With the high proliferation of notebook and other portable computers, it is becoming common for a computer to be connected to the Internet and other networks from different access points at different times. In addition, single computers can be equipped with multiple network devices operating on different media, each with an independent path to the Internet. For example, a single computer may be equipped with a LAN device, a wireless device, a telephone modem interface, and other network devices, some or all of which can be operated simultaneously.
The level of security required to safely conduct network communications may vary, depending upon the method of access being used. It would be beneficial for the end user to restrict access to interfaces to just those specific applications and services that require those interfaces, thus preventing misuse of those interfaces. For example, a user may wish to share data freely on private Web pages in his or her office environment LAN, but not want this access granted to connections from wireless or telephony sources.
Many vendors have implemented so-called location awareness features that address this need to some extent. Typically, the system is assigned a global state that represents the system's “location”, and this state is used to select policy settings. This approach does not allow for the possibility that multiple connections can be active at the same time, nor for the application of separate policies for simultaneous connections on different interfaces.
Location awareness features often allow user selection of the specific metric used to identify location (such as gateway, domain, DHCP server, etc.). However, these features do not integrate multiple methods for concurrent use.
What is needed is a means for allowing a user to integrate and manage multiple methods for establishing policy selectors, and to simultaneously assign a different selector to each interface on the system. The present invention accomplishes this, by allowing distinct policies to be applied separately to each data packet entering or leaving the user's computer, depending upon the interface used.