Systems and methods for implementing protocol enforcement rules

US 20040103318A1
Filed: 06/10/2003
Published: 05/27/2004
Est. Priority Date: 06/10/2002
Status: Active Grant

First Claim

Patent Images

1. A method for managing communication protocol in a network, comprising:

intercepting messages they flow into and out of the network;

inspecting a message protocol associated with an intercepted message to determine if the message protocol matches a message protocol template; and

when a match occurs, applying a policy enforcement rule associated with the message protocol template that overrides aspects of the message protocol associated with the intercepted message.

View all claims

30 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network'"'"'s resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.

144 Citations

View as Search Results

30 Claims

1. A method for managing communication protocol in a network, comprising:
- intercepting messages they flow into and out of the network;
  
  inspecting a message protocol associated with an intercepted message to determine if the message protocol matches a message protocol template; and
  
  when a match occurs, applying a policy enforcement rule associated with the message protocol template that overrides aspects of the message protocol associated with the intercepted message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein applying the policy enforcement rule comprises forcing the intercepted message to use a defined communication connection when flowing into or out of the network.
  - 3. The method of claim 2, wherein the defined communication connection is a defined port on a gateway associated with the network.
  - 4. The method of claim 1, wherein applying the policy enforcement rule comprises terminating a communication connection associated with the intercepted message.
  - 5. The method of claim 1, wherein applying the policy enforcement rule comprises resetting a communication connection associated with the intercepted message.
  - 6. The method of claim 1, wherein applying the policy enforcement rule comprises recording information associated with the intercepted message.
  - 7. The method of claim 1, wherein applying the policy enforcement rule comprises creating a log comprising information associate with the intercepted message and any related messages.
  - 8. The method of claim 1, wherein the message protocol template is associated with instant messaging messages.
  - 9. The method of claim 1, wherein the message protocol template is associated with peer-to-peer messages.
  - 10. The method of claim 1, wherein the message protocol template is associated with file sharing messages.

11. A protocol enforcer, comprising:
- a message protocol template; and
  
  a network interface configured to interface the protocol enforcer with a network, the protocol enforcer configured to intercept a message via the network interface, inspect a message protocol associated with the intercepted message to determine if the message protocol matches the message protocol template, and when a match occurs, apply a policy enforcement rule associated with the message protocol template that overrides aspects of the message protocol associated with the intercepted message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The protocol enforcer of claim 11, wherein applying the policy enforcement rule comprises forcing the intercepted message to use a defined communication connection when flowing into or out of the network.
  - 13. The protocol enforcer of claim 12, wherein the defined communication connection is a defined port on a gateway associated with the network.
  - 14. The protocol enforcer of claim 11, wherein applying the policy enforcement rule comprises terminating a communication connection associated with the intercepted message.
  - 15. The protocol enforcer of claim 11, wherein applying the policy enforcement rule comprises resetting a communication connection associated with the intercepted message.
  - 16. The protocol enforcer of claim 11, wherein applying the policy enforcement rule comprises recording information associated with the intercepted message.
  - 17. The protocol enforcer of claim 11, wherein applying the policy enforcement rule comprises creating a log comprising information associate with the intercepted message and any related messages.
  - 18. The protocol enforcer of claim 11, wherein the message protocol template is associated with instant messaging messages.
  - 19. The protocol enforcer of claim 11, wherein the message protocol template is associated with peer-to-peer messages.
  - 20. The protocol enforcer of claim 11, wherein the message protocol template is associated with file sharing messages.

21. A protocol management system, comprising:
- a client device configured to send and receive messages over a network; and
  
  a protocol enforcer, the protocol enforcer comprising;
  
  a message protocol template, and a network interface configured to interface the protocol enforcer with the network, the protocol enforcer configured to intercept a message sent by the client device via the network interface, inspect a message protocol associated with the intercepted message to determine if the message protocol matches the message protocol template, and when a match occurs, apply a policy enforcement rule associated with the message protocol template that overrides aspects of the message protocol associated with the intercepted message.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The protocol management system of claim 21, wherein applying the policy enforcement rule comprises forcing the intercepted message to use a defined communication connection when flowing into or out of the network.
  - 23. The protocol management system of claim 22, wherein the defined communication connection is a defined port on a gateway associated with the network.
  - 24. The protocol management system of claim 21, wherein applying the policy enforcement rule comprises terminating a communication connection associated with the intercepted message.
  - 25. The protocol management system of claim 21, wherein applying the policy enforcement rule comprises resetting a communication connection associated with the intercepted message.
  - 26. The protocol management system of claim 21, wherein applying the policy enforcement rule comprises recording information associated with the intercepted message.
  - 27. The protocol management system of claim 21, further comprising a storage medium, and wherein applying the policy enforcement rule comprises creating a log comprising information associate with the intercepted message and any related messages and storing the log in the storage medium.
  - 28. The protocol management system of claim 21, wherein the message protocol template is associated with instant messaging messages.
  - 29. The protocol management system of claim 21, wherein the message protocol template is associated with peer-to-peer messages.
  - 30. The protocol management system of claim 21, wherein the message protocol template is associated with file sharing messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Akonix Systems, Inc. (Quest Software, Inc.)
Inventors
Shapiro, Dmitry, Miller, Randy, Poling, Robert, Pugh, Richard S.

Granted Patent

US 7,818,565 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0281   Proxies

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 69/329   in the application layer [O...

Systems and methods for implementing protocol enforcement rules

First Claim

30 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for implementing protocol enforcement rules

First Claim

30 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others