Managing transfer of data in a data network
First Claim
Patent Images
1. A network gateway device, implemented at least partially in hardware, for managing a transfer of data over the data network, the network gateway device comprising:
- a processor;
a signature analyzer comprising a policy manager to store policies and associated signatures, including a first policy that diverts data transfers between a plurality of nodes on the data network to a proxy server which scans for malicious code associated with at least one signature;
a network interface, communicatively coupled to the processor and the data network, to receive packets transmitted between the plurality of nodes of the data network;
a session identifier communicatively coupled to receive the packet from the network interface and to identify data associated with a first communication session between a first node and a second node of the data network,wherein the signature analyzer further comprises a comparator, the signature analyzer to receive the identified data of the first communication session and the comparator comparing the identified data against signatures from a signature database, the signature analyzer to produce a control signal responsive to a policy associated with a signature matching the identified data; and
a session controller, responsive to receiving the control signal indicating the signature match, to perform further processing of the identified data, and responsive to the second input not receiving the control signal, the session controller sending the identified data over the second output without further processing.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.
86 Citations
12 Claims
-
1. A network gateway device, implemented at least partially in hardware, for managing a transfer of data over the data network, the network gateway device comprising:
-
a processor; a signature analyzer comprising a policy manager to store policies and associated signatures, including a first policy that diverts data transfers between a plurality of nodes on the data network to a proxy server which scans for malicious code associated with at least one signature; a network interface, communicatively coupled to the processor and the data network, to receive packets transmitted between the plurality of nodes of the data network; a session identifier communicatively coupled to receive the packet from the network interface and to identify data associated with a first communication session between a first node and a second node of the data network, wherein the signature analyzer further comprises a comparator, the signature analyzer to receive the identified data of the first communication session and the comparator comparing the identified data against signatures from a signature database, the signature analyzer to produce a control signal responsive to a policy associated with a signature matching the identified data; and a session controller, responsive to receiving the control signal indicating the signature match, to perform further processing of the identified data, and responsive to the second input not receiving the control signal, the session controller sending the identified data over the second output without further processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method in a network gateway device, for managing a transfer of data over the data network, the method comprising:
-
storing policies and associated signatures in a policy manager of the gateway device, including a first policy that diverts data transfers between a plurality of nodes on the data network to a proxy server which scans for malicious code associated with at least one signature; receiving, at a network interface of the network gateway device, packets transmitted between the plurality of nodes of the data network; receiving, in a session identifier of the network gateway device, the packet from the network interface and identifying data associated with a first communication session between a first node and a second node of the data network, receiving the identified data of the first communication session and comparing the identified data against signatures from a signature database with a comparator producing a control signal responsive to a policy associated with a signature matching the identified data; and responsive to receiving the control signal indicating the signature match, performing further processing of the identified data, and responsive to the second input not receiving the control signal, sending the identified data over the second output without further processing.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFortinet Inc.
-
Original AssigneeFortinet Inc.
-
InventorsBevan, Stephen John, Xie, Michael, Luo, Wenping, Wei, Shaohong, Li, Hongwei
-
Primary Examiner(s)ZHAO, DON GORDON
-
Application NumberUS15/073,459Publication NumberTime in Patent Office509 DaysField of SearchUS Class CurrentCPC Class CodesH04L 12/66 Arrangements for connecting...H04L 41/0893 Assignment of logical group...H04L 41/0894 Policy-based network config...H04L 47/10 Flow control; Congestion co...H04L 47/20 Traffic policingH04L 47/43 Assembling or disassembling...H04L 63/0281 ProxiesH04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/20 for managing network securi...H04L 67/10 in which an application is ...H04L 67/146 Markers for unambiguous ide...H04L 67/563 Data redirection of data ne...
