US20060005236A1 - Computer gateway system - Google Patents

Computer gateway system Download PDF

Info

Publication number
US20060005236A1
US20060005236A1 US11148006 US14800605A US2006005236A1 US 20060005236 A1 US20060005236 A1 US 20060005236A1 US 11148006 US11148006 US 11148006 US 14800605 A US14800605 A US 14800605A US 2006005236 A1 US2006005236 A1 US 2006005236A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
virtual host
virtual
system
means
firewall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11148006
Inventor
Ralph Wesinger
Christopher Coley
Original Assignee
Wesinger Ralph E Jr
Coley Christopher D
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B65CONVEYING; PACKING; STORING; HANDLING THIN OR FILAMENTARY MATERIAL
    • B65BMACHINES, APPARATUS OR DEVICES FOR, OR METHODS OF, PACKAGING ARTICLES OR MATERIALS; UNPACKING
    • B65B11/00Wrapping, e.g. partially or wholly enclosing, articles, or quantities of material, in strips, sheets or blanks, of flexible material
    • B65B11/004Wrapping, e.g. partially or wholly enclosing, articles, or quantities of material, in strips, sheets or blanks, of flexible material in blanks, e.g. sheets precut and creased for folding
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30861Retrieval from the Internet, e.g. browsers
    • G06F17/3089Web site content organization and management, e.g. publishing, automatic linking or maintaining pages
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/02Communication control; Communication processing contains provisionally no documents
    • H04L29/06Communication control; Communication processing contains provisionally no documents characterised by a protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12047Directories; name-to-address mapping
    • H04L29/12056Directories; name-to-address mapping involving standard directories and standard directory access protocols
    • H04L29/12066Directories; name-to-address mapping involving standard directories and standard directory access protocols using Domain Name System [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12047Directories; name-to-address mapping
    • H04L29/12132Mechanisms for table lookup, also between directories; Directory data structures; Synchronization of directories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/1233Mapping of addresses of the same type; Address translation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/1233Mapping of addresses of the same type; Address translation
    • H04L29/12339Internet Protocol [IP] address translation
    • H04L29/12349Translating between special types of IP addresses
    • H04L29/12367Translating between special types of IP addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/1233Mapping of addresses of the same type; Address translation
    • H04L29/12339Internet Protocol [IP] address translation
    • H04L29/12386Special translation architecture, different from a single Network Address Translation [NAT] server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/1233Mapping of addresses of the same type; Address translation
    • H04L29/12339Internet Protocol [IP] address translation
    • H04L29/1249NAT-Traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12783Arrangements for addressing and naming in data networks involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address, functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12792Details
    • H04L29/12952Multiple interfaces, e.g. multihomed nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/15Directories; Name-to-address mapping
    • H04L61/1505Directories; Name-to-address mapping involving standard directories or standard directory access protocols
    • H04L61/1511Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/15Directories; Name-to-address mapping
    • H04L61/1552Mechanisms for table lookup, e.g. between directories; Directory data structures; Synchronization of directories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/25Network arrangements or network protocols for addressing or naming mapping of addresses of the same type; address translation
    • H04L61/2503Internet protocol [IP] address translation
    • H04L61/2507Internet protocol [IP] address translation translating between special types of IP addresses
    • H04L61/2514Internet protocol [IP] address translation translating between special types of IP addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/25Network arrangements or network protocols for addressing or naming mapping of addresses of the same type; address translation
    • H04L61/2503Internet protocol [IP] address translation
    • H04L61/2521Special translation architecture, i.e. being different from a single network address translation [NAT] server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/25Network arrangements or network protocols for addressing or naming mapping of addresses of the same type; address translation
    • H04L61/2503Internet protocol [IP] address translation
    • H04L61/256Network address translation [NAT] traversal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/35Network arrangements or network protocols for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/60Details
    • H04L61/6077Multiple interfaces, e.g. multihomed nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0807Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/16Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Application independent communication protocol aspects or techniques in packet data networks
    • H04L69/16Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Abstract

