Network traffic intercepting method and system
DC
First Claim
1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising the steps of:
- (a) intercepting all said data flowing between said transport layer and said user application;
(b) examining said data for information content, which comprises examining said data streams to determine if they are scannable for information content or non-scannable for information content;
passing said non-scannable data streams to said user application; and
passing said scannable data streams to said processing step (c) wherein said information content includes the presence of proscribed data; and
, (c) processing said data, including scanning said data for said proscribed data, based on said information content to protect the computer system and the network by preventing said computer system and network from accessing proscribed data, wherein said operating system includes protocols implemented on top of said transport layer, said protocols having a plurality of states, and wherein said processing step (b) further includes the step of parsing, said parsing tracking the state of said protocols with a parser.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A computer system and method for intercepting, examining, and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application; which operates on a single computer. The system and method preferably operates with a single computer system. All data streams that pass from an external network, through the transport layer of an operating system to the user application or from the user application to the transport layer are intercepted by a network traffic interceptor. The network traffic interceptor processes all data streams for proscribed data that may include viruses, trojan horses, worms, and other hostile algorithms. The processing used by the network traffic interceptor can include monitoring, blocking or destroying data, thereby protecting the single computer system from being infected by hostile algorithms.
102 Citations
1 Claim
-
1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising the steps of:
-
(a) intercepting all said data flowing between said transport layer and said user application;
(b) examining said data for information content, which comprises examining said data streams to determine if they are scannable for information content or non-scannable for information content;
passing said non-scannable data streams to said user application; and
passing said scannable data streams to said processing step (c) wherein said information content includes the presence of proscribed data; and
,(c) processing said data, including scanning said data for said proscribed data, based on said information content to protect the computer system and the network by preventing said computer system and network from accessing proscribed data, wherein said operating system includes protocols implemented on top of said transport layer, said protocols having a plurality of states, and wherein said processing step (b) further includes the step of parsing, said parsing tracking the state of said protocols with a parser.
-
Specification
-
- Resources
-
Current AssigneeCybersoft, Inc., Service Medical Consulting Incorporated
-
Original AssigneeCybersoft, Inc.
-
InventorsHarding, David J., Radatti, Peter V.
-
Primary Examiner(s)Sheikh, Ayaz
-
Assistant Examiner(s)JACKSON, JENISE E
-
Application NumberUS09/244,154Time in Patent Office1,987 DaysField of Search713/200, 713/201, 713/151, 713/152, 713/153, 713/154, 709/230, 709/229, 709/225, 709/227, 709/223, 709/224, 709/231US Class Current726/24CPC Class CodesG06F 21/564 by virus signature recognitionH04L 63/0245 Filtering by information in...H04L 63/145 the attack involving the pr...
