Filtering of applications for access to an enterprise network

US 9,210,128 B2
Filed: 05/26/2013
Issued: 12/08/2015
Est. Priority Date: 10/25/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium having non-transient computer-readable code embodied on the computer-readable storage medium, the computer-readable code for controlling access to a protected computer network, the computer-readable code comprising:

(a) program code for intercepting packets that are being exchanged between a computer system and the protected computer network; and

(b) program code for;

for each said packet;

(i) identifying an application, that is running on said computer system, that is associated with said each packet,(ii) determining whether said application is trusted, and(iii) disposing of said each packet in accordance with said determining, whereinsaid identifying uses a process identification (PID) of one of the running processes of the application;

said each packet is being sent by said computer system to the protected computer network, and wherein, if said determining determines that said application is not trusted, then said disposing includes;

(A) routing said each packet to a network other than the protected computer network; and

(B) tagging said each packet for further processing in the protected computer network;

if said each packet is being sent from said computer system to the protected computer network and said determining determines that said application is trusted, then said disposing includes encrypting said each packet; and

if said each packet is being received by said computer system from the protected computer network and said determining determines that said application is trusted, then said disposing includes decrypting said each packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly.

Citations

16 Claims

1. A non-transitory computer-readable storage medium having non-transient computer-readable code embodied on the computer-readable storage medium, the computer-readable code for controlling access to a protected computer network, the computer-readable code comprising:
- (a) program code for intercepting packets that are being exchanged between a computer system and the protected computer network; and
  
  (b) program code for;
  
  for each said packet;
  
  (i) identifying an application, that is running on said computer system, that is associated with said each packet,(ii) determining whether said application is trusted, and(iii) disposing of said each packet in accordance with said determining, whereinsaid identifying uses a process identification (PID) of one of the running processes of the application;
  
  said each packet is being sent by said computer system to the protected computer network, and wherein, if said determining determines that said application is not trusted, then said disposing includes;
  
  (A) routing said each packet to a network other than the protected computer network; and
  
  (B) tagging said each packet for further processing in the protected computer network;
  
  if said each packet is being sent from said computer system to the protected computer network and said determining determines that said application is trusted, then said disposing includes encrypting said each packet; and
  
  if said each packet is being received by said computer system from the protected computer network and said determining determines that said application is trusted, then said disposing includes decrypting said each packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-readable storage medium of claim 1, wherein said identifying is effected by steps including mapping a header of said each packet to said application.
  - 3. The computer-readable storage medium of claim 1, wherein said identifying is effected by steps including mapping a header of said each packet to a process that is run by said application.
  - 4. The computer-readable storage medium of claim 1, wherein said determining is effected by steps including comparing a property of said application to an application property white list.
  - 5. The computer-readable storage medium of claim 4, wherein said property is selected from the group consisting of a name of said application, an identifier of said application and a hash checksum of binary code of said application.
  - 6. The computer-readable storage medium of claim 4, further comprising:
    - (c) program code for receiving updates of said application property white list.
  - 7. The computer-readable storage medium of claim 1, wherein said determining is effected by steps including comparing a property of said application to an application property black list.
  - 8. The computer-readable storage medium of claim 7, wherein said property is selected from the group consisting of a name of said application, an identifier of said application and a hash checksum of binary code of said application.
  - 9. The computer-readable storage medium of claim 7, further comprising:
    - (c) program code for receiving updates of said application property black list.
  - 10. The computer-readable storage medium of claim 1, wherein said each packet is being sent from said computer system to the protected computer network, and wherein, if said determining determines that said application is trusted, then said disposing includes forwarding said each packet to a destination thereof in the protected computer network.
  - 11. The computer-readable storage medium of claim 10, wherein said forwarding is via a virtual private network.
  - 12. The computer-readable storage medium of claim 1, wherein said each packet is being received by said computer system from the protected computer network, and wherein, if said determining determines that said application is trusted, then said disposing includes allowing said application to process said each packet.
  - 13. The computer-readable storage medium of claim 1, wherein, if said determining determines that said application is not trusted, then said disposing includes at least one action selected from the group consisting of:
    - (A) dropping said each packet;
      
      (B) if said each packet is part of a TCP connection;
      
      terminating said TCP connection;
      
      (C) requesting a validation of said each packet; and
      
      (D) logging an attempt by said application to exchange said each packet with the protected computer network.

14. A computer system comprising:
- (a) a port;
  
  (b) a plurality of application modules that are operative to exchange packets with a protected computer network via said port; and
  
  (c) a network security interface configured to;
  
  (i) intercept said packets, and(ii) for each said packet;
  
  (A) identify which said application module is associated with said each packet using a process identification (PID) of one of the running processes of the application module;
  
  (B) determine whether said application module, that is associated with said each packet, is trusted, and(C) dispose of said each packet in accordance with said determining whereinsaid each packet is being sent by the computer system to the protected computer network, and wherein, if said determining determines that said application module is not trusted, then said disposing includes;
  
  (A) routing said each packet to a network other than the protected computer network; and
  
  (B) tagging said each packet for further processing in the protected computer network;
  
  if said each packet is being sent from said computer system to the protected computer network and said determining determines that said application is trusted, then said disposing includes encrypting said each packet; and
  
  if said each packet is being received by said computer system from the protected computer network and said determining determines that said application is trusted, then said disposing includes decrypting said each packet.
- View Dependent Claims (15, 16)
- - 15. The computer system of claim 14, wherein said network security module is a sub-module of a communication module for supporting said exchanging of said packets.
  - 16. The computer system of claim 15, wherein said communication module supports said exchanging via a virtual private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
Drihem, Lior, Perlmutter, Amnon
Primary Examiner(s)
Okeke, Izunna
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US13/902,820
Publication Number

US 20140123269A1
Time in Patent Office

926 Days
Field of Search

726/15
US Class Current

1/1
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0272   Virtual private networks

Filtering of applications for access to an enterprise network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Filtering of applications for access to an enterprise network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links