×

System and method for limiting data leakage in an application firewall

  • US 9,762,539 B2
  • Filed: 10/26/2015
  • Issued: 09/12/2017
  • Est. Priority Date: 06/15/2011
  • Status: Active Grant
First Claim
Patent Images

1. A firewall system for determining whether to allow a connection between a first computer and a second computer, comprising:

  • a receiver, operable configured to receive data from one of the first computer or the second computer and transfer the data into a buffer; and

    a connection state engine, operable configured to;

    record connection state information responsive to receipt of an acknowledgement by the second computer of a connection request from the first computer, wherein the connection state information comprises portions of packets received and sent during creation of the connection;

    establish the connection between the first computer and the second computer via the firewall system;

    read the data from the buffer;

    apply a security policy to the data;

    promote a message containing the data to a proxy, responsive to applying the security policy to the data and determining that additional review of the data is required;

    change the connection from a direct connection via the firewall to a proxy connection via the proxy, responsive to the promoted message; and

    determine whether to deny use of the connection responsive to the data in the buffer without forwarding the data.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×