A computer gateway system is disclosed. The system may include a multi-homing gateway with at least one interface connected to an IP compliant network. The gateway is to allow an IP address to be mapped to at least one virtual host. A virtual host configuration table is coupled to the multi-homing gateway and includes an association between the virtual hosts and IP addresses. The virtual hosts are in communication with the virtual host configuration table and can obtain the association between virtual hosts and IP addresses.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a continuation of co-pending U.S. patent application Ser. No. 10/701,011, filed Nov. 3, 2003, which is a continuation of co-pending U.S. patent application Ser. No. 10/210,326, filed Aug. 1, 2002, which is a continuation of co-pending U.S. patent application Ser. No. 09/552,476, filed Apr. 18, 2000, which is a continuation of U.S. patent application Ser. No. 09/299,941, filed Apr. 26, 1999, now issued as U.S. Pat. No. 6,052,788, which is a continuation of U.S. patent application Ser. No. 08/733,361, filed Oct. 17, 1996, now issued as U.S. Pat. No. 5,898,830.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to computer network security and more particularly to firewalls, i.e., a combination of computer hardware and software that selectively allows “acceptable” computer transmissions to pass through it and disallows other non-acceptable computer transmissions.
  • 2. State of the Art
  • In the space of just a few years, the Internet—because it provides access to information, and the ability to publish information, in revolutionary ways—has emerged from relative obscurity to international prominence. Whereas in general an internet is a network of networks, the Internet is a global collection of interconnected local, mid-level, and wide-area networks that use the Internet Protocol (IP) as the network layer protocol. Whereas the Internet embraces many local- and wide-area networks, a given local- or wide-area network may or may not form part of the Internet. For purposes of the present specification, a “wide-area network” (WAN) is a network that links at least two LANs over a wide geographical area via one or more dedicated connections. The public switched telephone network is an example of a wide-area network. A “local-area network” (LAN) is a network that takes advantage of the proximity of computers to typically offer relatively efficient, higher speed communications than wide-area networks.
  • In addition, a network may use the same underlying technologies as the Internet. Such a network is referred to herein as an “Intranet,” an internal network based on Internet standards. Because the Internet has become the most pervasive and successful open networking standard, basing internal networks on the same standard is very attractive economically. Corporate Intranets have become a strong driving force in the marketplace of network products and services.
  • The present invention is directed primarily toward the connection of an Intranet to the Internet and the connection of intranets to other intranets, and any network connection where security is an issue.
  • As the Internet and its underlying technologies have become increasingly familiar, attention has become focused on Internet security and computer network security in general. With unprecedented access to information has also come unprecedented opportunities to gain unauthorized access to data, change data, destroy data, make unauthorized use of computer resources, interfere with the intended use of computer resources, etc. As experience has shown, the frontier of cyberspace has its share of scofflaws, resulting in increased efforts to protect the data, resources, and reputations of those embracing intranets and the Internet.
  • Firewalls are intended to shield data and resources from the potential ravages of computer network intruders. In essence, a firewall functions as a mechanism, which monitors and controls the flow of data between two networks. All communications, e.g., data packets, which flow between the networks in either direction, must pass through the firewall; otherwise, security is circumvented. The firewall selectively permits the communications to pass from one network to the other, to provide bidirectional security.
  • Ideally, a firewall would be able to prevent any and all security breaches and attacks. Although absolute security is indeed a goal to be sought after, due to many variables (e.g., physical intrusion into the physical plant) it may be difficult to achieve. However, in many instances, it is of equal if not greater importance to be alerted to an attack so that measures may be taken to thwart the attack or render it harmless, and to avoid future attacks of the same kind. Hence a firewall, in addition to security, should provide timely information that enables attacks to be detected.
  • Firewalls have typically relied on some combination of two techniques affording network protection: packet filtering and proxy services.
  • Packet filtering is the action a firewall takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (often from the Internet to an internal network, and vice versa). To accomplish packet filtering, a network administrator establishes a set of rules that specify what types of packets (e.g., those to or from a particular IP address or port) are to be allowed to pass and what types are to be blocked. Packet filtering may occur in a router, in a bridge, or on an individual host computer.
  • Packet filters are typically configured in a “default permit stance”; i.e., that which is not expressly prohibited is permitted. In order for a packet filter to prohibit potentially harmful traffic, it must know what the constituent packets of that traffic look like. However, it is virtually impossible to catalogue all the various types of potentially harmful packets and to distinguish them from benign packet traffic. The filtering function required to do so is too complex. Hence, while most packet filters may be effective in dealing with the most common types of network security threats, this methodology presents many chinks that an experienced hacker may exploit. The level of security afforded by packet filtering, therefore, leaves much to be desired.
  • Recently, a further network security technique termed “stateful inspection” has emerged. Stateful inspection performs packet filtering not on the basis of a single packet, but on the basis of some historical window of packets on the same port. Although stateful inspection may enhance the level of security achievable using packet filtering, it is as yet relatively unproven. Furthermore, although an historical window of packets may enable the filter to more accurately identify harmful packets, the filter must still know what it is looking for. Building a filter with sufficient intelligence to deal with the almost infinite variety of possible packets and packet sequences is liable to prove an exceedingly difficult task.
  • The other principal methodology used in present-day firewalls is proxies. In order to describe prior-art proxy-based firewalls, some further definitions are required. A “node” is an entity that participates in network communications. A subnetwork is a portion of a network, or a physically independent network, that may share network addresses with other portions of the network. An intermediate system is a node that is connected to more than one subnetwork and that has the role of forwarding data from one subnetwork to the other (i.e., a “router”).
  • A proxy is a program, running on an intermediate system, that deals with servers (e.g., Web servers, FTP servers, etc.) on behalf of clients. Clients, e.g. computer applications which are attempting to communicate with a network that is protected by a firewall, send requests for connections to proxy-based intermediate systems. Proxy-based intermediate systems relay approved client requests to target servers and relay answers back to clients.
  • Proxies require either custom software (i.e., proxy-aware applications) or custom user procedures in order to establish a connection. Using custom software for proxying presents several problems. Appropriate custom client software is often available only for certain platforms, and the software available for a particular platform may not be the software that users prefer. Furthermore, using custom client software, users must perform extra manual configuration to direct the software to contact the proxy on the intermediate system. With the custom procedure approach, the user tells the client to connect to the proxy and then tells the proxy which host to connect to. Typically, the user will first enter the name of a firewall that the user wishes to connect through. The firewall will then prompt the user for the name of the remote host the user wishes to connect to. Although this procedure is relatively simple in the case of a connection that traverses only a single firewall, as network systems grow in complexity, a connection may traverse several firewalls. Establishing a proxied connection in such a situation starts to become a confusing maze, and a significant burden to the user, since the user must know the route the connection is to take.
  • Furthermore, since proxies must typically prompt the user or the client software for a destination using a specific protocol, they are protocol-specific. Separate proxies are therefore required for each protocol that is to be used.
  • Another problematic aspect of conventional firewall arrangements, from a security perspective, is the common practice of combining a firewall with other packages on the same computing system. The firewall package itself may be a combination of applications. For example, one well-known firewall is a combination Web server and firewall. In other cases, unrelated services may be hosted on the same computing platform used for the firewall. Such services may include e-mail, Web servers, databases, etc. The provision of applications in addition to the firewall on a computing system provides a path through which a hacker can potentially get around the security provided by the firewall. Combining other applications on the same machine as a firewall also has the result of allowing a greater number of users access to the machine. The likelihood then increases that a user will, deliberately or inadvertently, cause a security breach.
  • There remains a need for a firewall that achieves both maximum security and maximum user convenience, such that the steps required to establish a connection are transparent to the user. The present invention addresses this need.
  • SUMMARY OF THE INVENTION
  • The present invention, generally speaking, provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved.
  • Security may be further enhanced using out-of-band authentication. In this approach, a communication channel, or medium, other than the one over which the network communication is to take place, is used to transmit or convey an access key. The key may be transmitted from a remote location (e.g., using a pager or other transmission device) or may be conveyed locally using a hardware token, for example. To gain access, a hacker must have access to a device (e.g., a pager, a token etc.) used to receive the out-of-band information. Pager beep-back or similar authentication techniques may be especially advantageous in that, if a hacker attempts unauthorized access to a machine while the authorized user is n possession of the device, the user will be alerted by the device unexpectedly receiving the access key. The key is unique to each transmission, such that even if a hacker is able to obtain it, it cannot be used at other times or places or with respect to any other connection.
  • Using envoys, the added burden associated with prior-art proxy systems is avoided so as to achieve full transparency-the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In accordance with one aspect of the invention, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In accordance with another aspect of the invention, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.
  • The firewall may have more than two network interfaces, each with its own set of virtual hosts. Multiple firewalls may be used to isolate multiple network layers. The full transparency attribute of a single firewall system remains unchanged in a multi-layered system: a user may, if authorized, access a remote host multiple network layers removed, without knowing of the existence of any of the multiple firewalls in the system.
  • Furthermore, the firewalls may be configured to also transparently perform any of various kinds of channel processing, including various types of encryption and decryption, compression and decompression, etc. In this way, virtual private networks may be established whereby two remote machines communicate securely, regardless of the degree of proximity or separation, in the same manner as if the machines were on the same local area network.
  • The problem of Internet address scarcity may also be addressed using multi-layer network systems of the type described. Whereas addresses on both sides of a single firewall must be unique in order to avoid routing errors, network segments separated by multiple firewalls may reuse the same addresses.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention may be further understood from the following description in conjunction with the appended drawings. In the drawings:
  • FIG. 1 is a block diagram of a multi-layered computer enterprise network in which the present invention may be used;
  • FIG. 2 is a block diagram of a network similar to the network of FIG. 1 but in which a two-sided firewall has been replaced by a three-sided firewall;
  • FIG. 3 is a block diagram showing in greater detail a special-purpose virtual host used for configuration of a firewall;
  • FIG. 4 is a block diagram of a load-sharing firewall;
  • FIG. 5 is a block diagram of one embodiment of the firewall of the present invention;
  • FIG. 6 is a block diagram illustrating the manner in which the present firewall handles connection requests;
  • FIG. 7 is an example of a portion of the master configuration file of FIG. 5;
  • FIG. 8 is a block diagram illustrating in greater detail the structure of the present firewall; and
  • FIG. 9 is a block diagram of a combination firewall that allows the bulk of the entire Internet address space to be used on both sides of the firewall.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • The present firewall provides a choke point used to control the flow of data between two networks. One of the two networks may be the Internet, or both of the two networks may be intranets-the nature and identity of the two networks is immaterial. The important point is that all traffic between the two networks must pass through a single, narrow point of controlled access. A firewall therefore brings a great deal of leverage to bear on the problem of network security, allowing security measures to be concentrated on this controlled access point. To avoid possible security compromises, the firewall should ideally run on a dedicated computer, i.e. one which does not have any other user-accessible programs running on it that could provide a path via which communications could circumvent the firewall.
  • One environment in which firewalls are particularly desirable is in enterprise network systems, in which a number of individual networks that may be respectively associated with different departments or divisions of a company, for example, are connected with one another. In such an environment, firewalls can be employed to restrict access to the individual networks. While not limited to this particular situation, the present invention will be, described hereinafter in such a context, to facilitate an understanding of its underlying principles.
  • Referring now to FIG. 1, assume that the accounting departments of two remote corporate sites are networked, and that these two different accounting networks are to be connected via the Internet or a similar non-secure, wide-area network. For purposes of illustration, a first site 101 having a first accounting network 103 might be located in California, and a second site 151 having a second accounting network 153 might be located in Japan. Within each site, each accounting network may be part of a larger corporate network (109, 159). Precautions are required to safeguard sensitive accounting data such that it cannot be accessed over the general corporate network. A first firewall (105, 155) is used for this purpose. The first firewall is interposed between the accounting network and the general corporate network.
  • A convenient way to place the two accounting networks in communication with each other is through the Internet 120, which comprises another layer of a multi-layer network. As compared to other forms of connection, the Internet may be more economical, more easily accessible, and more robust. Connecting to the Internet, however, requires that access between the Internet and the respective sites be strictly controlled. A second firewall (107, 157) is used at each site for this purpose.
  • In the following description, the present firewall is illustrated most often as a rectangle having along each of two edges thereof a network connection and a row of boxes representing multiple “homes,” corresponding to respective virtual hosts. A virtual host along one edge may be used to initiate a connection only in response to a request from the network connection that enters the firewall at that edge. The connection, once established, is fully bi-directional, with the same virtual host passing data between the originating network connection and the network connection at the opposite edge of the firewall.
  • More generally, the firewall may be N-sided, having N network connections and being illustrated as an N-sided polygon. Any virtual host may establish a connection between any pair of network connections so long as the connection originated from the network connection adjoining that virtual host. Again, the connection, once established, is fully bidirectional.
  • The firewalls 105, 107, 155 and 157 are each of a construction to be more particularly described hereinafter. Each firewall is multi-homing. This means that each firewall is configured as multiple virtual hosts running on a physical computer. In the example of FIG. 1, a firewall is depicted as a single computer having multiple virtual hosts on each of its two interfaces. In practice, the multiple virtual hosts can be configured in this manner or, alternatively, implemented in any number of computers, as explained in detail hereinafter. Each virtual host corresponds to a “home”, i.e. a site via which a connection is made between the two networks on either side of the firewall. At different times, the same virtual host might correspond to different homes associated with different connections. At any given time, however, a virtual host represents one home. In the following description of the particular example illustrated in FIG. 1, therefore, homes and virtual hosts are described as being synonymous with one another. Each virtual host is fully independently configurable and unique from each of the other virtual hosts. Considering the firewall 105 as being exemplary of each of the firewalls 105, 107, 155 and 157, one set of hosts 105 a responds to addresses on a first network interface of the firewall. Another set of hosts 105 b responds to addresses on a second network interface of the firewall.
  • Normally, in accordance with the prior art, connecting from one computer to another remote computer along a route traversing one or more firewalls would require the user to configure a prior-art proxy for each firewall to be traversed. In accordance with one aspect of the invention, however, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface.
  • DNS is a distributed database system that translates host names to IP addresses and IP addresses to host names (e.g, it might translate host name omer.odyssey.com to 129.186.424.43). The information required to perform such translations is stored in DNS tables. Any program that uses host names can be a DNS client. DNS is designed to translate and forward queries and responses between clients and servers.
  • When a client needs a particular piece of information (e.g., the IP address of homer.odyssey.com), it asks its local DNS server for that information. The local DNS server first examines its own local memory, such as a cache, to see if it already knows the answer to the client's query. If not, the local DNS server asks other DNS servers, in turn, to discover the answer to the client's query. When the local DNS server gets the answer (or decides that for some reason it cannot), it stores any information it received and answers the client. For example, to find the IP address for homer.odyssey.com, the local DNS server first asks a public root name server which machines are name servers for the corn domain. It then asks one of those “com” name servers which machines are name servers for the odyssey.com domain, and then it asks one of those name servers for the IP address of homer.odyssey.com.
  • This asking and answering is all transparent to the client. As far as the client is concerned, it has communicated only with the local server. It does not know or care that the local server may have contacted several other servers in the process of answering the original question.
  • Referring still to FIG. 1, the firewall 105 is associated with a respective domain name server 115. Each of the other firewalls 107, 155, 157 is also associated with a respective domain name server 117, 165, 167. The domain name server may be a dedicated virtual host on the same physical machine as the firewall. Alternatively, the domain name server may be a separate machine. A domain name server is provided for each layer in the multi-layer network.
  • In operation, assume now that a client C on the accounting network 103 is to connect to a host D on the accounting network 153 on a repeated basis. The DNS tables of each of the firewalls may then be programmed so as to enable such a connection to be established transparently, without the user so much as being aware of any of the firewalls 105, 107, 155, 157—hence the term programmable transparency. Both forward and reverse table entries are made in the domain name servers. Within a domain name server 115, for example, D (the name of the remote host, e.g., machl.XYZcorp.com) might be mapped to a virtual host having a network address that concludes with the digits 1.1, and vice versa. Within the domain name server 117, D might be mapped to 5.4, within the domain name server 167, D might be mapped to 3.22, and within the domain name server 165, D might be mapped to 4.5, where each of the foregoing addresses has been randomly chosen simply for purposes of illustration. Finally, within a conventional DNS server (not shown), D is mapped to the “real” network address (e.g, the IP address) of D, say, 55.2.
  • When client C tries to initiate a connection to host D using the name of D, DNS operates in the usual manner to propagate a name request to successive levels of the network until D is found. The DNS server for D returns the network address of D to a virtual host on the firewall 155. The virtual host returns its network address to the virtual host on the firewall 157 from which it received the lookup request, and so on, until a virtual host on the firewall 105 returns its network address (instead of the network address of D) to the client C. This activity is all transparent to the user.
  • Note that at each network level, the virtual host handling a connection is indistinguishable to the preceding virtual (or real) host from D itself. Thus, to the client C, the virtual host 1.1 is D, to the virtual host 1.1, the virtual host 5.4 is D, etc. There is no limit to the number of network layers that may be traversed in this fashion, or any difference in operation as the number of network layers increases. This multi-layering capability allows two remote machines to communicate with the same ease as if the machines were on the same local area network, regardless of the degree of proximity or separation.
  • Programmable transparency is based upon what may be termed “envoys.” Important differences exist between envoys as described herein and conventional proxies. Normally, a prior-art proxy would have to prompt the user to enter a destination. To enable such prompting to occur, different proxy code has conventionally been required for each protocol to be proxied. Using programmable transparency, the destination is provided to an envoy using DNS and/or DDNS as described more fully hereinafter. There is therefore no need to always prompt the user for a destination and no need for the user to always enter a destination (although a mode of operation may be provided in which the user is prompted for and does enter a destination). Instead of a collection of conventional protocol-specific proxies, a single generic envoy program may be used.
  • The foregoing discussion has focused on the programmable transparency aspects of the present firewall. Of course, a primary function of a firewall is to selectively allow and disallow communications. Hence, in the course of establishing a connection, each virtual host examines a configuration table to determine, based on the particulars of the requested connection—source, destination, protocol, time-of-day, port number, etc.—whether such a connection will be allowed or disallowed. The process by which connection requests may be scrutinized is described in greater detail in U.S. patent application Ser. No. 08/595,957, filed Feb. 6, 1996, now issued as U.S. Pat. No. 5,826,014, and incorporated herein by reference.
  • The firewall may have more than two network interfaces, each with its own set of virtual hosts. Referring to FIG. 2, for example, the two-sided firewall discussed previously in relation to FIG. 1 has been replaced by a three-sided firewall 205. An accounting department network 203 and a general corporate network 209 are connected to the firewall 205 as previously described. Also connected to the firewall 205 is an engineering department network 202. In general, a firewall may be N-sided, having N different network connections. For each network connection there may be multiple virtual hosts, which operate in the manner described above.
