Application gateway system and method for maintaining security in a packet-switched information network
First Claim
1. A method for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain, comprising the steps of:
- intercepting, at a packet processor part, a packet that is in transit between the untrusted packet-switched information network and the protected domain,examining the packet at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol,if the packet is not found to contain digital data that would pertain to said certain protocol, processing the packet at the packet processor part, andif the packet is found to contain digital data that pertains to said certain protocol, redirecting the packet to an application gateway part and processing the packet at the application gateway part according to a set of processing rules based on obedience to said certain protocol;
wherein the packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatuses are disclosed for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain. A packet processor part intercepts a packet that is in transit between the untrusted packet-switched information network and the protected domain. The packet is examined at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol. If the packet is not found to contain such digital data, it is processed at the packet processor part. If the packet is found to contain digital data that pertains to said certain protocol, it gets redirected to an application gateway part that processes the packet according to a set of processing rules based on obedience to said certain protocol. The packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device.
50 Citations
21 Claims
-
1. A method for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain, comprising the steps of:
-
intercepting, at a packet processor part, a packet that is in transit between the untrusted packet-switched information network and the protected domain, examining the packet at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol, if the packet is not found to contain digital data that would pertain to said certain protocol, processing the packet at the packet processor part, and if the packet is found to contain digital data that pertains to said certain protocol, redirecting the packet to an application gateway part and processing the packet at the application gateway part according to a set of processing rules based on obedience to said certain protocol; wherein the packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21-74. -74. (canceled)
Specification