Systems and methods for a protocol gateway
First Claim
Patent Images
1. A method for managing a communication protocol in a network, the method comprising:
- receiving at a firewall a plurality of messages from a computer network;
intercepting with an enforcer module executing on a computing device selected messages of the plurality of messages, the selected messages comprising each of the plurality of messages associated with an instant messaging protocol;
comparing the instant messaging protocol of each of the selected messages with at least one protocol template stored by the enforcer module, the instant messaging protocol of each selected message comprising (i) a screen name of a user originating the selected message and (ii) at least one of a source internet protocol (IP) address and a port number;
based on said comparing, redirecting to a protocol message gateway within the computer network each selected message having bypassed the protocol message gateway, wherein said redirecting comprises using a content vectoring protocol;
for each redirected selected message,identifying with an authentication module of the protocol message gateway a unique user name associated with the screen name of the user originating the redirected selected message,based at least in part on the unique user name, selecting a policy rule for restricting the user'"'"'s usage of the instant messaging protocol, andapplying the selected policy rule to the redirected selected message.
30 Assignments
0 Petitions
Accused Products
Abstract
A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network'"'"'s resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.
-
Citations
30 Claims
-
1. A method for managing a communication protocol in a network, the method comprising:
-
receiving at a firewall a plurality of messages from a computer network; intercepting with an enforcer module executing on a computing device selected messages of the plurality of messages, the selected messages comprising each of the plurality of messages associated with an instant messaging protocol; comparing the instant messaging protocol of each of the selected messages with at least one protocol template stored by the enforcer module, the instant messaging protocol of each selected message comprising (i) a screen name of a user originating the selected message and (ii) at least one of a source internet protocol (IP) address and a port number; based on said comparing, redirecting to a protocol message gateway within the computer network each selected message having bypassed the protocol message gateway, wherein said redirecting comprises using a content vectoring protocol; for each redirected selected message, identifying with an authentication module of the protocol message gateway a unique user name associated with the screen name of the user originating the redirected selected message, based at least in part on the unique user name, selecting a policy rule for restricting the user'"'"'s usage of the instant messaging protocol, and applying the selected policy rule to the redirected selected message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for restricting usage of instant messaging in a network, the system comprising:
-
a firewall operative to receive a plurality of messages leaving a computer network coupled to the firewall; a proxy enforcer executing on a computing device and in communication with the firewall, the proxy enforcer operative to identify one or more of the plurality of messages that are associated with an instant messaging protocol, the instant messaging protocol comprising an application layer protocol; a plurality of protocol definition files accessible to the proxy enforcer, wherein the proxy enforcer is further operative to compare the instant messaging protocol of each of the one or more messages with at least one of the plurality of protocol definition files; a protocol message gateway in communication with the proxy enforcer, the proxy enforcer operative to redirect to the protocol message gateway each of the one or more messages that did not previously pass through the protocol message gateway prior to being received by the firewall;
the protocol message gateway further comprisingat least one protocol adapter operative to generate a data structure comprising information indicative of a communication session of each redirected message, an authentication module operative to identify a unique user name based on a screen name associated with each redirected message, the unique user name identifying an actual user of the computer network, and a policy enforcement module operative to select a policy rule for restricting the actual user'"'"'s usage of the instant messaging protocol and to apply the selected policy rule to the redirected message. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification