System and method for interlocking a host and a gateway

US 8,739,272 B1
Filed: 04/02/2012
Issued: 05/27/2014
Est. Priority Date: 04/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a content tag associated with transferring a first file over a network connection, wherein the content tag is an indicator of a classification of content in a second file, and wherein the first file is a modified version of the second file;

correlating, using a processor coupled to memory, the content tag with a network policy; and

applying the network policy to the network connection.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is described in example embodiments below that include receiving a content tag associated with transferring a file over a network connection. A session descriptor may also be received. The session descriptor and the content tag may be correlated with a network policy, which may be applied to the network connection. In some embodiments, the content tag may be received with the session descriptor. The file may be tainted by another file in some embodiments, and the content tag may be associated with other file.

344 Citations

23 Claims

1. A method, comprising:
- receiving a content tag associated with transferring a first file over a network connection, wherein the content tag is an indicator of a classification of content in a second file, and wherein the first file is a modified version of the second file;
  
  correlating, using a processor coupled to memory, the content tag with a network policy; and
  
  applying the network policy to the network connection.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising receiving a session descriptor associated with transferring the first file, and correlating the session descriptor with the network policy.
  - 3. The method of claim 1, wherein the content tag is a content sensitivity tag.
  - 4. The method of claim 1, wherein the content tag is received with a session descriptor and the session descriptor is correlated with the network policy.
  - 5. The method of claim 1, further comprising receiving a reputation score associated with a destination for the first file, and correlating the reputation score with the network policy.
  - 6. The method of claim 1, wherein receiving the content tag associated with the first file comprises calculating a hash for the first file and querying a content tag server with the hash.

7. Logic encoded in one or more tangible non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
- receiving a content tag associated with transferring a first file over a network connection, wherein the content tag is an indicator of a classification of content in a second file, and wherein the first file is a modified version of the second file;
  
  correlating the content tag with a network policy; and
  
  applying the network policy to the network connection.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The encoded logic of claim 7, wherein the operations further comprise receiving a session descriptor associated with transferring the first file, and correlating the session descriptor with the network policy.
  - 9. The encoded logic of claim 7, wherein the content tag is a content sensitivity tag.
  - 10. The encoded logic of claim 7, wherein the content tag is received with a session descriptor and the session descriptor is correlated with the network policy.
  - 11. The encoded logic of claim 7, wherein the operations further comprise receiving a reputation score associated with a destination for the first file and correlating the reputation score with the network policy.
  - 12. The encoded logic of claim 7, wherein receiving the content tag associated with the first file comprises calculating a hash for the first file and querying a content tag server with the hash.

13. An apparatus, comprising:
- a firewall module;
  
  one or more processors configured to execute instructions associated with the firewall module such that the apparatus is configured to perform operations comprising;
  
  receiving a content tag associated with transferring a first file over a network connection, wherein the content tag is an indicator of a classification of content in a second file, and wherein the first file is a modified version of the second file;
  
  correlating the content tag with a network policy; and
  
  applying the network policy to the network connection.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13, wherein the operations further comprise receiving a session descriptor associated with transferring the first file, and correlating the session descriptor with the network policy.
  - 15. The apparatus of claim 13, wherein the content tag is a content sensitive tag.
  - 16. The apparatus of claim 13, wherein the content tag is associated with a tracked file.
  - 17. The apparatus of claim 13, wherein the content tag is received with a session descriptor and the session descriptor is correlated with the network policy.
  - 18. The apparatus of claim 13, further comprising receiving a reputation score associated with a destination for the first file, and correlating the reputation score with the network policy.
  - 19. The apparatus of claim 13, wherein receiving the content tag associated with the first file comprises calculating a hash for the first file and querying a content tag server with the hash.

20. An apparatus, comprising:
- a firewall agent;
  
  one or more processors configured to execute instructions associated with the firewall agent such that the apparatus is configured to perform operations comprising;
  
  detecting a transfer of a first file to the apparatus;
  
  calculating a hash of the first file;
  
  identifying a content tag associated with the first file based on the hash of the first file, wherein the content tag is an indicator of a classification of content in the first file;
  
  associating the content tag with a second file based on the second file and the first file being used on the apparatus during a same session;
  
  detecting a transfer of the second file to a network gateway; and
  
  sending the content tag to the network gateway.

21. An apparatus, comprising:
- firewall agent;
  
  one or more processors configured to execute instructions associated with the firewall agent such that the apparatus is configured to perform operations comprising;
  
  detecting a transfer of a first file to the apparatus;
  
  calculating a hash of the first file;
  
  identifying a content tag associated with the first file based on the hash of the first file, wherein the content to is an indicator of a classification of content in the first file;
  
  associating the content tag with a second file, wherein the second file is a modified version of the first file;
  
  detecting a transfer of the second file to a network gateway; and
  
  sending the content tag to the network gateway.

22. One or more non-transitory computer readable media that include code for execution and when executed by one or more processors, cause the one or more processors to:
- detect a transfer of a first file to a host;
  
  calculate a hash of the first file;
  
  identify a content tag associated with the first file based on the hash of the first file, wherein the content tag is an indicator of a classification of content in the first file;
  
  associate the content tag with a second file based on the second file and the first file being used on the host during a same session;
  
  detect a transfer of the second file to a network gateway; and
  
  send the content tag to the network gateway.

23. One or more non-transitory computer readable media that include code for execution and when executed by one or more processors, cause the one or more processors to:
- detect a transfer of a first file to a host;
  
  calculate a hash of the first file;
  
  identify a content tag associated with the first file based on the hash of the first file, wherein the content tag is an indicator of a classification of content in the first file;
  
  associate the content tag with a second file, wherein the second file is a modified version of the first file;
  
  detect a transfer of the second file to a network gateway; and
  
  send the content tag to the network gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cooper, Geoffrey Howard, Diehl, David Frederick, Ma, Robert
Primary Examiner(s)
LE, CHAU D

Application Number

US13/437,900
Time in Patent Office

785 Days
Field of Search

726 11- 14
US Class Current

726/13
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/20   for managing network securi...

System and method for interlocking a host and a gateway

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

344 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for interlocking a host and a gateway

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

344 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links