Firewall system for protecting network elements connected to a public network

US 5,826,014 A
Filed: 02/06/1996
Issued: 10/20/1998
Est. Priority Date: 02/06/1996
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:

a firewall box comprising a stand alone computing platform;

a first connection connecting the firewall box to the network element; and

at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent verifies that a time period during which an incoming access request is received is valid.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

Providing a firewall for isolating network elements from a publicly accessible network to which such network elements are attached. The firewall operates on a stand alone computer connected between the public network and the network elements to be protected such that all access to the protected network elements must go through the firewall. The firewall application running on the stand alone computer is preferably the only application running on that machine. The application includes a variety of proxy agents that are specifically assigned to an incoming request in accordance with the service protocol (i.e., port number) indicated in the incoming access request. An assigned proxy agent verifies the authority of an incoming request to access a network element indicated in the request. Once verified, the proxy agent completes the connection to the protected network element on behalf of the source of the incoming request.

Citations

36 Claims

1. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
- a firewall box comprising a stand alone computing platform;
  
  a first connection connecting the firewall box to the network element; and
  
  at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent verifies that a time period during which an incoming access request is received is valid.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 7. The firewall system as in claim 1, 2, 3, wherein the firewall box is dedicated to a firewall application.
  - 8. The firewall system as in claim 1, 2, or 3, wherein the firewall box is a general purpose computer.
  - 9. The firewall system as in claims 1, 2, or 3, wherein the firewall box executes a plurality of proxy agents, each of the plurality of proxy agents configured to verify the incoming access request in accordance with a port number indicated in an incoming access request.
  - 10. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent verifies that a source address associated with an incoming access request is authorized to access the network element.
  - 11. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent verifies that an incoming access request contains no executable commands directed to the firewall box.
  - 12. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent verifies that a destination associated with an incoming access request is valid.
  - 13. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent verifies that a destination indicated in an incoming access request is valid for a user associated with the incoming access request.
  - 14. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent addresses the network element according to an alias.
  - 15. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent manages the connection the network element.
  - 16. The firewall system as in claims 1, 2, or 3, wherein the at least one proxy agent operates in a daemon mode.
  - 17. The firewall system as in claims 1, 2, or 3, wherein an operating system of the firewall box performs packet filtering.
  - 18. The firewall system as in claims 1, 2, or 3, further comprising:
    - A router attached between the firewall box and the public network, which router performs packet filtering.
  - 19. The firewall system as in claims 1, 2, or 3 further comprising:
    - a transaction log for recording information regarding an access request.
  - 20. The firewall system as in claims 1 or 2, wherein the at least one proxy agent prompts the user to enter a user name and verifies the user name entered.

2. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
- a firewall box comprising a stand alone computing platform;
  
  a first connection connecting the firewall box to the network element; and
  
  at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized;
  
  wherein the at least one proxy agent performs a Changeroot command prior to processing an incoming access request.

3. A firewall system for protecting a network element from access over a network to which the network element is attached, the firewall system comprising:
- a firewall box comprising a stand alone computing platform;
  
  a first connection connecting the network to the firewall box;
  
  a second connection connecting the firewall box to the network element; and
  
  at least one proxy agent running on the firewall box for verifying that an access request packet received over the first connection is authorized to access the network element, the at least one proxy agent initiating a connection to the network element on behalf of the access request if the access request is authorized, wherein the at least one proxy agent prompts the user to enter a user name and a password and verifies that a user associated with an incoming access request is authorized to access the network element, and upon receiving and verifying the user name and password, communicates a second password to the user using a communication channel other than the computer network being used to initiate the connection, which second password is to be entered by the user to advance a logon process.
- View Dependent Claims (21, 22)
- - 21. The firewall system as in claim 3, wherein the second password is a random number.
  - 22. The firewall system as in claim 3, wherein the communication channel is a beeper.

4. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
- receiving an incoming access request;
  
  assigning a proxy agent to the incoming access request in accordance with a port number indicated in the incoming access request;
  
  verifying the authority of the incoming access request to access the protected network element;
  
  forming a connection to the network element via the proxy agent on behalf of the incoming access request, if the authority of the incoming access request is verifiedwherein the step of verifying the authority of the incoming access request includes;
  
  determining the identity of a source of the incoming access request;
  
  initiating a first set of verification checks in response to a first identified source; and
  
  initiating a second set of verification checks in response to a second identified source.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 23. The firewall method as in claims 4, 5 or 6, wherein an assigned proxy agent is selected from a plurality of proxy agents, each of the plurality of proxy agents configured to verify the incoming access request in accordance with a port number indicated in an incoming access request.
  - 24. The firewall method as in claims 4, 5 or 6, wherein the step of verifying the authority of the incoming access request includes:
    - using the at least one proxy agent to verify that a source address associated with an incoming access request is authorized to access the network element.
  - 25. The firewall method as in claims 4, 5 or 6, wherein the method further comprises the steps of:
    - using the at least one proxy agent to prompt the user to enter a user name; and
      
      verifying the authority of the user name entered.
  - 26. The firewall method as in claims 4, 5 or 6, wherein the method further comprises the steps of:
    - using the at least one proxy agent to prompt the user to enter a user name and a password; and
      
      verifying the authority of the user name and password entered.
  - 27. The firewall method as in claims 4, 5 or 6, wherein the step of verifying the authority of the incoming access request includes:
    - verifying that an incoming access request contains no executable commands.
  - 28. The firewall method as in claims 4, 5 or 6, wherein the step of verifying the authority of the incoming access request includes:
    - verifying that a destination associated with an incoming access request is valid.
  - 29. The firewall method as in claims 4, 5 or 6, wherein the step of verifying the authority of the incoming access request includes:
    - verifying that a destination indicated in an incoming access request is valid for a user associated with the incoming access request.
  - 30. The firewall method as in claims 4, 5 or 6, wherein the step of forming a connection to the network element on behalf of the incoming access request includes:
    - addressing the network element according to an alias.
  - 31. The firewall method as in claims 4, 5 or 6, wherein the at least one proxy agent operates in a daemon mode.
  - 32. The firewall method as in claims 4, 5 or 6, wherein the method further includes the step of:
    - having the at least one proxy perform a Changeroot command prior to processing an incoming access request.
  - 33. The firewall method as in claims 4, 5 or 6, wherein the method further includes the step ofperforming packet filtering on the incoming access request.
  - 34. The firewall method as in claims 4, 5 or 6, further comprising the step of:
    - maintaining a transaction log for recording information regarding an access request.

5. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
- receiving an incoming access request;
  
  assigning a proxy agent to the incoming access request in accordance with at least a port number indicated in the incoming access request;
  
  verifying the authority of the incoming access request to access the protected network element; and
  
  thereafterforming a connection to the network element via the proxy agent on behalf of the incoming access request if the authority of the incoming access request is verified;
  
  wherein the step of verifying the authority of the incoming access request includes;
  
  verifying that a user associated with the incoming access request is authorized to access the network element;
  
  checking the accuracy of a first password associated with the incoming access request; and
  
  ,communicating a second password to the user using a communication channel other than the network connection, which second password is to be entered by the user to advance a logon process.
- View Dependent Claims (35, 36)
- - 35. The firewall method as in claim 5, wherein the second password is a random number.
  - 36. The firewall method as in claim 5, wherein the communication channel includes a beeper.

6. A firewall method for protecting a network element from unauthorized access over a network to which the network element is attached, the method comprising the steps of:
- receiving an incoming access request;
  
  assigning a proxy agent to the incoming access request in accordance with a port number indicated in the incoming access request;
  
  verifying the authority of the incoming access request to access the protected network element;
  
  verifying that a time period during which an incoming access request is received is valid; and
  
  forming a connection to the network element via the proxy agent on behalf of the incoming access request if the authority and time period of the incoming access request is verified.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
GraphOn Corporation
Original Assignee
Network Engineering Software, Inc. (Hopto Inc.)
Inventors
Coley, Christopher D., Wesinger, Jr., Ralph E.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elmore, Stephen C.

Application Number

US08/595,957
Time in Patent Office

987 Days
Field of Search

395/187.01, 395/186, 395/200.55, 395/200.59, 395/726, 395/188.01, 340/825.31, 340/825.34, 380/3, 380/4, 380/48, 380/24, 364/222.5, 364/286.4, 364/286.5, 364/479.07
US Class Current

726/12
CPC Class Codes

G06Q 20/027   involving a payment switch ...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/1458   Denial of Service

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 9/40   Network security protocols

Firewall system for protecting network elements connected to a public network

First Claim

5 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall system for protecting network elements connected to a public network

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links