SYSTEM FOR VERIFYING A CLIENT REQUEST

US 20080066173A1
Filed: 10/17/2007
Published: 03/13/2008
Est. Priority Date: 10/25/1999
Status: Active Grant

First Claim

Patent Images

1-10. -10. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are presented for authorizing execution of requested actions transmitted between clients and servers of a data processing system. The method includes receiving a message including a set of actions and simulating execution of the set of actions. A list representing allowable actions and user-definable inputs to the simulated actions is defined. The list of allowable actions and user-definable inputs to the allowable action is then compared to user-requested actions and inputs. When elements within the user-requested actions and inputs are included in the allowable actions and input list, the user-requested actions and inputs are authorized for execution.

Citations

21 Claims

1-10. -10. (canceled)

11. A security gateway coupled between clients and servers of a data processing system, comprising:
- an evaluator for evaluating transmissions between said clients and servers and for identifying informational content and application programming logic included within each transmission;
  
  a simulator for simulating a processing environment for executing said application programming logic of said transmissions, said simulator including an enumeration engine for triggering events and identifying user-definable inputs to said application programming logic, said simulator providing a list of allowable actions and user-definable input values to said actions; and
  
  a filter for receiving transmissions including user-requested actions and input, comparing said user-requested actions and input to said list of allowable actions and user-definable input values, and passing through said security gateway transmissions having user-requested actions and inputs within said list of allowable actions and input values.
- View Dependent Claims (12, 13, 14, 15, 18, 19, 20)
- - 12. The security gateway as set forth in claim 11, comprising a data store, accessible by said simulator and said filter, for storing said list of allowable actions and input values.
  - 13. The security gateway as set forth in claim 11, wherein said simulator comprises a detector for detecting an input control requesting entry of a data value and for assigning a unique place holder to represent said data value, and wherein said filter comprises means for matching a pattern of said unique place holder to said input received from said user.
  - 14. The security gateway as set forth in claim 11, wherein said simulator comprises:
    - a detector for detecting an input control requesting selection of one of a plurality of predefined data values; and
      
      means for iteratively selecting one of said plurality of predefined data values, continuing simulation of said application programming logic, and building of said list of allowable actions and user-definable inputs with said selected one data value until each of said plurality of predefined data values is selected and listed.
  - 15. The security gateway as set forth in claim 11, wherein said evaluator comprises means for identifying actions of interest within said application programming logic and for tracing inputs to said actions received at a client, and wherein said simulator comprises means for receiving results of said tracing and providing said results as user-selectable inputs to said identified actions are performed within said simulation.
  - 18. The security gateway as set forth in claim 11, wherein the security gateway is a hardware component that is separate and distinct from the servers.
  - 19. The security gateway as set forth in claim 11, wherein the security gateway includes application programming logic executing on at least one of the servers.
  - 20. The security gateway as set forth in claim 11, wherein the security gateway is configured to operate within a sniffer device coupled to a router or a hub, wherein said router or said hub directs communications between at least one of the servers and at least one of the clients.

16-17. -17. (canceled)

21. A security gateway coupled between clients and servers of a data processing system, comprising:
- a simulator for simulating a processing environment for executing application programming logic included within transmissions between said clients and servers, said simulator including an enumeration engine for triggering events and identifying user-definable inputs to said application programming logic, said simulator providing a list of allowable actions and user-definable input values to said actions; and
  
  a filter for receiving transmissions including user-requested actions and input, comparing said user-requested actions and input to said list of allowable actions and user-definable input values, and passing through said security gateway transmissions having user-requested actions and inputs within said list of allowable actions and input values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Watchfire Corp. (Ontario) (International Business Machines Corporation)
Inventors
RAANAN, Gil, EL-HANANI, Yuval, RESHEF, Eran, MORAN, Tal

Granted Patent

US 7,703,127 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/101 Access control lists [ACL]

SYSTEM FOR VERIFYING A CLIENT REQUEST

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR VERIFYING A CLIENT REQUEST

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links