Semantic processing engine

US 7,546,234 B1
Filed: 01/07/2004
Issued: 06/09/2009
Est. Priority Date: 01/08/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for performing semantic operations with contents of a message, comprising:

receiving, at a processor, a message defined by message segments, wherein the message segments comprise packets in a packet-switched network;

identifying a grammar associated with the message segments;

converting the message segments into a token stream;

creating a substructure from tokens of the token stream;

identifying rules associated with the tokens, wherein the rules define actions for intrusion detection and prevention;

associating each of the message segments with a meta session through the tokens, wherein the meta session is made persistent across message transactions by storing data generated by the meta session on a persistent storage medium;

executing actions defined by the rules; and

forwarding the message to a destination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor configured to identify message contents is provided. The processor includes a message characterization block configured to characterize a message through analysis of header information associated with the message. A semantic processing block configured to translate the message into tokens associated with segments of the message is included. The semantic processing block identifies rules associated with each of the tokens and the semantic processing block is configured to apply the identified rules to the message. A queuing block configured to queue the message to be transmitted from the processor is included. A method for providing content based security, a computer readable media, an adapter card and a network device configured to provide content based security and an intrusion protection system are provided.

Citations

21 Claims

1. A method for performing semantic operations with contents of a message, comprising:
- receiving, at a processor, a message defined by message segments, wherein the message segments comprise packets in a packet-switched network;
  
  identifying a grammar associated with the message segments;
  
  converting the message segments into a token stream;
  
  creating a substructure from tokens of the token stream;
  
  identifying rules associated with the tokens, wherein the rules define actions for intrusion detection and prevention;
  
  associating each of the message segments with a meta session through the tokens, wherein the meta session is made persistent across message transactions by storing data generated by the meta session on a persistent storage medium;
  
  executing actions defined by the rules; and
  
  forwarding the message to a destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - retrieving meta session state information related to the message segments, wherein the meta session state information is invariant across different connections.
  - 3. The method of claim 1, wherein the method operation of identifying a grammar associated with the message segments includes,evaluating header information of a packet containing one of the message segments.
  - 4. The method of claim 1, wherein the method operation of identifying rules associated with the tokens includes,navigating through a rule index tree.
  - 5. The method of claim 1, further including:
    - creating a parse tree defined by the tokens.
  - 6. The method of claim 1, wherein the method operation of converting the message segment into a token stream includes,associating a numeric with each token of the token stream.
  - 7. The method of claim 1, wherein the substructure spans message segments.

8. A computer readable medium having program instructions for performing semantic operations with contents of a message when executed, comprising:
- program instructions for receiving a message defined by message segments, wherein the message segments comprise packets in a packet-switched network;
  
  program instructions for identifying a grammar associated with the message segments;
  
  program instructions for converting the message segments into a token stream;
  
  program instructions for creating a substructure from tokens of the token stream;
  
  program instructions for identifying rules associated with tokens of the token stream, wherein the rules define actions for intrusion detection and prevention;
  
  program instructions for associating each of the message segments with a meta session through the tokens, wherein the meta session is made persistent across message transactions by storing data generated by the meta session on a persistent storage medium;
  
  program instructions for executing actions defined by the rules; and
  
  program instructions for forwarding the message to a destination, wherein each of the program instructions in the computer readable medium are executed by an integrated circuit.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, further comprising:
    - program instructions for retrieving meta session state information related to the message segment, wherein the meta session state information is invariant across different connections.
  - 10. The computer readable medium of claim 8, wherein the program instructions for identifying a grammar associated with the message segments includes,program instructions for evaluating header information of a packet containing one of the message segments.
  - 11. The computer readable medium of claim 8, wherein the program instructions for identifying rules associated with the tokens includes,program instructions for navigating through a rule index tree.
  - 12. The computer readable medium of claim 8, wherein the program instructions for converting the message segments into a token stream includes,program instructions for associating a numeric with each token of the token stream.
  - 13. The computer readable medium of claim 8, further comprising:
    - program instructions for creating a parse tree defined by the tokens.
  - 14. The computer readable medium of claim 13, wherein the program instructions for creating a parse tree defined by the tokens includes,program instructions for identifying non-terminals;
    - andprogram instructions for identifying valid strings.

15. A processor having logic for performing semantic operations with contents of a message, comprising:
- logic for receiving a message defined by message segments, wherein the message segments comprise packets in a packet-switched network;
  
  logic for identifying a grammar associated with the message segments;
  
  logic for converting the message segments into a token stream;
  
  logic for creating a substructure from tokens of the token streamlogic for identifying rules associated with tokens of the token stream, wherein the rules define actions for intrusion detection and prevention;
  
  logic for associating each of the message segments with a meta session through the tokens, wherein the meta session is made persistent across message transactions storing data generated by the meta session on a persistent storage medium;
  
  logic for executing actions defined by the rules; and
  
  logic for forwarding the message to a destination.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The processor of claim 15, further comprising:
    - logic for retrieving meta session state information related to the message segments, wherein the meta session state information is invariant across different connections.
  - 17. The processor of claim 15, wherein the logic for identifying a grammar associated with the message segments includes,logic for evaluating header information of a packet containing one of the message segments.
  - 18. The processor of claim 15, wherein the logic for identifying rules associated with the tokens includes,logic for navigating through a rule index tree.
  - 19. The processor of claim 15, further including:
    - logic for creating a parse tree defined by the tokens.
  - 20. The processor of claim 15, wherein the logic for converting the message segment into a token stream includes,logic for associating a numeric with each token of the token stream.
  - 21. The processor of claim 15, wherein each logic element is one or a combination of hardware and software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xambala Corporation
Original Assignee
Xambala, Inc. (Final Israel Ltd.)
Inventors
Deb, Alak, Chatterjee, Debashis
Primary Examiner(s)
Hudspeth; David R
Assistant Examiner(s)
Rider; Justin W

Application Number

US10/753,727
Time in Patent Office

1,980 Days
Field of Search

None
US Class Current

704/9
CPC Class Codes

G06F 40/30   Semantic analysis

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99943   Generating database or data...

Semantic processing engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Semantic processing engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links