Method and system for caching at secure gateways
First Claim
1. A computer gateway for an intranet of computers, comprising:
- a scanner for scanning incoming files from the Internet and deriving security profiles therefor, and the security profiles being lists of computer commands that the files are programmed to perform;
a file cache for storing files;
a security profile cache for storing security profiles for files; and
a security policy cache for storing security policies for intranet computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer gateway for an intranet of computers, including a scanner for scanning incoming files from the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform, a file cache for storing files, a security profile cache for storing security profiles for files, and a security policy cache for storing security policies for client computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. A method and a computer-readable storage medium are also described and claimed.
-
Citations
45 Claims
-
1. A computer gateway for an intranet of computers, comprising:
-
a scanner for scanning incoming files from the Internet and deriving security profiles therefor, and the security profiles being lists of computer commands that the files are programmed to perform;
a file cache for storing files;
a security profile cache for storing security profiles for files; and
a security policy cache for storing security policies for intranet computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for operation of a network gateway for an intranet of computers, comprising:
-
receiving a request from an intranet computer for a file on the Internet;
determining whether the requested file resides within a file cache at the network gateway;
if said determining is affirmative;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform; and
if said determining is not affirmative;
retrieving the requested file from the Internet;
scanning the retrieved file to determine computer commands that the file is programmed to perform;
deriving a security profile for the retrieved file;
storing the retrieved file within the file cache; and
storing the security profile for the retrieved file within a security profile cache;
retrieving a security policy for the intranet computer from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a request from an intranet computer for a file on the Internet;
determining whether the requested file resides within a file cache at the network gateway;
if said determining is affirmative;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform; and
if said determining is not affirmative;
retrieving the requested file from the Internet;
scanning the retrieved file to determine computer commands that the file is programmed to perform;
deriving a security profile for the retrieved file;
storing the retrieved file within the file cache; and
storing the security profile for the retrieved file within a security profile cache;
retrieving a security policy for the intranet computer from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted.
-
-
25. A method for operation of a network gateway for an intranet of computers, comprising:
-
receiving a request from an intranet computer for a file on the Internet;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform;
retrieving a security policy for the intranet computer from a security policy cache at the network gateway, the security policy defining restrictions on files that can be transmitted to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted. - View Dependent Claims (26, 27, 28)
-
-
29. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a request from an intranet computer for a file within the Internet;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform;
retrieving a security policy for the client computer from a security policy cache at the network gateway, the security policy defining restrictions on files that can be transmitted to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted.
-
-
30. A method for operation of a network gateway for an intranet of computers, comprising:
-
retrieving a requested file from the Internet;
scanning the retrieved file to determine computer commands that the file and the web objects are programmed to perform;
deriving a security profile for the retrieved file, the security profile including a list of at least one computer command that the retrieved file is programmed to perform;
storing the retrieved file within a file cache; and
storing the security profile for the retrieved file within a security profile cache. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
retrieving a requested file from the Internet;
scanning the retrieved file to determine computer commands that the file is programmed to perform;
deriving a security profile for the retrieved file, the security profile including a list of at least one computer command that the retrieved file is programmed to perform;
storing the retrieved file within a file cache; and
storing the security profile for the retrieved file within a security profile cache.
-
-
40. A computer gateway for an intranet of computers, comprising:
-
a file cache for storing files;
a security profile cache for storing security profiles for files, the security profiles being lists of computer commands that the files are programmed to perform; and
a security policy cache for storing security policies for intranet computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers.
-
-
41. A method for operation of a network gateway for an intranet of computers, comprising:
-
receiving a request from an intranet computer for a file on the Internet;
determining whether the requested file resides within a file cache at the network gateway;
if said determining is affirmative;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform; and
if said determining is not affirmative;
retrieving the requested file from the Internet;
storing the retrieved file within the file cache; and
storing a security profile for the retrieved file within a security profile cache;
retrieving a security policy for the intranet computer from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted.
-
-
42. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a request from an intranet computer for a file on the Internet;
determining whether the requested file resides within a file cache at the network gateway;
if said determining is affirmative;
retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the file is programmed to perform; and
if said determining is not affirmative;
retrieving the requested file from the Internet;
storing the retrieved file within the file cache; and
storing a security profile for the retrieved file within a security profile cache;
retrieving a security policy for the intranet computer from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to the intranet computer; and
comparing the security profile for the requested file vis a vis the security policy for the intranet computer, to determine whether transmission of the requested file to the intranet computer is to be restricted.
-
-
43. A computer gateway for an intranet of computers, comprising:
-
a scanner for scanning outgoing files from an intranet to the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform; and
a security policy cache for storing security policies for recipient computers within the Internet, the security policies including a list of restrictions for files that are transmitted to recipient computers.
-
-
44. A method for operation of a network gateway for an intranet of computers, comprising:
-
receiving a file from an intranet computer for transmission to a recipient computer on the Internet;
scanning the received file to derive a security profile for the received file, the security profile including a list of at least one computer command that the file is programmed to perform;
retrieving a security policy from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to recipient computers; and
comparing the security profile for the received file vis a vis the security policy, to determine whether transmission of the requested file to the recipient computer is to be restricted.
-
-
45. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a file from an intranet computer for transmission to a recipient computer on the Internet;
scanning the received file to derive a security profile for the received file, the security profile including a list of at least one computer command that the file is programmed to perform;
retrieving a security policy from a security policy cache at the network gateway, the security policy defining restrictions for transmitting files to recipient computers; and
comparing the security profile for the received file vis a vis the security policy, to determine whether transmission of the requested file to the recipient computer is to be restricted.
-
Specification