Data scanning network security
First Claim
Patent Images
1. A data security apparatus for use in a computer network for checking data received from an external source, comprising:
- means for scanning the data for acceptable content and format as determined by a rule set established by a recognized protocol, such that the data is scanned in subdivisions set by the recognized protocol as the data is received;
means for translating the data; and
means for transmitting the translated data to a destination node on the computer network.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for providing enhanced computer network security by scanning data, specifically electronic mail messages, sent to the network before the data is received and transmitted by the network'"'"'s mail server. An e-mail message is received by a computer network configured to receive data and is checked as the data is received and before it is transmitted to a node on the computer network. The method includes determining whether an external source is attempting to establish a mail connection with the computer network configured to include a data scanning device that recognizes one or more data transfer protocols. Once the data is received the data scanning device begins evaluating the data by first determining whether the data is formatted according to one of the recognized protocols. The data scanning device begins scanning the data for acceptable content and format according to a rule set established by one of the recognized protocols. This is done at the same time as the data is received by the data scanning device. It is then determined whether the data should be sent to its destination on the computer network. If necessary, the data is translated before being passed to its destination on the computer network.
-
Citations
26 Claims
-
1. A data security apparatus for use in a computer network for checking data received from an external source, comprising:
-
means for scanning the data for acceptable content and format as determined by a rule set established by a recognized protocol, such that the data is scanned in subdivisions set by the recognized protocol as the data is received;
means for translating the data; and
means for transmitting the translated data to a destination node on the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
means for detecting if an external source is attempting to establish a mail connection with a computer network wherein the computer network is receptive to one or more recognized protocols; and
means for receiving data from the external source.
-
-
3. A data security apparatus as recited in claim 1 further comprising:
means for determining whether the data should be transmitted to the destination node on the computer network.
-
4. A data security apparatus as recited in claim 1 further comprising:
-
means for evaluating a protocol used by the external source in sending the data; and
means for determining whether the data from the external source is formatted based on one or more recognized protocols.
-
-
5. A data security apparatus as recited in claim 1 wherein the means for translating the data includes means for data intake that translates the data as the data is received by the data translator.
-
6. A data security apparatus as recited in claim 1 further comprising means for rejecting the data is the data is not formatted according to a recognized protocol.
-
7. A data security apparatus as recited in claim 1 further comprising means for beginning the scan by searching for a command.
-
8. A data security apparatus as recited in claim 1 further comprising means for separating the data into portions wherein a portion of the data includes message-data or a plurality of commands.
-
9. A data security apparatus as recited in claim 1 further comprising means for pausing the scan when a message-data portion is detected and resuming the scan when a command portion is detected.
-
10. A data security apparatus as recited in claim 1 further comprising means for comparing character strings.
-
11. In a computer network configured to receive data, a method of checking data as the data is received and before the data is transmitted to a destination node on the computer network, the method including the steps of:
-
scanning the data for acceptable content and format as determined by a rule set established by a recognized protocol, such that the data is scanned in subdivisions set by the recognized protocol as the data is received;
translating the data before transmitting it to a destination node on the computer network; and
transmitting the translated data to the destination node on the computer network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
determining whether an external source is attempting to establish a mail connection with the computer network wherein the computer network is receptive to one or more recognized protocols; and
receiving the data from the external source.
-
-
13. A method as recited in claim 11 further comprising:
determining whether the data from the external source is formatted according to one of the recognized protocols.
-
14. A method as recited in claim 11 wherein scanning the data for acceptable content and format further includes beginning the scan by searching for a command.
-
15. A method as recited in claim 11 wherein translating the data before passing it to a node on the computer network is performed as the data is received.
-
16. A method as recited in claim 11 wherein scanning the data further includes separating the data into portions wherein a portion of the data includes message-data or a plurality of commands.
-
17. A method as recited in claim 11 wherein scanning the data further includes pausing the scan when a message-data portion is detected and resuming the scan when a command portion is detected.
-
18. A method as recited in claim 17 wherein resuming the scan further includes detecting an end-of-data receipt from a node on the computer network indicating that the message-data portion has been received.
-
19. A method as recited in claim 11 wherein the rule set is set according to the Simple Mail Transfer Protocol and includes a HELO command, a MAIL command, a RCPT command, a NOOP command, a QUIT command, a DATA command, and a RSET command.
-
20. A method as recited in claim 19 wherein translating the data further includes replacing a command not contained within the rule set with the NOOP command.
-
21. A method as recited in claim 11 wherein scanning the data further includes using a string compare instruction.
-
22. A computer-readable medium containing programmed instructions arranged to check data as the data is received and before the data is transmitted to a destination node on a computer network, the computer-readable medium including programmed instructions for:
-
scanning the data for acceptable content and format as determined by a rule set established by a recognized protocol, such that the data is scanned in subdivisions set by the recognized protocol as the data is received;
translating the data before transmitting it to a destination node on the computer network; and
transmitting the translated data to the destination node on the computer network. - View Dependent Claims (23, 24, 25, 26)
determining whether an external source is attempting to establish a mail connection with the computer network wherein the computer network is receptive to one or more recognized protocols; and
receiving the data from the external source.
-
-
24. A computer-readable medium as recited in claim 22 further comprising programmed instructions for:
determining whether the data from the external source is formatted according to one of the recognized protocols.
-
25. A computer-readable medium as recited in claim 22, wherein the programmed instructions for translating the data before passing it to a node further comprises programmed instructions for translating the data as the data is received.
-
26. A computer-readable medium as recited in claim 22, wherein the programmed instructions for scanning the data further comprises programmed instructions for separating the data into portions wherein a portion of the data includes message-data or a plurality of commands.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsWu, Johnson, Lowe, Ricky K., Foss, Andrew L.
-
Primary Examiner(s)Trammell, James P.
-
Assistant Examiner(s)Elisca, Pierre E
-
Application NumberUS09/493,407Time in Patent Office613 DaysField of Search713/200, 713/201, 713/202, 709/206, 709/229, 380/200, 380/201, 380/203, 380/204, 714/26US Class Current726/22CPC Class CodesH04L 51/212 using filtering or selectiv...H04L 63/1408 by monitoring network traff...H04L 63/1441 Countermeasures against mal...