  • Referring again to FIG. 1, configuration of the firewalls may be easily accomplished by providing on each firewall a special-purpose virtual host that runs “Configurator” software-software that provides a Web-based front-end for editing configuration files for the other virtual hosts on the firewall. The special-purpose virtual host (116, 118, 166 and 168 in FIG. 1) is preferably configured so as to allow only a connection from a specified secure client. The Configurator software running on the special-purpose virtual host is HTML-based in order to provide an authorized system administrator a familiar “point-and-click” interface for configuring the virtual firewalls in as convenient a manner as possible using a standard Web browser. Since Web browsers are available for virtually every platform, there results a generic GUI interface that takes advantage of existing technology.
  • Referring more particularly to FIG. 3, there is shown a firewall 305 having a first set of virtual hosts 305 a, a second set of virtual hosts 305 b, and a DNS/DDNS module 315. The virtual hosts do not require and preferably do not have access to the disk files of the underlying machine. Instead, virtual host processes are spawned from a daemon process that reads a master configuration file from disk once at start-up. The DNS/DDNS module and the special-purpose virtual host 317 do have access to disk files 316 of the underlying physical machine. The special-purpose virtual host 317, shown in exploded view, runs an HTML-based Configurator module 319. Access to the special-purpose virtual host is scrutinized in accordance with rules stored on disk within configuration files 321. Typically, these rules will restrict access to a known secure host, will require at least username/password authentication and optionally more rigorous authentication. Once access is granted, the Configurator module will send to the authorized accessing host a first HTML page. From this page, the user may navigate through different HTML pages using a conventional Web browser and may submit information to the special-purpose virtual host. The special-purpose virtual host will then use this information to update the configuration files 321.
  • As will be appreciated more fully from the description of FIG. 7 hereinafter, configuration is based on host names, not IP addresses. As a result, two mappings are required in order to handle a connection request. The requestor needs an IP address. To this end, a first mapping maps from the host name received in the connection request to the IP address of a virtual host. The virtual host, however, needs the host name of the host to be connected to. To this end, the second mapping maps back to the host name in order to read an appropriate configuration file or sub-file based on the host name. Thus, when a connection request is received for homer. odyssey.com, DNS/DDNS in effect says to the requestor “Use virtual host X.X.X.X,” where X.X.X.X represents an IP address. Then, when the virtual host receives the request, it performs a reverse lookup using DNSIDDNS, whereupon DNSIDDNS in effect says “Virtual host X.X.X.X, use the configuration information for homer. odyssey.com.”
  • Security may be further enhanced, both with respect to connections to the special-purpose virtual host for configuration purposes and also with respect to connections generally, by using out-of-band user authentication. Out-of-band authentication uses a channel, a device or any other communications method or medium which is different from that over which the inter-network communication is to take place to transmit or convey an access key. Hence, in the example of FIG. 1, the firewall 155, upon receiving a connection request from a particular source, might send a message, including a key, to a pager 119 of the authorized user of the source client. The user might be requested to simply enter the key. In more sophisticated arrangements, the user may be required to enter the key into a special hardware token to generate a further key. To gain access, a hacker must therefore steal one or more devices (e.g, a pager used to receive the out-of-band transmissions, a hardware token, etc.). Furthermore, if a hacker attempts unauthorized access to a machine while the authorized user is in possession of the pager or other communications device, the user will be alerted by the device unexpectedly receiving a message and access key.
  • Other methods may be used to communicate out-of-band so as to deliver the required access key. For example, the firewall 155 might send a fax to the fax number of the user of the source machine. Alternatively, identifying information may be sent to the user across the network, after which the user may be required to dial an unpublished number and enter the identifying information in order to receive a voice message containing the required key.
  • In each of the foregoing methodologies, the key is connection-specific. That is, once the connection is closed or the attempt to establish a connection is abandoned, if a user again attempts to establish a connection, the key that previously applied or would have applied is no longer applicable.
  • The different virtual hosts may also be configured to perform channel processing of various sorts as traffic traverses different network segments. Channel processing may include encryption, decryption, compression, decompression, image or sound enhancement, content filtering, etc. Channel processing is the processing performed on data flowing through a communications channel to enhance some attribute of the data, such as security, reproduction quality, etc. In some instances, channel processing may actually affect the content of the data, for example “bleeping” obscenities by replacing them with a distinctive character string. Alternatively, channel processing may intervene to cause a connection to be closed if the content to be sent on that connection is found to be objectionable.
  • Channel processing may be performed using existing standard software modules. In the case of encryption and decryption, for example, modules for DES, RSA, Cylink, SET, SSL, and other types of encryption/decryption and authentication may be provided on the firewall. In the case of compression and decompression, standard modules may include MPEG, JPEG, LZ-based algorithms, etc. Based on information contained in the configuration files, information passing through the firewall may be processed using one or more such modules depending on the direction of data flow.
  • Channel processing may be used to perform protocol translation, for example between IP and some other protocol or protocols. One problem that has recently received attention is that of using IP for satellite uplink and downlink transmissions. The relatively long transit times involved in satellite transmissions can cause problems using IP. One possible solution is to perform protocol translation between IP and an existing protocol used for satellite transmissions. Such protocol translation could be performed transparently to the user using a firewall of the type described.
  • Channel processing may also be used to perform virus detection. Blanket virus detection across all platforms is a daunting task and may not be practical in most cases. A system administrator may, however, configure the system to perform specified virus checking for specified hosts.
  • Encryption and decryption are particularly important to realizing the potential of the Internet and network communications. In the example just described, on the network segment between firewall 105 and 107, DES encryption might be used, in accordance with the configuration file on firewalls 105 and 107. Across the Internet, between firewall 107 and firewall 155, triple DES may be applied. On the network segment between firewall 155 and 157 RSA encryption may be used. Alternatively, encryption could be performed between firewalls 105 and 155 and also between 107 and 155 and also between 157 and 155. Thus the firewall 157 may then decrypt the cumulative results of the foregoing multiple encryptions to produce clear text to be passed on to host D. Combining encryption capabilities with programmable transparency as described above allows for the creation of virtual private networks-networks in which two remote machines communicate securely through cyberspace in the same manner as if the machines were on the same local area network.
  • Using DDNS, mappings between a host machine and a virtual host are performed dynamically, on-the-fly, as required. Any of various algorithms may be used to select a virtual host to handle a connection request, including, for example, a least-recently-used strategy. A time-out period is established such that, if a connection has been closed and is not reopened within the time-out period, the virtual host that was servicing that connection may be re-mapped so as to service another connection—i.e., it becomes associated with a different node. In this manner, the number of clients that may be serviced is vastly increased. In particular, instead of the number of clients that may use a particular network interface being limited to the number of virtual hosts on that interface as would be the case using static DNS entries, using DDNS, any number of hosts may use a particular network interface subject to availability of a virtual host. Moreover, instead of making static DNSentries at each level of a multi-level network, using DDNS, such entries are rendered unnecessary.
  • DDNS allows for dynamic load sharing among different physical machines. Hence, instead of a single physical machine, one or more of the firewalls in FIG. 1 might be realized by two or more physical machines. When performing mapping, DDNS can take account of the load on the physical machine using conventional techniques. If one physical machine fails, the functions of that machine may still be performed by virtual hosts running on another physical machine. DDNS likewise allows a firewall to be scaled-up very easily, by adding one or more additional physical machines and configuring those machines as additional virtual hosts having identical configurations as on the existing physical machine or machines, but different network addresses.
  • Referring more particularly to FIG. 4, a load-sharing firewall is realized using a first firewall 407 and a second firewall 408 connected in parallel to a network 420 such as the Internet. Redundancy is provided by conventional DNS procedures. That is, in DNS, redundant name servers are required by the DNS specification. If a query addressed to one of the redundant name servers does not receive a response, the same query may then be addressed to another name server. The same result holds true in FIG. 4. If one of the physical firewall machines 407 or 408 is down, the other machine enables normal operation to continue.
  • The configuration of FIG. 4, however, further allows the physical firewall machines 407 and 408 to share the aggregate processing load of current connections. Load sharing may be achieved in the following manner. Each of the DNS modules of all of the machines receive all DNS queries, because the machines are connected in parallel. Presumably, the DNS module of the machine that is least busy will be the first to respond to a query. An ensuing connection request is then mapped to a virtual host on the responding least-busy machine.
  • As the popularity and use of the Internet continues to grow, there is a concern that all available addresses will be used, thereby limiting further expansion. An important result of DDNS is that network addresses may be reused on network segments between which at least one firewall intervenes. More particularly, the addresses which are employed on opposite sides of a firewall are mutually exclusive of one another to avoid routing errors. Referring again to the example of FIG. 1, users of the Internet 120 are unaware of the addresses employed on a network segment 110. Certain addresses can be reserved for use behind a firewall. As shown in FIG. 1, for example, the subset of addresses represented as 192.168.X.X can be used on the network segment 110. So long as an address is not used on both sides of the same firewall, no routing errors will be introduced. Therefore, the same set of addresses can be used on the network segment 160, which is separated from the Internet via the firewall 157. On network segment 102 and network segment 152, the entire address space may be used, less those addresses used on the segments 110, 120 of the respective firewalls 105 and 155. Thus by isolating Internet Service Providers (ISPs) from the Internet at large using firewalls of the type described, each ISP could enjoy use of almost the full address space of the Internet (232 addresses). Exhaustion of network addresses, presently a grave concern within the Internet community, is therefore made highly unlikely.
  • Address reuse may be further facilitated by providing multiple multi-homing firewall programs running on a single physical machine and defining a virtual network connection between the two firewall programs using an IP address within the range 192.168.X.X as described previously. To the user and to the outside world, this “compound firewall” appears as a single multi-homing firewall of the type previously described. However, since internally the firewall is really two firewalls, the entire Internet address space may be used on both sides of the firewall, except for the addresses 192.168.X.X. This configuration is illustrated in FIG. 9.
  • In essence, the use of firewalls as presently described allows the prevailing address model of network communications to be transformed from one in which IP addresses are used for end-to-end transport to one in which host names are used for end-to-end transport, with IP addresses being of only local significance. The current use of IP addresses for end-to-end transport may be referred to as address-based routing. Using address-based routing, address exhaustion becomes a real and pressing concern. The use of host names for end-to-end transport as presently described may be referred to as name-based routing. Using name-based routing, the problem of address exhaustion is eliminated.
  • The firewall as described also allows for envoys to handle connectionless (e.g., UDP-User Datagram Protocol) traffic, which has been problematic in the prior art. UDP is an example of a connectionless protocol in which packets are launched without any end-to-end handshaking. In the case of many prior-art firewalls, UDP traffic goes right through the firewall unimpeded. The present firewall handles connectionless traffic using envoys. Rules checking is performed on a first data packet to be sent from the first computer to the second computer. If the result of this rules checking is to allow the first packet to be sent, a time-out limit associated with communications between the first computer and the second computer via UDP is established, and the first packet is sent from one of the virtual hosts to the second computer on behalf of the first computer. Thereafter, for so long as the time-out limit has not expired, subsequent packets between the first computer and the second computer are checked and sent. A long-lived session is therefore created for UDP traffic. After the time-out limit has expired, the virtual host may be remapped to a different network address to handle a different connection.
  • The construction of a typical firewall in accordance with the present invention will now be described in greater detail. Referring to FIG. 5, the firewall is a software package that runs on a physical machine 500. One example of a suitable machine is a super-minicomputer such as a SparcServer machine available from Sun Microsystems of Menlo Park, Calif. The firewall may, however, run on any of a wide variety of suitable platforms and operating systems. The present invention is not dependent upon a particular choice of platform and operating system.
  • Conventionally, the logical view of the firewall on the Internet, an intranet, or some other computer network is the same as the physical view of the underlying hardware. A single network address has been associated with a single network interface. As a result, no mechanism has existed for distinguishing between communications received on a single network interface and hence directing those communications to different logical machines.
  • As described previously, this limitation may be overcome by recognizing multiple addresses on a single network interface, mapping between respective addresses and respective virtual hosts, and directing communications to different addresses to different virtual hosts. Therefore, the present firewall, although it runs on a limited number of physical machines, such as a single computer 500, appears on the network as a larger number of virtual hosts VH1 through VHn. Each virtual host has a separate configuration sub-file (sub-database) C1, C2, etc., that may be derived from a master configuration file, or database, 510. The configuration sub-files are text files that may be used to enable or disable different functions for each virtual host, specify which connections and types of traffic will be allowed and which will be denied, etc. Because the configuration files are text files, they may be easily modified at any time following initial installation.
  • Preferably, each virtual host also has its own separate log file L1, L2, etc. This feature allows for more precise and more effective security monitoring.
  • The firewall is capable of servicing many simultaneous connections. The number of allowable simultaneous connections is configurable and may be limited to a predetermined number, or may be limited not by number but only by the load currently experienced by the physical machine. The number of maximum allowable connections or the maximum allowable machine load may be specified in the configuration file.
  • As described in greater detail in connection with FIG. 7, each configuration file C1, C2, etc., may have an access rules database 513, including an Allow portion 515, a Deny portion 517, or both. Using the access rules database 513, the firewall selectively allows and denies connections to implement a network security policy.
  • The firewall is self-daemoning, meaning that it is not subject to the limitations ordinarily imposed by the usual Internet meta-daemon, INETD, or other operating-system limitations. Referring to FIG. 6, when the firewall is brought up, it first reads in the master configuration file and then becomes a daemon and waits for connection requests. When a connection request is received, the firewall spawns a process, or execution thread, to create a virtual host VHn to handle that connection request. Each process runs off the same base code. However, each process will typically use its own sub-database from within the master configuration database to determine the configuration of that particular virtual host. Processes are created “on demand” as connection requests are received and terminate as service of those connection requests is completed.
  • An example of a portion of a master configuration file is shown in FIG. 7. Within the master configuration file database, different portions of the file form sub-databases for different virtual hosts. Each sub-database may specify a root directory for that particular virtual host. Also as part of the configuration file of each virtual host, an access rules database is provided governing access to and through the virtual host, i.e., which connections will be allowed and which connections will be denied. The syntax of the access rules database is such as to allow greater flexibility in specifying not only what machines are or are not to be allowed access, but also when such access is allowed to occur and which users are authorized. The access rules database may have an Allow portion, a Deny portion or both. Processing with respect to the Allow database is performed prior to processing with respect to the Deny database. Therefore, if there is an entry for the requested connection in the Allow database and no entry for that connection in the Deny database, then the connection will be allowed. If there is no Allow database and no entry in the Deny database, then the connection will also be allowed. If there is an entry for the requested connection in the Deny database, then the connection will be denied regardless. Machines may be specified by name or by IP address, and may include “wildcards,” address masks, etc., for example: MisterPain.com, *.srmc.com, 192.168.0.*, 192.168.0.0/24, and so on.
  • Time restrictions may be included in either the Allow rules or the Deny rules. For example, access may be allowed from 1 am to 12 pm; alternatively, access may be denied from 12 pm to 1 am. Also, rules may be defined by identifiers, such as RULE1, RULE2, etc., and used elsewhere within the configuration sub-file of the virtual host to simplify and alleviate the need for replication.
  • All access rules must be satisfied in order to gain access to a virtual host. Depending on the virtual host, however, and as specified within the configuration sub-file, separate access scrutiny may be applied based on DNS entries. The accessing machine may be required to have a DNS (Domain Name Services) entry. Having a DNS entry lends at least some level of legitimacy to the accessing machine. Furthermore, the accessing machine may in addition be required to have a reverse DNS entry. Finally, it may be required that the forward DNS entry and the reverse DNS entry match each other, i.e., that an address mapped to from a given host name map back to the same host name.
  • If access is granted and a connection is opened, when the connection is later closed, a log entry is made recording information about that access. Log entries may also be made when a connection is opened, as data transport proceeds, etc.
  • Referring now to FIG. 8, the logical structure of the present firewall is shown in greater detail. The main execution of the firewall is controlled by a daemon. In FIG. 8, the daemon includes elements 801, 803 and 805. Although the daemon mode of operation is the default mode, the same code can also be run interactively under the conventional INETD daemon. Hence, when the firewall is first brought up, command-line processing is performed in block 801 to determine the mode of operation (daemon or interactive), which configuration file to read, etc. For purposes of the present discussion, the daemon mode of operation, which is the default, will be assumed.
  • In the daemon mode of operation, a process first reads the configuration file before becoming a daemon. By daemonizing after the configuration file (e.g., the master configuration file) has been read, the configuration file in effect becomes “hard coded” into the program such that the program no longer has to read it in. The daemon then waits to receive a connection request.
  • When a connection request is received, the daemon spawns a process to handle the connection request. This process then uses a piece of code referred to herein as an INET Wrapper 810 to check on the local side of the connection and the remote side of the connection to determine, in accordance with the appropriate Allow and Deny databases, whether the connection is to be allowed.
  • First the address and name (if possible) are obtained of the virtual host for which a connection is requested. Once the virtual host has been identified by name or at least by IP address, the master configuration database is scanned to see if a corresponding sub-database exists for that virtual host. If so, the sub-database is set as the configuration database of the virtual host so that the master configuration database need no longer be referred to. If no corresponding sub-database is found, then by default the master configuration database is used as the configuration database. There may be any number of virtual hosts, all independently configurable and all running on the same physical machine. The determination of which virtual host the process is to become is made in block 803, under the heading of “multi-homing.”
  • Once the process has determined which host it is, immediately thereafter, the process changes to a user profile in block 805 as defined in the configuration, so as to become an unprivileged user. This step of becoming an unprivileged user is a security measure that avoids various known security hazards. The INET Wrapper is then used to check on the remote host, i.e., the host requesting the connection. First, the configuration database is consulted to determine the level of access scrutiny that will be applied. (The default level of access scrutiny is that no DNS entry is required.) Then, the address and name (if possible) are obtained of the machine requesting the connection, and the appropriate level of access scrutiny is applied as determined from the configuration database.
  • If the remote host satisfies the required level of access scrutiny insofar as DNS entries are concerned, the INET Wrapper gets the Allow and Deny databases for the virtual host. First the Allow database is checked, and if there is an Allow database but the remote host is not found in it, the connection is denied. Then the Deny database is checked. If the remote host is found in the Deny database, then the connection is denied regardless of the allow database. All other rules must also be satisfied, regarding time of access, etc. If all the rules are satisfied, then the connection is allowed.
  • Once the connection has been allowed, the virtual host process invokes code 818 that performs protocol-based connection processing and, optionally, code 823 that performs channel processing (encryption, decryption, compression, decompression, etc.). When processing is completed, the connection is closed, if it has not already been closed implicitly.
  • It will be appreciated by those of ordinary skill in the art that the invention can be embodied in other specific forms without departing from the spirit or essential character thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than the foregoing description, and all changes which come within the meaning and range of equivalents thereof are intended to be embraced therein.

