Method and apparatus for identifying trusted sources based on access point
First Claim
1. A method for distinguishing sources of data, comprising:
- defining a first set of reserved port addresses on a firewall computer;
mapping, by the firewall computer, data comprising a first communication received at a first interface to one of the first set of reserved port addresses;
mapping, by the firewall computer, data comprising a second communication received at a second interface to a port address not included in the first set of reserved port addresses;
based on the mapping of the first communication to one of the first set of reserved port addresses, applying, by the firewall computer, a first type of security measures with respect to the first communication, wherein the first type of security measures are a first level of verification and authentication;
determining that the first interface is interconnected to a trusted data source;
in response to the determining that the first interface is interconnected to the trusted data source, establishing a rule that communications received at the first interface that are not addressed to one of the first set of reserved port addresses are mapped to one of the first set of reserved port addresses;
based on the mapping of the second communication to a port address not included in the first set of reserved port addresses, applying, by the firewall computer, a second type of security measures with respect to the second communication received at the second interface, wherein the second type of security measures are a second level of verification and authentication, wherein the security measures of the first type are a lower level of verification and authentication than the security measures of the second type;
determining that the second interface is interconnected to a data source that is not trusted;
in response to the determining that the second interface is interconnected to the data source that is not trusted, establishing a rule that communications received at the second interface that are not addressed to one of the reserved port addresses are not mapped to one of the reserved port addresses.
23 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for distinguishing between sources of messages at a computer system resource are provided. In particular, messages are classified according to the physical interface at which the messages are received. A message received at an interface connected to a trusted source has the port address associated with that message mapped to a predefined port address by a firewall computer, before being passed to a server computer or other system resource. A message received at an interface that is connected to an untrusted source is passed to the server computer using the original port address. The server computer may then treat messages associated with one of the reserved port addresses differently from messages associated with a non-reserved port address.
32 Citations
13 Claims
-
1. A method for distinguishing sources of data, comprising:
-
defining a first set of reserved port addresses on a firewall computer; mapping, by the firewall computer, data comprising a first communication received at a first interface to one of the first set of reserved port addresses; mapping, by the firewall computer, data comprising a second communication received at a second interface to a port address not included in the first set of reserved port addresses; based on the mapping of the first communication to one of the first set of reserved port addresses, applying, by the firewall computer, a first type of security measures with respect to the first communication, wherein the first type of security measures are a first level of verification and authentication; determining that the first interface is interconnected to a trusted data source; in response to the determining that the first interface is interconnected to the trusted data source, establishing a rule that communications received at the first interface that are not addressed to one of the first set of reserved port addresses are mapped to one of the first set of reserved port addresses; based on the mapping of the second communication to a port address not included in the first set of reserved port addresses, applying, by the firewall computer, a second type of security measures with respect to the second communication received at the second interface, wherein the second type of security measures are a second level of verification and authentication, wherein the security measures of the first type are a lower level of verification and authentication than the security measures of the second type; determining that the second interface is interconnected to a data source that is not trusted; in response to the determining that the second interface is interconnected to the data source that is not trusted, establishing a rule that communications received at the second interface that are not addressed to one of the reserved port addresses are not mapped to one of the reserved port addresses. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for distinguishing and treating messages from different sources differently, comprising:
-
a firewall computer, including; a plurality of source interfaces; a server interface; a list of reserved port addresses, wherein at least one of the source interfaces is a trusted source interface that is mapped to one of the list of reserved port addresses; program code configured to implement a set of rules associated with verification and authentication of messages received at the source interface; wherein a first message received at the at least one trusted source interface is addressed to one of the reserved port addresses and passed to the server interface, wherein, a first level of verification and authentication is applied to the first message based on the first message being addressed to one of the list of reserved port addresses; and wherein a second message received at one of the source interfaces is not addressed to one of the reserved port addresses, wherein, a second level of verification and authentication is applied to the second message based on the second message being addressed to a port address not included on one of the list of reserved port addresses; a server computer, including; an interconnection to the server interface of the firewall computer; program code configured to direct the first message addressed to one of the reserved port address to a first application and to direct the second message not addressed to one of the reserved port addresses to a second application; wherein the first application implements a first set of security requirements, wherein the second application implements a second set of security requirements, and wherein the first set of security requirements are a lower level than the second set of security requirements. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for identifying a source of messages, comprising:
-
means for interfacing a firewall computer with two or more sources means to receive two or more messages from the two or more sources; means for identifying a set of reserved port addresses, wherein at least one of the sources is a trusted source interface mapped to one of the set of reserved port addresses on the firewall computer; means for mapping a first message received from one of the two or more sources to one of said set of reserved port addresses, wherein a first level of authentication and verification is applied to the first message, based on the first message being addressed to one of the reserved port addresses; means for mapping a second message received from one of the two or more sources to an address port that is not included in said set of reserved port addresses; means for applying a second level of authentication and verification to the second message received from one of the two or more sources based on the mapping of the second message to the port address not included in said set of reserved port addresses; means for directing the first message addressed to one of the reserved port address to a first application and means for directing the second message not included in said set of reserved port addresses to a second application; wherein the first application implements a first set of security requirements, wherein the second application implements a second set of security requirements, and wherein the first set of security requirements are a lower level than the second set of security requirement.
-
Specification