SOC-based device for packet filtering and packet filtering method thereof
First Claim
Patent Images
1. A device comprising:
- a chip comprising a firewall engine;
a driver;
a storage unit that stores a rule database (DB); and
at least one application which uses at least one process associated with at least one packet,wherein the rule DB stores a rule for each process,wherein an owner process uses the packet by transmitting the packet to an external device or receiving the packet from an external device,wherein, if the packet is to be transmitted to a chip, the driver identifies the owner process of the packet, and transmits the packet to the chip only if the owner process is allowed to transmit the packet to an external device based on a rule for the owner process stored in the rule DB, andwherein the chip filters the packet received from the driver by applying a rule for packet filtering,wherein a rule for a process defines a packet as being allowed or blocked according to the process associated with the packet, andwherein, if the packet is to be transmitted, the driver obtains an owner process identification (ID) included in the packet and determines whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmits the packet to the chip only if the process is allowed to transmit the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a device including a chip that includes a firewall engine, and a driver, wherein the driver identifies an owner process of a packet to be transmitted, and transmits the packet to the chip only if the owner process is allowed to transmit the packet to an external device, wherein the chip performs filtering by applying a rule for packet filtering to the packet received from the driver.
34 Citations
22 Claims
-
1. A device comprising:
-
a chip comprising a firewall engine; a driver; a storage unit that stores a rule database (DB); and at least one application which uses at least one process associated with at least one packet, wherein the rule DB stores a rule for each process, wherein an owner process uses the packet by transmitting the packet to an external device or receiving the packet from an external device, wherein, if the packet is to be transmitted to a chip, the driver identifies the owner process of the packet, and transmits the packet to the chip only if the owner process is allowed to transmit the packet to an external device based on a rule for the owner process stored in the rule DB, and wherein the chip filters the packet received from the driver by applying a rule for packet filtering, wherein a rule for a process defines a packet as being allowed or blocked according to the process associated with the packet, and wherein, if the packet is to be transmitted, the driver obtains an owner process identification (ID) included in the packet and determines whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmits the packet to the chip only if the process is allowed to transmit the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A packet filtering method, the packet filtering method comprising:
-
storing a rule for each process in a rule database (DB), identifying, by a device, an owner process of a packet to be transmitted, and transmitting the packet to a system-on-chip (SOC) only if the owner process of the packet to be transmitted is allowed to transmit the packet to an external device based on a rule for the owner process stored in the rule DB; and filtering, by the SOC, the packet transmitted from the device by applying a rule for packet filtering, wherein a rule for a process defines a packet as being allowed or blocked according to a process associated with the packet, and wherein if the packet is to be transmitted, the device obtains an owner process identification (ID) included in the packet and determines whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmits the packet to the SOC only if the process is allowed to transmit the packet. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storing medium that stores a program for enabling a computer to perform a method, the method comprising:
-
storing a rule for each process in a rule database (DB), identifying an owner process of a packet to be transmitted to an external device; and only if the owner process of the packet to be transmitted is allowed to transmit the packet to the external device based on a rule for the owner process stored in the rule DB, transmitting the packet to a chip, wherein the chip is mounted on the computer and has a packet filtering function, wherein a rule for a process defines a packet as being allowed or blocked according to a process associated with the packet, and wherein if the packet is to be transmitted, obtaining an owner process identification (ID) included in the packet and determining whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmitting the packet to the chip only if the process is allowed to transmit the packet.
-
-
18. A device comprising:
-
a chip that comprises a firewall engine, a driver, and a storage unit that stores a rule database (DB), wherein the rule DB stores a rule for each process, wherein the driver obtains an owner process identification (ID) of a packet to be transmitted to an external device and transmits the packet and the owner process ID of the packet to the chip based on a rule for the owner process stored in the rule DB, and wherein the firewall engine of the chip filters the packet transmitted from the driver using a rule DB for packet filtering, wherein a rule for a process defines a packet as being allowed or blocked according to a process associated with the packet, and wherein if the packet is to be transmitted, the device determines whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmits the packet to the chip only if the process is allowed to transmit the packet. - View Dependent Claims (19, 20)
-
-
21. A non-transitory computer readable storing medium that stores a program for enabling a computer to perform a method, the method comprising:
-
storing a rule for each process in a rule database (DB), identifying an owner process of a packet to be transmitted to an external device; obtaining an owner process identification (ID) of the packet to be transmitted to the external device; and transmitting the packet and the owner process ID to a chip based on a rule for the owner process stored in the rule DB, wherein the chip is mounted on the computer and has a packet filtering function, wherein a rule for a process defines a packet as being allowed or blocked according to a process associated with the packet, and wherein if the packet is to be transmitted, determining whether a process having the owner process ID is allowed to transmit the packet to the external device by referring to the rule DB for each process, and transmitting the packet to the chip only if the process is allowed to transmit the packet. - View Dependent Claims (22)
-
Specification