Method and system for extracting application protocol characteristics
DCFirst Claim
1. A method for defining a set of allowable actions for an application program residing on a server, the method comprising:
- receiving a message transmitted by the server addressed to one or more clients;
extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message;
storing the extracted application protocol data in a protocol database.
4 Assignments
Litigations
1 Petition
Accused Products
Abstract
A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.
173 Citations
26 Claims
-
1. A method for defining a set of allowable actions for an application program residing on a server, the method comprising:
-
receiving a message transmitted by the server addressed to one or more clients;
extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message;
storing the extracted application protocol data in a protocol database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
receiving a request from a client addressed to the server;
comparing one or more actions in the client request with the stored application protocol data in the protocol database; and
disallowing any action contained in the client request which is not contained in the protocol database.
-
-
11. The method of claim 1, comprising:
-
receiving a second server message addressed to one or more clients; and
extracting second application protocol data from the second server message to thereby retrieve a second set of allowable actions which may be taken in response to the second server message.
-
-
12. The method of claim 11, comprising storing the extracted second application protocol data in the protocol database by adding it to extracted protocol data previously stored in the protocol database.
-
13. The method of claim 12, comprising storing the extracted second application protocol data in the protocol database in association with the data identifying second server message.
-
14. The method of claim 11, comprising storing the extracted second application protocol data in the protocol database by overwriting extracted protocol data previously stored in the protocol database.
-
15. A security gateway system interposed between an external computing environment and an internal computing environment, the system comprising:
-
a protocol database storing a set of allowable actions which may be taken in an application program residing on the internal computing environment;
a filter module for receiving an external message from the external computing environment, querying the protocol database, and refusing to pass to the internal environment any portion of the external message not contained in the protocol database; and
a protocol extraction module for receiving an internal message from the internal computing environment, extracting application protocol data from the internal message, and storing the extracted application protocol data in the protocol database. - View Dependent Claims (16, 17, 18)
a second processing entity for receiving the simplified message transmitted by the first processing entity, for converting the simplified message to an internal message by mapping the simplified representation of the content into an internal representation of the content in accordance with one or more internal environment protocols, and for transmitting the internal message to an application operating on the internal computing environment; and
a communication channel between the first and second processing entities for transferring the simplified message.
-
-
18. The system of claim 17, wherein the protocol extraction module is contained within the second processing entity.
-
19. In a communication system in which a server is connectable to clients, a method for limiting clients to allowable actions for one or more application programs residing on the server, the method comprising:
-
receiving messages transmitted by the server addressed to one or more clients;
deriving from the server messages sets of allowable actions which may be taken in response to each of the server messages;
receiving requests from a client addressed to the server, each request containing one or more actions requested by the client;
comparing the one or more actions in each of the requests with at least one of the sets of allowable actions; and
disallowing any action contained in a request which is not in the at least one set of allowable actions. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A computerized application protocol extraction module comprising an extraction program which, when executed, causes the protocol extraction module to perform a method for defining a set of allowable actions for an application program residing on a server, the method comprising:
-
receiving a message transmitted by the server addressed to one or more clients;
extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message; and
storing the extracted application protocol data in a protocol database.
-
-
26. A computerized security module comprising an extraction program which, when executed, causes the security module to perform a method for limiting clients to allowable actions for one or more application programs residing on the server, the method comprising:
-
receiving messages transmitted by the server addressed to one or more clients;
deriving from the server messages sets of allowable actions which may be taken for the application program in response to the server messages;
receiving requests from a client addressed to the server, each request containing one or more actions requested by the client;
comparing the one or more actions in each of the requests with at least one of the sets of allowable actions; and
disallowing any action contained in a request which is not in the at least one set of allowable actions.
-
Specification