Communications system with security checking functions for file transfer operation
First Claim
1. A communications system for transferring packets, comprising:
- a router comprising;
a security condition definition unit receiving a set of security conditions,a security condition database storing the received security conditions,a packet parser that identifies and parses a packet produced by a file transfer application protocol, extracts from the packet a destination address and a security condition ID that a sending user has specified for a file contained in the packet, determines whether the extracted destination address satisfies the security condition corresponding to the user-specified security condition ID and, if not, discards the packet to prevent information leakage, anda domain data collector that makes access to a server managing network domains to collect domain data corresponding to a specified destination address; and
a user terminal comprising;
a security condition user interface that requests the router to provide information about the security conditions and gives the security condition ID to the file to indicate which security condition the sending user has specified,(a) wherein;
when network segments do not vary,the security conditions each comprise a security condition ID and a permissible segment corresponding thereto, the permissible segment being defined as a collection of eligible destination addresses; and
the packet parser determines whether the destination address of the file is included in the permissible segment corresponding to the security condition ID, so as to prevent information leakage on an individual segment basis,(b) wherein;
when the network segments vary dynamically,the security conditions each comprise a security condition ID and a permissible domain corresponding thereto, the permissible domain being defined as a collection of eligible destination domain names; and
the packet parser determines whether the destination address of the file is included in the permissible domain corresponding to the specified security condition ID and, if not, notifies the domain data collector of the destination address, and determines again whether the destination address is included in the permissible domain that the domain data collector has obtained, thereby preventing information leakage on an individual domain basis.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure data communications system with an enhanced function of preventing information leakage. The system includes a user terminal and a router. The router has a security condition definition unit and a storage unit to receive and store a set of security conditions. A packet parser identifies and parses a packet produced by a file transfer application protocol and extracts from that packet a destination address and a security condition ID that the sending user has specified for a file in the packet. The packet parser discards the packet to prevent information leakage if the extracted destination address does not satisfy the security condition corresponding to the user-specified security condition ID. The user terminal has a security condition user interface that requests the router to provide information about security conditions and gives a security condition ID to each file to indicate which security condition the sending user has specified.
10 Citations
11 Claims
-
1. A communications system for transferring packets, comprising:
-
a router comprising; a security condition definition unit receiving a set of security conditions, a security condition database storing the received security conditions, a packet parser that identifies and parses a packet produced by a file transfer application protocol, extracts from the packet a destination address and a security condition ID that a sending user has specified for a file contained in the packet, determines whether the extracted destination address satisfies the security condition corresponding to the user-specified security condition ID and, if not, discards the packet to prevent information leakage, and a domain data collector that makes access to a server managing network domains to collect domain data corresponding to a specified destination address; and a user terminal comprising; a security condition user interface that requests the router to provide information about the security conditions and gives the security condition ID to the file to indicate which security condition the sending user has specified, (a) wherein; when network segments do not vary, the security conditions each comprise a security condition ID and a permissible segment corresponding thereto, the permissible segment being defined as a collection of eligible destination addresses; and the packet parser determines whether the destination address of the file is included in the permissible segment corresponding to the security condition ID, so as to prevent information leakage on an individual segment basis, (b) wherein; when the network segments vary dynamically, the security conditions each comprise a security condition ID and a permissible domain corresponding thereto, the permissible domain being defined as a collection of eligible destination domain names; and the packet parser determines whether the destination address of the file is included in the permissible domain corresponding to the specified security condition ID and, if not, notifies the domain data collector of the destination address, and determines again whether the destination address is included in the permissible domain that the domain data collector has obtained, thereby preventing information leakage on an individual domain basis. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for preventing information from leaking during routing of packets over a network, the method comprising:
-
requesting, from a user terminal, a router to provide information about security conditions stored in that router; adding a security condition ID to a file to indicate a security condition that a sending user has specified; receiving a set of security conditions at the router; storing the received security conditions in the router; identifying and parsing a packet produced by a file transfer application protocol; extracting from the packet a destination address and a security condition ID that a sending user has specified for a file contained in the packet; determining whether the extracted destination address satisfies the security condition corresponding to the user-specified security condition ID; and discarding the packet to prevent information leakage, if the extracted destination address fails to satisfy the security condition; (a) wherein; when network segments do not vary, the security conditions each comprise a security condition ID and a permissible segment corresponding thereto, the permissible segment being defined as a collection of eligible destination addresses; and the determining step determines whether the destination address of the file is included in the permissible segment corresponding to the specified security condition ID, so as to prevent information leakage on an individual segment basis, (b) wherein; when the network segments vary dynamically, the security conditions each comprise a security condition ID and a permissible domain corresponding thereto, the permissible domain being defined as a collection of eligible destination domain names; and said determining step comprises; making access from the router to a server managing network domains to collect domain data corresponding to the extracted destination address if the destination address of the file is not included in the permissible domain corresponding to the specified security condition ID, and determining again whether the destination address is included in the collected domain data, so as to prevent information leakage on an individual domain basis. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A router for forwarding packets, comprising:
-
a security condition definition unit receiving a set of security conditions, a security condition database storing the received security conditions, a packet parser that identifies and parses a packet produced by a file transfer application protocol, extracts from the packet a destination address and a security condition ID that a sending user has specified for a file contained in the packet, determines whether the extracted destination address satisfies the security condition corresponding to the user-specified security condition ID and, if not, discards the packet to prevent information leakage; and a domain data collector that makes access to a server managing network domains to collect domain data corresponding to a specified destination address, (a) wherein; when network segments do not vary, the security conditions each comprise a security condition ID and a permissible segment corresponding thereto, the permissible segment being defined as a collection of eligible destination addresses; and the packet parser determines whether the destination address of the file is included in the permissible segment corresponding to the security condition ID, so as to prevent information leakage on an individual segment basis, (b) wherein; when the network segments vary dynamically, the security conditions each comprise a security condition ID and a permissible domain corresponding thereto, the permissible domain being defined as a collection of eligible destination domain names; and the packet parser determines whether the destination address of the file is included in the permissible domain corresponding to the specified security condition ID and, if not, notifies the domain data collector of the destination address, and determines again whether the destination address is included in the permissible domain that the domain data collector has obtained, thereby preventing information leakage on an individual domain basis.
-
Specification