Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices

US 5,958,015 A
Filed: 10/29/1996
Issued: 09/28/1999
Est. Priority Date: 10/29/1996
Status: Expired due to Term

First Claim

Patent Images

1. For use in a computer network facilitating communication sessions between network devices, a session wall comprising:

(a) a network adapter for attaching the session wall to the network;

(b) data memory;

(c) a processor connected to said data memory and to said network adapter; and

(d) a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor such that said communication control system passively listens to said portion of said at least one session, said processor comparing said portion with a set of access rules stored in said memory, and, when said at least one session is not allowed according to said access rules, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A session wall for a local area network is provided. This is a device connected to a local area network which listens passively to communications sent over the network. The device also sends data over the network which is interpreted by other devices connected to the network as if it were sent by another network device connected to the local network. The session wall stores access rules for the network devices which generate data communication messages over the local network. It reads a portion of each communication message it listens to and compares that data with the stored access rules to determine whether the message is permitted or not. If not, the session wall sends a message to both parties. In a message to the server it either notifies that the client wishes to close the current session, or it sends a specific message to the server that according to the protocol used causes the server to stop responding to additional client messages in that specific session. In a message to the client the session wall either emulates data from the server causing the client to misinterpret it so future responses from the server for that session will not be accepted properly, or it notifies the client that the server has dropped the connection, or it sends a pre-defined message to notify that the session was blocked.

Citations

24 Claims

1. For use in a computer network facilitating communication sessions between network devices, a session wall comprising:
- (a) a network adapter for attaching the session wall to the network;
  
  (b) data memory;
  
  (c) a processor connected to said data memory and to said network adapter; and
  
  (d) a communication session control system wherein data pertinent to the control of at least one of the communication sessions is stored in said memory, a portion of said at least one session is read by said processor such that said communication control system passively listens to said portion of said at least one session, said processor comparing said portion with a set of access rules stored in said memory, and, when said at least one session is not allowed according to said access rules, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The session wall of claim 1, wherein said at least one network device is a client.
  - 3. The session wall of claim 2, wherein said message features a notice that a respective server has ended said at least one session.
  - 4. The session wall of claim 2, wherein said message features a notice that said at least one session has been blocked.
  - 5. The session wall of claim 1, wherein said at least one network device is a server.
  - 6. The session wall of claim 5, wherein said message emulates a request from a respective client to end said at least one session.
  - 7. The session wall of claim 1, wherein said message is a message to a client and a different message to a respective server.
  - 8. The session wall of claim 1, further comprising the step of, when said at least one session is not allowed according to said access rules, and said message is not issued, injecting a succession of communication messages in order to block transmission by another network device.
  - 9. The session wall of claim 8, further comprising a timer configured to limit the duration of said succession of messages.
  - 10. The session wall of claim 1, wherein said data pertinent to the control of at least one of the communication sessions are self learned by the session wall.
  - 11. The session wall of claim 1, wherein said data pertinent to the control of at least one of the communication sessions are provided using control frames.

12. For use in a computer network facilitating communication sessions between network devices, a method of controlling the communication sessions, the method comprising the steps of:
- (a) providing network information;
  
  (b) providing access information;
  
  (c) passively listening to a portion of at least one of the communication sessions;
  
  (d) comparing said portion with said access information; and
  
  (e) when said at least one communication session is not allowed according to said access information, issuing a message to at least one of the network devices involved in said at least one session to stop further communication between the network devices.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 13. The method of claim 12, wherein said message is issued to a client.
  - 14. The method of claim 13, wherein said message features a notice that said at least one session has ended.
  - 15. The method of claim 13, wherein said message features a notice that said at least one session has been blocked.
  - 16. The method of claim 12, wherein said message is issued to a server.
  - 17. The method of claim 12, wherein said message includes a message to a client and a different message to a server.
  - 18. The method of claim 12, further comprising the step of, when said at least one session is not allowed according to said access information, and said message is not issued, injecting a succession of communication messages in order to block transmission by another network device.
  - 19. The method of claim 18, wherein said succession of messages is limited.
  - 20. The method of claim 12, wherein said network information is provided by listening to network traffic.
  - 21. The method of claim 20, wherein said access information is defined by network traffic at a particular time.
  - 22. The method of claim 12, wherein said network information is provided using control frames.
  - 23. The method of claim 12, wherein a plurality of session wall devices execute said steps and coordinate said execution using an inter-device communication protocol.
  - 24. The method of claim 23, said plurality of session wall devices located on a common network segment, further comprising the step of, when one of said session wall devices does not function properly, executing functions of said non-functioning, session wall device by another of said session wall devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA Software Israel Ltd. (Broadcom, Inc.)
Original Assignee
AbirNet Ltd. (Broadcom, Inc.)
Inventors
Dascalu, Ziv
Primary Examiner(s)
Luu, Le Hien
Assistant Examiner(s)
Cardone, Jason D

Application Number

US08/739,518
Time in Patent Office

1,064 Days
Field of Search

395/187.01, 395/186, 395/182.11, 395/527, 709/227, 709/229, 709/223, 709/224, 709/225, 707/10, 711/141, 711/146
US Class Current

709/229
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0218   Distributed architectures, ...

H04L 63/0254   Stateful filtering

H04L 63/1408   by monitoring network traff...

H04L 9/40   Network security protocols

Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Network session wall passively listening to communication session, with use of access rules, stops further communication between network devices by emulating messages to the devices

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links