Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1996-12-27
2004-12-14
Alam, Hosain (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S224000, C709S230000, C713S152000
Reexamination Certificate
active
06832256
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the field of providing information over a network. More particularly, this invention relates to selectively controlling data transferred between two networks based upon protocol commands.
BACKGROUND OF THE INVENTION
The Internet is comprised of many computers communicating in a standardized manner. These communications are standardized to allow applications to interoperate on behalf of the users. Client applications may communicate with other client applications or communicate with servers to get access to resources on the network. These resources may include anything from actual file data, to computational resources, to communications channels. The internet applications use these standardized protocols or methods of communications so that independently developed and deployed computers programs may work together across a campus or continent.
The Internet has many standardized protocols for accomplishing various computerized tasks. File Transfer Protocol (FTP) is utilized to move files and manipulate file systems from locations remote to the data. These files may consist of any type of data that the native file system can store. The Remote Terminal Protocol (Telnet) is used to access another computer from a remote location, but to provide the same functionality that a user would have if they were locally connected. Simple Mail Transfer Protocol (SMTP) is used to exchange email between computers. As a final example, Hypertext Transfer Protocol (HTTP) is the protocol that is used on the World Wide Web to exchange text and richer multimedia enhanced information.
A firewall is used to separate one network of computers from another. For example, a corporation that connects its internal Intranet, to the Internet may install a firewall to prevent users outside the corporation from arbitrarily accessing data stored on the computer network within the corporation. Additionally, the firewall can prevent users within the corporation from providing inappropriate data out to the Internet.
A Firewall is a specially configured computer that can interrupt the flow of communications between two or more computers. A Firewall can interpret the lower level addressing information on the communications and decide whether or not to let to the transaction complete. This addressing information may control which physical machines may be interconnected. For finer grained control, the ability to address specific applications running on a computer may also be arbitrated. This provides a secure, but relatively coarse level of access control for corporate Intranets.
A Proxy sits on top of a firewall; Proxies look at a higher level of the communications than the Firewall normally does. It is typically a process that responds and acts on behalf of, client requests. Proxies understand and have the ability to interpret the protocol that is exchanged between the opposing sides of the application. A Proxy may be used to improve performance by caching data from previous retrievals. A Proxy may look at the initial protocol requests from the communicating applications to verify their authenticity and then signal the Firewall to allow communications to proceed. In this manner, once a ‘session’ is created, no further interpretation is needed.
SUMMARY OF THE INVENTION
A method of controlling data transfer between a first network and a second network of computers is described. Active interpretation of protocol commands exchanged between the first network and the second network is done, to determine specific actions concerning completion of the protocol request. This active firewall-proxy combination may exist on either the first or second network of computers. This method of control provides centralized control and administration for all potentially reachable resources within a network.
These and other advantages of the present invention are fully described in the following detailed description.
REFERENCES:
patent: 5550984 (1996-08-01), Gelb
patent: 5623601 (1997-04-01), Vu
patent: 5678041 (1997-10-01), Baker et al.
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5706507 (1998-01-01), Schloss
patent: 5727129 (1998-03-01), Barrett et al.
patent: 5752242 (1998-05-01), Havens
patent: 5778174 (1998-07-01), Cain
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5958015 (1999-09-01), Dascalu
Comer (Internetworking with TCP/IP vol. 1: Principles, Protocols, and Architecture), pp. 142-144 and p. 579, 1995.*
Comer (Internetworking with TCP/IP vol. 1 : Principles, Protocols, and Architecture), pp. 142-144 and p. 579, 1995.*
Comer (Internetworking with TCP/IP vol. 1 : Principles, Protocols, and Architecture), pp. 142-144, 1995.*
Graham, “HTML Sourcebook, A Complete Guide to HTML 3.0”, Second Edition, Table of Contents, Chp. 3, pp. 91-123, Bhps. 6-8, pp. 351-450, Wiley Computer Publishing.
Coner, “Internetworking with TCP/IP vol. 1: Protocols, and Architecture”, pp. 142-144.
Alam Hosain
Tran Philip B.
LandOfFree
Firewalls that filter based upon protocol commands does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Firewalls that filter based upon protocol commands, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firewalls that filter based upon protocol commands will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3332268