Maintaining packet security in a computer network
First Claim
1. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the steps of:
- a) determining within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain; and
b) determining within a second degree of certainty whether a destination address of said one executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for determining the trust worthiness of executable packets, e.g., internet applets, being transmitted within a computer network. The computer network includes both secured computers and unsecured computers, which are associated with secured nodes and unsecured nodes, respectively. Each executable packet has a source address and a destination address. In one embodiment, an intelligent firewall determines within a first degree of certainty whether the source address of an executable packet arriving at one of the secured computers is associated with anyone of the secured nodes, and also determines within a second degree of certainty whether the destination address of the executable packet is associated with anyone of the secured nodes. If the firewall determines within the first degree of certainty that the source address is associated with anyone of the secured nodes, and further determines within the second degree of certainty or is uncertain whether the destination address is associated with anyone of the secured nodes, then the firewall permits the executable packet to execute on the secured computer. Alternatively, if the firewall determines within the first degree of certainty or is uncertain whether the source address is associated with anyone of the secured nodes, and further determines within the second degree of certainty that the destination address is not associated with anyone of the secured nodes, then the firewall also permits the executable packet to proceed to the secured computer.
-
Citations
20 Claims
-
1. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the steps of:
-
a) determining within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain; and
b) determining within a second degree of certainty whether a destination address of said one executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the step of:
determining within a degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain. - View Dependent Claims (8, 9, 10)
-
11. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the step of:
determining within a degree of certainty whether a destination address of one said executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain. - View Dependent Claims (12, 13, 14)
-
15. An intelligent firewall useful in association with a computer network having a plurality of secured computers and a plurality of unsecured computers, the firewall comprising:
-
a source address verifier configured to determine within a first degree of certainty whether a source address of an executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain. - View Dependent Claims (16)
a destination address verifier configured to determine within a second degree of certainty whether a destination address of said executable packet is associated with anyone of said plurality of secured computers.
-
-
17. An intelligent firewall useful in association with a computer network having a plurality of secured computers and a plurality of unsecured computers, the firewall comprising:
a destination address verifier configured to determine within a degree of certainty whether a destination address of an executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.
-
18. A computer program product including a computer-usable medium having computer-readable code embodied therein configured to verify addresses of a plurality of executable packets for a computer network, the computer network including a plurality of secured computers and a plurality of unsecured computers, the computer-readable code comprising
a computer-readable source address verifier configured to determine within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain.
-
20. A computer program product including a computer-usable medium having computer-readable code embodied therein configured to verify addresses of a plurality of executable packets for a computer network, the computer network including a plurality of secured computers and a plurality of unsecured computers, the computer-readable code comprising:
a computer-readable destination address verifier configured to determine within a degree of certainty whether a destination address of one said executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.
Specification