System for securing the flow of and selectively modifying packets in a computer network
June 17, 2016. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.Patent ReferencesGraphical automatic programming Computer language structure for process control applications, and translator therefor Cryptographic protocol for secure communications Computer language structure for process control applications and method of translating same into program code to operate the computer Apparatus for providing cryptographic support in a network Computer network encryption/decryption device Computer network encryption/decryption device Packet filtering for data networks Network having secure fast packet switching and guaranteed quality of service Communication apparatus and methods InventorsAssigneeApplicationNo. 664839 filed on 06/17/1996US Classes:709/229, Network resources access controlling709/247Compressing/decompressingExaminersPrimary: Asta, Frank J.Assistant: Patru, Daniel Attorney, Agent or FirmInternational ClassesG06F 013/36G06F 015/401 Foreign Application Priority Data1995-06-15 ILAbstractThe present invention discloses a novel system for controlling the inbound and outbound data packet flow in a computer network. By controlling the packet flow in a computer network, private networks can be secured from outside attacks in addition to controlling the flow of packets from within the private network to the outside world. A user generates a rule base which is then converted into a set of filter language instruction. Each rule in the rule base includes a source, destination, service, whether to accept or reject the packet and whether to log the event. The set of filter language instructions are installed and execute on inspection engines which are placed on computers acting as firewalls. The firewalls are positioned in the computer network such that all traffic to and from the network to be protected is forced to pass through the firewall. Thus, packets are filtered as they flow into and out of the network in accordance with the rules comprising the rule base. The inspection engine acts as a virtual packet filtering machine which determines on a packet by packet basis whether to reject or accept a packet. If a packet is rejected, it is dropped. If it is accepted, the packet may then be modified. Modification may include encryption, decryption, signature generation, signature verification or address translation. All modifications are performed in accordance with the contents of the rule base. The present invention provides additional security to a computer network by encrypting communications between two firewalls between a client and a firewall. This permits the use of insecure public networks in constructing a WAN that includes both private and public network segments, thus forming a virtual private network.Other References
| |
