Information security – Access control or authentication – Network
Reexamination Certificate
2005-12-22
2011-10-11
Smithers, Matthew B (Department: 2437)
Information security
Access control or authentication
Network
C726S022000, C726S026000, C713S153000, C713S160000, C713S168000
Reexamination Certificate
active
08037517
ABSTRACT:
Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all of the rules in the rule set.
REFERENCES:
patent: 6484261 (2002-11-01), Wiegel
patent: 6662235 (2003-12-01), Callis et al.
patent: 7089581 (2006-08-01), Nagai et al.
patent: 7107613 (2006-09-01), Chen et al.
patent: 7227842 (2007-06-01), Ji et al.
patent: 7237267 (2007-06-01), Rayes et al.
patent: 7263099 (2007-08-01), Woo et al.
patent: 7299353 (2007-11-01), Le Pennec et al.
patent: 7331061 (2008-02-01), Ramsey et al.
patent: 2002/0038339 (2002-03-01), Xu
patent: 2002/0165949 (2002-11-01), Na et al.
patent: 2003/0120622 (2003-06-01), Nurmela et al.
patent: 2004/0010712 (2004-01-01), Hui et al.
patent: 2004/0177139 (2004-09-01), Schuba et al.
patent: 2004/0193943 (2004-09-01), Angelino et al.
patent: 2005/0125697 (2005-06-01), Tahara
patent: 2005/0183140 (2005-08-01), Goddard
patent: 2005/0229246 (2005-10-01), Rajagopal et al.
patent: 2005/0251570 (2005-11-01), Heasman et al.
patent: 2006/0104202 (2006-05-01), Reiner
patent: 2006/0248580 (2006-11-01), Fulp et al.
patent: 2008/0301765 (2008-12-01), Nicol et al.
patent: 2009/0138938 (2009-05-01), Harrison et al.
patent: WO 2006/093557 (2006-09-01), None
Fulp “Firewall Architectures for High Speed Networks” U.S. Department of Energy Grant Application, Sep. 2003.
Lee et al., “Development Framework for Firewall Processors”, IEEE, 2002, pp. 352-355.
Notification of Transmittal of the International Search Report and The Written Opinion of the International Searching Authority, or the Declaration for International Application No. PCT/US05/47008 (Sep. 11, 2006).
E. Fulp, “Optimization of Network Firewall Policies Using Ordered Sets and Directed Acyclical Graphs”, Proceedings of IEEE Internet Management Conference, 2005.
E. Fulp et al., “Network Firewall Policy Tries”, Technical Report, Computer Science Department, Wake Forest University, Jun. 2005.
E. Al-Shaer et al., “Modeling and Management of Firewall Policies”,IEEE Transactions on Network and Service Management, 1(1): 2004.
E.W. Fulp, “Firewall Architectures for High Speed Networks”, U.S. Department of Energy Grant Application Funded Sep. 2003.
E. Al-Shaer et al., “Firewall Policy Advisor for Anomaly Discovery and Rule Editing”,Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, 2003.
V.P. Ranganath, “A Set-Based Approach to Packet Classification”,Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Systems, 889-894, 2003.
M. Christiansen et al., “Using IDDs for Packet Filtering”,Technical Report, BRICS, Oct. 2002.
L.Qui et al., “Fast Firewall Implementations for Software and Hardware-Based Routers”,Proceedings of ACM Sigmetrics, Jun. 2001.
D. Eppstein et al., “Internet Packet Filter Management and Rectangle Geometry”,Proceedings of the Symposium on Discrete Algorithms, 827-835, 2001.
Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration of International Application No. PCT/US06/11291 (Jul. 3, 2008).
Notification of Transmittal of the International Search Report and The Written Opinion of the International Searching Authority, or the Declaration for International Application No. PCT/US05/47008 (Sep. 11, 2006).
E. Fulp, “Optimization of Network Firewall Policies Using Ordered Sets and Directed Acyclical Graphs”, Technical Report, Computer Science Department, Wake Forest University, Jan. 2004.
E. Fulp et al., “Network Firewall Policy Tries”, Technical Report, Computer Science Department, Wake Forest University, 2004.
