System and method for intrusion prevention in a communications network
First Claim
1. A method for preventing intrusion in a communications network having a plurality of nodes, comprising the steps of:
- initiating a request for network services by a source node;
constructing a transformed packet header and transmitting a synchronization packet with the transformed packet header to a destination node;
authenticating the received packet by examination of the transformed packet header;
releasing the authenticated packet to the destination node; and
reforming the transformed packet header at the destination node.
4 Assignments
0 Petitions
Accused Products
Abstract
A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its, intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value. The extracted key index is subsequently used to transform the packet header in the response transmitted to the source node.
-
Citations
117 Claims
-
1. A method for preventing intrusion in a communications network having a plurality of nodes, comprising the steps of:
-
initiating a request for network services by a source node;
constructing a transformed packet header and transmitting a synchronization packet with the transformed packet header to a destination node;
authenticating the received packet by examination of the transformed packet header;
releasing the authenticated packet to the destination node; and
reforming the transformed packet header at the destination node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 70, 71, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 84, 87, 88, 89, 90, 91, 93, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117)
-
-
33. A method for providing trusted communications between a source device and a destination device in a communications network, comprising the steps of:
-
initiating a request for a communications session at the source device;
constructing a transformed packet header and transmitting a synchronization packet including the transformed packet header to the destination device;
receiving the synchronization packet at the destination device;
reforming the transformed packet header at the destination device; and
constructing a transformed packet header and transmitting an acknowledgement response including the transformed packet header to the source device. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A method for providing trusted communications in a communications network comprising the steps of:
-
receiving a synchronization packet with a transformed packet header from a source device;
authenticating the received packet by examination of the transformed packet header; and
releasing the received packet to the destination device if the received packet is authenticated. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. An appliance for providing trusted communications in a communications network, comprising:
-
a component for receiving a plurality of packets including transformed packet headers from a client device;
a component for authenticating the plurality of received packets by examination of the transformed packet headers; and
a component for releasing authenticated packets to another client device. - View Dependent Claims (65, 66, 67, 68, 69)
-
-
78. A client device for providing trusted communications in a communications network, comprising:
-
a component for initiating a request for a communications session;
a component for constructing a transformed packet header for transmission in a synchronization packet to a network device;
a component for receiving a plurality of packets including transformed packet headers from a network device;
a component for reforming transformed packet headers received from a network device; and
a component for constructing a transformed packet header for transmission with an acknowledgement response to the network device. - View Dependent Claims (83, 85, 86)
-
-
92. A computer readable medium containing a computer program product for providing trusted communication sin in a communications network, comprising:
-
program instructions that receive a plurality of packets including transformed packet headers from a client device;
program instructions that authenticate the plurality of received packets by examination of the transformed packet headers; and
program instructions that release authenticated packets to another client device. - View Dependent Claims (94, 95)
-
-
104. A computer readable medium containing a computer program product for providing trusted communications in a communications network, comprising:
-
program instructions that initiate a request for a communications session;
program instructions that construct a transformed packet header for transmission in a synchronization packet to a network device;
program instructions that receive a plurality of packets including transformed packet headers from a network device;
program instructions that reform transformed packet headers received from a network device; and
program instructions that construct a transformed packet header for transmission with an acknowledgement response to the network device.
-
Specification