Communications Systems Firewall

US 20080209542A1
Filed: 09/12/2006
Published: 08/28/2008
Est. Priority Date: 09/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing communications network security, the method comprising the steps of:

receiving a series of one or more protocol transmission units;

forwarding only protocol transmission units which are invalid with respect to the definition of the protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, programs and signals for providing communications network security. The approach is based on using established “standard” protocols, but packets (or cells or frames) are deliberately malformed by the sender, optionally according to a predetermined rule (for example by inverting a packet check digit). A filter forwards only packets identified as being invalid, optionally in accordance with the rule; packets which are valid with respect to the “standard” protocol are dropped. The filter is preferably implemented in hardware to mitigate the risk of its being compromised by a malicious attack.

Citations

20 Claims

1. A method of providing communications network security, the method comprising the steps of:
- receiving a series of one or more protocol transmission units;
  
  forwarding only protocol transmission units which are invalid with respect to the definition of the protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 in which the one or more protocol transmission units are invalid in accordance with a predetermined rule.
  - 3. A method according to claim 1 further comprising the steps of:
    - sending the series of one or more a protocol transmission units, the transmission units being malformed according to the predetermined rule.
  - 4. A method according to claim 1 further comprising the step of:
    - receiving forwarded protocol transmission units and passing all invalid protocol transmission units to a data receiver configured to treat the protocol transmission units as being valid.
  - 5. A method according to claim 1 in which the protocol transmission unit is one of a packet, a cell, and a frame.
  - 6. A method according to claim 1 in which the protocol is a network layer protocol.
  - 7. A method according to claim 1 in which the protocol is a version of the internet protocol.

8. A communications system comprising:
- a filter arranged to receive a series of one or more protocol transmission units and to forward only those protocol transmission units which are invalid with respect to the definition of the protocol.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A communications system according to claim 8 in which the one or more protocol transmission units are invalid in accordance with a predetermined rule.
  - 10. A communications system according to claim 8 in which the protocol transmission unit is one of a packet, a cell, and a frame.
  - 11. A communications system according to claim 8 in which the protocol is an network layer protocol.
  - 12. A communications system according to claim 8 in which the protocol is an internet protocol.
  - 13. A communications system according to claim 8 in which the receiver comprises a protocol engine implemented in one of hardware and firmware.
  - 14. A communications system according to claim 8 further comprising:
    - a sender arranged to send to the filter, the series of one or more protocol transmission units, transmission units intended for onward forwarding being deliberately malformed with respect to the definition of the protocol.

15. A program for a computer, the program comprising code portions arranged to:
- receive a series of one or more protocol transmission units;
  
  forward only protocol transmission units which are invalid with respect to the definition of the protocol.
- View Dependent Claims (16)
- - 16. A program for a computer according to claim 15 further code portions arranged to:
    - send the series of one or more a protocol transmission units, the transmission units being deliberately malformed with respect to an established definition of the protocol.

17. A signal for transmission over a communications network, the signal comprising:
- a series of one or more protocol transmission units, the series comprising predominantly protocol transmission units which are invalid with respect to the definition of the protocol.
- View Dependent Claims (18)
- - 18. A signal according to claim 17 in which the protocol transmission units are invalid according to a predetermined rule for malforming the protocol transmission units.

19. A compound signal for transmission over a communications network, the signal comprising:
- an input signal comprising a series of one or more protocol transmission units, the series comprising predominantly protocol transmission units which are invalid with respect to the definition of the protocol;
  
  an output signal comprising a series of protocol transmission units, the series consisting of those protocol transmission units in the first input signal which are invalid.
- View Dependent Claims (20)
- - 20. A compound signal according to claim 19 in which the protocol transmission units are invalid according to a predetermined rule for malforming the protocol transmission units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qinetiq Limited (QinetiQ Group PLC)
Original Assignee
Qinetiq Limited (QinetiQ Group PLC)
Inventors
Wiseman, Simon Robert, Cant, Christopher James

Granted Patent

US 8,037,520 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/029   Firewall traversal, e.g. tu...

Communications Systems Firewall

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communications Systems Firewall

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links