Method for communication security and apparatus therefore

US 8,245,274 B2
Filed: 05/11/2010
Issued: 08/14/2012
Est. Priority Date: 07/25/2000
Status: Expired due to Term

First Claim

Patent Images

1. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:

a server, connected to the untrustworthy network, that maintains a database of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and

a portal, connected between the untrustworthy network and the trusted network, that;

selectively transfers the database of protection rules from said server via said untrustworthy network;

receives a communication transaction from the untrustworthy network for transfer to the trustworthy network;

applies each of the protection rules to the received communication transaction; and

prevents the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A FireNet security system in which trustworthy networks, called BlackNets, each comprising One (1) or more client computers, are protected by FireBreaks against attacks from untrustworthy networks, called RedNets. All incoming transactions from the RedNet are examined by the FireBreak to determine if they violate any of a plurality of protection rules stored in a local protection rules database. Any transaction found to be in violation is discarded. Valid transactions are forwarded to the BlackNet. If an otherwise valid transaction is found to be suspicious, the FireBreak will forward to a FireNet Server relevant information relating to that transaction. If the FireNet Server verifies that the transaction is indeed part of an attack, the FireNet Server will create new protection rules suitable to defend against the newly identified source or strategy of attack. Periodically, all FireBreaks in the FireNet system will transfer, directly or indirectly, all new rules.

Citations

34 Claims

1. A communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
- a server, connected to the untrustworthy network, that maintains a database of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and
  
  a portal, connected between the untrustworthy network and the trusted network, that;
  
  selectively transfers the database of protection rules from said server via said untrustworthy network;
  
  receives a communication transaction from the untrustworthy network for transfer to the trustworthy network;
  
  applies each of the protection rules to the received communication transaction; and
  
  prevents the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The security system of claim 1 wherein the transfer of the database from the server to the portal is via a secure protocol.
  - 3. The security system of claim 1:
    - wherein each of said protection rules may be a selected one of two classes, exclusion or guard; and
      
      wherein the portal;
      
      prevents the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if said protection rule is of the exclusion class;
      
      butselectively transfers the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if said protection rule is of the guard class.
  - 4. The security system of claim 3 wherein the portal selectively transfers to the server at least a portion of each received communication transaction identified to be a respective one of the selected communication transactions.
  - 5. The security system of claim 4 wherein the server, in response to receiving said portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, analyzes said portion to determine if said communication transaction represents a security threat to the trustworthy network, and, if it is so determined, constructs a new protection rule of the exclusion class and adds said new protection rule to said database.
  - 6. The security system of claim 5 wherein the server analyzes said portion using an expert system.
  - 7. The security system of claim 6 wherein the server constructs said new protection rule using the expert system.
  - 8. The security system of claim 7 wherein the expert system is guided by a human expert.
  - 9. The security system of claim 4 wherein the server, in response to receiving said portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, provides said portion to a human expert to determine if said communication transaction represents a security threat to the trustworthy network, receives new protection rules from said human expert, and adds said new protection rules to said database.

10. A communications security method to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
- at a server, connected to the untrustworthy network, maintaining a database of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and
  
  at a portal, connected between the untrustworthy network and the trusted network;
  
  selectively transferring the database of protection rules from said server via said untrustworthy network;
  
  receiving a communication transaction from the untrustworthy network for transfer to the trustworthy network;
  
  applying each of the protection rules to the received communication transaction; and
  
  preventing the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The security method of claim 10 wherein the transfer of the database from the server to the portal is via a secure protocol.
  - 12. The security method of claim 10:
    - wherein each of said protection rules may be a selected one of two classes, exclusion or guard; and
      
      wherein, at the portal, the step of preventing is further characterized as;
      
      preventing the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if said protection rule is of the exclusion class;
      
      butselectively transferring the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if said protection rule is of the guard class.
  - 13. The security method of claim 12 further comprising, at the portal:
    - selectively transferring to the server at least a portion of each received communication transaction identified to be a respective one of the selected communication transactions.
  - 14. The security method of claim 13 further comprising, at the server:
    - receiving said portions of said communication transactions identified to be a respective one of the selected communication transactions; and
      
      in response to receiving said portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, analyzing said portion to determine if said communication transaction represents a security threat to the trustworthy network, and, if it is so determined, constructing a new protection rule of the exclusion class and adding said new protection rule to said database.
  - 15. The security method of claim 14 further including, at the server:
    - analyzing said portion using an expert system.
  - 16. The security method of claim 15 wherein, at the server, the step of constructing the new protection rule is further characterized as:
    - constructing said new protection rule using the expert system.
  - 17. The security method of claim 16 wherein, at the server, the expert system is guided by a human expert.
  - 18. The security method of claim 13 further comprising, at the server:
    - receiving said portions of said communication transactions identified to be a respective one of the selected communication transactions; and
      
      in response to receiving said portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, providing said portion to a human expert to determine if said communication transaction represents a security threat to the trustworthy network, receiving new protection rules from said human expert, and adding said new protection rules to said database.

19. A portal having a processor and a memory for use in a communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, the security system including a server, connected to the untrustworthy network, that maintains a database of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions, the portal, when connected between the untrustworthy network and the trusted network:
- selectively transferring the database of protection rules from said server via said untrustworthy network;
  
  receiving, at the portal, a communication transaction from the untrustworthy network for transfer to the trustworthy network;
  
  applying each of the protection rules to the received communication transaction; and
  
  preventing the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.

