Undetectable firewall

US 7,100,201 B2
Filed: 01/24/2002
Issued: 08/29/2006
Est. Priority Date: 01/24/2002
Status: Active Grant

First Claim

Patent Images

1. A method of preventing unauthorized access to a computer system, comprising:

receiving a data packet at a firewall, where the data packet comprises a frame field, a header, a body, and a trailer;

passively copying the data packet at the firewall, where the passive copying leaves the frame field, the header, the body, and the trailer of the data packet unchanged so that there is no indication of the firewall in the data packet;

analyzing the passively copied data packet with the firewall to determine if the data packet is authorized to access the computer system;

sending an authorized data packet to the computer system; and

denying access of an unauthorized data packet to the computer system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An undetectable firewall for network protection has been developed. The invention includes a method of preventing unauthorized access to a computer system. The firewall receives a data packet and copies its contents exactly. Next, the firewall analyzes the data packet and determines if it is authorized to access the network. If the packet is authorized to access the network, it is sent on to its destination. If the packet is unauthorized to access the network, it is dropped by the firewall.

Citations

15 Claims

1. A method of preventing unauthorized access to a computer system, comprising:
- receiving a data packet at a firewall, where the data packet comprises a frame field, a header, a body, and a trailer;
  
  passively copying the data packet at the firewall, where the passive copying leaves the frame field, the header, the body, and the trailer of the data packet unchanged so that there is no indication of the firewall in the data packet;
  
  analyzing the passively copied data packet with the firewall to determine if the data packet is authorized to access the computer system;
  
  sending an authorized data packet to the computer system; and
  
  denying access of an unauthorized data packet to the computer system.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - dropping the unauthorized data packet.
  - 3. The method of claim 1, further comprising:
    - logging the attempted access to the computer system of the unauthorized data packet.
  - 4. The method of claim 1, wherein the computer system is a network.
  - 5. The method of claim 1, wherein the data packet is analyzed by a pattern matching system.

6. A method of preventing unauthorized access to a computer system, comprising:
- step for receiving data;
  
  step for passively copying the data, where the passive copying leaves the data unchanged so that there is no indication of the firewall in the data packet;
  
  step for analyzing the passively copied data for authorization to access the computer system;
  
  step for allowing access to the computer system for authorized data; and
  
  step for denying access to the computer system for unauthorized data.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, further comprising:
    - step dropping unauthorized data.
  - 8. The method of claim 6, further comprising:
    - step for logging an attempt to access the computer system by unauthorized data.

9. A method of remotely managing a firewall, comprising:
- receiving a control data packet at the firewall from a remote location;
  
  passively copying the control data packet at the firewall, where the passive copying leaves all content of the control data packet unchanged so that there is no indication of the firewall in the control data packet;
  
  analyzing the passively copied control data packet to determine if the control data packet is authorized to access the firewall; and
  
  allowing an authorized control data packet to control the firewall.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further comprising:
    - dropping the authorized control data packet.
  - 11. The method of claim 9, wherein the control data packet is analyzed for a password.
  - 12. The method of claim 9, wherein the control data packet contains a false origination address.
  - 13. The method of claim 9, wherein the control data packet contains a destination address that is protected by the firewall.

14. A method of remotely managing a firewall, comprising:
- step for receiving control data at the firewall from a remote location;
  
  step for passively copying the control data, where the passive copying leaves all content of the control data unchanged so that there is no indication of the firewall in the control data;
  
  step for analyzing the passively copied control data to determine if the control data is authorized to access the firewall; and
  
  step for allowing authorized control data to access the firewall.
- View Dependent Claims (15)
- - 15. The method of claim 14, further comprising:
    - step for dropping the authorized control data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arxceo Corp. (Japan Communications Inc.)
Original Assignee
Arxceo Corp. (Japan Communications Inc.)
Inventors
Izatt, David
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/056,629
Publication Number

US 20030140248A1
Time in Patent Office

1,678 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

Undetectable firewall

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Undetectable firewall

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links