Claims (18)

  1. 1. A computer gateway system comprising:
    a multi-homing gateway, the multi-homing gateway configured to allow an IP address to be mapped to at least one virtual host;
    at least one virtual host configuration table, the virtual host configuration table including an association between the at least one virtual host and IP addresses;
    said at least one virtual host being in communication with the virtual host configuration table to obtain the association between said at least one virtual host and IP addresses; and
    at least one interface connected to an IP compliant network.
  2. 2. The system of claim 1, wherein each of said at least one virtual hosts comprises a separate log file.
  3. 3. The system of claim 1, wherein each of said at least one virtual host includes a separate configuration sub-file that is derived from said host configuration file.
  4. 4. The system of claim 3, wherein the configuration sub-files may be used to enable or disable different functions for each of said at least one virtual hosts.
  5. 5. The system of claim 4, wherein said configuration sub-files are used to specify which connections will be allowed or denied.
  6. 6. The system of claim 4, wherein said configuration sub-files are used to specify which and types of traffic will be allowed or denied.
  7. 7. A computer system comprising:
    multi-homing gateway means for mapping an IP address to at least one virtual host means;
    at least one virtual host configuration table means for providing an association between the at least one virtual host means and IP addresses;
    communication means coupled with said at least one virtual host configuration table means for obtaining the association between said virtual host means and IP addresses; and
    at least one interface means connected to an IP compliant network.
  8. 8. The system of claim 7, wherein each of said at least one virtual hosts further comprises separate log file means.
  9. 9. The system of claim 7, wherein each of said at least one virtual host means further comprises separate configuration sub-file means derived from said host configuration file means.
  10. 10. The system of claim 9, wherein the configuration sub-files means further comprising means for enabling or disabling different functions for each of said at least one virtual host means.
  11. 11. The system of claim 10, wherein said configuration sub-file means further comprise means for specifying which connections will be allowed or denied.
  12. 12. The system of claim 10, wherein said configuration sub-file means further comprise means for specify which and types of traffic will be allowed or denied.
  13. 13. A computer system comprising:
    a multi-homing gateway at least one interface connected to an IP compliant network and configured to allow an IP address to be mapped to at least one virtual host;
    at least one virtual host configuration table coupled to the multi-homing gateway and including an association between the at least one virtual host and IP addresses;
    said at least one virtual host being in communication with the virtual host configuration table to obtain the association between said at least one virtual host and IP addresses.
  14. 14. The system of claim 13, wherein each of said at least one virtual hosts comprises a separate log file.
  15. 15. The system of claim 13, wherein each of said at least one virtual host includes a separate configuration sub-file that is derived from said host configuration file.
  16. 16. The system of claim 15, wherein the configuration sub-files may be used to enable or disable different functions for each of said at least one virtual hosts.
  17. 17. The system of claim 16, wherein said configuration sub-files are used to specify which connections will be allowed or denied.
  18. 18. The system of claim 16, wherein said configuration sub-files are used to specify which and types of traffic will be allowed or denied.
US11148006 1996-02-06 2005-06-07 Computer gateway system Abandoned US20060005236A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US08733361 US5898830A (en) 1996-10-17 1996-10-17 Firewall providing enhanced network security and user transparency
US09299941 US6052788A (en) 1996-10-17 1999-04-26 Firewall providing enhanced network security and user transparency
US09552476 US6804783B1 (en) 1996-10-17 2000-04-18 Firewall providing enhanced network security and user transparency
US10210326 US6751738B2 (en) 1996-10-17 2002-08-01 Firewall providing enhanced network security and user transparency
US10701011 US20040088706A1 (en) 1996-02-06 2003-11-03 Firewall providing enhanced netowrk security and user transparency
US11148006 US20060005236A1 (en) 1996-10-17 2005-06-07 Computer gateway system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11148006 US20060005236A1 (en) 1996-10-17 2005-06-07 Computer gateway system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10701011 Continuation US20040088706A1 (en) 1996-02-06 2003-11-03 Firewall providing enhanced netowrk security and user transparency

Publications (1)

Publication Number Publication Date
US20060005236A1 true true US20060005236A1 (en) 2006-01-05

Family

ID=24947298

Family Applications (18)

Application Number Title Priority Date Filing Date
US08733361 Expired - Lifetime US5898830A (en) 1996-10-17 1996-10-17 Firewall providing enhanced network security and user transparency
US09299941 Expired - Lifetime US6052788A (en) 1996-10-17 1999-04-26 Firewall providing enhanced network security and user transparency
US09552476 Expired - Fee Related US6804783B1 (en) 1996-10-17 2000-04-18 Firewall providing enhanced network security and user transparency
US10210326 Expired - Lifetime US6751738B2 (en) 1996-10-17 2002-08-01 Firewall providing enhanced network security and user transparency
US10434330 Abandoned US20030196122A1 (en) 1996-10-17 2003-05-08 Firewall providing enhanced network security and user transparency
US10701011 Abandoned US20040088706A1 (en) 1996-02-06 2003-11-03 Firewall providing enhanced netowrk security and user transparency
US10700411 Expired - Fee Related US7249378B2 (en) 1996-02-06 2003-11-03 Firewall providing enhanced network security and user transparency
US10703806 Expired - Fee Related US7028336B2 (en) 1996-02-06 2003-11-06 Firewall providing enhanced network security and user transparency
US10704399 Abandoned US20040088586A1 (en) 1996-02-26 2003-11-06 Firewall providing enhanced network security and user transparency
US10703822 Abandoned US20040103322A1 (en) 1996-02-06 2003-11-07 Firewall providing enhanced network security and user transparency
US10703821 Expired - Fee Related US7249376B2 (en) 1996-02-06 2003-11-07 Firewall providing enhanced network security and user transparency
US10712190 Expired - Fee Related US7269847B2 (en) 1996-02-06 2003-11-12 Firewall providing enhanced network security and user transparency
US10841246 Expired - Fee Related US7424737B2 (en) 1996-02-06 2004-05-06 Virtual host for protocol transforming traffic traversing between an IP-compliant source and non-IP compliant destination
US10841238 Abandoned US20050022030A1 (en) 1996-02-06 2004-05-06 Virtual host for channel processing traffic traversing between a source and destination
US11148006 Abandoned US20060005236A1 (en) 1996-02-06 2005-06-07 Computer gateway system
US11250909 Abandoned US20060053486A1 (en) 1996-02-06 2005-10-13 Method for providing a virtual private network connection
US11464165 Abandoned US20060288408A1 (en) 1996-02-06 2006-08-11 Virtual private network
US11464111 Abandoned US20070101421A1 (en) 1996-02-06 2006-08-11 Virtual private network

