Method and apparatus for identifying trusted sources based on access point

US 8,051,474 B1
Filed: 09/26/2006
Issued: 11/01/2011
Est. Priority Date: 09/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for distinguishing sources of data, comprising:

defining a first set of reserved port addresses on a firewall computer;

mapping, by the firewall computer, data comprising a first communication received at a first interface to one of the first set of reserved port addresses;

mapping, by the firewall computer, data comprising a second communication received at a second interface to a port address not included in the first set of reserved port addresses;

based on the mapping of the first communication to one of the first set of reserved port addresses, applying, by the firewall computer, a first type of security measures with respect to the first communication, wherein the first type of security measures are a first level of verification and authentication;

determining that the first interface is interconnected to a trusted data source;

in response to the determining that the first interface is interconnected to the trusted data source, establishing a rule that communications received at the first interface that are not addressed to one of the first set of reserved port addresses are mapped to one of the first set of reserved port addresses;

based on the mapping of the second communication to a port address not included in the first set of reserved port addresses, applying, by the firewall computer, a second type of security measures with respect to the second communication received at the second interface, wherein the second type of security measures are a second level of verification and authentication, wherein the security measures of the first type are a lower level of verification and authentication than the security measures of the second type;

determining that the second interface is interconnected to a data source that is not trusted;

in response to the determining that the second interface is interconnected to the data source that is not trusted, establishing a rule that communications received at the second interface that are not addressed to one of the reserved port addresses are not mapped to one of the reserved port addresses.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for distinguishing between sources of messages at a computer system resource are provided. In particular, messages are classified according to the physical interface at which the messages are received. A message received at an interface connected to a trusted source has the port address associated with that message mapped to a predefined port address by a firewall computer, before being passed to a server computer or other system resource. A message received at an interface that is connected to an untrusted source is passed to the server computer using the original port address. The server computer may then treat messages associated with one of the reserved port addresses differently from messages associated with a non-reserved port address.

32 Citations

View as Search Results

13 Claims

1. A method for distinguishing sources of data, comprising:
- defining a first set of reserved port addresses on a firewall computer;
  
  mapping, by the firewall computer, data comprising a first communication received at a first interface to one of the first set of reserved port addresses;
  
  mapping, by the firewall computer, data comprising a second communication received at a second interface to a port address not included in the first set of reserved port addresses;
  
  based on the mapping of the first communication to one of the first set of reserved port addresses, applying, by the firewall computer, a first type of security measures with respect to the first communication, wherein the first type of security measures are a first level of verification and authentication;
  
  determining that the first interface is interconnected to a trusted data source;
  
  in response to the determining that the first interface is interconnected to the trusted data source, establishing a rule that communications received at the first interface that are not addressed to one of the first set of reserved port addresses are mapped to one of the first set of reserved port addresses;
  
  based on the mapping of the second communication to a port address not included in the first set of reserved port addresses, applying, by the firewall computer, a second type of security measures with respect to the second communication received at the second interface, wherein the second type of security measures are a second level of verification and authentication, wherein the security measures of the first type are a lower level of verification and authentication than the security measures of the second type;
  
  determining that the second interface is interconnected to a data source that is not trusted;
  
  in response to the determining that the second interface is interconnected to the data source that is not trusted, establishing a rule that communications received at the second interface that are not addressed to one of the reserved port addresses are not mapped to one of the reserved port addresses.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first communication received at the first interface, as received at the firewall computer, is not addressed to one of the reserved port addresses, and wherein the second communication received at the second interface, as received at the firewall computer, is not addressed to one of the reserved port addresses.
  - 3. The method of claim 2, further comprising:
    - blocking a communication received at any interface that as received is addressed to one of the reserved port addresses.
  - 4. The method of claim 1, further comprising:
    - passing the first communication mapped to the one of the reserved port addresses from a first device associated with the first and second interfaces to a second device, wherein the second device applies or causes to be applied the first type of security measures;
      
      passing the second communication addressed to a port not included in the first set of reserved port addresses to the second device, wherein the first device applies or causes to be applied the second type of security measures.
  - 5. The method of claim 1, wherein the security measures of a first type do not require a user to provide any proof of identity in order to access a resource through the firewall computer, and wherein the security measures of a second type require a user to provide proof of their identity in order to access a resource through the first device.
  - 6. The method of claim 1, wherein the security measures of a first type require that a user enter a password before accessing a resource, and wherein the security measures of a second type require that a user enter a password and provide proof of their identity in addition to a password.

7. A system for distinguishing and treating messages from different sources differently, comprising:
- a firewall computer, including;
  
  a plurality of source interfaces;
  
  a server interface;
  
  a list of reserved port addresses, wherein at least one of the source interfaces is a trusted source interface that is mapped to one of the list of reserved port addresses;
  
  program code configured to implement a set of rules associated with verification and authentication of messages received at the source interface;
  
  wherein a first message received at the at least one trusted source interface is addressed to one of the reserved port addresses and passed to the server interface, wherein, a first level of verification and authentication is applied to the first message based on the first message being addressed to one of the list of reserved port addresses; and
  
  wherein a second message received at one of the source interfaces is not addressed to one of the reserved port addresses, wherein, a second level of verification and authentication is applied to the second message based on the second message being addressed to a port address not included on one of the list of reserved port addresses;
  
  a server computer, including;
  
  an interconnection to the server interface of the firewall computer;
  
  program code configured to direct the first message addressed to one of the reserved port address to a first application and to direct the second message not addressed to one of the reserved port addresses to a second application;
  
  wherein the first application implements a first set of security requirements, wherein the second application implements a second set of security requirements, and wherein the first set of security requirements are a lower level than the second set of security requirements.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising:
    - a first source interconnected to the at least one trusted source interface.
  - 9. The system of claim 8, wherein the first source is interconnected to the at least one trusted source interface by a wireline connection.
  - 10. The system of claim 8, further comprising:
    - a second source interconnected to a source interface that is not mapped to one of the reserved port addresses.
  - 11. The system of claim 8, wherein the first and second applications are running on the server computer.
  - 12. The system of claim 7, wherein the programming code configured to implement a set of rules blocks any message received at any source interface that is addressed to a port address included in the list of reserved port addresses.

13. A system for identifying a source of messages, comprising:
- means for interfacing a firewall computer with two or more sourcesmeans to receive two or more messages from the two or more sources;
  
  means for identifying a set of reserved port addresses, wherein at least one of the sources is a trusted source interface mapped to one of the set of reserved port addresses on the firewall computer;
  
  means for mapping a first message received from one of the two or more sources to one of said set of reserved port addresses, wherein a first level of authentication and verification is applied to the first message, based on the first message being addressed to one of the reserved port addresses;
  
  means for mapping a second message received from one of the two or more sources to an address port that is not included in said set of reserved port addresses;
  
  means for applying a second level of authentication and verification to the second message received from one of the two or more sources based on the mapping of the second message to the port address not included in said set of reserved port addresses;
  
  means for directing the first message addressed to one of the reserved port address to a first application and means for directing the second message not included in said set of reserved port addresses to a second application;
  
  wherein the first application implements a first set of security requirements, wherein the second application implements a second set of security requirements, and wherein the first set of security requirements are a lower level than the second set of security requirement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Black, Rodney W., Brown, Stewart M. Jr., Bedin, Oeystein
Primary Examiner(s)
Gergiso; Techane

Application Number

US11/535,425
Time in Patent Office

1,862 Days
Field of Search

726/12, 726/11, 713/151
US Class Current

726/12
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

H04L 63/105 Multiple levels of security

Method and apparatus for identifying trusted sources based on access point

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for identifying trusted sources based on access point

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others