Apparatus and method for providing a secure gateway for communication and data exchanges between networks

US 5,623,601 A
Filed: 11/21/1994
Issued: 04/22/1997
Est. Priority Date: 11/18/1994
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:

(a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets with a hardware destination address that matches a device address of the gateway;

(b) accepting at the gateway communications packets from either network that are encapsulated with a hardware destination address which matches the device address of the gateway;

(c) determining at the gateway whether there is a process bound to a destination port number of an accepted communications packet;

(d) establishing transparently at the gateway a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet;

(e) establishing transparently at the gateway a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and

(f) transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

An apparatus and method for providing a secure firewall between a private network and a public network are disclosed. The apparatus is a gateway station having an operating system that is modified to disable communications packet forwarding, and further modified to process any communications packet having a network encapsulation address which matches the device address of the gateway station. The method includes enabling the gateway station to transparently initiate a first communications session with a client on a first network requesting a network service from a host on a second network, and a second independent communications session with the network host to which the client request was addressed. The data portion of communications packets from the first session are passed to the second session, and vice versa, by application level proxies which are passed the communications packets by the modified operating system. Data sensitivity screening is preferably performed on the data to ensure security. Only communications enabled by a security administrator are permitted. The advantage is a transparent firewall with application level security and data screening capability.

1224 Citations

41 Claims

1. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:
- (a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets with a hardware destination address that matches a device address of the gateway;
  
  (b) accepting at the gateway communications packets from either network that are encapsulated with a hardware destination address which matches the device address of the gateway;
  
  (c) determining at the gateway whether there is a process bound to a destination port number of an accepted communications packet;
  
  (d) establishing transparently at the gateway a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet;
  
  (e) establishing transparently at the gateway a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and
  
  (f) transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 1 wherein the step of determining involves checking to determine if a process is bound to the destination port number, and passing the packet to a generic process if a process is not bound to the destination port number, the generic process acting to establish the first and second communications sessions and to move the data between the first and second communications sessions.
  - 3. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 1 wherein the method further involves the steps of:
    - a) checking a rule base to determine if the source address requires authentication; and
      
      b) authenticating the source by requesting a user identification and a password and referencing a database to determine if the user identification and password are valid.
  - 4. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 1 wherein the method further involves the steps of:
    - a) referencing a rule base after the first communications session is established to determine whether the source address is permitted access to the destination address for a requested type of service; and
      
      b) cancelling the first communications session if the rule base does not include a rule to permit the source address to access the destination address for the requested type of service.
  - 5. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 3, wherein the method further involves the steps of:
    - a) creating a user authentication file which contains the source address of the authenticated user in a user authentication directory; and
      
      b) referring to the authentication file to determine if a source address has been authenticated each time a new communications session is initiated so that the gateway is completely transparent to an authenticated source.
  - 6. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 5 wherein the user authentication file includes a creation time variable which is set to a system time value when the user is authenticated.
  - 7. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 6 wherein the method further involves the steps of:
    - a) updating a modification time variable of the authentication file each time the user initiates a new communications session through the gateway station.
  - 8. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 7 wherein the method further involves the steps of:
    - a) periodically checking each user authentication file to determine whether one of a first difference between the authentication time variable and the system time and a second difference between the modification time variable and the system time has exceeded a predefined threshold; and
      
      b) deleting the user file from the user authentication directory if the threshold has been exceeded by each of the first and second differences.
  - 9. A method for providing a secure gateway between a private network and potentially hostile network as claimed in claim 1 wherein the method further involves the steps of:
    - a) performing a data sensitivity check on the data associated with each packet as a step in the process of moving the data between the respective first and second communications sessions.

10. A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of:
- (a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to host, but encapulating the packets with a hardware destination address that matches a device address of the gateway;
  
  (b) accepting from either network all TCP/IP packets that are encapsulated with a hardware destination address which matches the device address of the gateway;
  
  (c) determining whether there is a proxy process bound to a port for serving a destination port number of an accepted TCP/IP packet;
  
  (d) establishing a first communications session with a source address/source port number of the accepted TCP/IP packet if there is proxy process bound to the port for serving the destination port number, else dropping the packet;
  
  (e) determining if the source address/source port number of the accepted packet is permitted to communicate with a destination address/destination port number of the accepted packet by referencing a rule base, and dropping the packet if a permission rule cannot be located;
  
  (f) establishing a second communications session with the destination address/destination port number of the accepted TCP/IP packet if a first communications session is established and the permission rule is located; and
  
