Network access control device through fast recognition of application frames
First Claim
1. A network access control device through in series deterministic recognition of application frames satisfying a set of predetermined syntactical rules comprising:
- means for monitoring and interpretation of the application frames to recognize;
means for storing predetermined syntactical rules;
means for compiling the predetermined syntactical rules in a direct access data structure;
means for storing said direct access data structure; and
means for comparing the application frames to be recognized with said direct access data structure,whereby the recognition can be performed on any frame component and the direct access data structure allows an access time substantially independent from the number of rules,wherein the network access control device further comprises forwarding means, for forwarding the application frame when recognized and return-to-sender means, for returning of the application frame when not recognized, and wherein the means for monitoring and interpretation of the application frames comprise;
a) a data packets monitoring device at a layer corresponding to the OSI layer 2, said data packets comprising control frames and information frames, wherein the control and information frames contain a header portion and a body portion, said header portion allowing the distinction between an information frame and a control frame;
b) a control unit receiving as an input the data coming from the monitoring device and comprising means for the discrimination of the control frames from the information frames;
c) a dating unit connected to the control unit and associating a monitoring time to the control frames and to the information frames;
d) a discriminated data storing unit, storing the control and the information frames and the monitoring time thereof, bidirectionally connected to the control unit;
e) a predetermined data storing unit, bidirectionally connected to the control unit, said predetermined data representing possible interpretations of the information frames contained in the discriminated data storing unit;
f) means for comparing, by the control unit, said predetermined data stored in the storing unit with the data contained in the body portion of the information frames stored in the discriminated data storing unit, thus reconstructing the information frames according to their specific application syntax;
g) means for ordering, according to the time and kind of communication, the information frames reconstructed according to their specific application syntax, thus reconstructing application sequences occurred between a determined source processor and a determined destination processor; and
h) means for ordering said information frames ordered according to the time and kind of communication also according to a logical criterion, thus reconstructing the logical path of said application sequences occurred between a determined source processor and a determined destination processor.
3 Assignments
0 Petitions
Accused Products
Abstract
A network access control device for deterministic recognition of application frames satisfying a set of predetermined rules comprises: means (205) for monitoring and interpretation of the application frames to recognize; means (201) for storing the predetermined rules; means (202) for compiling the predetermined rules in a direct access data structure; means (203) for storing the direct access data structure; and means (204) for comparing the application frames to be recognized with the direct access data structure, wherein the recognition is able to be performed on any frame component and the direct access data structure allows an access time substantially independent from the number of rules.
63 Citations
11 Claims
-
1. A network access control device through in series deterministic recognition of application frames satisfying a set of predetermined syntactical rules comprising:
-
means for monitoring and interpretation of the application frames to recognize; means for storing predetermined syntactical rules; means for compiling the predetermined syntactical rules in a direct access data structure; means for storing said direct access data structure; and means for comparing the application frames to be recognized with said direct access data structure, whereby the recognition can be performed on any frame component and the direct access data structure allows an access time substantially independent from the number of rules, wherein the network access control device further comprises forwarding means, for forwarding the application frame when recognized and return-to-sender means, for returning of the application frame when not recognized, and wherein the means for monitoring and interpretation of the application frames comprise; a) a data packets monitoring device at a layer corresponding to the OSI layer 2, said data packets comprising control frames and information frames, wherein the control and information frames contain a header portion and a body portion, said header portion allowing the distinction between an information frame and a control frame; b) a control unit receiving as an input the data coming from the monitoring device and comprising means for the discrimination of the control frames from the information frames; c) a dating unit connected to the control unit and associating a monitoring time to the control frames and to the information frames; d) a discriminated data storing unit, storing the control and the information frames and the monitoring time thereof, bidirectionally connected to the control unit; e) a predetermined data storing unit, bidirectionally connected to the control unit, said predetermined data representing possible interpretations of the information frames contained in the discriminated data storing unit; f) means for comparing, by the control unit, said predetermined data stored in the storing unit with the data contained in the body portion of the information frames stored in the discriminated data storing unit, thus reconstructing the information frames according to their specific application syntax; g) means for ordering, according to the time and kind of communication, the information frames reconstructed according to their specific application syntax, thus reconstructing application sequences occurred between a determined source processor and a determined destination processor; and h) means for ordering said information frames ordered according to the time and kind of communication also according to a logical criterion, thus reconstructing the logical path of said application sequences occurred between a determined source processor and a determined destination processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification