Firewall providing enhanced network security and user transparency

US 20040103322A1
Filed: 11/07/2003
Published: 05/27/2004
Est. Priority Date: 02/06/1996
Status: Abandoned Application

First Claim

Patent Images

1. A system for providing filtered HTML software over a computer network, the system comprising:

a computer network connection;

an association between client identifiers and IP addresses;

a gateway server, said gateway server having at least one HTML filtering process and being in communication with the association, the gateway server providing at least one filtered HTML page to a client over a computer network, said client being in communication with said gateway server over said computer network connection.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve fall transparency—the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In one aspect, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In another aspect, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.

119 Citations

View as Search Results

25 Claims

1. A system for providing filtered HTML software over a computer network, the system comprising:
- a computer network connection;
  
  an association between client identifiers and IP addresses;
  
  a gateway server, said gateway server having at least one HTML filtering process and being in communication with the association, the gateway server providing at least one filtered HTML page to a client over a computer network, said client being in communication with said gateway server over said computer network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further comprising a database, the database indicating predetermined client capabilities for use by the gateway server.
  - 3. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s display size.
  - 4. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s display resolution.
  - 5. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s storage capabilities.
  - 6. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s animation capabilities.
  - 7. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s content capabilities.
  - 8. The system of claim 2, wherein the predetermined capabilities comprise a client'"'"'s personal computing station'"'"'s audio capabilities.

9. A computer system for performing HTML filtering, the system comprising:
- a gateway, the gateway having at least one virtual host, the at least one virtual host configuring an association between client identifiers, IP addresses, and a process that performs HTML filtering, the gateway being in communication with a client, IP addresses, and HTML filtering process; and
  
  a computer network connection, the computer network connection connecting the computer system to a computer network to allow the gateway to provide filtered HTML to the client over the computer network.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein HTML filtering is performed on a client-by-client basis.

11. A system for testing a set of HTML code provided by a web server, comprising:
- a computer network connection;
  
  an association between client identifiers and IP addresses; and
  
  a gateway server, said gateway server having at least one process for testing HTML and being in communication with said client, said server providing HTML to a client over a computer network, said client being in communication with said gateway server over said computer network connection.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, further comprising a log file, the log file containing test results.
  - 13. The method of claim 11, further comprising a comparison file, the comparison file containing results of a comparison between test results and an expected set of results.

14. A system for testing a set of computer code provided by a web server, comprising:
- a computer network connection;
  
  an association between an asset ID and file type; and
  
  a gateway server, said gateway server having at least one process for testing files for the presence of an asset ID in files transmitted over said computer network connection, said transmitted files matching a file type contained in said association.
- View Dependent Claims (15)
- - 15. The system of claim 14 wherein, for the dynamic information that is extracted, validating the dynamic information includes checking functionality of web-based services utilizing a predetermined test process.

16. A method of testing a functionality of a networked system that provides at least some dynamic information, comprising the steps of:
- emulating a web browser by constructing a request for dynamic information to be sent to a personal computing device;
  
  forwarding the request to the web server;
  
  receiving dynamic information in response to forwarding the request;
  
  parsing the received information into static information;
  
  dynamically proxying the static information; and
  
  validating the static information and the dynamic information received.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16, wherein the static information, if present, is validated by matching the static information with a predetermined set of information.
  - 18. The method of claim 16, wherein the dynamic information is validated by sequentially running a predetermined series of test cases.
  - 19. The method of claim 18, wherein sequencing of the predetermined series of test cases is determined based on results of a previous test case.
  - 20. The method of claim 16, wherein parsing the information received into static information includes comparing information received with a predetermined comparison string, wherein a label inserted into the predetermined comparison string is used to distinguish static information from dynamic information, extracting the dynamic information, and comparing static information of the predetermined comparison string to static information within the received information.
  - 21. The method of claim 20, wherein, for the extracted dynamic information, validating the dynamic information includes checking functionality of web-based services utilizing a predetermined test case.
  - 22. The method of claim 20, wherein validating the dynamic information includes verifying that an ID received for dynamic information is a valid asset ID.
  - 23. The method of claim 20, wherein validating the dynamic information includes assigning a name to a selected portion of the dynamic information received and saving the selected portion under the name.
  - 24. The method of claim 23, further comprising sending another request for dynamic information to be sent to the personal computing device. the another request referencing the name assigned to the selected portion of the dynamic information.

25. A computer-readable medium useful in association with a client computer coupled to a server via a computer network, the computer network providing a network connection for transmitting data from the server to the client computer and from the client computer to the server, the computer-readable medium having computer-executable instructions for tracking information received by a client from a network wherein the information includes at least some dynamic information, the instructions executed to parse the information received into static information, if present, and dynamic information;
- and validate the static information, if present, and the dynamic information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Original Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Inventors
Coley, Christopher D., Wesinger, Ralph E. Jr.

Application Number

US10/703,822
Publication Number

US 20040103322A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

B65B 11/004   in blanks, e.g. sheets prec...

G06F 16/958   Organisation or management ...

G06F 21/42   using separate channels for...

G06Q 20/027   involving a payment switch ...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 61/25   of the same type

H04L 61/2514   between local and global IP...

H04L 61/2521   Translation architectures o...

H04L 61/256   NAT traversal

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 69/164   Adaptation or special uses ...

H04L 9/40 : Network security protocols

View All

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links