Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1996-09-18
1999-11-09
Kim, Kenneth S.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
380 49, 709225, 709249, H04K 100
Patent
active
059833505
ABSTRACT:
A system and method for regulating the flow of messages through a firewall having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer, the method comprising establishing a security policy, determining, at the IP layer, if a message is encrypted, if the message is not encrypted, passing the unencrypted message up the network protocol stack to an application level proxy, and if the message is encrypted, decrypting the message and passing the decrypted message up the network protocol stack to the application level proxy, wherein decrypting the message includes executing a process at the IP layer to decrypt the message.
REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4104721 (1978-08-01), Markstein et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4442484 (1984-04-01), Childs, Jr. et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4648031 (1987-03-01), Jenner et al.
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4870571 (1989-09-01), Frink
patent: 4885789 (1989-12-01), Burger et al.
patent: 5093914 (1992-03-01), Coplien et al.
patent: 5124984 (1992-06-01), Engel
patent: 5153918 (1992-10-01), Tuai
patent: 5204961 (1993-04-01), Barlow
patent: 5228083 (1993-07-01), Lozowick et al.
patent: 5263147 (1993-11-01), Francisco et al.
patent: 5272754 (1993-12-01), Boebert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5303303 (1994-04-01), White
patent: 5305385 (1994-04-01), Schanning et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5333266 (1994-07-01), Boaz et al.
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5485460 (1996-01-01), Schrier et al.
patent: 5511122 (1996-04-01), Atkinson
patent: 5530758 (1996-06-01), Marino, Jr. et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5586260 (1996-12-01), Hu
patent: 5604490 (1997-02-01), Blakley, III et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5615340 (1997-03-01), Dai et al.
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5644571 (1997-07-01), Seaman
patent: 5671279 (1997-09-01), Elgalmal et al.
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5706507 (1998-01-01), Schloss
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5781550 (1998-07-01), Templin et al.
White, L.J., et al., "A Firewall Concept for Both Control-Flow and Data-Flow in Regression Integration Testing", IEEE, 262-271 (1992).
Merenbloom, P., "Network `Fire Walls` Safeguard LAN Data from Outside Intrusion", Infoworld, p. 69 (Jul. 25, 1994).
Metzger, P., et al., "IP Authentication using Keyed MD5", RFC 1828, Piermont Information Services, Inc., New York, NY, http//ds.internic.net/rfc/rfc1828.txt, 6 p. (Aug. 1995).
Obraczka, K., et al., "Internet Resource Discovery Services", Computer, 26, 8-22 (Sep. 1993).
Press, L., "The Net: Progress and Opportunity", Communications of the ACM, 35, 21-25 (Dec. 1992).
Schroeder, M.D., et al., "A Hardware Architecture for Implementing Protection Rings", Communications of the ACM, 15, 157-170 (Mar. 1972).
Schwartz, M.F., "Internet Resource Discovery at the University of Colorado", Computer, 26, 25-35 (Sep. 1993).
Smith, R.E., "Sidewinder: Defense in Depth Using Type Enforcement", International Journal of Network Management, 219-229, (Jul.-Aug. 1995).
Thomsen, D., "Type Enforcement: The New Security Model", Proceedings of the SPIE, Multimedia: Full-Service Impact on Business, Education and the Home, vol. 2617, Philadelphia, PA, 143-150 (Oct. 23-24, 1995).
Warrier, U.S., et al., "A Platform for Heterogeneous Interconnection Network Management", IEEE Journal on Selected Areas in Communications, 8, 119-126 (Jan. 1990).
Wolfe, A, "Honeywell Builds Hardware for Computer Security", Electronics, 14-15 (Sep. 2, 1985).
Damashek, M., "Gauging Similarity with n-Grams: Language-Independent Categorization of Text", Science, 267, 843-848 (Feb. 10, 1995).
Dillaway, B.B., et al., "A Practical Design For A Multilevel Secure Database Management System", American Institute of Aeronautics and Astronautics, Inc., 44-57 (Dec. 1986).
Fine, T., et al., "Assuring Distributed Trusted Mach", Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 206-218 (1993).
Foltz, P.W., et al., "Personalized Information Delivery: An Analysis of Information Filtering Methods", Communication of the ACM, 35, 51-60 (Dec. 1992).
