Real time firewall/data protection systems and methods
First Claim
1. A method for communicating data between an external computing system and an internal computing system over a packet-based network, comprising the steps of:
- receiving a communication packet from the external computing system over the network, the packet having at least a first portion and an end portion, and transmitting the packet to the internal computing system;
in parallel with the step of receiving and transmitting the packet, determining characteristics of the packet from the first portion;
in parallel with the step of receiving and transmitting the packet, performing a plurality of checks on the packet, wherein at least certain of the plurality of checks are performing in parallel with other of the plurality of checks;
in parallel with the step of receiving and transmitting the packet, determining if the packet should be a valid packet or an invalid packet based on the plurality of checks; and
after receiving the end portion of the packet, selectively altering the end portion of the packet based on whether the packet has been determined to be a valid packet or an invalid packet, wherein the packet is selectively altered to be invalid if it was determined that the packet should be an invalid packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for firewall/data protection that filters data packets in real time and without packet buffering are disclosed. A data packet filtering hub, which may be implemented as part of a switch or router, receives a packet on one link, reshapes the electrical signal, and transmits it to one or more other links. During this process, a number of filters checks are performed in parallel, resulting in a decision about whether each packet should or should not be invalidated by the time that the last bit is transmitted. To execute this task, the filtering hub performs rules-based filtering on several levels simultaneously, preferably with a programmable logic or other hardware device. Various methods for packet filtering in real time and without buffering with programmable logic are disclosed. The system may include constituent elements of a stateful packet filtering hub, such as microprocessors, controllers, and integrated circuits. The system may be reset, enabled, disabled, configured, and/or reconfigured with toggles or other physical switches. Audio and visual feedback may be provided regarding the operation and status of the system.
70 Citations
2 Claims
-
1. A method for communicating data between an external computing system and an internal computing system over a packet-based network, comprising the steps of:
-
receiving a communication packet from the external computing system over the network, the packet having at least a first portion and an end portion, and transmitting the packet to the internal computing system;
in parallel with the step of receiving and transmitting the packet, determining characteristics of the packet from the first portion;
in parallel with the step of receiving and transmitting the packet, performing a plurality of checks on the packet, wherein at least certain of the plurality of checks are performing in parallel with other of the plurality of checks;
in parallel with the step of receiving and transmitting the packet, determining if the packet should be a valid packet or an invalid packet based on the plurality of checks; and
after receiving the end portion of the packet, selectively altering the end portion of the packet based on whether the packet has been determined to be a valid packet or an invalid packet, wherein the packet is selectively altered to be invalid if it was determined that the packet should be an invalid packet.
-
-
2-66. -66. (canceled)
Specification
-
- Resources
-
Current Assignee802 Systems Inc.
-
Original Assignee802 Systems Inc.
-
InventorsKrumel, Andrew K.
-
Application NumberUS11/374,465Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/13CPC Class CodesH04L 63/0227 Filtering policies mail mes...
