Patent
1996-12-12
1999-06-22
Palys, Joseph E.
G06F 1100
Patent
active
059150874
ABSTRACT:
A proxy which is part of a firewall program controls exchanges of messages between two application entities. The proxy interrogates attempts to send a communication session by requesting entities with a server entity in accordance with defined authentication procedures. The Proxy interfaces with networking software to direct a communication stack to monitor connection messages to any address on specific ports. The requestor's address, and the server's address are extracted from the messages and checked fo compliance with a security policy such as one including an access control list. If either address is invalid, the proxy deletes the message. If both are valid, the message is relayed, and the ports used are tracked for a predetermined time. Reply messages are then sent using the address of the server entity so that the proxy is transparent to the requester.
REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4104721 (1978-08-01), Markstein et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4442484 (1984-04-01), Childs, Jr. et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4648031 (1987-03-01), Jenner
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4870571 (1989-09-01), Frink
patent: 4885789 (1989-12-01), Burger
patent: 5093914 (1992-03-01), Coplien et al.
patent: 5124984 (1992-06-01), Engel
patent: 5153918 (1992-10-01), Tuai
patent: 5204961 (1993-04-01), Barlow
patent: 5228083 (1993-07-01), Lozowick et al.
patent: 5263147 (1993-11-01), Francisco et al.
patent: 5272754 (1993-12-01), Boebert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5303303 (1994-04-01), White
patent: 5305385 (1994-04-01), Schanning et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5333266 (1994-07-01), Boaz et al.
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5485460 (1996-01-01), Schrier et al.
patent: 5511122 (1996-04-01), Atkinson
patent: 5530758 (1996-06-01), Marino, Jr. et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5586260 (1996-12-01), Hu
patent: 5604490 (1997-02-01), Blakley, III et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5608720 (1997-03-01), Biegel et al.
patent: 5615340 (1997-03-01), Dai et al.
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5644571 (1997-07-01), Seaman
patent: 5671279 (1997-09-01), Elgamal
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5699513 (1995-03-01), Feigen et al.
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5781550 (1998-07-01), Templin et al.
International Search Report, PCT Application No. PCT/US 95/12681, 8 p. (mailed Apr. 9, 1996).
News Release: "100% of Hackers Failed to Break Into One Internet Site Protected by Sidewinder.TM.", Secure Computing Corporation (Feb. 16, 1995).
News Release: "Internet Security System Given `Product of the Year` Award", Secure Computing Corporation (Mar. 28, 1995).
News Release: "Satan No Threat to Sidewinder (tm)", Secure Computing Corporation (Apr. 26, 1995).
"Answers to Frequently Asked Questions About Network Security", Secure Computing Corporation, pp. 1-41 & pp. 1-16 (Sep. 25, 1994).
"Sidewinder Internals", Product information, Secure Computing Corporation, 16 p. (Oct. 1994).
"Special Report: Secure Computing Corporation and Network Security", Computer Select, 13 p. (Dec. 1995).
Adam, J.A., "Meta-Matrices", IEEE Spectrum, p. 26 (Oct. 1992).
Adam, J.A., "Playing on the Net", IEEE Spectrum, p. 29 (Oct. 1992).
Ancilotti, P., et al., "Language Features for Access Control", IEEE Transactions on Software Engineering, SE-9, 16-25 (Jan. 1983).
Atkinson, R., "IP Authentication Header", Network Working Group, Request For Comment No. 1826, http//ds.internic.net/rfc/rfc1826.txt, 9 p. (Aug. 1995).
Atkinson, R., "IP Encapsulating Security Payload (ESP)", Network Working Group, Request For Comment No. 1827, http//ds.internic.net/rfc/rfc1827.txt, 12 p. (Aug. 1995).
Atkinson, R., "Security Architecture for the Internet Protocol", Network Working Group, Request for Comment No. 1825, http//ds.internic.net/rfc/ rfc1825.txt, 21 p. (Aug. 1995).
Baclace, P.E., "Competitive Agents for Information Filtering", Communications of the ACM, 35, 50 (Dec. 1992).
Badger, L., et al., "Practical Domain and Type Enforcement for UNIX", Proceedings of the 1995 IEEE Symposium on Security and Privacy, pp. 66-77 (May 1995).
