Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-02-03
2004-07-13
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S151000, C713S152000, C713S153000, C713S152000, C709S223000, C709S224000, C709S225000, C709S229000, C709S230000
Reexamination Certificate
active
06763467
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a system and method conducted within a single computer for intercepting, examining and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application; and more specifically for protecting the computer from invasion by viruses, trojan horses, worms and other hostile algorithms.
BACKGROUND OF THE INVENTION
The rise of the Internet and networking technologies has resulted in the widespread sharing of data between computers. This data is not always what it seems to be. Data that is accessed on a remote machine and downloaded to a computer system can contain hostile algorithms that can potentially destroy data, crash the system, corrupt data or worse. Some of these hostile algorithms are viruses, worms, and trojan horses. Viruses are computer programs that parasitically copy themselves into other programs. Worms are independent programs that reproduce by copying themselves from one computer to another over a network. Worms, unlike viruses are not parasitic. Trojan horses are code fragments that hide inside of program that appears to do something else. Quite often Trojan horses hide inside of utility programs or other popular programs that are downloaded. The existing program often performs a useful function while masking the presence of the internal trojan horse. Finally, it is possible for a person to manually enter commands or to direct byte streams to a computer over a network with hostile intent.
Virus, worms, and trojan horses can infect an internal network or single computer system when the internal network or computer system executes a program from the external network that contains the hostile algorithm. All binary executables, unreviewed shell scripts, and source code accessed from an external network may contain worms, viruses, or trojan horses. In addition, outside binary executables, shell scripts, and scanned source code may enter an internal network or single computer system through an E-mail attachment. Also, executables can be directly accessed from an external network through the IFTP program, a world-wide web browser, or an outside contractor whose network already has been compromised.
Firewalls and proxy servers are well known means for protecting an internal network or single computer system from hostile algorithms from an external network. When a firewall is installed, all communication from the external network is routed through a proxy server outside of the internal network, and the proxy server determines whether a particular message or file is authorized to pass through to the internal network.
Reference is now made to
FIG. 1
, which is a block diagram of a computer information system utilizing a firewall between external and internal network systems. The computer information system
10
contains an external network
11
, which may include the internet, which is accessible by hackers
20
or computer viruses
21
. Generally, hackers
20
are persons who gain unauthorized access to a computer system. The external network
11
is connected to the firewall by a first incoming bus
12
and a first outgoing bus
13
. The bus comprises specialized groups of lines that carry different types of information. A bus has a specific bandwidth, which is the data transfer capacity of a digital communications system. The first incoming bus
12
sends data to the firewall
14
. The firewall
14
determines which data is authorized to be transmitted to the internal network
17
. The data transferred from the firewall
14
to the internal network is transferred via a second incoming bus
15
. In addition, data is sent from the internal network
17
to the firewall
14
via a second outgoing bus
16
. Once the data has been transferred to the internal network
17
, it can be accessed by users
18
and
19
of the internal network.
In a functional firewall computer system
10
, hostile algorithms invading the external network
11
by hackers
20
or computer viruses
21
are transported via the first incoming bus
12
to the firewall
14
. Once processed by the firewall
14
, the hostile algorithms are denied authorization to flow via second incoming bus
15
to the internal network
17
. As a result, the users
18
and
19
of the internal network
17
are not subjected to the problems that can be caused by hostile algorithms.
Generally, the bandwidth of the buses
12
and
13
between the external network
11
and the firewall
14
is equal to the bandwidth of the buses
15
and
16
between the internal network
17
and the firewall
14
.
Typical of such firewall systems includes, for example, U.S. Pat. Nos. 5,550,984 to Gelb; 5,623,600 to Ji et al; and 5,815,571 to Finley, all of which are incorporated herein by reference.
Unfortunately, all of the computer systems that utilized firewalls impose a number of disadvantages on the entire system. Initially, the firewalls must be placed at the “choke point” at which an outside network enters the internal network. This creates a problem in that the firewall becomes a central point of failure, whereby if the firewall fails, the entire connection to the external network fails. In addition, since the bandwidth of the connection between the internal network and the firewall normally is equal to the bandwidth of the connection between the firewall and the external network, the firewall will add latency to the connection by performing its function. This latency normally increases the demand on bandwidth utilization. Very often, the firewall latency will cause utilization of the available bandwidth to degrade such that all available bandwidth cannot be utilized. This can occur either linearly or logarithmically depending upon the specific implementation of the firewall, speed of the bus connections, and resource availability within the firewall.
Another disadvantage is that the connection to the external network is normally limited by the available bandwidth purchased on a detected communications circuit.
Finally, since a firewall does not exist between the users on the internal network, another one of the users of the network can attack the internal system. It is an observation within the security industry that 80% of all attacks against a system originate on the internal network while only 20% of attacks originate from an external network.
Accordingly, it is an object of the current invention to provide a computer intercepting system and method that does not utilize a firewall, or other form of proxy server.
It is another object of the current invention to provide a computer intercepting system and method that does not have a central point of failure.
It is a further object of this current invention to provide a computer intercepting system and method that will not add latency to the system.
Also, it is an object of the current invention to enable all of the bandwidth to be utilized while the computer security system is being accessed.
It is yet another object of the current invention to provide protection from attacks by users on the internal network.
Other objects and advantages of this invention will become apparent from the description taken in connection with the accompanying drawings that are presented by way of illustration and example.
SUMMARY OF THE INVENTION
These and other objects of the present invention are provided by a computer system and method for intercepting, examining, and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application. Preferably, the computer system and method operates on a single computer system. The system and method protect the computer from invasion by viruses, trojan horses, worms, and other hostile algorithms.
The method of this invention preferably operates within a single computer system. Advantageously, the data streams that pass from the transport layer of an operating system to the user application or from the user application to the transport layer must be intercepted by the novel networ
Harding David J.
Radatti Peter V.
CyberSoft, Inc.
Jackson Jenise
Sheikh Ayaz
LandOfFree
Network traffic intercepting method and system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network traffic intercepting method and system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network traffic intercepting method and system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3251200