Information security – Access control or authentication – Network
Reexamination Certificate
2007-11-13
2007-11-13
Moise, Emmanuel L. (Department: 2137)
Information security
Access control or authentication
Network
C713S154000
Reexamination Certificate
active
09923588
ABSTRACT:
A method and mechanism of controlling information flow in a firewall. A firewall controls the flow of information between different communities. The enforcement method and mechanism uses a database of associations of sets of communities corresponding to network addresses. Upon receiving an incoming data packet, a packet community set (PCS) is deterined for the data packet. If the PCS is not a subset of an interface community set (IFCS) of the interface upon which the data packet was received, the data packet is discarded. Otherwise, a firewall rule match is determined for the data packet. If a rule match is detected, a PCS attribute of the matching rule is compared to the PCS of the data packet. If the PCS attribute of the rule matches the PCS of the data packet and the rule indicates the data packet is to be forwarded, the PCS of the data packet is changed to a second PCS indicated by the matching rule. If the new PCS of the data packet is a subset of an IFCS of the interface upon which the data packet is to be output, the data packet is transmitted. Otherwise, the data packet is discarded.
REFERENCES:
patent: 4958341 (1990-09-01), Hemmady et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5699513 (1997-12-01), Feigen et al.
patent: 6085238 (2000-07-01), Yuasa et al.
patent: 6167052 (2000-12-01), McNeill et al.
patent: 6182226 (2001-01-01), Reid et al.
patent: 6226748 (2001-05-01), Bots et al.
patent: 6266773 (2001-07-01), Kisor et al.
patent: 6424626 (2002-07-01), Kidambi et al.
patent: 6584069 (2003-06-01), Kagemoto et al.
patent: 6760330 (2004-07-01), Tahan
patent: 2002/0078199 (2002-06-01), Tahan
patent: 2002/0188706 (2002-12-01), Richards et al.
“Department of Defense Trusted Computer System Evaluation Criteria,” Dec. 1985, pp. 1-82.
Fithen et al., “Deploying Firewalls,” May 1999, pp. 1-63.
“Trusted Solaris™ 8 Operating Environment,” Nov. 2000, pp. 1-24.
SunScreen™ Secure Net 3.0,” Jul. 1999, pp. 1-66.
Guttman, et al.,. “Implementing Internet Firewall Security Policy,”. Apr. 13, 1998, pp. 1-18, Information Technology Laboratory, Computer Security Division, National Institute of Standards and Technology; Gathersburg, MD.
“RFC 2827: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing”—P. Ferguson & D. Senie; Request for Comments, May 2000, XP002215245 the whole document.
International Search Report, Application No. PCT/US02/20303 mailed Oct. 14, 2002.
Meyertons Hood Kivlin Kowert & Goetzel P.C.
Moise Emmanuel L.
Pyzocha Michael
Rankin Rory D.
Sun Microsystems Inc.
LandOfFree
Controlled information flow between communities via a firewall does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Controlled information flow between communities via a firewall, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Controlled information flow between communities via a firewall will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3826463