Goldberg, D., et al., "Using Collaborative Filtering to Weave an Information Tapestry", Communications of the ACM, 35, 61-70 (Dec. 1992).
Grampp, F.T., "UNIX Operating System Security", AT&T Bell Laboratories Technical Journal, 63, 1649-1672 (Oct. 1984).
Haigh, J.T., et al., "Extending the Non-Interference Version of MLS for SAT", Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, 232-239 (Apr. 7-9, 1986).
Karn, P., et al., "The ESP DES-CBC Transform", RFC 1829, Qualcomm, Inc., San Diego, CA, http//ds.internic.net/rfc/rfc1829.txt, 11 p. (Aug. 1995).
Kent, S.T., "Internet Privacy Enhanced Mail", Communications of the ACM, 36, 48-60 (Apr. 1993).
Lampson, B.W., "Dynamic Protection Structures", AFIPS Conference Proceedings, vol. 35, 1969 Fall Joint Computer Conference, Las Vegas, NV, 27-38 (Nov. 18-20, 1969).
Lee, K.-C., et al., "A Framework for Controlling Cooperative Agents", Computer, 8-16 (Jul. 1993).
Loeb, S., "Architecting Personalized Delivery of Multimedia Information", Communications of the ACM, 35, 39-50 (Dec. 1992).
Loeb, S., et al., "Information Filtering," Communications of the ACM, 35, 26-28 (Dec. 1992).
PCT Search Report, Application No. PCT/US 95/12681, 8 p. (Apr. 4, 1996).
"Sidewinder Internals", Product Information, Secure Computing Corporation, 16 p. (Oct. 12, 1994).
"Special Report: Secure Computing Corporation and Network Security", Computer Select, 13 p. (Dec. 1995).
Cobb, S., "Establishing Firewall Policy", IEEE, 198-205 (1996).
Gassman, B., "Internet Security, and Firewalls Protection on the Internet", IEEE, 93-107 (1996).
Greenwald, M., et al., "Designing an Academic Firewall: Policy, Practice, and Experience with SURF", IEEE, 79-92 (1996).
McCarthy, S.P., "Hey Hackers! Secure Computing Says You Can't Break into This Telnet Site", Computer Select, 2 p. (Dec. 1995).
Peterson, L.L., et al., Computer Networks: A Systems Approach, Morgan Kaufmann Publishers, Inc., San Francisco, CA, pp. 218-221, 284-286 (1996).
Smith, R.E., "Constructing a High Assurance Mail Guard", Secure Computing Corporation (Appeared in the Proceedings of the National Computer Security Conference), 7 p. (1994).
Stempel, S., "IpAccess--An Internet Service Access System for Firewall Installations", IEEE, 31-41 (1995).
"SATAN No Threat to Sidewinder.TM.", News Release, Secure Computing Corporation (Apr. 26, 1995).
"Answers to Frequently Asked Questions About Network Security", Secure Computing Corporation, 41 p. (1994).
Adam, J.A., "Meta-matrices", IEEE Spectrum, 26-27 (Oct. 1992).
Adam, J.A., "Playing on the Net", IEEE Spectrum, 29 (Oct. 1992).
Ancilotti, P., et al., "Language Features for Access Control", IEEE Transactions on Software Engineering, SE-9, 16-25 (Jan. 1983).
Atkinson, R., "IP Authentication Header", RFC 1826, Naval Research Laboratory, Washington, D.C., http/ds.internic.net/rfc/rfc1826.txt, 13 p. (Aug. 1995).
Atkinson, R., "IP Encapsulating Security Payload (ESP)", RFC 1827, Naval Research Laboratory, Washington, D.C., http//ds.internic.net/rfc/rfc1827.txt, 12 p. (Aug. 1995).
Atkinson, R., "Security Architecture for the Internet Protocol", RFC 1825, Naval Research Laboratory, Washington, D.C., http//ds.internic.net/rfc/rfc1825.txt, 21 p. (Aug. 1995).
Badger, L., et al., "P
de Jongh Troy
Minear Spence
Stockwell Edward B.
Kim Kenneth S.
Secure Computing Corporation
LandOfFree
Secure firewall supporting different levels of authentication ba does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure firewall supporting different levels of authentication ba, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure firewall supporting different levels of authentication ba will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1470546