Network traffic intercepting method and system
First Claim
1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:
- intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;
including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and
relaying the data to a destination based on the information content of said data,wherein the capacity of said transport connections generated by said network traffic interceptor between the transport layer and the network traffic interceptor is equal to or greater than the capacity of the transport connections created between the network traffic interceptor and user applications.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer system and method for intercepting, examining, and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application. All data streams that pass from an external network, through the transport layer of an operating system to the user application or from the user application to the transport layer are intercepted by a network traffic interceptor. The network traffic interceptor processes all data streams for proscribed data that may include viruses, trojan horses, worms, and other hostile algorithms. The processing used by the network traffic interceptor can include monitoring, blocking or destroying data, thereby protecting the single computer system from being infected by hostile algorithms.
25 Citations
32 Claims
-
1. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:
-
intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;
including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and relaying the data to a destination based on the information content of said data, wherein the capacity of said transport connections generated by said network traffic interceptor between the transport layer and the network traffic interceptor is equal to or greater than the capacity of the transport connections created between the network traffic interceptor and user applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method conducted within a single computer system connected to a network for intercepting, examining, and controlling data flowing via transport connections between the transport layer of an operating system and user applications, said method comprising:
-
intercepting with a network traffic interceptor all said data, via a dedicated transport connection connected to said transport layer, flowing between said transport layer and said user application;
including generating with said network traffic interceptor transport connections and,examining said data for information content, which comprises examining said data flowing via transport connections to determine if it is scannable for information content or non-scannable for information content, and, if the scannable content contains proscribed code, then blocking said content from being passed to said user application; and relaying the data to a destination based on the information content of said data. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification