Network attached device with dedicated firewall security

US 8,892,600 B2
Filed: 10/31/2012
Issued: 11/18/2014
Est. Priority Date: 09/01/1998
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system comprising:

a first computing device coupled to an internal network; and

a second computing device in communication with the first computing device, wherein the second computing device has at least one attached device and the second computing device is isolated from the internal network;

wherein the first computing device comprises a memory having stored thereon instructions that, in response to execution on the first computing device, cause the first computing device to at least;

receive data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network;

examine the data packets to determine whether the data packets contain an IP address associated with the at least one attached device;

filter data packets containing a valid IP address in a header of the data packet to determine whether to authorize data packets requesting access to the at least one attached device;

reformulate the data packets for communication to the second computing device; and

transmit the reformulated packets to the second computing device in response to determining that the request for access is authorized.

View all claims

7 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD.

Citations

23 Claims

1. A system comprising:
- a first computing device coupled to an internal network; and
  
  a second computing device in communication with the first computing device, wherein the second computing device has at least one attached device and the second computing device is isolated from the internal network;
  
  wherein the first computing device comprises a memory having stored thereon instructions that, in response to execution on the first computing device, cause the first computing device to at least;
  
  receive data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network;
  
  examine the data packets to determine whether the data packets contain an IP address associated with the at least one attached device;
  
  filter data packets containing a valid IP address in a header of the data packet to determine whether to authorize data packets requesting access to the at least one attached device;
  
  reformulate the data packets for communication to the second computing device; and
  
  transmit the reformulated packets to the second computing device in response to determining that the request for access is authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein the instructions that, in response to execution on the first computing device, cause the first computing device to reformulate the data packets comprise instructions that, in response to execution on the first computing device, cause the first computing device to generate new packets based on information contained in the data packets received over the internal network.
  - 3. The system of claim 1, further comprising a firewall coupled between the internal network and the external network, and wherein the firewall is configured to filter data packets transmitted over the external network and addressed to the internal network.
  - 4. The system of claim 1 wherein the second computing device further comprises operating system instructions that, in response to execution on the second computing device, cause the second computing device to process the reformulated data packets for communication with the at least one attached device over a communications interface.
  - 5. The system of claim 1 wherein the instructions that, in response to execution on the first computing device, cause the first computing device to filter data packets comprise instructions that, in response to execution on the first computing device, cause the first computing device to determine whether the data packets contain authorized port information.
  - 6. The system of claim 1 wherein the instructions that, in response to execution on the first computing device, cause the first computing device to filter data packets comprise instructions that, in response to execution on the first computing device, cause the first computing device to determine whether the data packets contain authorized source network card information.
  - 7. The system of claim 1 wherein the instructions that, in response to execution on the first computing device, cause the first computing device to filter data packets comprise application layer instructions.

8. A computer-implemented method comprising:
- receiving, by a first computing device coupled to an internal network, data packets over the internal network, wherein at least some of the data packets are sent to the internal network from an external network;
  
  examining, by the first computing device, the data packets to determine whether the data packets contain an IP address associated with an attached device coupled to a second computing device, wherein the second computing device is in communication with the first computing device and the second computing device is isolated from the internal network;
  
  filtering, by the first computing device, data packets by determining whether the IP address in a header of the data packets is valid to determine whether to authorize data packets containing information indicative of a request for access to the attached device; and
  
  reformulating, by the first computing device, the data packets for communication to the second computing device coupled to the attached device in response to authorizing the data packets containing the information indicative of the request for access to the attached device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - communicating, by the second computing device, information contained in the data packets received by the second computing device to the attached device over a communications interface between the second computing device and the attached device.
  - 10. The method of claim 8, further comprising:
    - filtering, by a firewall device coupled between the internal network and the external network, packets received by the firewall device over the external network; and
      
      transmitting, by the firewall device, the filtered data packets from the external network that are addressed to the internal network.
  - 11. The method of claim 9, further comprising:
    - processing, by the second computing device, the data packets for communication with the attached device, wherein the processing is performed in part by an operating system of the second computing device.
  - 12. The method of claim 8, further comprising:
    - filtering, by the first computing device, the data packets to determine whether the data packets contain authorized port information.
  - 13. The method of claim 8, further comprising:
    - filtering, by the first computing device, the data packets to determine whether the data packets contain authorized source network card information.
  - 14. The method of claim 8 wherein the filtering of data packets comprises application layer filtering.
  - 15. The method of claim 8, further comprising:
    - logging, by the first computing device, information regarding data packets that are rejected.

16. A non-transitory computer-readable storage medium comprising computer instructions that, in response to execution by a first computing device, cause the first computing device to at least:
- receive data packets over an internal network, the first computing device coupled to the internal network, wherein at least some of the data packets are sent to the internal network from an external network;
  
  examine the data packets to determine whether the data packets contain an IP address associated with an attached device coupled to a second computing device, wherein the second computing device is in communication with the first computing device and the second computing device is isolated from the internal network;
  
  filter data packets containing a valid IP address in a header of the data packets to determine whether to authorize data packets requesting access to the attached device; and
  
  generate new data packets, based at least in part on information contained within the data packets, for communication to the second computing device in response to determining that the request for access is authorized, wherein the attached device is coupled to the second computing device by way of a communications interface.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The computer-readable storage medium of claim 16 wherein the second computing device is configured to communicate information contained in the new data packets to the attached device over the communications interface.
  - 18. The computer-readable storage medium of claim 16 wherein a third computing device is located on a firewall device coupled between the internal network and the external network, and wherein the third computing device is configured to filter packets received by the firewall device over the external network, and to transmit the filtered data packets from the external network that are addressed to the internal network.
  - 19. The computer-readable storage medium of claim 16 wherein the second computing device comprises an operating system that is configured to communicate the new data packets to the attached device over the communications interface.
  - 20. The computer-readable storage medium of claim 16, further comprising computer instructions that, in response to execution by the first computing device, cause the first computing device to filter the data packets to determine whether the data packets contain authorized port information.
  - 21. The computer-readable storage medium of claim 16, further comprising computer instructions that, in response to execution by the first computing device, cause the first computing device to filter the data packets to determine whether the data packets contain authorized source network card information.
  - 22. The computer-readable storage medium of claim 16 wherein the computer instructions that, in response to execution by the first computing device, cause the first computing device to filter data packets comprise computer instructions that, in response to execution by the first computing device, cause the first computing device to filter the data packets using application layer filtering.
  - 23. The computer-readable storage medium of claim 16, further comprising computer instructions that, in response to execution by the first computing device, cause the first computing device to log information regarding data packets that are rejected.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
FireNet Technologies, LLC (IP Investments Group LLC)
Original Assignee
Robust Networks LLC (Intellectual Ventures LLC)
Inventors
Kenworthy, Stacy
Primary Examiner(s)
Alam, Shahid

Application Number

US13/665,523
Publication Number

US 20130061294A1
Time in Patent Office

748 Days
Field of Search

707/705, 707/783, 709/203, 709/217, 726/4, 726/11, 726/21
US Class Current

707/783
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6218   to a system of files or obj...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/0281   Proxies

Y10S 707/99939   Privileged access

Network attached device with dedicated firewall security

First Claim

7 Assignments

Litigations

1 Petition

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Network attached device with dedicated firewall security

First Claim

7 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links