Data scanning network security technique

US 7,251,634 B1
Filed: 07/09/2004
Issued: 07/31/2007
Est. Priority Date: 10/31/1997
Status: Expired due to Term

First Claim

Patent Images

1. A data security system for use in a computer network for checking data received from an external source, comprising:

a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;

a data receiver for receiving data from the external source;

a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and

a multiprotocol rule set data scanner capable of scanning the received data for acceptable content and/or format, as determined by a rule set established by a recognized protocol.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for providing enhanced computer network security by scanning data, specifically electronic mail messages, sent to the network before the data is received and transmitted by the network'"'"'s mail server. An e-mail message is received by a computer network configured to receive data and is checked as the data is received and before it is transmitted to a node on the computer network. The method includes determining whether an external source is attempting to establish a mail connection with the computer network configured to include a data scanning device that recognizes one or more data transfer protocols. Once the data is received the data scanning device begins evaluating the data by first determining whether the data is formatted according to one of the recognized protocols. The data scanning device begins scanning the data for acceptable content and format according to a rule set established by one of the recognized protocols. This is done at the same time as the data is received by the data scanning device. It is then determined whether the data should be sent to its destination on the computer network. If necessary, the data is translated before being passed to its destination on the computer network.

Citations

44 Claims

1. A data security system for use in a computer network for checking data received from an external source, comprising:
- a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the external source;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and
  
  a multiprotocol rule set data scanner capable of scanning the received data for acceptable content and/or format, as determined by a rule set established by a recognized protocol.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data security system of claim 1 further comprising a data translator for translating the received data;
    - wherein the data network transmitter is configured or designed to transmit the translated data to the destination node on the computer network.
  - 3. A data security system as recited in claim 2 wherein the data translator includes a data intake component for data intake that translates the data as the data is received by the data translator.
  - 4. A data security system as recited in claim 1 further comprising a data rejector for rejecting the data if the data is not formatted according to a recognized protocol.
  - 5. A data security system as recited in claim 1 further comprising a data separator for separating the data into portions, wherein a portion of the data includes message-data or a plurality of commands.
  - 6. A data security system as recited in claim 1 further comprising a string comparator for comparing character strings.

7. A data security system for use in a computer network for checking data received from an external source, comprising:
- a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the external source;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and
  
  means for determining whether the received data should be transmitted to the destination node on the computer network.

8. A data security system for use in a computer network for checking data received from an external source, comprising:
- a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the external source;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network;
  
  a protocol evaluator for evaluating a protocol used by the external source in sending the data; and
  
  a protocol format analyzer for determining whether the data from the external source is formatted based on one or more recognized protocols.

9. A data security system for use in a computer network for checking data received from an external source, comprising:
- a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the external source;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and
  
  a data scan controller for pausing the scan when a message-data portion is detected and resuming the scan when a command portion is detected.

10. A data security system for use in a computer network for checking data received from an external source, comprising:
- a mail connection detector for detecting if the external source is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the external source;
  
  a multiprotocol rule set data scanner capable of scanning the received data for acceptable content and format, as determined by a rule set established by a recognized protocol;
  
  a data translator for translating the received data; and
  
  a data network transmitter for transmitting information relating to the translated data to a destination node on the computer network.

11. A data security system for use in a computer network for checking data received from a first network node, comprising:
- a first network node configured or designed to transmit data;
  
  a mail connection detector for detecting if the first network node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the first network node;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and
  
  a multiprotocol rule set data scanner capable of scanning the received data for acceptable content and/or format, as determined by a rule set established by a recognized protocol.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The data security system of claim 11 further comprising a data translator for translating the received data;
    - wherein the data network transmitter is configured or designed to transmit the translated data to the destination node on the computer network.
  - 13. A data security system as recited in claim 12 wherein the data translator includes a data intake component for data intake that translates the data as the data is received by the data translator.
  - 14. A data security system as recited in claim 11 further comprising:
    - means for determining whether the received data should be transmitted to the destination node on the computer network.
  - 15. A data security system as recited in claim 11 further comprising a data rejector for rejecting the data if the data is not formatted according to a recognized protocol.
  - 16. A data security system as recited in claim 11 further comprising a data separator for separating the data into portions, wherein a portion of the data includes message-data or a plurality of commands.
  - 17. A data security system as recited in claim 11 further comprising a string comparator for comparing character strings.

18. A data security system for use in a computer network for checking data received from a first network node, comprising:
- a first network node configured or designed to transmit data;
  
  a mail connection detector for detecting if the first network node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the first network node;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network;
  
  a protocol evaluator for evaluating a protocol used by the first network node in sending the data; and
  
  a protocol format analyzer for determining whether the data from the first network node is formatted based on one or more recognized protocols.

19. A data security system for use in a computer network for checking data received from a first network node, comprising:
- a first network node configured or designed to transmit data;
  
  a mail connection detector for detecting if the first network node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  a data receiver for receiving data from the first network node;
  
  a data network transmitter for transmitting information relating to the received data to a destination node on the computer network; and
  
  a data scan controller for pausing the scan when a message-data portion is detected and resuming the scan when a command portion is detected.