Family Applications Before (14)

Application Number Title Priority Date Filing Date
US08733361 Expired - Lifetime US5898830A (en) 1996-10-17 1996-10-17 Firewall providing enhanced network security and user transparency
US09299941 Expired - Lifetime US6052788A (en) 1996-10-17 1999-04-26 Firewall providing enhanced network security and user transparency
US09552476 Expired - Fee Related US6804783B1 (en) 1996-10-17 2000-04-18 Firewall providing enhanced network security and user transparency
US10210326 Expired - Lifetime US6751738B2 (en) 1996-10-17 2002-08-01 Firewall providing enhanced network security and user transparency
US10434330 Abandoned US20030196122A1 (en) 1996-10-17 2003-05-08 Firewall providing enhanced network security and user transparency
US10701011 Abandoned US20040088706A1 (en) 1996-02-06 2003-11-03 Firewall providing enhanced netowrk security and user transparency
US10700411 Expired - Fee Related US7249378B2 (en) 1996-02-06 2003-11-03 Firewall providing enhanced network security and user transparency
US10703806 Expired - Fee Related US7028336B2 (en) 1996-02-06 2003-11-06 Firewall providing enhanced network security and user transparency
US10704399 Abandoned US20040088586A1 (en) 1996-02-26 2003-11-06 Firewall providing enhanced network security and user transparency
US10703822 Abandoned US20040103322A1 (en) 1996-02-06 2003-11-07 Firewall providing enhanced network security and user transparency
US10703821 Expired - Fee Related US7249376B2 (en) 1996-02-06 2003-11-07 Firewall providing enhanced network security and user transparency
US10712190 Expired - Fee Related US7269847B2 (en) 1996-02-06 2003-11-12 Firewall providing enhanced network security and user transparency
US10841246 Expired - Fee Related US7424737B2 (en) 1996-02-06 2004-05-06 Virtual host for protocol transforming traffic traversing between an IP-compliant source and non-IP compliant destination
US10841238 Abandoned US20050022030A1 (en) 1996-02-06 2004-05-06 Virtual host for channel processing traffic traversing between a source and destination

Family Applications After (3)

Application Number Title Priority Date Filing Date
US11250909 Abandoned US20060053486A1 (en) 1996-02-06 2005-10-13 Method for providing a virtual private network connection
US11464165 Abandoned US20060288408A1 (en) 1996-02-06 2006-08-11 Virtual private network
US11464111 Abandoned US20070101421A1 (en) 1996-02-06 2006-08-11 Virtual private network

Country Status (1)

Country Link
US (18) US5898830A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040103322A1 (en) * 1996-02-06 2004-05-27 Wesinger Ralph E. Firewall providing enhanced network security and user transparency
US20050235348A1 (en) * 1996-02-06 2005-10-20 Coley Christopher D System for preventing unwanted access to information on a computer
US20070185691A1 (en) * 2006-02-09 2007-08-09 Yuichi Kimura Method and system for evaluating environmental impact occurring during an activity cycle
US20070261110A1 (en) * 2006-05-02 2007-11-08 Cisco Technology, Inc., A California Corporation Packet firewalls of particular use in packet switching devices
US20080163357A1 (en) * 2006-12-29 2008-07-03 Hisky Xiao Virtual firewall
US8340090B1 (en) 2007-03-08 2012-12-25 Cisco Technology, Inc. Interconnecting forwarding contexts using u-turn ports

Families Citing this family (623)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5918018A (en) 1996-02-09 1999-06-29 Secure Computing Corporation System and method for achieving network separation
US20060265336A1 (en) * 1996-02-26 2006-11-23 Graphon Corporation Automated system for management of licensed digital assets
US6453345B2 (en) * 1996-11-06 2002-09-17 Datadirect Networks, Inc. Network security and surveillance system
US6145004A (en) * 1996-12-02 2000-11-07 Walsh; Stephen Kelly Intranet network system
US6041355A (en) * 1996-12-27 2000-03-21 Intel Corporation Method for transferring data between a network of computers dynamically based on tag information
JP3591753B2 (en) * 1997-01-30 2004-11-24 富士通株式会社 Firewall system and method
JP3497342B2 (en) * 1997-02-27 2004-02-16 株式会社日立製作所 Client-server system, a server, a client processing method and server processing method
JP2001515669A (en) * 1997-03-06 2001-09-18 ソフトウエア アンド システムズ エンジニアリング リミテッド System and method for granting access to information in a distributed computer system
US7580919B1 (en) 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US7821926B2 (en) 1997-03-10 2010-10-26 Sonicwall, Inc. Generalized policy server
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7272625B1 (en) 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6104716A (en) * 1997-03-28 2000-08-15 International Business Machines Corporation Method and apparatus for lightweight secure communication tunneling over the internet
US6226748B1 (en) * 1997-06-12 2001-05-01 Vpnet Technologies, Inc. Architecture for virtual private networks
US6173399B1 (en) * 1997-06-12 2001-01-09 Vpnet Technologies, Inc. Apparatus for implementing virtual private networks
US5996077A (en) * 1997-06-16 1999-11-30 Cylink Corporation Access control system and method using hierarchical arrangement of security devices
US6473406B1 (en) * 1997-07-31 2002-10-29 Cisco Technology, Inc. Method and apparatus for transparently proxying a connection
US6006268A (en) 1997-07-31 1999-12-21 Cisco Technology, Inc. Method and apparatus for reducing overhead on a proxied connection
US7136359B1 (en) * 1997-07-31 2006-11-14 Cisco Technology, Inc. Method and apparatus for transparently proxying a connection
US6098172A (en) * 1997-09-12 2000-08-01 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with proxy reflection
US7143438B1 (en) * 1997-09-12 2006-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US6154775A (en) * 1997-09-12 2000-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with dynamic rule processing with the ability to dynamically alter the operations of rules
JPH1185654A (en) * 1997-09-12 1999-03-30 Matsushita Electric Ind Co Ltd Virtual www server device and camera controllable www server device
JPH1196099A (en) * 1997-09-19 1999-04-09 Hitachi Ltd Service providing system
EP1031105A2 (en) * 1997-11-20 2000-08-30 Xacct Technologies, Inc. Network accounting and billing system and method
US6324552B1 (en) * 1997-11-25 2001-11-27 International Business Machines Corporation Browsers for focused access of data
US6330610B1 (en) * 1997-12-04 2001-12-11 Eric E. Docter Multi-stage data filtering system employing multiple filtering criteria
US7055173B1 (en) * 1997-12-19 2006-05-30 Avaya Technology Corp. Firewall pooling in a network flowswitch
US6079020A (en) * 1998-01-27 2000-06-20 Vpnet Technologies, Inc. Method and apparatus for managing a virtual private network
US6119171A (en) 1998-01-29 2000-09-12 Ip Dynamics, Inc. Domain name routing
EP1051683B1 (en) * 1998-01-30 2003-07-23 Easynet Access Inc. Personalized internet interaction
US20050203835A1 (en) * 1998-01-30 2005-09-15 Eli Nhaissi Internet billing
WO1999039280A3 (en) * 1998-01-30 1999-11-18 Gil Dayagi Www addressing
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US6131163A (en) * 1998-02-17 2000-10-10 Cisco Technology, Inc. Network gateway mechanism having a protocol stack proxy
US6611861B1 (en) * 1998-02-27 2003-08-26 Xo Communications, Inc. Internet hosting and access system and method
US6044399A (en) * 1998-02-27 2000-03-28 Micron Electronics, Inc. Inferring the identity of a preferred server from configuration information
DE69928504D1 (en) * 1998-03-13 2005-12-29 Schlumberger Omnes Inc Secure access to network services
US6321336B1 (en) * 1998-03-13 2001-11-20 Secure Computing Corporation System and method for redirecting network traffic to provide secure communication
US7792297B1 (en) * 1998-03-31 2010-09-07 Piccionelli Greg A System and process for limiting distribution of information on a communication network based on geographic location
US20090059818A1 (en) * 1998-04-03 2009-03-05 Pickett Scott K Systems and methods for providing configurable caller id iformation
EP1068693B1 (en) 1998-04-03 2011-12-21 Vertical Networks, Inc. System and method for transmitting voice and data using intelligent bridged tdm and packet buses
US6266340B1 (en) 1998-04-03 2001-07-24 Vertical Networks, Inc. Systems and methods for multiple voice data communication which includes interface cards including configurable clocks that are dynamically coupled to a TDS bus
US6498791B2 (en) 1998-04-03 2002-12-24 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses and methods for performing telephony and data functions using the same
US7072330B2 (en) * 1998-04-03 2006-07-04 Consolidated Ip Holdings, Inc. Systems for voice and data communications having TDM and packet buses and telephony station cards including voltage generators
US6389009B1 (en) 2000-12-28 2002-05-14 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses
US6181694B1 (en) 1998-04-03 2001-01-30 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communciations using intelligently bridged TDM and packet buses
US6141755A (en) * 1998-04-13 2000-10-31 The United States Of America As Represented By The Director Of The National Security Agency Firewall security apparatus for high-speed circuit switched networks
CA2334939A1 (en) * 1998-05-27 1999-12-02 Abb Ab A plant for controlling process equipment
US6557037B1 (en) * 1998-05-29 2003-04-29 Sun Microsystems System and method for easing communications between devices connected respectively to public networks such as the internet and to private networks by facilitating resolution of human-readable addresses
US6256671B1 (en) * 1998-06-24 2001-07-03 Nortel Networks Limited Method and apparatus for providing network access control using a domain name system
US6411952B1 (en) * 1998-06-24 2002-06-25 Compaq Information Technologies Group, Lp Method for learning character patterns to interactively control the scope of a web crawler
WO2000001112A1 (en) * 1998-06-29 2000-01-06 Science Applications International Corporation Decentralized name services
US6532217B1 (en) 1998-06-29 2003-03-11 Ip Dynamics, Inc. System for automatically determining a network address
US6665702B1 (en) 1998-07-15 2003-12-16 Radware Ltd. Load balancing
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
US20010011253A1 (en) * 1998-08-04 2001-08-02 Christopher D. Coley Automated system for management of licensed software
US6088796A (en) * 1998-08-06 2000-07-11 Cianfrocca; Francis Secure middleware and server control system for querying through a network firewall
US6266707B1 (en) * 1998-08-17 2001-07-24 International Business Machines Corporation System and method for IP network address translation and IP filtering with dynamic address resolution
US6553421B1 (en) * 1998-09-15 2003-04-22 International Business Machines Corporation Method and system for broadcast management in a data communication network that permits namesharing
US6343074B1 (en) * 1998-09-29 2002-01-29 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communications using intelligenty bridged TDM and packet buses and methods for performing telephony and data functions using the same
US6154465A (en) 1998-10-06 2000-11-28 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communications using intelligenty bridged TDM and packet buses and methods for performing telephony and data functions using the same
US6445682B1 (en) 1998-10-06 2002-09-03 Vertical Networks, Inc. Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses and methods for performing telephony and data functions using the same
US6728885B1 (en) 1998-10-09 2004-04-27 Networks Associates Technology, Inc. System and method for network access control using adaptive proxies
US6219706B1 (en) * 1998-10-16 2001-04-17 Cisco Technology, Inc. Access control for networks
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7010604B1 (en) 1998-10-30 2006-03-07 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7188180B2 (en) * 1998-10-30 2007-03-06 Vimetx, Inc. Method for establishing secure communication link between computers of virtual private network
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6321338B1 (en) 1998-11-09 2001-11-20 Sri International Network surveillance
US6691165B1 (en) 1998-11-10 2004-02-10 Rainfinity, Inc. Distributed server cluster for controlling network traffic
US6850528B1 (en) * 1998-11-20 2005-02-01 Microsoft Corporation System and method for maintaining network system information
US6580718B1 (en) * 1998-11-24 2003-06-17 Covad Communications Group, Inc. Method and apparatus for preventing unauthorized use of a permanent virtual connection
US8266266B2 (en) 1998-12-08 2012-09-11 Nomadix, Inc. Systems and methods for providing dynamic network authorization, authentication and accounting
US6760420B2 (en) 2000-06-14 2004-07-06 Securelogix Corporation Telephony security system
US8150013B2 (en) * 2000-11-10 2012-04-03 Securelogix Corporation Telephony security system
US6226372B1 (en) * 1998-12-11 2001-05-01 Securelogix Corporation Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
US6687353B1 (en) 1998-12-11 2004-02-03 Securelogix Corporation System and method for bringing an in-line device on-line and assuming control of calls
US6249575B1 (en) 1998-12-11 2001-06-19 Securelogix Corporation Telephony security system
US7133511B2 (en) * 1998-12-11 2006-11-07 Securelogix Corporation Telephony security system
US7010566B1 (en) * 1999-01-19 2006-03-07 International Business Machines Corporation System for controlling transmission of information on the internet
JP2002538536A (en) * 1999-02-26 2002-11-12 オーセンティデイト ホールディング コーポレイション Including reliable file Mark King, digital file management and imaging system and method
US6801949B1 (en) 1999-04-12 2004-10-05 Rainfinity, Inc. Distributed server cluster with graphical user interface
WO2000062502A3 (en) * 1999-04-12 2001-03-29 Rainfinity Inc Distributed server cluster for controlling network traffic
JP3764016B2 (en) * 1999-05-10 2006-04-05 有限会社宮口研究所 Integration ip transfer network
US6981146B1 (en) 1999-05-17 2005-12-27 Invicta Networks, Inc. Method of communications and communication network intrusion protection methods and intrusion attempt detection system
US6628654B1 (en) * 1999-07-01 2003-09-30 Cisco Technology, Inc. Dispatching packets from a forwarding agent using tag switching
US6584508B1 (en) 1999-07-13 2003-06-24 Networks Associates Technology, Inc. Advanced data guard having independently wrapped components
US6684329B1 (en) 1999-07-13 2004-01-27 Networks Associates Technology, Inc. System and method for increasing the resiliency of firewall systems
US6347376B1 (en) * 1999-08-12 2002-02-12 International Business Machines Corp. Security rule database searching in a network security environment
US6505192B1 (en) * 1999-08-12 2003-01-07 International Business Machines Corporation Security rule processing for connectionless protocols
US6751677B1 (en) * 1999-08-24 2004-06-15 Hewlett-Packard Development Company, L.P. Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway
US6308276B1 (en) 1999-09-07 2001-10-23 Icom Technologies SS7 firewall system
WO2001018634A1 (en) * 1999-09-09 2001-03-15 First Access Access validation system
FR2798795B1 (en) * 1999-09-16 2002-05-10 Bull Sa access relay server has a network, transparent to a client network
US6801927B1 (en) 1999-09-24 2004-10-05 Akamba Corporation Network adaptor card with reverse proxy and cache and method implemented therewith
US6877036B1 (en) * 1999-09-24 2005-04-05 Akamba Corporation System and method for managing connections between a client and a server
US6308238B1 (en) 1999-09-24 2001-10-23 Akamba Corporation System and method for managing connections between clients and a server with independent connection and data buffers
GB9922812D0 (en) 1999-09-28 1999-11-24 Ibm Publish/Subscibe data processing with subscription points for customised message processing
ES2222790B2 (en) * 1999-10-18 2006-07-01 Telefonaktiebolaget Lm Ericsson An arrangement for h.323 leaders.
US6754707B2 (en) 1999-10-28 2004-06-22 Supportsoft, Inc. Secure computer support system
US6876991B1 (en) 1999-11-08 2005-04-05 Collaborative Decision Platforms, Llc. System, method and computer program product for a collaborative decision platform
US7039713B1 (en) * 1999-11-09 2006-05-02 Microsoft Corporation System and method of user authentication for network communication through a policy agent
WO2001035601A1 (en) * 1999-11-10 2001-05-17 Rainfinity, Inc. Distributed traffic controlling system and method for network data
US7299294B1 (en) 1999-11-10 2007-11-20 Emc Corporation Distributed traffic controller for network data
US8060581B2 (en) * 2000-07-19 2011-11-15 Akamai Technologies, Inc. Dynamic image delivery system
US7653706B2 (en) * 2000-07-19 2010-01-26 Akamai Technologies, Inc. Dynamic image delivery system
US7725602B2 (en) 2000-07-19 2010-05-25 Akamai Technologies, Inc. Domain name resolution using a distributed DNS network
US7925713B1 (en) * 1999-11-22 2011-04-12 Akamai Technologies, Inc. Method for operating an integrated point of presence server network
WO2001039418A3 (en) * 1999-11-22 2002-02-21 Diversified High Technologies Network security data management system and method
US7912978B2 (en) * 2000-07-19 2011-03-22 Akamai Technologies, Inc. Method for determining metrics of a content delivery and global traffic management network
US6608817B1 (en) 1999-12-28 2003-08-19 Networks Associates Technology, Inc. Method and apparatus for connection-oriented multiplexing and switching network analysis, management, and troubleshooting
US6629163B1 (en) 1999-12-29 2003-09-30 Implicit Networks, Inc. Method and system for demultiplexing a first sequence of packet components to identify specific components wherein subsequent components are processed without re-identifying components
WO2001050688A1 (en) * 1999-12-29 2001-07-12 Telefonaktiebolaget Lm Ericsson (Publ.) Method and system for communication
US6539394B1 (en) 2000-01-04 2003-03-25 International Business Machines Corporation Method and system for performing interval-based testing of filter rules
JP2001195333A (en) * 2000-01-06 2001-07-19 Sony Corp Setting method for information communication equipment
US7016980B1 (en) * 2000-01-18 2006-03-21 Lucent Technologies Inc. Method and apparatus for analyzing one or more firewalls
