Evaluating a questionable network communication

US 8,621,604 B2
Filed: 02/28/2007
Issued: 12/31/2013
Est. Priority Date: 09/06/2005
Status: Active Grant

First Claim

Patent Images

1. A method in a computing system for controlling communication, comprising:

in a computing system communicating via a TCP/IP stack, evaluating a new network communication with a network resource by reference to a predefined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by;

receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource;

receiving a uniform resource locator (URL) associated with the network resource;

determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses;

determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names;

determining a security rating level of the network resource based on;

determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and

determining whether the first name matches the second name; and

setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Identifying a questionable network address from a network communication. In an embodiment, a network device receives an incoming or outgoing connection request, a web page, an email, or other network communication. An evaluation module evaluates the network communication for a corresponding network address, which may be for the source or destination of the network communication. The network address generally includes an IP address and a port number. The evaluation module checks a predefined white list for the network address to determine whether the network address is valid. Depending on the result, the evaluation module sets an indicator for preventing, allowing, or warning about the network communication. A category code, security code, organization code, or function code, may also be checked against the white list to ensure a valid network node is not compromised. A domain name may also be determined from the network address to further validate the network communication.

75 Citations

View as Search Results

23 Claims

1. A method in a computing system for controlling communication, comprising:
- in a computing system communicating via a TCP/IP stack, evaluating a new network communication with a network resource by reference to a predefined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by;
  
  receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource;
  
  receiving a uniform resource locator (URL) associated with the network resource;
  
  determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses;
  
  determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names;
  
  determining a security rating level of the network resource based on;
  
  determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and
  
  determining whether the first name matches the second name; and
  
  setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the network resource comprises a network node of one of the following;
    - a network node that has requested a connection, a network node to which a connection request is to be sent, a website, a message sender, and/or a message destination.
  - 3. The method of claim 1, wherein the determining the security level further comprises:
    - determining a category code indicating a type of information contained in payload data associated with the corresponding network address; and
      
      when the determined category code matches a predefined category code of allowed category codes, setting a medium security level, otherwise setting a low security level.
  - 4. The method of claim 1, wherein the corresponding network address is obtained from a TCP/IP connection request.
  - 5. The method of claim 1, further comprising:
    - receiving the new network communication from a network resource for the corresponding address; and
      
      using a domain name resource to retrieve a domain name associated with the network address.
  - 6. The method of claim 1, wherein the predefined white list of trusted network addresses comprises a list of network nodes, wherein each network node is associated with at least one of the following;
    - a commercial institution, a website, an anti-virus source, a network service provider, and/or an internet service provider.
  - 7. The method of claim 1, further comprising:
    - determining which domain name is assigned to the corresponding network address, as a result of the determination, setting the indicator to one of the following;
      
      the communication operation is not allowed;
      
      a warning is to be provided prior to allowing the communication operation; and
      
      /oran instruction is needed from a user to determine whether the communication operation is allowed.
  - 8. The method of claim 1, wherein the assignment database that associates owner names with IP addresses comprises at least one of the following:
    - an international assignment registry, a regional registry, a local registry, and/or the list of trusted network addresses.
  - 9. The method of claim 1, further comprising:
    - receiving a function code;
      
      determining a communication operation based on the function code; and
      
      providing to a user an indication of the communication operation.
  - 10. The method of claim 1, further comprising:
    - receiving an intermediary network address of an intermediary network node that has relayed the corresponding network address;
      
      determining whether the intermediary network address is included in the predefined white list of trusted network addresses; and
      