Belkin, N.J., et al., "Information Filtering and Information Retrieval: Two Sides of the Same Coin?", Communications of the ACM, 35, 29-38 (Dec. 1992).
Bellovin, S.M., et al., "Network Firewalls", IEEE Communications Magazine, 32, 50-57 (Sep. 1994).
Bevier, W.R., et al., "Connection Policies and Controlled Interference", Proceedings of the Eighth IEEE Computer Security Foundations Workshop, Kenmare, Ireland, pp. 167-176 (Jun. 13-15, 1995).
Bowen, T.F., et al., "The Datacycle Architecture", Communications of the ACM, 35, 71-81 (Dec. 1992).
Bryan, J., "Firewalls For Sale", BYTE, 99-100, 102, 104-105 (Apr. 1995).
Cobb, S., "Establishing Firewall Policy", IEEE, 198-205 (1996).
Damashek, M., "Gauging Similarity with n-Grams: Language-Independent Categorization of Text", Science, 267, 843-848 (Feb. 10, 1995).
Dillaway, B.B., et al., "A Practical Design For A Multilevel Secure Database Management System", American Institute of Aeronautics and Astronautics, Inc., pp. 44-57 (Dec. 1986).
Fine, T., et al., "Assuring Distributed Trusted Mach", Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 206-218 (1993).
Foltz, P.W., et al., "Personalized Information Delivery: An Analysis of Information Filtering Methods", Communications of the ACM, 35, 51-60 (Dec. 1992).
Gassman, B., "Internet Security, and Firewalls Protection on the Internet", IEEE, 93-107 (1996).
Goldberg, D., et al., "Using Collaborative Filtering to Weave an Information Tapestry", Communications of the ACM, 35, 61-70 (Dec. 1992).
Grampp, F.T., "UNIX Operating System Security", AT&T Bell Laboratories Technical Journal, 63, 1649-1672 (Oct. 1984).
Greenwald, M., et al., "Designing an Academic Firewall: Policy, Practice, and Experience with SURF", IEEE, 79-92 (1996).
Haigh, J.T., et al., "Extending the Noninterference Version of MLS for SAT", Proceedings of the 1986 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 232-239 (Apr. 7-9, 1986).
Karn, P., et al., "The ESP DES-CBC Transform", Network Working Group, Request for Comment No. 1829, http//ds.internic.net/rfc/rfc1829.txt, 9 p. (Aug. 1995).
Kent, S.T., "Internet Privacy Enhanced Mail", Communications of the ACM, 36, 48-60 (Aug. 1993).
Lampson, B.W., et al., "Dynamic Protection Structures", AFIPS Conference Proceedings, 35, 1969 Fall Joint Computer Conference, Las Vegas, NV, 27-38 (Nov. 18-20, 1969).
Lee, K.C., et al., "A Framework for Controlling Cooperative Agents", Computer, 8-16 (Jul. 1993).
Loeb, S., "Architecting Personalized Delivery of Multimedia Information", Communications of the ACM, 35, 39-48 (1992).
Loeb, S., et al., "Information Filtering", Communications of the ACM, 35, 26-28 (Dec. 1992).
McCarthy, S.P., "Hey Hackers| Secure Computing Says You Can't Break into This Telnet Site", Computer Select, 2 p. (Dec. 1995).
Merenbloom, P., "Network `Fire Walls` Safeguard LAN Data from Outside Intrusion", Infoworld, pp. 69 & addnl. page (July 25, 1994).
Metzger, P., et al., "IP Authentication using Keyed MD5", Network Working Group, Request for Comments No. 1828, http//ds.internic.net/rfc/rfc1828.txt, 5 p. (Aug. 1995).
Obraczka, K., et al., "Internet Resource Discovery Services", Computer, 8-22 (Sep. 1993).
Press, L., "The Net: Progress and Opportunity", Communications of the ACM, 35, 21-25 (Dec. 1992).
Schroeder, M.D., et al., "A Hardware Archite
Hammond Scott
Stockwell Edward B.
Young Jeffery
Elisca Pierre E.
Palys Joseph E.
Secure Computing Corporation
LandOfFree
Transparent security proxy for unreliable message exchange proto does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Transparent security proxy for unreliable message exchange proto, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Transparent security proxy for unreliable message exchange proto will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1714039