Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2006-07-11
2006-07-11
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S153000
Reexamination Certificate
active
07076650
ABSTRACT:
A method and apparatus are provided for cooperatively and dynamically sharing a proxy's burden of scanning communications for target content. A network of computer nodes is connected to a firewall through which pass communications with entities external to the network. The firewall includes one or more proxies to facilitate network users' connections with the external entities. The firewall and one or more of the nodes include software modules for scanning one or more types (e.g., FTP, HTTP, SMTP) of communications for particular information or types of data (e.g., computer viruses, ActiveX components, pornography, text). A node having a software module for scanning a communication identifies its scanning capabilities to the firewall. The node may also suggest a class or set of communications that it may scan, which class or set may be defined by its operating parameters or attributes of communications received at the firewall for the node. The firewall negotiates with the node then specifies rules or criteria for determining which communications and under which circumstances the node may scan a communication instead of the firewall. When a communication is received at the firewall and is passed to the proxy, the proxy applies the specified rules to determine which of the proxy and the node should scan the communication. In this manner a substantial amount of communication scanning may be offloaded to individual computer nodes, thereby enhancing or avoiding degradation of the firewall's performance. The division of responsibility between the proxy and any node may be dynamically modified or re-negotiated at virtually any time according to any desired criteria or operating parameters.
REFERENCES:
patent: 5623600 (1997-04-01), Ji et al.
patent: 5884046 (1999-03-01), Antonov
patent: 5889943 (1999-03-01), Ji et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 6003083 (1999-12-01), Davies et al.
patent: 6173311 (2001-01-01), Hassett et al.
patent: 6345299 (2002-02-01), Segal
patent: 6374300 (2002-04-01), Masters
patent: 6415323 (2002-07-01), McCanne et al.
patent: 6732279 (2004-05-01), Hoffman
Unattributed White Paper by Network Associates, Inc., “Adaptive Proxy Firewalls, The Next Generation Firewall Architecture: Eliminating the Speed-vs-Security Compromise,” 10 pages, undated, downloaded from http://www.nai.com/asp—set/buy—try/try/whitepapers.asp on Dec. 21, 1999.
Unattributed White Paper by Network Associates, Inc., “The Active Firewall: The End of the Passive Firewall Era, A Dynamic New Model for Integrated Active Response Firewall Security,” 16 pages, undated, downloaded on Dec. 21, 1999 from http://www.nai.com/asp—set/buy—try/try/whitepapers.asp.
Hamaty Christopher J.
McAfee, Inc.
Peeso Thomas R.
Zilka-Kotab, PC
LandOfFree
System and method for selective communication scanning at a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for selective communication scanning at a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for selective communication scanning at a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3609408