JP3596400B2 (en) * 2000-01-21 2004-12-02 日本電気株式会社 Dns server filter
US6671757B1 (en) 2000-01-26 2003-12-30 Fusionone, Inc. Data transfer and synchronization system
US8156074B1 (en) 2000-01-26 2012-04-10 Synchronoss Technologies, Inc. Data transfer and synchronization system
FR2804564B1 (en) * 2000-01-27 2002-03-22 Bull Sa multiapplicatif safety relay
WO2001056253A1 (en) * 2000-01-28 2001-08-02 At & T Corp. Method and apparatus for firewall with multiple addresses
US6606659B1 (en) * 2000-01-28 2003-08-12 Websense, Inc. System and method for controlling access to internet sites
US7185361B1 (en) * 2000-01-31 2007-02-27 Secure Computing Corporation System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server
US8090856B1 (en) 2000-01-31 2012-01-03 Telecommunication Systems, Inc. Intelligent messaging network server interconnection
US7003571B1 (en) 2000-01-31 2006-02-21 Telecommunication Systems Corporation Of Maryland System and method for re-directing requests from browsers for communication over non-IP based networks
US7689696B2 (en) * 2000-01-31 2010-03-30 Telecommunication Systems, Inc. System and method for re-directing requests from browsers for communications over non-IP based networks
US7240067B2 (en) * 2000-02-08 2007-07-03 Sybase, Inc. System and methodology for extraction and aggregation of data from dynamic content
US7873991B1 (en) * 2000-02-11 2011-01-18 International Business Machines Corporation Technique of defending against network flooding attacks using a connectionless protocol
US6854063B1 (en) * 2000-03-03 2005-02-08 Cisco Technology, Inc. Method and apparatus for optimizing firewall processing
WO2001071622A1 (en) * 2000-03-21 2001-09-27 Rittmaster Ted R System and process for distribution of information on a communication network
US6591249B2 (en) * 2000-03-26 2003-07-08 Ron Zoka Touch scan internet credit card verification purchase process
US6631417B1 (en) 2000-03-29 2003-10-07 Iona Technologies Plc Methods and apparatus for securing access to a computer
US6779039B1 (en) 2000-03-31 2004-08-17 Avaya Technology Corp. System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers
US6880089B1 (en) 2000-03-31 2005-04-12 Avaya Technology Corp. Firewall clustering for multiple network servers
EP1487172A2 (en) * 2000-04-06 2004-12-15 Miyaguchi Research Co. Ltd. Terminal-to-terminal communication connection control method using an IP transfer network
US7301952B2 (en) 2000-04-06 2007-11-27 The Distribution Systems Research Institute Terminal-to-terminal communication connection control method using IP transfer network
US7522911B2 (en) * 2000-04-11 2009-04-21 Telecommunication Systems, Inc. Wireless chat automatic status tracking
US6519703B1 (en) 2000-04-14 2003-02-11 James B. Joyce Methods and apparatus for heuristic firewall
US8140357B1 (en) 2000-04-26 2012-03-20 Boesen Peter V Point of service billing and records system
US6931437B2 (en) * 2000-04-27 2005-08-16 Nippon Telegraph And Telephone Corporation Concentrated system for controlling network interconnections
US7020718B2 (en) 2000-05-15 2006-03-28 Hewlett-Packard Development Company, L.P. System and method of aggregating discontiguous address ranges into addresses and masks using a plurality of repeating address blocks
US20010037384A1 (en) * 2000-05-15 2001-11-01 Brian Jemes System and method for implementing a virtual backbone on a common network infrastructure
US7263719B2 (en) * 2000-05-15 2007-08-28 Hewlett-Packard Development Company, L.P. System and method for implementing network security policies on a common network infrastructure
US7024686B2 (en) * 2000-05-15 2006-04-04 Hewlett-Packard Development Company, L.P. Secure network and method of establishing communication amongst network devices that have restricted network connectivity
US7058976B1 (en) 2000-05-17 2006-06-06 Deep Nines, Inc. Intelligent feedback loop process control system
US6930978B2 (en) * 2000-05-17 2005-08-16 Deep Nines, Inc. System and method for traffic management control in a data transmission network
US7380272B2 (en) * 2000-05-17 2008-05-27 Deep Nines Incorporated System and method for detecting and eliminating IP spoofing in a data transmission network
US6934749B1 (en) * 2000-05-20 2005-08-23 Ciena Corporation Tracking distributed data retrieval in a network device
WO2002071717A3 (en) * 2000-12-14 2003-03-27 Gur Kimchi Traversing firewalls and nats
DE10025929B4 (en) * 2000-05-26 2006-02-16 Harman Becker Automotive Systems (Becker Division) Gmbh A method for transmitting data
US6865739B1 (en) * 2000-06-06 2005-03-08 Polysecure Systems, Inc. Method for implementing polyinstantiated access control in computer operating systems
CA2310538A1 (en) * 2000-06-09 2001-12-09 Christopher Kirchmann Data line interrupter switch
US7757272B1 (en) * 2000-06-14 2010-07-13 Verizon Corporate Services Group, Inc. Method and apparatus for dynamic mapping
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7991917B1 (en) 2000-07-05 2011-08-02 Mcafee, Inc. High performance packet processing using a general purpose processor
DK1297446T3 (en) 2000-07-05 2006-01-30 Ernst & Young Llp A method and apparatus for providing computer services
US7013482B1 (en) * 2000-07-07 2006-03-14 802 Systems Llc Methods for packet filtering including packet invalidation if packet validity determination not timely made
US7111163B1 (en) 2000-07-10 2006-09-19 Alterwan, Inc. Wide area network using internet with quality of service
US7028100B2 (en) * 2000-07-12 2006-04-11 The Distribution Systems Research Institute Integrated information communication system for detecting and discarding external data packets that violate addressing rules
US8346956B2 (en) 2004-10-29 2013-01-01 Akamai Technologies, Inc. Dynamic image delivery system
US8073954B1 (en) 2000-07-19 2011-12-06 Synchronoss Technologies, Inc. Method and apparatus for a secure remote access system
US7895334B1 (en) 2000-07-19 2011-02-22 Fusionone, Inc. Remote access communication architecture apparatus and method
US7133404B1 (en) 2000-08-11 2006-11-07 Ip Dynamics, Inc. Communication using two addresses for an entity
US6772226B1 (en) 2000-08-15 2004-08-03 Avaya Technology Corp. VPN device clustering using a network flow switch and a different mac address for each VPN device in the cluster
US7917393B2 (en) * 2000-09-01 2011-03-29 Sri International, Inc. Probabilistic alert correlation
US7870599B2 (en) 2000-09-05 2011-01-11 Netlabs.Com, Inc. Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
US20020032793A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic
US20020032871A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for detecting, tracking and blocking denial of service attacks over a computer network
US8972590B2 (en) * 2000-09-14 2015-03-03 Kirsten Aldrich Highly accurate security and filtering software
US7587499B1 (en) 2000-09-14 2009-09-08 Joshua Haghpassand Web-based security and filtering system with proxy chaining
US6826698B1 (en) 2000-09-15 2004-11-30 Networks Associates Technology, Inc. System, method and computer program product for rule based network security policies
WO2002030082A3 (en) * 2000-10-04 2002-08-22 Preventon Technologies Ltd A method and system for controlling access by clients to servers over an internet protocol network
US6868070B1 (en) 2000-10-06 2005-03-15 Vertical Networks, Inc. Systems and methods for providing voice/data communication systems and voice/data communications
US7093287B1 (en) 2000-10-12 2006-08-15 International Business Machines Corporation Method and system for building dynamic firewall rules, based on content of downloaded documents
US6907525B2 (en) * 2001-08-14 2005-06-14 Riverhead Networks Inc. Protecting against spoofed DNS messages
US6907395B1 (en) 2000-10-24 2005-06-14 Microsoft Corporation System and method for designing a logical model of a distributed computer system and deploying physical resources according to the logical model
US7606898B1 (en) 2000-10-24 2009-10-20 Microsoft Corporation System and method for distributed management of shared computers
US6886038B1 (en) * 2000-10-24 2005-04-26 Microsoft Corporation System and method for restricting data transfers and managing software components of distributed computers
US7113900B1 (en) 2000-10-24 2006-09-26 Microsoft Corporation System and method for logical modeling of distributed computer systems
US6915338B1 (en) * 2000-10-24 2005-07-05 Microsoft Corporation System and method providing automatic policy enforcement in a multi-computer service application
US7093288B1 (en) * 2000-10-24 2006-08-15 Microsoft Corporation Using packet filters and network virtualization to restrict network communications
FI20002377A (en) * 2000-10-27 2002-04-28 Ssh Comm Security Corp Method for controlling a reverse filter code,
US7970886B1 (en) 2000-11-02 2011-06-28 Arbor Networks, Inc. Detecting and preventing undesirable network traffic from being sourced out of a network domain
US20020083079A1 (en) * 2000-11-16 2002-06-27 Interlegis, Inc. System and method of managing documents
US7660902B2 (en) * 2000-11-20 2010-02-09 Rsa Security, Inc. Dynamic file access control and management
US6986061B1 (en) 2000-11-20 2006-01-10 International Business Machines Corporation Integrated system for network layer security and fine-grained identity-based access control
US20020069366A1 (en) * 2000-12-01 2002-06-06 Chad Schoettger Tunnel mechanis for providing selective external access to firewall protected devices
US20020107904A1 (en) * 2000-12-05 2002-08-08 Kumar Talluri Remote service agent for sending commands and receiving data over e-mail network
US7818435B1 (en) * 2000-12-14 2010-10-19 Fusionone, Inc. Reverse proxy mechanism for retrieving electronic content associated with a local network
US20020080784A1 (en) * 2000-12-21 2002-06-27 802 Systems, Inc. Methods and systems using PLD-based network communication protocols
US7031267B2 (en) * 2000-12-21 2006-04-18 802 Systems Llc PLD-based packet filtering methods with PLD configuration data update of filtering rules
WO2002052480A1 (en) * 2000-12-22 2002-07-04 Trac Medical Solutions, Inc. Dynamic electronic chain-of-trust document with audit trail
US20020124069A1 (en) * 2000-12-28 2002-09-05 Hatalkar Atul N. Broadcast communication system with dynamic client-group memberships
RU2214623C2 (en) * 2000-12-29 2003-10-20 Купреенко Сергей Витальевич Computer network with internet screen and internet screen
US6931529B2 (en) 2001-01-05 2005-08-16 International Business Machines Corporation Establishing consistent, end-to-end protection for a user datagram
US20020095599A1 (en) * 2001-01-12 2002-07-18 Hyungkeun Hong VoIP call control proxy
US20020099808A1 (en) * 2001-01-24 2002-07-25 Ravikumar Pisupati Accessing services across network security mechanisms
US7039721B1 (en) 2001-01-26 2006-05-02 Mcafee, Inc. System and method for protecting internet protocol addresses
US20020116644A1 (en) * 2001-01-30 2002-08-22 Galea Secured Networks Inc. Adapter card for wirespeed security treatment of communications traffic
WO2002067540A1 (en) * 2001-02-19 2002-08-29 Gatespace Ab Method and device for data communication through a firewall
US20020133709A1 (en) 2001-03-14 2002-09-19 Hoffman Terry George Optical data transfer system - ODTS; Optically based anti-virus protection system - OBAPS
US6732279B2 (en) * 2001-03-14 2004-05-04 Terry George Hoffman Anti-virus protection system and method
US7181017B1 (en) 2001-03-23 2007-02-20 David Felsher System and method for secure three-party communications
US8615566B1 (en) 2001-03-23 2013-12-24 Synchronoss Technologies, Inc. Apparatus and method for operational support of remote network systems
CN1225721C (en) 2001-03-29 2005-11-02 皇家菲利浦电子有限公司 Device for correcting wrong words in textual information, method and speech recognition unit therefor
US20020141586A1 (en) * 2001-03-29 2002-10-03 Aladdin Knowledge Systems Ltd. Authentication employing the bluetooth communication protocol
US7007169B2 (en) * 2001-04-04 2006-02-28 International Business Machines Corporation Method and apparatus for protecting a web server against vandals attacks without restricting legitimate access
JP4774622B2 (en) * 2001-04-27 2011-09-14 ソニー株式会社 Information transfer method and information exchange system
US20020188754A1 (en) * 2001-04-27 2002-12-12 Foster Michael S. Method and system for domain addressing in a communications network
US7809944B2 (en) * 2001-05-02 2010-10-05 Sony Corporation Method and apparatus for providing information for decrypting content, and program executed on information processor
US7552239B2 (en) * 2001-05-14 2009-06-23 Canon Information Systems, Inc. Network device mimic support
US20020178365A1 (en) * 2001-05-24 2002-11-28 Shingo Yamaguchi Method and system for controlling access to network resources based on connection security
US8072979B2 (en) * 2002-06-07 2011-12-06 The Distribution Systems Research Institute Terminal-to-terminal communication control system for IP full service
EP1265445A3 (en) * 2001-06-08 2007-05-30 The Distribution Systems Research Institute Terminal-to-terminal communication connection control system for IP full service
US7308715B2 (en) * 2001-06-13 2007-12-11 Mcafee, Inc. Protocol-parsing state machine and method of using same
WO2003003660A1 (en) * 2001-06-27 2003-01-09 Hyglo Ab System and method for establishment of virtual private networks using transparent emulation clients
US7315892B2 (en) * 2001-06-27 2008-01-01 International Business Machines Corporation In-kernel content-aware service differentiation
US6513122B1 (en) 2001-06-29 2003-01-28 Networks Associates Technology, Inc. Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities
US20030014659A1 (en) * 2001-07-16 2003-01-16 Koninklijke Philips Electronics N.V. Personalized filter for Web browsing
US7313819B2 (en) * 2001-07-20 2007-12-25 Intel Corporation Automated establishment of addressability of a network device for a target network environment
WO2003010946A1 (en) * 2001-07-23 2003-02-06 Securelogix Corporation Encapsulation, compression and encryption of pcm data
GB0118674D0 (en) * 2001-07-31 2001-09-19 Hewlett Packard Co Method of establishing a secure data connection
US7243374B2 (en) 2001-08-08 2007-07-10 Microsoft Corporation Rapid application security threat analysis
US7313815B2 (en) * 2001-08-30 2007-12-25 Cisco Technology, Inc. Protecting against spoofed DNS messages
US20030035408A1 (en) * 2001-08-17 2003-02-20 Hebert James E. Redundant communication adapter system for connecting a client to an FDDI network
DE60220926D1 (en) * 2001-08-23 2007-08-09 Sphera Corp Method and system for providing web services for a variety of Web domains addressed with a single IP address
US20030046583A1 (en) * 2001-08-30 2003-03-06 Honeywell International Inc. Automated configuration of security software suites
US7107619B2 (en) 2001-08-31 2006-09-12 International Business Machines Corporation System and method for the detection of and reaction to denial of service attacks
