Network traffic intercepting method and system

US 7,503,069 B2
Filed: 06/04/2004
Issued: 03/10/2009
Est. Priority Date: 02/03/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:

intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;

including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and

relaying the data to a destination based on the information content of said data,wherein the capacity of said transport connections generated by said network traffic interceptor between the transport layer and the network traffic interceptor is equal to or greater than the capacity of the transport connections created between the network traffic interceptor and user applications.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system and method for intercepting, examining, and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application. All data streams that pass from an external network, through the transport layer of an operating system to the user application or from the user application to the transport layer are intercepted by a network traffic interceptor. The network traffic interceptor processes all data streams for proscribed data that may include viruses, trojan horses, worms, and other hostile algorithms. The processing used by the network traffic interceptor can include monitoring, blocking or destroying data, thereby protecting the single computer system from being infected by hostile algorithms.

25 Citations

32 Claims

1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:
- intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;
  
  including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and
  
  relaying the data to a destination based on the information content of said data,wherein the capacity of said transport connections generated by said network traffic interceptor between the transport layer and the network traffic interceptor is equal to or greater than the capacity of the transport connections created between the network traffic interceptor and user applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method as in claim 1 further comprising processing said data, including scanning said data for proscribed data.
  - 3. A method as in claim 2 further comprising preventing said computer system from accessing proscribed data.
  - 4. A method as in claim 3 further comprising monitoring wherein said monitoring includes watching for key words in network traffic.
  - 5. A method as in claim 4 further comprising blocking further transmittal of said key words.
  - 6. A method as in claim 3 further comprising preventing said computer system accessing from accessing proscribed data, by designating said data with a GO designation or a NOGO designation;
    - passing said GO designated data to said user application; and
      
      blocking said NOGO designate data from said user application.
  - 7. A method as in claim 6 further comprising communicating the existence of said NOGO designated data.
  - 8. A method as in claim 7 wherein said cominunicating comprises displaying the existence of said NOGO designated data on a dialogue box or message.
  - 9. A method as in claim 6 further comprising logging the existence of NOGO designated data in a log file.
  - 10. A method as in claim 9, wherein said logging includes designating place of origin, date, size and type of said NOGO designated data.
  - 11. A method as in claim 2, further comprising protocol parsing.
  - 12. A method as in claim 2, further comprising protocol parsing, wherein said parser parses code based on data flowing via transport connections between the transport layer of an operating system and user applications.
  - 13. A method as in claim 1 further comprising protocol parsing.
  - 14. The method of claim 13, wherein said protocol parsing parses data flowing via transport connections between the transport layer of an operating system and user applications.
  - 15. A method of claim 1 further comprising decrypting said data.
  - 16. A method as in claim 1 further comprising authenticating said data.
  - 17. A method as in claim 1 wherein said transport layer comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) layer.

18. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:
- intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;
  
  including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data flowing via transport connections to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and
  
  relaying the data to a destination based on the information content of said data.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 19. A method as in claim 18, wherein said network interceptor examines said data for information content.
  - 20. A method as in claim 18 further comprising processing said data, including scanning said data for proscribed data.
  - 21. A method as in claim 18 further comprising preventing said computer system for accessing proscribed data.
  - 22. A method as in claim 18 further comprising monitoring wherein said monitoring includes watching for key words in network traffic.
  - 23. A method as in claim 22 further comprising blocking further transmittal of said key words.
  - 24. A method as in claim 18 comprising preventing said computer system from accessing proscribed data by designating said data with a GO designation or a NOGO designation;
    - passing said GO designated data to said user application; and
      
      blocking said NOGO designate data from said user application.
  - 25. A method as in claim 24 further comprising communicating the existence of said NOGO designated data.
  - 26. A method as in claim 25 wherein said communicating comprises displaying the existence of said NOGO designated data on a dialogue box or message.
  - 27. A method as in claim 24 further comprising logging the existence of NOGO designated data in a log file.
  - 28. A method as in claim 27, wherein said logging includes designating place of origin, date, size and type of said NOGO designated data.
  - 29. A method as in claim 18 further comprising protocol parsing.
  - 30. A method of claim 18 further comprising decrypting said data.
  - 31. A method as in claim 18 further comprising authenticating said data.
  - 32. A method as in claim 18 wherein said transport layer comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cybersoft, Inc.
Original Assignee
Cybersoft, Inc.
Inventors
Radatti, Peter V.
Primary Examiner(s)
Revak, Christopher A

Application Number

US10/861,672
Publication Number

US 20040230840A1
Time in Patent Office

1,740 Days
Field of Search

713151-154, 713/160, 713/161, 713/165, 713/188, 713200-201, 709223-229
US Class Current

726/22
CPC Class Codes

G06F 21/564   by virus signature recognition

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

Network traffic intercepting method and system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Network traffic intercepting method and system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links