Method and system for extracting application protocol characteristics

US 6,311,278 B1
Filed: 07/01/1999
Issued: 10/30/2001
Est. Priority Date: 09/09/1998
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for defining a set of allowable actions for an application program residing on a server, the method comprising:

receiving a message transmitted by the server addressed to one or more clients;

extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message;

storing the extracted application protocol data in a protocol database.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.

173 Citations

26 Claims

1. A method for defining a set of allowable actions for an application program residing on a server, the method comprising:
- receiving a message transmitted by the server addressed to one or more clients;
  
  extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message;
  
  storing the extracted application protocol data in a protocol database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the step of extracting the application protocol data comprises stripping communications protocol data from the message.
  - 3. The method of claim 2, wherein the step of extracting the application protocol data comprises parsing the message after stripping off the communications protocol data to identify protocols contained in the message.
  - 4. The method of claim 3, wherein parsing the message comprises parsing the message to identify one or more commands allowed in the server message.
  - 5. The method of claim 3, wherein parsing the message comprises parsing the message to identify one or more input fields in the server message.
  - 6. The method of claim 5, wherein storing the extracted application protocol data comprises storing the identified input field or fields in association with a data type and length for each input field.
  - 7. The method of claim 3, wherein parsing the message comprises parsing the message to identify one or more hyperlinks within the server message.
  - 8. The method of claim 2 wherein the server message is sent in response to a request from a client to whom the message is addressed, comprising storing the stripped communication protocol data or portion thereof which represents the address of the client.
  - 9. The method of claim 4, wherein the step of storing the extracted application protocol data in the protocol database comprises storing the extracted application protocol data in association with the communication protocol data representing the client address to thereby enable a session with the client.
  - 10. The method of claim 1, comprising:
11. The method of claim 1, comprising:
- receiving a second server message addressed to one or more clients; and
  
  extracting second application protocol data from the second server message to thereby retrieve a second set of allowable actions which may be taken in response to the second server message.
12. The method of claim 11, comprising storing the extracted second application protocol data in the protocol database by adding it to extracted protocol data previously stored in the protocol database.
13. The method of claim 12, comprising storing the extracted second application protocol data in the protocol database in association with the data identifying second server message.
14. The method of claim 11, comprising storing the extracted second application protocol data in the protocol database by overwriting extracted protocol data previously stored in the protocol database.

15. A security gateway system interposed between an external computing environment and an internal computing environment, the system comprising:
- a protocol database storing a set of allowable actions which may be taken in an application program residing on the internal computing environment;
  
  a filter module for receiving an external message from the external computing environment, querying the protocol database, and refusing to pass to the internal environment any portion of the external message not contained in the protocol database; and
  
  a protocol extraction module for receiving an internal message from the internal computing environment, extracting application protocol data from the internal message, and storing the extracted application protocol data in the protocol database.
- View Dependent Claims (16, 17, 18)
- - 16. The security gateway system of claim 15 wherein the filter module comprises a first processing entity for receiving the external message from the external environment, the external message containing content represented in one or more external environment protocols, for converting the external message to a simplified message by mapping all or part of the external message content into a simplified representation of the content in accordance with a simplified protocol, the simplified protocol defining a simplified representation for only some content which may be contained in a message represented in the one or more external environment protocols, and for transmitting the simplified message.
  - 17. The system of claim 16, comprising:
18. The system of claim 17, wherein the protocol extraction module is contained within the second processing entity.

19. In a communication system in which a server is connectable to clients, a method for limiting clients to allowable actions for one or more application programs residing on the server, the method comprising:
- receiving messages transmitted by the server addressed to one or more clients;
  
  deriving from the server messages sets of allowable actions which may be taken in response to each of the server messages;
  
  receiving requests from a client addressed to the server, each request containing one or more actions requested by the client;
  
  comparing the one or more actions in each of the requests with at least one of the sets of allowable actions; and
  
  disallowing any action contained in a request which is not in the at least one set of allowable actions.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein deriving sets of allowable actions from the server messages comprises parsing the messages to identify commands allowed in the server messages, and wherein disallowing any action in a client request comprises disallowing any action in the request which attempts to execute a command other than the identified commands.
  - 21. The method of claim 19, wherein deriving sets of allowable actions from the server messages comprises parsing the messages to identify input fields in the server messages.
  - 22. The method of claim 21, comprising associating each identified input field with a data type and length, and wherein disallowing any action in a request comprises disallowing any action in the request which attempts to input data in a given input field which is contrary to the data type or longer than the length associated with the given input field.
  - 23. The method of claim 19, wherein deriving sets of allowable actions from the server messages comprises parsing the messages to identify hidden fields in the server messages, and wherein disallowing any action in a request comprises disallowing any action in the request which attempts to change data in a given hidden field.
  - 24. The method of claim 19, wherein deriving sets of allowable actions from the server messages comprises parsing the messages to identify hyperlinks including addresses within the server message, and wherein disallowing any action in a request comprises disallowing any action in the request which attempts to link to an address other than the address in the identified hyperlinks.

25. A computerized application protocol extraction module comprising an extraction program which, when executed, causes the protocol extraction module to perform a method for defining a set of allowable actions for an application program residing on a server, the method comprising:
- receiving a message transmitted by the server addressed to one or more clients;
  
  extracting application protocol data from the server message to thereby retrieve the set of allowable actions which may be taken in response to the server message; and
  
  storing the extracted application protocol data in a protocol database.

26. A computerized security module comprising an extraction program which, when executed, causes the security module to perform a method for limiting clients to allowable actions for one or more application programs residing on the server, the method comprising:
- receiving messages transmitted by the server addressed to one or more clients;
  
  deriving from the server messages sets of allowable actions which may be taken for the application program in response to the server messages;
  
  receiving requests from a client addressed to the server, each request containing one or more actions requested by the client;
  
  comparing the one or more actions in each of the requests with at least one of the sets of allowable actions; and
  
  disallowing any action contained in a request which is not in the at least one set of allowable actions.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
Sanctum LTD. (International Business Machines Corporation)
Inventors
Reshef, Eran, Galant, Yoron, Moran, Tal, Raanan, Gil, El-Hanani, Yuval
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US09/345,920
Time in Patent Office

852 Days
Field of Search

713/200, 713/152, 713/201, 713/153, 713/202, 713/151, 709/223, 709/224, 709/225, 709/226, 709/227, 709/230, 380/243, 710/11
US Class Current

726/14
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 69/08   Protocols for interworking;...

Method and system for extracting application protocol characteristics

First Claim

4 Assignments

Litigations

1 Petition

Accused Products

Abstract

173 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for extracting application protocol characteristics

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links