System and method for providing connection orientation based access authentication
First Claim
1. A computer system operating in a network environment for preventing security breaches, comprising:
- an interface layer that receives at least one connection request from another computer;
a security layer that examines the connection request, gathers a list of router addresses and compares the router addresses to a set of known firewall router address; and
a socket layer residing above the security layer and coupling connection requests to data stored on the computer.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is embodied in a system and method for providing access authentication of users attempting to gain access to a network based on connection orientation parameters to prevent security breaches of the network. In general, after a connection is requested to gain access to a networked computer, all router addresses through which the request went is gathered and compared to a well-known set of firewall router addresses (for example, of known companies) to determine the validity of the request. If one of the gathered addresses match the well-known set of firewall address, the request is deemed to have come from the other side of the firewall and the connection is denied. As such, in an intranet networking environment that uses a firewall, the present invention will provide computer users of the intranet protection from unauthorized access by others that do not have access past the firewall.
52 Citations
18 Claims
-
1. A computer system operating in a network environment for preventing security breaches, comprising:
-
an interface layer that receives at least one connection request from another computer; a security layer that examines the connection request, gathers a list of router addresses and compares the router addresses to a set of known firewall router address; and a socket layer residing above the security layer and coupling connection requests to data stored on the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer implemented method operating in a network environment for preventing security breaches, comprising:
-
receiving at least one connection request from another computer; gathering a list of router addresses associated with the connection request; comparing the router addresses to a set of known firewall router address; and forming a socket layer residing above the security layer and coupling connection requests to data stored on the computer. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-readable medium having computer-executable instructions operating on a computer system for validating connection requests on a networked computer, comprising:
-
an interface module operating on the computer that examines the connection request and collects Internet Protocol (IP) addresses of all routers between the computer and a machine originating the connection request; and a security module that compares the collected addresses to a set of known firewall router address and prevents the connection request if the any of the collected addresses match the set of known firewall addresses, wherein the security module monitors Transmission Control Protocol (TCP) data packets for synchronizing (SYN) requests. - View Dependent Claims (16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeTrend Micro Inc.
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMullen, Shawn P., McBrearty, Gerald F., Shieh, Johnny M.
-
Primary Examiner(s)Peeso, Thomas R.
-
Application NumberUS09/996,132Publication NumberTime in Patent Office1,490 DaysField of Search713/166, 713/168, 713/182, 713/189, 713/200, 713/201US Class Current713/166CPC Class CodesH04L 63/0236 Filtering by address, proto...
