Data protection system selectively altering an end portion of packets based on incomplete determination of whether a packet is valid or invalid
DCFirst Claim
1. A data protection system for filtering packets between at least an internet network and an internal network, wherein data is transmitted and received in the form of a plurality of packets, comprising:
- a first interface circuit for coupling packets to and from the internet network;
a second interface circuit for coupling packets to and from the internal network;
a filtering circuit coupled between the first interface circuit and the second interface circuit;
wherein, as a packet is being received and transmitted between the first and second interface circuits, the packet is simultaneously subjected to one or more filtering criteria by the filtering circuit, wherein an end portion of the packet is selectively altered by the filtering circuit based on the filtering criteria, wherein the packet is selectively altered to be invalid if a determination has not been made as to whether the packet is valid or invalid by the time the end portion of the packet is received.
1 Assignment
Litigations
1 Petition
Accused Products
Abstract
Methods and systems for firewall/data protection that filters data packets in real time and without packet buffering are disclosed. A data packet filtering hub, which may be implemented as part of a switch or router, receives a packet on one link, reshapes the electrical signal, and transmits it to one or more other links. During this process, a number of filters checks are performed in parallel, resulting in a decision about whether each packet should or should not be invalidated by the time that the last bit is transmitted. To execute this task, the filtering hub performs rules-based filtering on several levels simultaneously, preferably with a programmable logic or other hardware device. Various methods for packet filtering in real time and without buffering with programmable logic are disclosed. The system may include constituent elements of a stateful packet filtering hub, such as microprocessors, controllers, and integrated circuits. The system may be reset, enabled, disabled, configured, and/or reconfigured with toggles or other physical switches. Audio and visual feedback may be provided regarding the operation and status of the system.
69 Citations
36 Claims
-
1. A data protection system for filtering packets between at least an internet network and an internal network, wherein data is transmitted and received in the form of a plurality of packets, comprising:
-
a first interface circuit for coupling packets to and from the internet network; a second interface circuit for coupling packets to and from the internal network; a filtering circuit coupled between the first interface circuit and the second interface circuit; wherein, as a packet is being received and transmitted between the first and second interface circuits, the packet is simultaneously subjected to one or more filtering criteria by the filtering circuit, wherein an end portion of the packet is selectively altered by the filtering circuit based on the filtering criteria, wherein the packet is selectively altered to be invalid if a determination has not been made as to whether the packet is valid or invalid by the time the end portion of the packet is received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification