Real time firewall/data protection systems and methods
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for firewall/data protection that filters data packets in real time and without packet buffering are disclosed. A data packet filtering hub, which may be implemented as part of a switch or router, receives a packet on one link, reshapes the electrical signal, and transmits it to one or more other links. During this process, a number of filters checks are performed in parallel, resulting in a decision about whether each packet should or should not be invalidated by the time that the last bit is transmitted. To execute this task, the filtering hub performs rules-based filtering on several levels simultaneously, preferably with a programmable logic or other hardware device. Various methods for packet filtering in real time and without buffering with programmable logic are disclosed. The system may include constituent elements of a stateful packet filtering hub, such as microprocessors, controllers, and integrated circuits. The system may be reset, enabled, disabled, configured, and/or reconfigured with toggles or other physical switches. Audio and visual feedback may be provided regarding the operation and status of the system.
70 Citations
96 Claims
-
1-66. -66. (canceled)
-
67. A method for communicating data between an external computing system and an internal computing system over a packet-based network, wherein data is transmitted and received in the form of a plurality of packets, the method comprising the steps of:
-
receiving a packet from the external computing system over the network, the packet having at least a first portion and an end portion, and transmitting the packet to the internal computing system; in parallel with the step of receiving and transmitting the packet, determining characteristics of the packet from the first portion; in parallel with the step of receiving and transmitting the packet, performing one or more checks on the packet; in parallel with the step of receiving and transmitting the packet, determining if the packet should be a valid packet or an invalid packet based on the one or more checks, wherein the packet is analyzed in real time to determine if the packet should be valid or invalid while the packet is being concurrently transmitted to the internal computing system; and after receiving the end portion of the packet, selectively altering the end portion of the packet based on whether the packet has been determined to be a valid packet or an invalid packet, wherein the packet is selectively altered to be invalid if it was determined that the packet should be an invalid packet. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96)
-
Specification