METHOD AND APPARATUS FOR REDUCED REDUNDANT SECURITY SCREENING

US 20080134332A1
Filed: 12/04/2006
Published: 06/05/2008
Est. Priority Date: 12/04/2006
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for screening data packets, the computer implemented method comprising:

responsive to receiving a data packet, determining whether a signature of a trusted security element is present in a header of the data packet, wherein the signature indicates that a previous security action has been performed on the data packet; and

responsive to the signature of the trusted security element being present, performing a security action on the data packet based on the previous security action performed on the data packet.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, apparatus, and computer usable program code for screening data packets. A determination is made as to whether a signature of a trusted security element is present in a header of the data packet in response to receiving a data packet. The signature indicates that a previous security action has been performed on the data packet. A security action is performed on the data packet based on the previous security action performed on the data packet in response to the signature of the trusted security element being present.

Citations

34 Claims

1. A computer implemented method for screening data packets, the computer implemented method comprising:
- responsive to receiving a data packet, determining whether a signature of a trusted security element is present in a header of the data packet, wherein the signature indicates that a previous security action has been performed on the data packet; and
  
  responsive to the signature of the trusted security element being present, performing a security action on the data packet based on the previous security action performed on the data packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method of claim 1 further comprising:
    - processing the data packet after performing the security action.
  - 3. The computer implemented method of claim 1 further comprising:
    - responsive to performing the security action on the data packet, adding another signature to the data packet.
  - 4. The computer implemented method of claim 1, wherein the security action is an absence of an additional action to check the data packet.
  - 5. The computer implemented method of claim 1, wherein the security action is a virus scan.
  - 6. The computer implemented method of claim 1, wherein the performing step comprises:
    - selecting the security action based on the identified previous security action performed on the data packet; and
      
      performing the security action on the data packet.
  - 7. The computer implemented method of claim 1, wherein the trusted security element is a network firewall.
  - 8. The computer implemented method of claim 1, wherein the signature is located in a header of the data packet.
  - 9. The computer implemented method of claim 8, wherein the header is part of chain of headers between a base header and a payload in the data packet.
  - 10. The computer implemented method of claim 1, wherein the signature is a digitally signed signature.

11. A computer program product comprising:
- a computer usable medium having computer usable program code for screening data packets, the computer program medium comprising;
  
  computer usable program code, responsive to receiving a data packet, for determining whether a signature of a trusted security element is present in a header of the data packet, wherein the signature indicates that a previous security action has been performed on the data packet; and
  
  computer usable program code, responsive to the signature of the trusted security element being present, for performing a security action on the data packet based on the previous security action performed on the data packet.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer program product of claim 11 further comprising:
    - computer usable program code for processing the data packet after performing the security action.
  - 13. The computer program product of claim 11 further comprising:
    - computer usable program code for responsive to performing the security action on the data packet, adding another signature to the data packet.
  - 14. The computer program product of claim 11, wherein the security action is an absence of an additional action to check the data packet.
  - 15. The computer program product of claim 11, wherein the security action is a virus scan.
  - 16. The computer program product of claim 11, wherein the computer usable program code, responsive to the signature of the trusted security element being present, for performing a security action the data packet based on previous security action performed on the data packet, comprises:
    - computer usable program code for selecting the security action based on the identified previous security action performed on the data packet; and
      
      computer usable program code for performing the security action on the data packet.
  - 17. The computer program product of claim 11, wherein the trusted security element is a network firewall.
  - 18. The computer program product of claim 11, wherein the signature is located in a header of the data packet.
  - 19. The computer program product of claim 18, wherein the header is part of chain of headers between a base header and a payload in the data packet.

20. A data processing system comprising:
- a bus;
  
  a communications unit connected to the bus;
  
  a storage device connected to the bus, wherein the storage device includes computer usable program code; and
  
  a processor unit connected to the bus, wherein the processor unit executes the computer usable program code to determine whether a signature of a trusted security element is present in a header of the data packet in response to receiving a data packet, wherein the signature indicates that a previous security action has been performed on the data packet; and
  
  perform a security action on the data packet based on the previous security action performed on the data packet in response to the signature of the trusted security element being present.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The data processing system of claim 20 wherein the processor unit further executes the computer usable program code to process the data packet after performing the security action.
  - 22. The data processing system of claim 20 wherein the processor unit further executes the computer usable program code to add another signature to the data packet in response to performing the security action on the data packet.
  - 23. The data processing system of claim 20, wherein the security action is an absence of an additional action to check the data packet.
  - 24. The data processing system of claim 20, wherein the security action is a virus scan.
  - 25. The data processing system of claim 20, wherein in executing the computer usable program code to perform a security action the data packet based on previous security action performed on the data packet in response to the signature of the trusted security element being present, the processor executes the computer usable program code to select the security action based on the identified previous security action performed on the data packet;
    - and perform the security action on the data packet.
  - 26. The data processing system of claim 20, wherein the trusted security element is a network firewall.
  - 27. The data processing system of claim 20, wherein the signature is located in a header of the data packet.
  - 28. The data processing system of claim 27, wherein the header is part of chain of headers between a base header and a payload in the data packet.

29. A data processing system for screening data packets, the data processing system comprising:
- determining means, responsive to receiving a data packet, for determining whether a signature of a trusted security element is present in a header of the data packet, wherein the signature indicates that a previous security action has been performed on the data packet; and
  
  performing means, responsive to the signature of the trusted security element being present, for performing a security action on the data packet based on the previous security action performed on the data packet.
- View Dependent Claims (30, 31)
- - 30. The data processing system of claim 29 further comprising:
    - processing means for processing the data packet after performing the security action.
  - 31. The data processing system of claim 29 further comprising:
    - adding means, responsive to performing the security action on the data packet, for adding another signature to the data packet.

32. A network data processing system comprising:
- a network;
  
  a set of data processing systems connected to the network; and
  
  a set of trusted security devices connected to the network,wherein data packets are sent through the network, a digital signature is added to a data packet in the data packets each time a trusted security device in the set of trusted security devices performs a security action on the data packet in which multiple digital signatures may be present, a determination is made by a data processing system in the set of data processing systems as to whether an additional security action is needed by looking for t presence of the digital signature in a received data packet.
- View Dependent Claims (33, 34)
- - 33. The network data processing system of claim 32, wherein the set of trusted security devices comprises a firewall and a mail server.
  - 34. The network data processing system of claim 32, wherein the digital signature is placed in a header in the data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Keohane, Susann Marie, McBrearty, Gerald Francis, Shieh, Johnny Meng-Han, Mullen, Shawn Patrick, Murillo, Jessica Carol

Granted Patent

US 7,974,286 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/12   Applying verification of th...

H04L 63/145   the attack involving the pr...

METHOD AND APPARATUS FOR REDUCED REDUNDANT SECURITY SCREENING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR REDUCED REDUNDANT SECURITY SCREENING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links