Electrical computers and digital processing systems: multicomput – Computer-to-computer protocol implementing
Reexamination Certificate
1999-11-13
2004-01-13
Powell, Mark R. (Department: 2142)
Electrical computers and digital processing systems: multicomput
Computer-to-computer protocol implementing
C709S203000, C709S245000
Reexamination Certificate
active
06678734
ABSTRACT:
TECHNOLOGICAL FIELD
The invention relates to the field of handling data packets that are transmitted over a network. Especially the invention concerns the subject of intercepting data packets, i.e. providing access to essentially all data packets sent and received by a certain system.
BACKGROUND OF THE INVENTION
The growth of the Internet and its use for new applications have made it beneficial to introduce new services that affect the way network packets are transmitted through a network. Examples of products and services with such needs include:
Network-level encryption applications, such as VPNs (Virtual Private Networks), as described for example in the reference marked as SWE98 in the enclosed list of references. All of the enclosed list of references is hereby incorporated by reference. These applications encrypt and decrypt data packets as they are transmitted in and out of a system to provide security for the data in transmission. VPNs are essential for reliably conducting commercial activity (buying and selling) through a publicly available packet-switched data transmission network such as the Internet, and for using Internet for mission-critical business applications.
Firewalls, as described for example in the reference marked as CB94 in the enclosed list of references. These are network security devices that filter network traffic according to specified criteria, allowing only some packets to pass through. Firewalls are usually implemented as extensions to general-purpose operating systems, so that they can monitor and alter traffic flowing through the system, but may also be implemented as dedicated hardware devices.
Intrusion detection and packet sniffing. Many intrusion detection and network monitoring tools need access to the data transmitted in packets through a network. Similar tools are also used to collect statistics about network traffic (e.g. as described in the reference marked as Waldbusser97 in the enclosed list of references).
Multimedia applications. It is predicted that 25% of the global telecommunications market value will be IP-based (where IP comes from Internet Protocol) in just a couple of years, and much of the required data traffic will be transmitted over the public Internet using general-purpose computers as terminals. Guaranteed QoS (Quality of Service) is essential for interactive video and audio applications over such networks, as described for example in the reference marked as SCFJ96 in the enclosed list of references.
Mobility of terminals. Mobility is becoming increasingly important also for packet-switched data transmission networks and the Internet, as described for example in the reference marked as Perkins96 in the enclosed list of references. In many cases, mobility support will be provided as added value to an existing system, and it will require the capability of modifying and redirecting incoming and outgoing data packets.
All of the above mentioned applications use specific protocols that are not available in all widely used operating systems. In many cases, vendors will want to provide support for these services on widely installed platforms for which no support for them is readily available. Implementing such support often requires that the implementor gets access to all data packets sent and received by the system. The module that provides such access is called a packet interceptor. Such modules typically also provide some information about the available network interfaces and their configuration (e.g. network addresses) to the application. The application in turn usually consists of a kernel-mode component that handles real-time packet processing, and a normal user-mode application for management and other functions that are not time-critical and/or require user interaction.
Overall, the need for intercepting packets flowing in and out of a system is becoming extremely important. This has been recognized by programmers and commercial operators in the field, as well as operating system vendors such as Microsoft Corporation. A substantial amount of work is made to implement packet interception functionalities in networking systems and related products.
Existing solutions for the packet interception problem fall mostly into the following categories A), B) and C):
A) Intermediate drivers. A TCP/IP (or other) protocol stack, where TCP/IP comes from Transmission Control Protocol/Internet Protocol, is usually layered so that network device drivers provide a standard interface to a particular hardware device known as a network adapter, and protocol stacks implement various network protocols. The protocol stacks are made hardware-independent by the standard interface, which the device drivers must implement. In Windows operating systems, where Windows is a registered trademark of Microsoft Corporation, this interface is called NDIS (Network Driver Interface Specification), as described for example in the reference marked as Win4DDK in the enclosed list of references. In Sun Solaris, which refers to the registered trademarks Sun, Solaris and Sun Solaris of Sun Microsystems, similar functionality is provided by the STREAMS interface, as described for example in the reference marked as STREAMS93 in the enclosed list of references.
Intermediate drivers are readily supported under at least Microsoft Windows NT 4.0 (registered trademark of Microsoft) and Sun Solaris operating systems. Microsoft has even provided sample code for developing intermediate drivers for applications such as those described above. At least two such samples are available, and many vendors have implemented products based on this technology.
B) WINSOCK interception. It is well known in the industry that several products replace the WINSOCK.DLL, as described for example in the references marked as Bonner96 and QS96 in the enclosed list of references. WINSOCK.DLL is a file on Windows systems. Some products use intermediate drivers at the LSP (Layered Service Providers) level, as described for example in the reference marked as Win4DDK in the enclosed list of references. Microsoft has also published sample code for intercepting traffic at this level.
C) External devices outside the operating systems. There are hardware products that are essentially small boxes attached to the back of the computer, or even embedded on network adapters, that see all network traffic going through them. Such devices have been used at least in security applications to implement functionality that could alternatively be done by intercepting traffic in the operating system.
The known solutions that fall into the above-mentioned categories A) to C) have not provided good, high-performance, robust solutions that would work on all widely used operating systems. In particular, many vendors have found it extremely difficult to develop packet interceptors for the Windows 95 and Windows 98 operating systems, which are currently very widely used and will remain so for several years to come.
Almost all software products that perform packet interception use intermediate drivers to perform the interception.
FIG. 1
is a simplified block diagram that illustrates the known use of an intermediate driver especially in association with a Windows NT operating system. At the top of
FIG. 1
there is an application program that has a user-mode client part
101
. Between it and a network protocols block
106
there may be intermediaries which are of little significance to the present invention. The network protocols block
106
implements the network protocols, for example the TCP/IP protocol stack. The intermediate driver
107
resides between the protocol stacks and a NIC driver
108
; it is separated from them through the NDIS interface the parts of which are separately shown in
FIG. 1
as
102
and
103
. The NIC driver block
108
is arranged to directly manage a NIC or Network Interface Card
109
. The latter is a hardware component, usually an extension board coupled to the internal parallel bus of a computer. The NIC driver
108
may be referred to more generally as a network adapter. The NIC driver
Haatainen Niko
Kivinen Tero
Kukkonen Jussi
Ylönen Tatu
Fish Ronald Craig
Powell Mark R.
Ronald Craig Fish A Law Corporation
SSH Communications Security Ltd.
Vu Thong
LandOfFree
Method for intercepting network packets in a computing device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for intercepting network packets in a computing device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for intercepting network packets in a computing device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3218361