Information security – Access control or authentication – Network
Reexamination Certificate
2006-11-28
2006-11-28
Revak, Christopher (Department: 2131)
Information security
Access control or authentication
Network
C709S224000, C726S001000
Reexamination Certificate
active
07143438
ABSTRACT:
The invention provides improved computer network firewalls which include one or more features for increased processing efficiency. A firewall in accordance with the invention can support multiple security policies, multiple users or both, by applying any one of several distinct sets of access rules. The firewall can also be configured to utilize “stateful” packet filtering which involves caching rule processing results for one or more packets, and then utilizing the cached results to bypass rule processing for subsequent similar packets. To facilitate passage to a user, by a firewall, of a separate later transmission which is properly in response to an original transmission, a dependency mask can be set based on session data items such as source host address, destination host address, and type of service. The mask can be used to query a cache of active sessions being processed by the firewall, such that a rule can be selected based on the number of sessions that satisfy the query. Dynamic rules may be used in addition to pre-loaded access rules in order to simplify rule processing. To unburden the firewall of application proxies, the firewall can be enabled to redirect a network session to a separate server for processing.
REFERENCES:
patent: 5550984 (1996-08-01), Gelb
patent: 5606668 (1997-02-01), Shwed
patent: 5623601 (1997-04-01), Vu
patent: 5826014 (1998-10-01), Coley et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5842040 (1998-11-01), Hughes et al.
patent: 5848233 (1998-12-01), Radia et al.
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 6098172 (2000-08-01), Coss et al.
patent: 6154775 (2000-11-01), Coss et al.
patent: 6170012 (2001-01-01), Coss et al.
patent: 0 743 777 (1996-11-01), None
patent: 0 856 974 (1998-08-01), None
patent: WO 97/00471 (1997-01-01), None
patent: WO 97/02734 (1997-01-01), None
patent: WO 97/49038 (1997-12-01), None
Press Release, “EliaShim Ltd. Announces CVP-Compliant Anti-Virus Plug-In for Check Point FireWall-1,” pp. 1-2, Feb. 17, 1997.
Check Point FireWall-1™, OPSEC Open Specification, Version 1.01, Check Point Software Technologies Ltd., pp. 1-72, Nov. 1998.
E. Amoroso et al., “PCWEEK Intranet and Internet Firewall Strategies,” Ziff-Davis Press, 1996.
Coss Michael John
Majette David L.
Sharp Ronald L.
Lucent Technologies - Inc.
Revak Christopher
LandOfFree
Methods and apparatus for a computer network firewall with... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for a computer network firewall with..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for a computer network firewall with... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3692600