  (g) transparently moving data associated with each subsequent TCP/IP packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 10 wherein the step of determining involves checking a table to determine if a custom proxy process is bound to the destination port number, and passing the packet to a generic proxy process if a custom proxy process is not bound to the destination port number, the generic proxy process being executed to establish the first and second communications sessions and to move the data between the first and second communications sessions.
  - 12. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 10 wherein the step of establishing a first communications session with a source address/source port number further involves the steps of:
    - a) checking a rule base to determine if the source requires authentication;
      
      b) checking an authentication directory to determine if an authentication file exists for the source in an instance where the source requires authentication; and
      
      c) if the source requires authentication and an authentication file for the source cannot be located, authenticating the source by requesting a user identification and a password and referencing a user identification database to determine if the user identification and password are valid.
  - 13. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 12 wherein the method further involves the steps of:
    - a) referencing a rule base as a first step after the first communications session is established to determine whether the user identification/password at the source address is permitted to communicate with the destination address for a requested service; and
      
      b) cancelling the first communications session if the rule base does not include a rule to permit the user identification/password at the source address to communicate with the destination address for the requested type of service.
  - 14. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 12, wherein the method further involves the steps of:
    - a) creating a user authentication file which contains the source address of the authenticated user in a user authentication directory; and
      
      b) referring to the authentication file to determine if a source address has been authenticated each time a new communications session is initiated so that the gateway is completely transparent to an authenticated source having an authentication file in the authentication directory.
  - 15. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 14 wherein a file creation time variable which is automatically set by an operating system of the gateway station to a system time value when a file is created, is used to monitor a time when the user is authenticated.
  - 16. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 14 wherein the method further involves the steps of:
    - a) rewriting the user authentication file each time the user initiates a new communications session through the gateway station so that a modification time variable in the authentication file is automatically updated by the operating system of the secure gateway.
  - 17. A method of providing a secure gateway between a private network and a potentially hostile network as claimed in claim 16 wherein the method further involves the steps of:
    - a) periodically checking each user authentication file to determine whether one of a first difference between the authentication time variable and the system time and a second difference between the modification time variable and the system time has exceeded a predefined threshold; and
      
      b) deleting the user file from the user authentication directory if the threshold has been exceeded by both of the first and second differences.
  - 18. A method for providing a secure gateway between a private network and potentially hostile network as claimed in claim 10 wherein the method further involves the steps of:
    - a) performing a data sensitivity check on the data portion of each packet as a step in the process of moving the data between the respective first and second communications sessions, whereby the TCP/IP packet is passed by a modified kernel of an operating system of the secure gateway to the proxy process which extracts the data from the packet and passes the data from a one of the first and second communications sessions to a proxy process which operates at an application layer of the gateway station and the proxy process executes data screening algorithms to screen the data for elements that could represent a potential security breach before the data is passed to the other of the first and second communications sessions.

19. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network, comprising in combination:
- a gateway station adapted for connection to a telecommunications connection with each of the private network and the potentially hostile network;
  
  an operating system executable by the gateway station, a kernel of the operating system having been modified so that the operating system;
  
  a) cannot forward any communications packet from the private network to the potentially hostile network or from the potentially hostile network to the private network; and
  
  b) will accept for processing any communications packet from either of the private network and the potentially hostile network provided that the packet is encapsulated with a hardware destination address that matches the device address of the gateway station on the respective network; and
  
  at least one proxy process executable by the gateway station, the at least one proxy process being adapted to transparently initiate a first communications session with a source of an initial data packet accepted by the operating system and to transparently initiate a second communications session with a destination of the packet without intervention by the source, and to transparently pass the data portion of packets received by the first communications session to the second communications session and to pass the data portion of packets received by the second communications session to the first communications session, whereby the first session communicates with the source using data from the second session and the second session communicates with the destination using data received from the first session.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the operating system is a Unix operating system.
  - 21. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the at least one proxy process includes modified public domain proxy processes for servicing Telnet, FTP, and UDP communications.
  - 22. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the at least one proxy process is a generic proxy process capable of servicing any network service which may be communicated within TCP/IP protocol, on any one of the 64K TCP/IP communications ports.
  - 23. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 22 wherein the kernel is modified so that it will pass to the generic proxy process any communications packet having a destination port number that indicates a port to which no custom proxy process is bound, if the generic proxy process is bound to a predefined communications port when the communications packet is received by the kernel.
  - 24. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 20 wherein the gateway station is a Unix station.
  - 25. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the apparatus further includes programs for providing a security administrator with an interface to permit the security administrator to build a rule base for controlling communications through the gateway station.
  - 26. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the at least one proxy process includes domain proxy processes for servicing Gopher and TCP communications.
  - 27. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 19 wherein the Gopher proxy process is enabled to authenticate users whenever a Gopher session is initiated and user authentication is required.
  - 28. Apparatus for providing a secure gateway for data exchanges between a private network and a potentially hostile network as claimed in claim 22 wherein the generic proxy process capable of servicing any network service which may be communicated within TCP/IP protocol, on any one of the 64K TCP/IP communications ports is a TCP proxy process.