20. A server for use in a communications security system to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network via a portal, the server, when connected to the untrustworthy network:
- maintaining a database of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions; and
  
  selectively transferring the database of protection rules via said untrustworthy network to said portal for application by said portal to each communication transaction received by said portal to prevent the transfer of the received communication transaction to the trustworthy network by the portal if a protection rule, when applied by the portal, identifies the received communication transaction to be a respective one of the selected communication transactions.

21. A portal configured to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
- a processor and one or more memories;
  
  a component configured to cooperate with a server to transfer a plurality of protection rules from the server to the portal via the untrustworthy network, wherein the server is connected to the untrustworthy network and is configured to maintain the plurality of protection rules, each of which, if applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions;
  
  a component configured to receive a communication transaction from the untrustworthy network for transfer to the trustworthy network;
  
  a component configured to apply one or more of the plurality of protection rules to the received communication transaction; and
  
  a component configured to selectively transfer to the server at least a portion of the received communication transaction via the untrustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions.
- View Dependent Claims (22, 23, 24)
- - 22. The portal of claim 21, wherein one or more of the plurality of protection rules may be a selected one of two classes, exclusion or guard;
    - and wherein a component of the portal is configured to;
      
      if the protection rule is of the exclusion class, prevent the transfer of the received communication transaction to the trustworthy network if a protection rule of the plurality of protection rules identifies the received communication transaction to be a respective one of the selected communication transactions; and
      
      if the protection rule is of the guard class, selectively transfer the received communication transaction to the trustworthy network if a protection rule of the plurality of protection rules identifies the received communication transaction to be a respective one of the selected communication transactions.
  - 23. The portal of claim 22, further comprising a component configured to selectively transfer to the server at least a portion of each received communication transaction identified to be a respective one of the selected communication transactions.
  - 24. The portal of claim 23, wherein the server, in response to receiving the portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, analyzes the portion to determine if the communication transaction represents a security threat to the trustworthy network, and, if the communication transaction represents a security threat to the trustworthy network, constructs a new protection rule of the exclusion class.

25. A server configured to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, comprising:
- a processor and one or more memories;
  
  a component configured to maintain a plurality of protection rules, each of which, when applied to a communication transaction, identifies that communication transaction to be a respective one of the selected communication transactions;
  
  a component configured to receive a portion of a communication transaction received by a portal and determined by the portal to be a respective one of selected communication transactions;
  
  a component configured to determine whether the communication transaction is part of an attack; and
  
  if the communication transaction is part of an attack, a component configured to create a new protection rule based on the communication transaction.
- View Dependent Claims (26, 27, 28)
- - 26. The portal of claim 25, wherein one or more of the plurality of protection rules may be a selected one of two classes, exclusion or guard.
  - 27. The portal of claim 26, further comprising a component configured to prevent the transfer of the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if the protection rule is of the exclusion class.
  - 28. The portal of claim 26, further comprising a component configured to selectively transfer the received communication transaction to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if the protection rule is of the guard class.

29. A computer-readable storage device storing computer-executable instructions that, when executed, causes a computing device to prevent transfer of selected communication transactions from an untrustworthy network to a trustworthy network, the instructions comprising:
- selectively transferring protection rules from a server via the untrustworthy network;
  
  receiving, at a portal, a communication transaction from the untrustworthy network for transfer to the trustworthy network;
  
  applying one or more of the protection rules to the received communication transaction; and
  
  preventing the transfer of the received communication transaction to the trustworthy network if one of the applied protection rules identifies the received communication transaction to be one of the selected communication transactions.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The computer-readable storage device of claim 29, wherein the transfer of the protection rules from the server to the portal is via a secure protocol.
  - 31. The computer-readable storage device of claim 29, wherein one or more of the plurality of protection rules may be a selected one of two classes, exclusion or guard.
  - 32. The computer-readable storage device of claim 31, wherein the transfer of the received communication transaction to the trustworthy network is prevented if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if the protection rule is of the exclusion class.
  - 33. The computer-readable storage device of claim 31, wherein the received communication transaction is selectively transferred to the trustworthy network if a protection rule identifies the received communication transaction to be a respective one of the selected communication transactions, if the protection rule is of the guard class.
  - 34. The computer-readable storage device of claim 33, wherein the server, in response to receiving the portion of a communication transaction identified to be a respective one of the selected communication transactions by a protection rule of the guard class, analyzes the portion to determine if the communication transaction represents a security threat to the trustworthy network, and, if it is so determined, constructs a new protection rule of the exclusion class.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cufer Asset Ltd LLC (Intellectual Ventures LLC)
Original Assignee
Tri Mbc Communications LLC (Intellectual Ventures LLC)
Inventors
Green, Stuart D., Brown, Scott G., Crain, Jonathan M., Van Myers, Jeffrey, Perry, Carl A., Yax, Marcus L.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US12/777,570
Publication Number

US 20100287617A1
Time in Patent Office

826 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

H04L 63/02 for separating internal fro...

H04L 63/1408 by monitoring network traff...

Method for communication security and apparatus therefore

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method for communication security and apparatus therefore

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links