      setting the indicator that the communication operation is not allowed with the received network resource when the intermediary network address is not included in the predefined white list of trusted network addresses.
  - 11. A non-transitory computer readable medium, comprising executable instructions for causing a computing device to perform the method of claim 1.
  - 12. The method of claim 1, further comprising:
    - receiving a category code indicating a type of information contained in payload data associated with the corresponding network address, wherein each network address in the predefined white list of trusted network addresses is associated with one or more category codes that are trusted for the network address, and wherein determining whether the IP address and port number are included in the predefined white list of trusted network addresses further comprises determining whether the received category code is indicated in the list of trusted network addresses as trusted for the IP address and the port number of the corresponding network address.
  - 13. The method of claim 1, further comprising:
    - receiving a category code indicating a type of information contained in payload data associated with the corresponding network address, wherein each network address in the predefined white list of trusted network addresses includes an IP address, and a category code, and wherein determining whether the received corresponding network address and the received category code are included in the predefined white list of trusted network address includes determining whether one of the network addresses in the predefined white list of trusted network addresses includes the IP address and the received category code.
  - 14. The method of claim 1, wherein the white list of trusted network addresses includes multiple IP addresses of trustworthy nodes, wherein the white list includes, for each of the multiple IP addresses, a port number, a category code that indicates a type of allowable payload data, an owner name, and a domain name.
  - 15. The method of claim 14, further comprising:
    - selectively providing multiple tiers of security, the multiple tiers including a first tier that evaluates communication based on an IP address, a second tier that evaluates communication based on port number, and a third tier that evaluates communication based on category code.
  - 16. The method of claim 14, wherein the white list includes a security rating, and further comprising:
    - when the security rating in the white list is a first security rating, automatically evaluating the new network communication without user intervention; and
      
      when the security rating in the white list is a second security rating, requiring user interaction to allow the new network communication.

17. A system for controlling communication, comprising:
- a communication interface for communication with a network resource, the communication interface including a TCP/IP stack;
  
  a memory for storing instructions; and
  
  a processor in communication with the communication interface and with the memory, wherein the processor is configured to evaluate a new network communication with a network resource by reference to a predetermined white list of trusted network addresses that does not include addresses for any unauthenticated network nodes or anonymous proxy servers, by;
  
  receiving from the TCP/IP stack an internet protocol (IP) address and port number of a network address corresponding to the network resource;
  
  receiving a uniform resource locator (URL) associated with the network resource;
  
  determining a first name associated with the IP address, by querying the IP address received from the TCP/IP stack against an assignment database that associates owner names with IP addresses;
  
  determining a second name associated with the URL, by querying a domain name of the URL associated with the network resource against an assignment database that associates owner names with domain names;
  
  determining a security rating level of the network resource based on;
  
  determining whether the IP address and port number of the network address are included in the predefined white list of trusted network addresses; and
  
  determining whether the first name matches the second name; and
  
  setting an indicator that a communication operation is allowed or not allowed based on the determined security rating level of the network resource.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein the corresponding network address further comprises an internal address behind a firewall or a proxy server.
  - 19. The system of claim 17, wherein the processor further configured to retrieve a domain name associated with the network address corresponding to the network resource.
  - 20. The system of claim 17, wherein the processor is further configured to:
    - determine which domain name is assigned to the corresponding network address, as a result of the determination, setting the indicator to one of the following;
      
      the communication operation is not allowed;
      
      a warning is to be provided prior to allowing the communication operation; and
      
      an instruction is needed from a user to determine whether the communication operation is allowed.
  - 21. The system of claim 17, further comprising an output device, and/or wherein the processor is further configured to:
    - receive a function code;
      
      determine a communication operation based on the function code; and
      
      /orprovide to a user an indication of the communication operation.
  - 22. The system of claim 17 wherein the system comprises a general purpose computing device and/or a mobile device.
  - 23. The system of claim 17, wherein the processor is configured to:
    - receive a category code indicating a type of information contained in payload data associated with the corresponding network address, wherein each network address in the predefined white list of trusted network addresses is associated with one or more category codes that are trusted for the network address, and wherein determining whether the IP address and port number are included in the predefined white list of trusted network addresses further comprises determining whether the received category code is indicated in the list of trusted network addresses as trusted for the IP address and the port number of the corresponding network address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daniel Chien
Original Assignee
Daniel Chien
Inventors
Chien, Daniel
Primary Examiner(s)
ALGIBHAH, HAMZA N

Application Number

US11/712,648
Publication Number

US 20070156900A1
Time in Patent Office

2,498 Days
Field of Search

709/229
US Class Current

726/22
CPC Class Codes

G06F 21/645   using a third party

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

Evaluating a questionable network communication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Evaluating a questionable network communication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others