E. Al-Shaer et al., “Modeling and Management of Firewall Policies”,IEEE Transactions on Network and Service Management, 1(1): 2004.
E.W. Fulp, “Firewall Architectures for High Speed Networks”,U.S. Department of Energy Grant Application, Funded Sep. 2003.
E. Al-Shaer et al., “Firewall Policy Advisor for Anomaly Discovery and Rule Editing”,Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management, 2003.
V.P. Ranganath, “A Set-Based Approach to Packet Classification”,Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Systems, 889-894, 2003.
M. Christiansen et al., “Using IDDs for Packet Filtering”,Technical Report, BRICS, Oct. 2002.
L.Qui et al., “Fast Firewall Implementations for Software and Hardware-Based Routers”,Proceedings of ACM Sigmetrics, Jun. 2001.
D. Eppstein et al., “Internet Packet Filter Management and Rectangle Geometry”,Proceedings of the Symposium on Discrete Algorithms, 827-835, 2001.
E. Fulp, “Preventing Denial of Service Attacks on Quality of Service”,Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II, 2001.
S. Goddard et al., “An Unavailability Analysis of Firewall Sandwich Configurations”,Proceedings of the 6thIEEE Symposium on High Assurance Systems Engineering, 2001.
G.V. Rooij, “Real Stateful TCP Packet Filtering in IP Filter”,Proceedings of the 10thUSENIX Security Symposium, 2001.
P. Warkhede et al., “Fast Packet Classification for Two-Dimensional Conflict-Free Filters”,Proceedings of IEEE INFOCOM, 1434-1443, 2001.
D. Decasper et al., “Router Plugins: A Software Architecture for Next-Generation Routers”,IEEE/ACM Transactions on Networking, 8(1): Feb. 2000.
A. Feldmann et al., “Tradeoffs for Packet Classification”,Proceedings of the IEEE INFOCOM, 397-413, 2000.
X. Gan et al., “LSMACvs.LSNAT: Scalable Cluster-based Web servers”;Journal of Networks, Software Tools, and Applications, 3(3): 175-185, 2000.
A. Hari et al., “Detecting and Resolving Packet Filter Conflicts”,Proceedings of IEEE INFOCOM, 1203-1212, 2000.
O. Paul et al., “A Full Bandwidth ATM Firewall”,Proceedings of the 6thEuropean Symposium on Research in Computer Security ESORICS'2000, 2000.
J. Xu et al., “Design and Evaluation of a High-Performance ATM Firewall Switch and Its Applications”IEEE Journal on Selected Areas in Communications, 17(6): 1190-1200, Jun. 1999.
C. Benecke, “A Parallel Packet Screen for High Speed Networks”,Proceedings of the 15thAnnual Computer Security Applications Conference, 1999.
R. Funke et al., “Performance Evaluation of Firewalls in Gigabit-Networks”,Proceedings of the Symposium on Performance Evaluation of Computer and Telecommunication Systems, 1999.
S. Suri et al., “Packet Filtering in High Speed Networks”,Proceedings of the Symposium on Discrete Algorithms, 969-970, 1999.
U. Ellermann et al., “Firewalls for ATM Networks”,Proceedings of INFOSEC'COM, 1998.
V. Srinivasan et al., “Fast and Scalable Layer Four Switching”,Proceedings of ACM SIGCOMM, 191-202, 1998.
M. Degermark et al., “Small Forwarding Tables for Fast Routing Lookups”,Proceedings of ACM SIGCOMM4-13, 1997.
S.M. Bellovin et al., “Network Firewalls”,IEEE Communications Magazine, 50-57, 1994.
W.E. Leland et al.,“On the Self-Similar Nature of Ethernet Traffic”,IEEE Transactions on Networking, 2(1); 15, 1994.
G. Brightwell et al., “Counting Linear Extensions is #P-Complete”,Proceedings of the Twenty-Third
Farley Ryan J.
Fulp Errin W.
Gelagay Shewaye
Jenkins Wilson Taylor & Hunt, P.A.
Smithers Matthew B
Wake Forest University
LandOfFree
Method, systems, and computer program products for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, systems, and computer program products for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, systems, and computer program products for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4263639