20. A method for use in a computer network for checking data received from a first node, comprising:
- detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  receiving data from the first node;
  
  scanning the received data for acceptable content and/or format, as determined by a multiprotocol rule set established by a recognized protocol; and
  
  transmitting information relating to the received data to a destination node on the computer network.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20 further comprising translating the received data;
    - transmitting the translated data to the destination node on the computer network.
  - 22. A method as recited in claim 20 further comprising rejecting the data if the data is not formatted according to a recognized protocol.
  - 23. A method as recited in claim 20 further comprising separating the data into portions, wherein a portion of the data includes message-data or a plurality of commands.
  - 24. A method as recited in claim 20 further comprising comparing character strings of the data.

25. A method for use in a computer network for checking data received from a first node, comprising:
- detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  receiving data from the first node;
  
  transmitting information relating to the received data to a destination node on the computer network; and
  
  scanning the received data for acceptable content and format in accordance with at least one rule set associated with a recognized protocol.

26. A method for use in a computer network for checking data received from a first node, comprising:
- detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  receiving data from the first node;
  
  transmitting information relating to the received data to a destination node on the computer network; and
  
  determining whether the received data should be transmitted to the destination node on the computer network.

27. A method for use in a computer network for checking data received from a first node, comprising:
- detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  receiving data from the first node;
  
  transmitting information relating to the received data to a destination node on the computer network;
  
  evaluating a protocol used by the first node in sending the data; and
  
  determining whether the data from the first node is formatted based on one or more recognized protocols.

28. A method for use in a computer network for checking data received from a first node, comprising:
- detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  receiving data from the first node;
  
  transmitting information relating to the received data to a destination node on the computer network;
  
  pausing the scanning when a message-data portion is detected; and
  
  resuming the scanning when a command portion is detected.

29. A computer program product for use in a computer network for checking data received from a first node, comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  computer code for receiving data from the first node;
  
  computer code for scanning the received data for acceptable content and/or format in accordance with at least one rule set associated with a recognized protocol; and
  
  computer code for transmitting information relating to the received data to a destination node on the computer network.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The computer program product of claim 29 further comprising computer code for translating the received data;
    - andcomputer code for transmitting the translated data to the destination node on the computer network.
  - 31. A computer program product as recited in claim 29 further comprising computer code for rejecting the data if the data is not formatted according to a recognized protocol.
  - 32. A computer program product as recited in claim 29 further comprising computer code for separating the data into portions, wherein a portion of the data includes message-data or a plurality of commands.
  - 33. A computer program product as recited in claim 29 further comprising computer code for comparing character strings of the data.

34. A computer program product for use in a computer network for checking data received from a first node, comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  computer code for receiving data from the first node;
  
  computer code for transmitting information relating to the received data to a destination node on the computer network; and
  
  computer code for determining whether the received data should be transmitted to the destination node on the computer network.

35. A computer program product for use in a computer network for checking data received from a first node, comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  computer code for receiving data from the first node;
  
  computer code for transmitting information relating to the received data to a destination node on the computer network;
  
  computer code for evaluating a protocol used by the first node in sending the data; and
  
  computer code for determining whether the data from the first node is formatted based on one or more recognized protocols.

36. A computer program product for use in a computer network for checking data received from a first node, comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  computer code for receiving data from the first node;
  
  computer code for transmitting information relating to the received data to a destination node on the computer network;
  
  computer code for pausing the scanning when a message-data portion is detected; and
  
  computer code for resuming the scanning when a command portion is detected.

37. A system for use in a computer network for checking data received from a first node, comprising:
- means for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  means for receiving data from the first node;
  
  means for transmitting information relating to the received data to a destination node on the computer network; and
  
  means for scanning the received data for acceptable content and format in accordance with at least one multiprotocol rule set associated with a recognized protocol.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The system of claim 37 further comprising means for translating the received data;
    - andmeans for transmitting the translated data to the destination node on the computer network.
  - 39. A system as recited in claim 37 further comprising means for rejecting the data if the data is not formatted according to a recognized protocol.
  - 40. A system as recited in claim 37 further comprising means for separating the data into portions, wherein a portion of the data includes message-data or a plurality of commands.
  - 41. A system as recited in claim 37 further comprising means for comparing character strings of the data.

42. A system for use in a computer network for checking data received from a first node, comprising:
- means for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  means for receiving data from the first node;
  
  means for transmitting information relating to the received data to a destination node on the computer network; and
  
  means for determining whether the received data should be transmitted to the destination node on the computer network.

43. A system for use in a computer network for checking data received from a first node, comprising:
- means for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  means for receiving data from the first node;
  
  means for transmitting information relating to the received data to a destination node on the computer network;
  
  means for evaluating a protocol used by the first node in sending the data; and
  
  means for determining whether the data from the first node is formatted based on one or more recognized protocols.

44. A system for use in a computer network for checking data received from a first node, comprising:
- means for detecting if a first node is attempting to establish a mail connection with the computer network, wherein the computer network is receptive to one or more recognized protocols;
  
  means for receiving data from the first node;
  
  means for transmitting information relating to the received data to a destination node on the computer network;
  
  means for pausing the scanning when a message-data portion is detected; and
  
  means for resuming the scanning when a command portion is detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wu, Johnson, Lowe, Ricky K., Foss, Andrew L.
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US10/888,117
Time in Patent Office

1,117 Days
Field of Search

705/64, 726/14, 713/200
US Class Current

705/64
CPC Class Codes

G06Q 10/107   Computer-aided management o...

G06Q 20/382   insuring higher security of...

H04L 51/212   using filtering or selectiv...

H04L 63/0263   Rule management

Data scanning network security technique

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Data scanning network security technique

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links