Maintaining packet security in a computer network

US 6,571,338 B1
Filed: 12/20/1995
Issued: 05/27/2003
Est. Priority Date: 12/20/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the steps of:

a) determining within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain; and

b) determining within a second degree of certainty whether a destination address of said one executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and apparatus for determining the trust worthiness of executable packets, e.g., internet applets, being transmitted within a computer network. The computer network includes both secured computers and unsecured computers, which are associated with secured nodes and unsecured nodes, respectively. Each executable packet has a source address and a destination address. In one embodiment, an intelligent firewall determines within a first degree of certainty whether the source address of an executable packet arriving at one of the secured computers is associated with anyone of the secured nodes, and also determines within a second degree of certainty whether the destination address of the executable packet is associated with anyone of the secured nodes. If the firewall determines within the first degree of certainty that the source address is associated with anyone of the secured nodes, and further determines within the second degree of certainty or is uncertain whether the destination address is associated with anyone of the secured nodes, then the firewall permits the executable packet to execute on the secured computer. Alternatively, if the firewall determines within the first degree of certainty or is uncertain whether the source address is associated with anyone of the secured nodes, and further determines within the second degree of certainty that the destination address is not associated with anyone of the secured nodes, then the firewall also permits the executable packet to proceed to the secured computer.

Citations

20 Claims

1. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the steps of:
- a) determining within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain; and
  
  b) determining within a second degree of certainty whether a destination address of said one executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein if the determining step a) determines within said first degree of certainty that said source address is associated with anyone of said plurality of secured computers and if the determining step b) determines within said second degree of certainty or is uncertain whether said destination address is associated with anyone of said plurality of secured computers, then the method further comprises the step of permitting said executable packet to proceed.
  - 3. The method of claim 1 wherein if the determining step a) determines within said first degree of certainty or is uncertain whether said source address is associated with anyone of said plurality of secured computers and if the determining step b) determines within said second degree of certainty that said destination address is not associated with anyone of said plurality of secured computers, then the method further comprises the step of permitting said executable packet to proceed.
  - 4. The method of claim 1 wherein if the determining step a) determines within said first degree of certainty or is uncertain whether said source address is not associated with anyone of said plurality of secured computers and if the determining step b) determines within said second degree of certainty or is uncertain whether said destination address is associated with anyone of said plurality of secured computers, then the method further comprises the step of prohibiting said executable packet from proceeding.
  - 5. The method of claim 1 wherein said executable packet includes an applet.
  - 6. The method of claim 1 wherein said determining steps a) and b) are executed by an intelligent firewall associated with said plurality of secured computers.

7. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the step of:
- determining within a degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7 wherein if the determining step determines within said degree of certainty that said source address is associated with anyone of said plurality of secured computers, then the method further comprises the step of permitting said executable packet to proceed.
  - 9. The method of claim 7 wherein said executable packet includes an applet.
  - 10. The method of claim 7 wherein said determining step is executed by an intelligent firewall associated with said plurality of secured computers.

11. A method for determining the trust worthiness of executable packets in a computer network having a plurality of secured computers and a plurality of unsecured computers, each executable packet having a source address and a destination address, said method comprising the step of:
- determining within a degree of certainty whether a destination address of one said executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11 wherein if the determining step determines within said degree of certainty that said destination address is not associated with anyone of said plurality of secured computers, then the method further comprises the step of permitting said executable packet to proceed.
  - 13. The method of claim 11 wherein said executable packet includes an applet.
  - 14. The method of claim 11 wherein said determining step is executed by an intelligent firewall associated with said plurality of secured computers.

15. An intelligent firewall useful in association with a computer network having a plurality of secured computers and a plurality of unsecured computers, the firewall comprising:
- a source address verifier configured to determine within a first degree of certainty whether a source address of an executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain.
- View Dependent Claims (16)
- - 16. The intelligent firewall of claim 15 further comprising:

17. An intelligent firewall useful in association with a computer network having a plurality of secured computers and a plurality of unsecured computers, the firewall comprising:
- a destination address verifier configured to determine within a degree of certainty whether a destination address of an executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.

18. A computer program product including a computer-usable medium having computer-readable code embodied therein configured to verify addresses of a plurality of executable packets for a computer network, the computer network including a plurality of secured computers and a plurality of unsecured computers, the computer-readable code comprisinga computer-readable source address verifier configured to determine within a first degree of certainty whether a source address of one said executable packet is associated with anyone of said plurality of secured computers, said source address is not associated with anyone of said plurality of secured computers, or association of said source address with anyone of said plurality of secured computers is uncertain.
- View Dependent Claims (19)
- - 19. The computer program product of claim 18 wherein said computer-readable code further comprising:
    - a computer-readable destination address verifier configured to determine within a second degree of certainty whether a destination address of said one executable packet is associated with anyone of said plurality of secured computers.

20. A computer program product including a computer-usable medium having computer-readable code embodied therein configured to verify addresses of a plurality of executable packets for a computer network, the computer network including a plurality of secured computers and a plurality of unsecured computers, the computer-readable code comprising:
- a computer-readable destination address verifier configured to determine within a degree of certainty whether a destination address of one said executable packet is associated with anyone of said plurality of secured computers, said destination address is not associated with anyone of said plurality of secured computers, or association of said destination address with anyone of said plurality of secured computers is uncertain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Hoff, Arthur Van, Shaio, Sami
Primary Examiner(s)
BADERMAN, SCOTT T

Application Number

US08/575,743
Time in Patent Office

2,715 Days
Field of Search

395/187.01, 395/188.01, 395/186, 395/609, 395/200.68, 395/200.69, 395/200.7, 395/200.72, 395/200.73, 395/200.74, 380/23, 380/25, 707/9, 707/10, 713/201, 713/153, 713/154, 713/160, 713/161
US Class Current

726/13
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/145 the attack involving the pr...

Maintaining packet security in a computer network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining packet security in a computer network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links