Computer security system

摘要

A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.

主权项

1. A method of packet management for restricting access to a resource of a computer system using client parameters and network parameters, as packet management information, said method comprising:
inserting, at a first device, the packet management information and a session ID into at least a portion of information packets sent from the first device to a second device; monitoring, at the second device, the packet management information of the portion of the information packets sent from the first device; filtering out respective information packets sent to the second device from the first device when the monitored packet management information indicates that access to the resource is restricted; extracting a client ID unique to the first device from the monitored information packets; re-generating a digital signature in the second device using a session key associated with the extracted client ID; and comparing the digital signature regenerated in the second device with the digital signature embedded in the monitored information packets.