System and method to manage data to a plurality of proxy servers through a router by application level protocol and an authorized list

US 6,792,461 B1
Filed: 09/19/2000
Issued: 09/14/2004
Est. Priority Date: 10/21/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing data traffic within an Intranet, the Intranet comprising a client computer, a router system, and at least one proxy server, the method comprising:

transmitting a datagram to a traffic analyser in a router system, the traffic analyser determining if the datagram originated from a client computer in the Intranet, in response to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmitting the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol used by the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;

comparing the proxy server, determined by the policing manager, to a list of authorized proxy servers, the authorized proxy servers being previously authorized to receive only datagrams using the application level protocol used by the datagram originating from the client computer; and

in response to determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmitting the datagram to the authorized proxy server, and in response to determining that the proxy server is not on the list of authorized proxy servers, discarding the datagram.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing data traffic between an intranet and the internet. The Intranet composed of client computers connected to a router system which bridges the connection to a plurality of proxy servers. The proxy servers act as a gateway to the internet and operate on a designated application level protocol. The router system redirecting packets based on application level protocols to the proxy servers while checking the destination proxy server with an authorized list. The router system blocking or transmitting based on the application level protocol and the authorized server.

340 Citations

8 Claims

1. A method for managing data traffic within an Intranet, the Intranet comprising a client computer, a router system, and at least one proxy server, the method comprising:
- transmitting a datagram to a traffic analyser in a router system, the traffic analyser determining if the datagram originated from a client computer in the Intranet, in response to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmitting the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol used by the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;
  
  comparing the proxy server, determined by the policing manager, to a list of authorized proxy servers, the authorized proxy servers being previously authorized to receive only datagrams using the application level protocol used by the datagram originating from the client computer; and
  
  in response to determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmitting the datagram to the authorized proxy server, and in response to determining that the proxy server is not on the list of authorized proxy servers, discarding the datagram.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
3. The method of claim 2, wherein the maximum limit is 500.
4. The method of claim 1, wherein all datagram traffic within the Intranet is policed by the steps of claim 1, such that any client computer in the Intranet can communicate with an Internet only by routing datagrams through the authorized proxy server, the proxy server being selected according to the application level protocol used by the datagram and by a physical proximity of the proxy server to the client computer.

5. A router system for managing data traffic within an Intranet, the router system comprising:
- a traffic analyser that determines if a received datagram originated from a client computer in the Intranet;
  
  an inbound policing handler that, responsive to the traffic analyser determining that the datagram originated from a client computer in the Intranet, transmits the datagram to an inbound policing handler, the inbound policing handler updating a destination address for the datagram to a proxy server specified by an application level protocol of the datagram, the proxy server specified being determined by a policing manager according to an application level protocol policing definition table;
  
  a policing manager that compares the proxy server, determined by the policing manager, to a list of authorized proxy servers determined by the application level protocol of the datagram; and
  
  a router that, in response to the policing manager determining that the proxy server determined by the policing manager is on the list of authorized proxy servers, transmits the datagram to the authorized proxy server, and in response to determining that the proxy server is not authorized, discarding the datagram.
- View Dependent Claims (6, 7, 8)
- - 6. The router system of claim 5, wherein a maximum limit is set for the number of client computers in the Intranet that can send datagrams to the proxy server.
  - 7. The router system of claim 6, wherein the maximum limit is 500.
  - 8. The router system of claim 5, wherein all datagram traffic within an Intranet is policed by the router system, such that any client computer in the Intranet can communicate with an Internet only by routing datagrams through the authorized proxy server, the proxy server being selected according to the application level protocol used by the datagram and by a physical proximity of the proxy server to the client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hericourt, Olivier
Primary Examiner(s)
Alam, Hosain
Assistant Examiner(s)
BRUCKART, BENJAMIN R

Application Number

US09/664,681
Time in Patent Office

1,456 Days
Field of Search

709/203, 709/217, 709/218, 709/222, 709/238, 709/230, 709/224, 709/225, 709/243, 713/201, 370/255, 370/230
US Class Current

709/225
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04L 63/0281   Proxies

H04L 67/14   Session management for real...

H04L 67/288   Distributed intermediate de...

H04L 67/564   Enhancement of application ...

H04L 9/40   Network security protocols

System and method to manage data to a plurality of proxy servers through a router by application level protocol and an authorized list

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

340 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to manage data to a plurality of proxy servers through a router by application level protocol and an authorized list

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

340 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links