High-assurance file-driven content filtering for secure network server

US 20070204337A1
Filed: 02/28/2006
Published: 08/30/2007
Est. Priority Date: 02/28/2006
Status: Active Grant

First Claim

Patent Images

1. A server for transferring data between networks, comprising means for creating a receiving task group, a filtering task group and a forwarding task group, wherein said filtering task group is dictated by a file that specifies filtering rules, said receiving task group receives data transmitted from a source host, said filtering task group filters said transmitted data based on said filtering rules, and said forwarding task group forwards only filtered data to a destination host.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server for transferring data between networks. The server is programmed to perform the following steps: (a) creating a receiving process, a filtering process and a forwarding process, the filtering process being dictated by a file that specifies filtering rules, wherein: (b) the receiving process receives data transmitted from a source host; (c) the filtering process filters the transmitted data based on the filtering rules; and (d) the forwarding process forwards only filtered data to a destination host.

55 Citations

View as Search Results

20 Claims

1. A server for transferring data between networks, comprising means for creating a receiving task group, a filtering task group and a forwarding task group, wherein said filtering task group is dictated by a file that specifies filtering rules, said receiving task group receives data transmitted from a source host, said filtering task group filters said transmitted data based on said filtering rules, and said forwarding task group forwards only filtered data to a destination host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The server as recited in claim 1, wherein said transmitted data comprises a message, said message comprising fields and said message fields being defined by tags or by offset into said message.
  - 3. The server as recited in claim 2, wherein said filtering task group comprises means for validation against a specified list of alternatives for any field of said message.
  - 4. The server as recited in claim 2, wherein said filtering task group comprises means for range validation of numeric fields of said message.
  - 5. The server as recited in claim 2, wherein said filtering task group comprises means for checking for the presence of dirty words in text fields of said message.
  - 6. The server as recited in claim 2, wherein said filtering task group comprises means for stripping out a field of said message.
  - 7. The server as recited in claim 2, wherein said filtering task group comprises means for zeroing a field of said message.
  - 8. The server as recited in claim 1, further comprising means for downgrading the sensitivity level of said message.
  - 9. The server as recited in claim 1, further comprising means for upgrading the sensitivity level of said message.

10. A method of filtering data being transferred between networks, comprising the following steps:
- (a) initiating a connection of a source host to a network server;
  
  (b) creating a receiving process, a filtering process and a forwarding process within said network server in response to initiation of said connection, said filtering process being dictated by a file that specifies filtering rules;
  
  (c) establishing a connection between said forwarding process and a destination host;
  
  (d) establishing a connection between said receiving process and said source host;
  
  (e) transmitting data from said source host to said receiving process;
  
  (f) said filtering process filters said transmitted data based on said filtering rules; and
  
  (g) said forwarding process forwards only filtered data to said destination host.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method as recited in claim 10, wherein said transmitted data comprises a message, said message comprising fields and said message fields being defined by tags or by offset into said message.
  - 12. The method as recited in claim 11, wherein said filtering step comprises validation against a specified list of alternatives for any field of said message.
  - 13. The method as recited in claim 11, wherein said filtering step comprises range validation of numeric fields of said message.
  - 14. The method as recited in claim 11, wherein said filtering step comprises checking for the presence of dirty words in text fields of said message.
  - 15. The method as recited in claim 11, wherein said filtering step comprises stripping out a field of said message.
  - 16. The method as recited in claim 11, wherein said filtering step comprises zeroing a field of said message.
  - 17. The method as recited in claim 10, further comprising the step of downgrading the sensitivity level of said message.
  - 18. The method as recited in claim 10, further comprising the step of upgrading the sensitivity level of said message.

19. A secure network server having trusted security functionality comprising receiving means and forwarding means, and non-trusted security functionality comprising filtering means, wherein said filtering means comprise a file that specifies filtering rules, said receiving means receive data transmitted from a source host, said filtering means filter said transmitted data based on said filtering rules, and said forwarding means forward only filtered data to a destination host.
- View Dependent Claims (20)
- - 20. The server as recited in claim 19, wherein said transmitted data comprises a message, said message comprising fields and said message fields being named by tags, and wherein said filtering rules are specified for named fields of said message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Bunn, Kelly, Schnackenberg, Janell, Schnackenberg, Daniel, Reid, Travis, Donofrio, Thomas, Hammond, Ryan, Arnold, Steven

Granted Patent

US 8,185,944 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/105 Multiple levels of security

High-assurance file-driven content filtering for secure network server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

High-assurance file-driven content filtering for secure network server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links