29. A computer system for providing a secure gateway between a private network and a potentially hostile network, comprising:
- a) means for accepting from either network all communications packets that are encapsulated with a hardware destination address which matches the device address of the gateway;
  
  b) means for determining whether there is a process bound to a destination port number of an accepted communications packet;
  
  c) means for establishing a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet;
  
  d) means for transparently establishing, without intervention from the source, a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and
  
  e) means for transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. A computer system providing a secure gateway between a private network and a potentially hostile network as claimed in claim 29 wherein the means for determining checks to determine if a process is bound to the destination port number, and passes the packet to a generic process if a process is not bound to the destination port number, the generic process acting to establish the first and second communications sessions and to move the data between the first and second communications sessions.
  - 31. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 29 wherein the system further includes:
    - a) means for checking a rule base to determine if the source address requires authentication; and
      
      b) means for authenticating the source by requesting a user identification and a password and referencing a database to determine if the user identification and password are valid.
  - 32. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 29 wherein the system further includes:
    - a) means for referencing a rule base after the first communications session is established to determine whether the source address is permitted to access the destination address for a requested type of service; and
      
      b) means for cancelling the first communications session if the rule base does not include a rule to permit the source address to access the destination address for the requested type of service.
  - 33. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 32, wherein the system further includes:
    - a) means for creating a user authentication file which contains the source address of the authenticated user in a user authentication directory; and
      
      b) means for referring to the authentication file to determine if a source address has been authenticated each time a new communications session is initiated so that the gateway is completely transparent to an authenticated source.
  - 34. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 33 wherein the user authentication file includes a creation time variable which is set to a system time value when the user is authenticated.
  - 35. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 34 wherein the system further includes:
    - a) means for updating a modification time variable of the authentication file each time the user initiates a new communications session through the gateway station.
  - 36. A computer system for providing a secure gateway between a private network and a potentially hostile network as claimed in claim 35 wherein the system further includes:
    - a) means for periodically checking each user authentication file to determine whether one of a first difference between the authentication time variable and the system time and a second difference between the modification time variable and the system time has exceeded a predefined threshold; and
      
      b) means for deleting the user file from the user authentication directory if the threshold has been exceeded by each of the first and second differences.
  - 37. A computer system for providing a secure gateway between a private network and potentially hostile network as claimed in claim 29 wherein the system further includes:
    - a) means for performing a data sensitivity check on the data associated with each packet as a step in the process of moving the data between the respective first and second communications sessions.

38. A computer-readable memory encoded with computer-readable instructions for providing a secure gateway between a private network and a potentially hostile network, comprising:
- a) instructions for accepting from either network all communications packets that are encapsulated with a hardware destination address which matches the device address of the gateway;
  
  b) instructions for determining whether there is a process bound to a destination port number of an accepted communications packet;
  
  c) instructions for transparently establishing a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet;
  
  d) instructions for transparently establishing, without intervention from the source, a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and
  
  e) instructions for transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
- View Dependent Claims (39, 40, 41)
- - 39. A computer readable memory as claimed in claim 38 wherein the computer readable memory comprises at least one compact disk.
  - 40. A computer readable memory as claimed in claim 38 wherein the computer readable memory comprises at least one floppy diskette.
  - 41. A computer readable memory as claimed in claim 38 wherein the computer readable memory comprises at least one hard disk drive.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
RPX Corporation
Original Assignee
Milkyway Networks Corporation
Inventors
Vu, Hung T.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Palys, Joseph E.

Application Number

US08/342,772
Time in Patent Office

883 Days
Field of Search

395/187.01, 395/188.01, 395/186, 395/182.02, 395/187.02, 395/180, 380/4
US Class Current

726/12
CPC Class Codes

H04L 63/0281 Proxies

H04L 9/40 Network security protocols

Apparatus and method for providing a secure gateway for communication and data exchanges between networks

First Claim

8 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

1224 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for providing a secure gateway for communication and data exchanges between networks

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

1224 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links