Security checking program for communication between networks

US 20040260810A1
Filed: 06/17/2003
Published: 12/23/2004
Est. Priority Date: 06/17/2003
Status: Active Grant

First Claim

Patent Images

1. A method for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of said networks, said method comprising the steps of:

for each network, storing in a computer readable data base a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network;

for said each network, storing in a computer readable data base a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network;

for said each network, storing in a computer readable data base a record of a type of said each network;

automatically identifying multiple combinations of said networks, each of said combinations comprising a source network and a destination network;

for each of said combinations, based on said records, automatically determining if each of said networks in said each combination is permitted to communicate with the other network in said each combination and what IP protocol(s) are common to both of said networks in said each combination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of the networks. For each network, a computer readable data base stores a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network. For said each network, a computer readable data base stores a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network. For said each network, a computer readable data base stores a record of a type of said each network. Multiple combinations of the networks are automatically identified. Each of the combinations comprises a source network and a destination network. For each of the combinations, based on the records, it is automatically determined if each of the networks in the combination is permitted to communicate with the other network in the combination and what IP protocol(s) are common to both of the networks in the combination.

Citations

10 Claims

1. A method for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of said networks, said method comprising the steps of:
- for each network, storing in a computer readable data base a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network;
  
  for said each network, storing in a computer readable data base a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network;
  
  for said each network, storing in a computer readable data base a record of a type of said each network;
  
  automatically identifying multiple combinations of said networks, each of said combinations comprising a source network and a destination network;
  
  for each of said combinations, based on said records, automatically determining if each of said networks in said each combination is permitted to communicate with the other network in said each combination and what IP protocol(s) are common to both of said networks in said each combination.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as set forth in claim 1 wherein the step of storing a record of IP protocols and destination and source networks comprises the step of storing a record of IP protocols and destination addresses and source addresses, and wherein the step of storing a record of a type of each network comprises the step of storing a table correlating said destination addresses to respective network types and correlating source addresses to respective network types.
  - 3. A method as set forth in claim 1 wherein said IP protocol(s) permitted to be used with said each network for two of said networks in a combination comprises TCP ports, and the determining step includes a comparison of the TCP ports for said two networks.
  - 4. A method as set forth in claim 1 wherein said IP protocol(s) permitted to be used with said each network for two of said networks in a combination comprises UDP ports, and the determining step includes a comparison of the UDP ports for said two networks.
  - 5. A method as set forth in claim 1 wherein said IP protocol(s) permitted to be used with said each network for two of said networks in a combination comprises ICMP codes and types, and the determining step includes a comparison of the ICMP codes and types for said two networks.
  - 6. A method as set forth in claim 1 wherein the step of automatically determining if each of said networks in said each combination is permitted to communicate with the other network in said each combination comprises the step of comparing the type of said other network to the record of types of other networks permitted to communicate to said each network.

7. A system for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of said networks, said system comprising:
- for each network, means for storing in a computer readable data base a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network;
  
  for said each network, means for storing in a computer readable data base a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network;
  
  for said each network, means for storing in a computer readable data base a record of a type of said each network;
  
  means for automatically identifying multiple combinations of said networks, each of said combinations comprising a source network and a destination network; and
  
  for each of said combinations, means, based on said records, for automatically determining if each of said networks in said each combination is permitted to communicate with the other network in said each combination and what IP protocol(s) are common to both of said networks in said each combination.
- View Dependent Claims (8)
- - 8. A system as set forth in claim 7 wherein the means for storing a record of IP protocols and destination and source networks comprises means for storing a record of IP protocols and destination addresses and source addresses, and wherein the means for storing a record of a type of each network comprises means for storing a table correlating said destination addresses to respective network types and correlating source addresses to respective network types.

9. A computer program product for determining if a multiplicity of networks are authorized to communicate with each other and what IP protocol can be used for communication between each combination of two of said networks, said computer program product comprising:
- a computer readable medium;
  
  for each network, first program instructions to store in a computer readable data base a record of (a) IP protocol(s) permitted to be used with said each network and (b) types of other networks permitted to communicate to said each network;
  
  for said each network, second program instructions to store in a computer readable data base a record of IP protocols and destination and source networks permitted by a respective firewall or router for said each network;
  
  for said each network, third program instructions to store in a computer readable data base a record of a type of said each network;
  
  fourth program instructions to automatically identify multiple combinations of said networks, each of said combinations comprising a source network and a destination network;
  
  for each of said combinations, fifth program instructions, based on said records, to automatically determine if each of said networks in said each combination is permitted to communicate with the other network in said each combination and what IP protocol(s) are common to both of said networks in said each combination; and
  
  wherein said first, second, third, fourth and fifth program instructions are recorded on said medium.
- View Dependent Claims (10)
- - 10. A computer program product as set forth in claim 9 wherein the first program instructions to store a record of IP protocols and destination and source networks comprises sixth program instructions to store a record of IP protocols and destination addresses and source addresses, and wherein the third program instructions to store a record of a type of each network comprises seventh program instructions to store a table correlating said destination addresses to respective network types and correlating source addresses to respective network types.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Bernoth, Andrew John

Granted Patent

US 7,318,097 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

Security checking program for communication between networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Security checking program for communication between networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links