, a user, a device and an application.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Method and System for Dynamically Applying Context Specific Firewall Rules

Micro Virtual Private Network (microVPN) is a Virtual Private Network (VPN) that is specific to an application of a device. microVPNs are used to provide secure connectivity solutions for ubiquitous devices.

A microVPN client architecture is briefly illustrated in Fig. 1.

Figure 1

As illustrated, the microVPN client architecture includes a portable C library of functions exposed through Application Program Interfaces (APIs) written in one or more programming languages. The library of functions can be used by any hybrid or native application. The microVPN client architecture enables application level intranet connectivity. The microVPN client architecture can also be used to decrypt only the required network data for application. Further, the microVPN client architecture can be used to compile applications written for various operating systems . In addition, the microVPN client architecture even though requiring only kilobytes of memory , provides a full component of VPN client functionality .

Fig. 2 illustrates a conventional approach of microVPN, which basically include four components, namely a VPN client, a VPN gateway module, a database (Lightweight Directory Access Protocol (LDAP)) plugin and a web-based user/device/application management console.


Page 02 of 4

Figure 2

As illustrated in Fig. 2, the sky-blue color and light yellow color in the smart mobile device represents the microVPN applications including a VPN client which is a static library.

The VPN gateway is generally integrated with an LDAP database by transmitting an authorization request. The LDAP is a user identity database used to intercept authorization queries from the VPN gateway. Subsequently, the LDAP interprets authorization information from the gateway and returns a true /false authorization based on a query to the LDAP database. In response to authorization, the LDAP returns context specific firewall rules such as user/device/application specific firewall rules.

The web management console exposes LDAP identity database to users . The web management console determines the degree of access based on user role , which may include the role of one or more of, but not limited to, an administrator, a standard user and an application owner. Here, the degree of access for an application owner can include, but need not be limited to, access permission to authorize / deny users and devices, set up access rules and other common identity management features . Similarly, the degree of access for users can be limited to allow access for managing devices, to request access to applications and like. The degree of access for administrators can be that of super users.

Disclosed is a method and system for dynamically applying context specific firewall rules.

The microVPN disclosed herein can be used to enhance legacy VPN authentication


Page 03 of 4

methods such as, enhancing d...