Method and system for extracting application protocol characteristics

US 7,774,835 B2
Filed: 08/02/2004
Issued: 08/10/2010
Est. Priority Date: 09/09/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method executed on a gateway device for defining a set of allowable actions that may be taken by a client in communication with an application program residing on a server, the method comprising:

receiving a server communication addressed to the client;

extracting application protocol data from the server communication to determine the set of allowable actions which may be taken in response to the server communication, the set of allowable actions being for a particular communication session between the client and the application program residing on the server;

stripping communication protocol data from the server communication;

parsing the stripped communication protocol data to extract a network address of the client; and

storing the extracted application protocol data in a protocol database in association with the communication protocol data representing the network address of the client to thereby enable the particular communication session with the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.

45 Citations

20 Claims

1. A method executed on a gateway device for defining a set of allowable actions that may be taken by a client in communication with an application program residing on a server, the method comprising:
- receiving a server communication addressed to the client;
  
  extracting application protocol data from the server communication to determine the set of allowable actions which may be taken in response to the server communication, the set of allowable actions being for a particular communication session between the client and the application program residing on the server;
  
  stripping communication protocol data from the server communication;
  
  parsing the stripped communication protocol data to extract a network address of the client; and
  
  storing the extracted application protocol data in a protocol database in association with the communication protocol data representing the network address of the client to thereby enable the particular communication session with the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising parsing the stripped communication protocol data to extract an input field in the server communication.
  - 3. The method of claim 1, further comprising parsing the stripped communication protocol data to identify a command in the server communication, wherein the client is allowed to use the command in communication with the application program.
  - 4. The method of claim 1, wherein storing the extracted application protocol data in a protocol database comprises storing an input field with associated data type and length, the input field having been extracted from the server communication.
  - 5. The method of claim 1, further comprising parsing the stripped communication protocol data to identify a hyperlink in the server communication.
  - 6. The method of claim 1, further comprising using the stored application protocol data to filter communications between the client and the server.
  - 7. The method of claim 1, wherein stripping communication protocol data from the server communication comprises stripping communication protocol data for multiple protocols.
  - 8. The method of claim 1, wherein extracting application protocol data from the server communication is performed in real-time.

9. A computer-readable storage medium having instructions stored thereon that when executed by a computer causes the computer to:
- receive a server communication addressed to a client;
  
  extract application protocol data from the server communication to determine a set of allowable actions which may be taken in response to the server communication, the set of allowable actions being for a particular communication session between the client and the server;
  
  strip communication protocol data from the server communication;
  
  parse the stripped communication protocol data to extract a network address of the client; and
  
  store the extracted application protocol data in a protocol database in association with the communication protocol data representing the network address of the client to thereby enable the particular communication session with the client.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-readable storage medium of claim 9, wherein the extracted application protocol data stored in the protocol database comprises an input field with associated data type and length, the input field having been extracted from the server communication.
  - 11. The computer-readable storage medium of claim 9, wherein the stored application protocol data is used to filter communications between the client and the server.
  - 12. The computer-readable storage medium of claim 9, wherein the communication protocol data comprises data for multiple protocols.

13. A communication system comprising:
- a server having an application stored thereon for use by a client;
  
  a protocol extraction module for extracting application protocol data for a plurality of protocols from a message sent by the server to the client, after stripping communication protocol data from the message, wherein the extracted application protocol data include a hyperlink;
  
  a protocol database for storing the extracted application protocol data; and
  
  a filter module for selectively allowing actions by the client in communication with the application, the allowed actions being based on the application protocol data stored on the protocol database.
- View Dependent Claims (14, 15, 19)
- - 14. The communication system of claim 13, wherein the communication protocol data are used for a particular communication session between a particular client and the server.
  - 15. The communication system of claim 13, wherein the communication protocol data is used to filter communications between the client and the server.
  - 19. The communication system of claim 13, wherein the communication protocol data are sent in the message from the server to the client.

16. A computing apparatus, that includes computer hardware modules to perform actions for defining a set of actions by a client, comprising:
- a protocol extraction module that extracts application protocol data in real-time for a particular communication session between the client and an application residing on a server, the application protocol data being extracted for a plurality of protocols from a message sent by the server to the client, after stripping communication protocol data from the message, wherein the extracted application protocol data include a hyperlink;
  
  a protocol database that stores the extracted application protocol data; and
  
  a filter module that selectively allows the actions by the client in communication with the application, the allowed actions being based on the application protocol data stored on the protocol database.
- View Dependent Claims (17, 18, 20)
- - 17. The computing apparatus of claim 16, wherein the protocol extraction module, the protocol database, and the filter module reside on the server.
  - 18. The computing apparatus of claim 16, wherein the communication protocol data is used to filter communications between the client and the server.
  - 20. The computing apparatus of claim 16, wherein the communication protocol data are sent in the message from the server to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Raanan, Gil, Galant, Yaron, Reshef, Eran, Moran, Tal, El-Hanani, Yuval
Primary Examiner(s)
KIM, JUNG W

Application Number

US10/909,645
Publication Number

US 20050044420A1
Time in Patent Office

2,199 Days
Field of Search

726/27, 726/30
US Class Current

726/13
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 69/08   Protocols for interworking;...

Method and system for extracting application protocol characteristics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for extracting application protocol characteristics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links