WO2003021476A1 (en) * 2001-08-31 2003-03-13 Trac Medical Solutions, Inc. System for interactive processing of form documents
US7099941B1 (en) * 2001-09-14 2006-08-29 Bellsouth Intellectual Property Corporation Obtaining and displaying logical port information
US20030055978A1 (en) * 2001-09-18 2003-03-20 Microsoft Corporation Methods and systems for enabling outside-initiated traffic flows through a network address translator
US6851062B2 (en) 2001-09-27 2005-02-01 International Business Machines Corporation System and method for managing denial of service attacks
US7072332B2 (en) * 2001-09-27 2006-07-04 Samsung Electronics Co., Ltd. Soft switch using distributed firewalls for load sharing voice-over-IP traffic in an IP network
EP2290916B1 (en) 2001-09-28 2015-12-16 Level 3 CDN International, Inc. Configurable adaptive global traffic control and management
US7860964B2 (en) * 2001-09-28 2010-12-28 Level 3 Communications, Llc Policy-based content delivery network selection
US20030084135A1 (en) * 2001-09-28 2003-05-01 Sanjai Narain Middleware for communications networks
US7287274B1 (en) * 2001-10-04 2007-10-23 Perot Systems Corporation Method and system for providing security to a client server operating a browser
US7076797B2 (en) * 2001-10-05 2006-07-11 Microsoft Corporation Granular authorization for network user sessions
US7389537B1 (en) * 2001-10-09 2008-06-17 Juniper Networks, Inc. Rate limiting data traffic in a network
US7181765B2 (en) * 2001-10-12 2007-02-20 Motorola, Inc. Method and apparatus for providing node security in a router of a packet network
US7958550B2 (en) * 2001-11-02 2011-06-07 Sterling Commerce, Inc. Method and system for secure communication
US7370353B2 (en) * 2001-11-05 2008-05-06 Cisco Technology, Inc. System and method for managing dynamic network sessions
US8108524B2 (en) 2001-12-18 2012-01-31 Perftech, Inc. Internet connection user communications system
US7328266B2 (en) 2001-12-18 2008-02-05 Perftech, Inc. Internet provider subscriber communications system
US6961783B1 (en) 2001-12-21 2005-11-01 Networks Associates Technology, Inc. DNS server access control system and method
US7506058B2 (en) * 2001-12-28 2009-03-17 International Business Machines Corporation Method for transmitting information across firewalls
DE10201655C1 (en) * 2002-01-17 2003-07-31 Amcornet Gmbh Multifunction Server, in particular twin-firewall server
US7299349B2 (en) * 2002-01-31 2007-11-20 Microsoft Corporation Secure end-to-end notification
JP3797937B2 (en) * 2002-02-04 2006-07-19 株式会社日立製作所 Networked system, a network connection method, and a network connection device used in their
US7734752B2 (en) * 2002-02-08 2010-06-08 Juniper Networks, Inc. Intelligent integrated network security device for high-availability applications
US7650634B2 (en) 2002-02-08 2010-01-19 Juniper Networks, Inc. Intelligent integrated network security device
US20030163739A1 (en) * 2002-02-28 2003-08-28 Armington John Phillip Robust multi-factor authentication for secure application environments
JP4010830B2 (en) * 2002-03-05 2007-11-21 富士通株式会社 Communication device and a network system
US8578480B2 (en) * 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US7124438B2 (en) * 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US8635690B2 (en) * 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US20030177390A1 (en) * 2002-03-15 2003-09-18 Rakesh Radhakrishnan Securing applications based on application infrastructure security techniques
CN1650598A (en) 2002-03-18 2005-08-03 松下电器产业株式会社 A DDNS server, a DDNS client terminal and a DDNS system, and a web server terminal, its network system and an access control method
JP3848198B2 (en) * 2002-03-29 2006-11-22 株式会社東芝 Name server, network systems, reverse request processing method, the forward lookup request processing method, and communication control method
US7277954B1 (en) * 2002-04-29 2007-10-02 Cisco Technology, Inc. Technique for determining multi-path latency in multi-homed transport protocol
US7379857B2 (en) * 2002-05-10 2008-05-27 Lockheed Martin Corporation Method and system for simulating computer networks to facilitate testing of computer network security
US7340770B2 (en) * 2002-05-15 2008-03-04 Check Point Software Technologies, Inc. System and methodology for providing community-based security policies
CA2486851A1 (en) * 2002-05-22 2003-12-04 Commnav, Inc. Method and system for multiple virtual portals
US8296433B2 (en) * 2002-05-22 2012-10-23 International Business Machines Corporation Virtualization method and apparatus for integrating enterprise applications
US8321590B2 (en) * 2003-05-22 2012-11-27 International Business Machines Corporation Application network communication
US7610404B2 (en) * 2002-05-22 2009-10-27 Cast Iron Systems, Inc. Application network communication method and apparatus
US7937471B2 (en) * 2002-06-03 2011-05-03 Inpro Network Facility, Llc Creating a public identity for an entity on a network
JP3791464B2 (en) * 2002-06-07 2006-06-28 ソニー株式会社 Access rights management system, relay server, and method, and computer program
US7818794B2 (en) * 2002-06-12 2010-10-19 Thomson Licensing Data traffic filtering indicator
US7203963B1 (en) 2002-06-13 2007-04-10 Mcafee, Inc. Method and apparatus for adaptively classifying network traffic
US7788718B1 (en) 2002-06-13 2010-08-31 Mcafee, Inc. Method and apparatus for detecting a distributed denial of service attack
US7904955B1 (en) 2002-06-13 2011-03-08 Mcafee, Inc. Method and apparatus for detecting shellcode
US7418492B1 (en) 2002-06-20 2008-08-26 P-Cube Ltd. System and a method for testing network communication devices
US7869424B2 (en) * 2002-07-01 2011-01-11 Converged Data Solutions Inc. Systems and methods for voice and data communications including a scalable TDM switch/multiplexer
US7706359B2 (en) * 2002-07-01 2010-04-27 Converged Data Solutions, Inc. Systems and methods for voice and data communications including a network drop and insert interface for an external data routing resource
US7421736B2 (en) * 2002-07-02 2008-09-02 Lucent Technologies Inc. Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network
US7281139B2 (en) * 2002-07-11 2007-10-09 Sun Microsystems, Inc. Authenticating legacy service via web technology
US20040024864A1 (en) * 2002-07-31 2004-02-05 Porras Phillip Andrew User, process, and application tracking in an intrusion detection system
US6983323B2 (en) * 2002-08-12 2006-01-03 Tippingpoint Technologies, Inc. Multi-level packet screening with dynamically selected filtering criteria
US7139828B2 (en) 2002-08-30 2006-11-21 Ip Dynamics, Inc. Accessing an entity inside a private network
US8234358B2 (en) * 2002-08-30 2012-07-31 Inpro Network Facility, Llc Communicating with an entity inside a private network using an existing connection to initiate communication
FR2844415B1 (en) * 2002-09-05 2005-02-11 At & T Corp firewall system to connect two IP networks geres by two different administrative entities
DE60313195D1 (en) * 2002-09-06 2007-05-24 Marratech Ab A method, system and computer program product for transmitting a media stream between client terminals
WO2004034229A3 (en) 2002-10-10 2004-12-23 Rocksteady Networks Inc System and method for providing access control
WO2004036371A3 (en) * 2002-10-16 2004-07-01 Kerry Clendinning System and method for dynamic bandwidth provisioning
US7373658B1 (en) * 2002-10-25 2008-05-13 Aol Llc Electronic loose-leaf remote control for enabling access to content from a media player
US7647277B1 (en) 2002-10-25 2010-01-12 Time Warner Inc. Regulating access to content using a multitiered rule base
US7603711B2 (en) * 2002-10-31 2009-10-13 Secnap Networks Security, LLC Intrusion detection system
US20080119284A1 (en) * 2002-11-01 2008-05-22 Bally Gaming, Inc. Gaming systems with lottery ticket prize component
US7756956B2 (en) * 2002-11-14 2010-07-13 Canon Development Americas, Inc. Mimic support address resolution
US7185106B1 (en) * 2002-11-15 2007-02-27 Juniper Networks, Inc. Providing services for multiple virtual private networks
US20040128539A1 (en) * 2002-12-30 2004-07-01 Intel Corporation Method and apparatus for denial of service attack preemption
US20040146006A1 (en) * 2003-01-24 2004-07-29 Jackson Daniel H. System and method for internal network data traffic control
US7734600B1 (en) * 2003-02-05 2010-06-08 Michael Wise Apparatus, method and system to implement an integrated data security layer
US9818136B1 (en) 2003-02-05 2017-11-14 Steven M. Hoffberg System and method for determining contingent relevance
JP4120415B2 (en) * 2003-02-10 2008-07-16 株式会社日立製作所 Traffic control computing device
US20040162992A1 (en) * 2003-02-19 2004-08-19 Sami Vikash Krishna Internet privacy protection device
US7979694B2 (en) * 2003-03-03 2011-07-12 Cisco Technology, Inc. Using TCP to authenticate IP source addresses
US7890543B2 (en) 2003-03-06 2011-02-15 Microsoft Corporation Architecture for distributed computing system and automated design, deployment, and management of distributed applications
US8122106B2 (en) 2003-03-06 2012-02-21 Microsoft Corporation Integrating design, deployment, and management phases for systems
DE10311634A1 (en) * 2003-03-14 2004-09-30 Authentidate International Ag Electronic transmission of documents
JP4077351B2 (en) * 2003-03-28 2008-04-16 富士通株式会社 Name / address conversion apparatus
US20040249974A1 (en) * 2003-03-31 2004-12-09 Alkhatib Hasan S. Secure virtual address realm
US7949785B2 (en) 2003-03-31 2011-05-24 Inpro Network Facility, Llc Secure virtual community network system
US20040249973A1 (en) * 2003-03-31 2004-12-09 Alkhatib Hasan S. Group agent
JP4119295B2 (en) * 2003-04-07 2008-07-16 東京エレクトロン株式会社 Maintenance and diagnostic data storage server, maintenance and diagnostic data storage and acquisition system, storage and providing system maintenance and diagnostic data
US7315946B1 (en) * 2003-04-14 2008-01-01 Aol Llc Out-of-band tokens for rights access
US7451234B1 (en) * 2003-05-24 2008-11-11 At&T Mobility Ii Llc Systems and methods for updating dynamic IP addresses in a firewall using a DDNS server
US7532640B2 (en) * 2003-07-02 2009-05-12 Caterpillar Inc. Systems and methods for performing protocol conversions in a machine
US20050005167A1 (en) * 2003-07-02 2005-01-06 Kelly Thomas J. Systems and methods for providing security operations in a work machine
US7983820B2 (en) * 2003-07-02 2011-07-19 Caterpillar Inc. Systems and methods for providing proxy control functions in a work machine
US7516244B2 (en) * 2003-07-02 2009-04-07 Caterpillar Inc. Systems and methods for providing server operations in a work machine
US7596807B2 (en) * 2003-07-03 2009-09-29 Arbor Networks, Inc. Method and system for reducing scope of self-propagating attack code in network
US20050015626A1 (en) * 2003-07-15 2005-01-20 Chasin C. Scott System and method for identifying and filtering junk e-mail messages or spam based on URL content
US8645471B2 (en) 2003-07-21 2014-02-04 Synchronoss Technologies, Inc. Device message management system
US7624438B2 (en) 2003-08-20 2009-11-24 Eric White System and method for providing a secure connection between networked computers
US20050050021A1 (en) 2003-08-25 2005-03-03 Sybase, Inc. Information Messaging and Collaboration System
US7565430B2 (en) * 2003-10-01 2009-07-21 At&T Intellectual Property I, L.P. Firewall switching system for communication system applications
US20050086537A1 (en) * 2003-10-17 2005-04-21 Alex Johnson Methods and system for replicating and securing process control data
US7444678B2 (en) * 2003-10-28 2008-10-28 Aol Llc Securing resources from untrusted scripts behind firewalls
US7634509B2 (en) * 2003-11-07 2009-12-15 Fusionone, Inc. Personal information space management system and method
US7844731B1 (en) * 2003-11-14 2010-11-30 Symantec Corporation Systems and methods for address spacing in a firewall cluster
US7721273B1 (en) 2003-11-17 2010-05-18 Rockwell Automation Technologies, Inc. Controller equipment model systems and methods
US8150959B1 (en) 2003-11-17 2012-04-03 Rockwell Automation Technologies, Inc. Systems and methods for notifying multiple hosts from an industrial controller
US8146148B2 (en) * 2003-11-19 2012-03-27 Cisco Technology, Inc. Tunneled security groups
US20050114663A1 (en) * 2003-11-21 2005-05-26 Finisar Corporation Secure network access devices with data encryption
US7890995B2 (en) * 2003-11-26 2011-02-15 Cisco Technology, Inc. System and method for remote management of communications networks
US8560709B1 (en) * 2004-02-25 2013-10-15 F5 Networks, Inc. System and method for dynamic policy based access over a virtual private network
US7778422B2 (en) 2004-02-27 2010-08-17 Microsoft Corporation Security associations for devices
US8620286B2 (en) 2004-02-27 2013-12-31 Synchronoss Technologies, Inc. Method and system for promoting and transferring licensed content and applications
US7761923B2 (en) * 2004-03-01 2010-07-20 Invensys Systems, Inc. Process control methods and apparatus for intrusion detection, protection and network hardening
US7509625B2 (en) 2004-03-10 2009-03-24 Eric White System and method for comprehensive code generation for system management
US8543710B2 (en) 2004-03-10 2013-09-24 Rpx Corporation Method and system for controlling network access
US7665130B2 (en) 2004-03-10 2010-02-16 Eric White System and method for double-capture/double-redirect to a different location
US7590728B2 (en) 2004-03-10 2009-09-15 Eric White System and method for detection of aberrant network behavior by clients of a network access gateway
US7610621B2 (en) 2004-03-10 2009-10-27 Eric White System and method for behavior-based firewall modeling
US7379946B2 (en) 2004-03-31 2008-05-27 Dictaphone Corporation Categorization of information using natural language processing and predefined templates
US8850060B1 (en) * 2004-04-19 2014-09-30 Acronis International Gmbh Network interface within a designated virtual execution environment (VEE)
US20050240995A1 (en) * 2004-04-23 2005-10-27 Ali Valiuddin Y Computer security system and method
US7567560B1 (en) 2004-04-28 2009-07-28 Cisco Technology, Inc. System and method for securing a communication network
US20050246529A1 (en) 2004-04-30 2005-11-03 Microsoft Corporation Isolated persistent identity storage for authentication of computing devies
US8611873B2 (en) 2004-05-12 2013-12-17 Synchronoss Technologies, Inc. Advanced contact identification system
US9542076B1 (en) 2004-05-12 2017-01-10 Synchronoss Technologies, Inc. System for and method of updating a personal profile
US8108679B2 (en) * 2004-05-20 2012-01-31 Qinetiq Limited Firewall system
US7650627B1 (en) * 2004-05-28 2010-01-19 Sap Ag Abstract configuration files for efficient implementation of security services
US8949395B2 (en) 2004-06-01 2015-02-03 Inmage Systems, Inc. Systems and methods of event driven recovery management
US8055745B2 (en) * 2004-06-01 2011-11-08 Inmage Systems, Inc. Methods and apparatus for accessing data from a primary data storage system for secondary storage
US8504369B1 (en) 2004-06-02 2013-08-06 Nuance Communications, Inc. Multi-cursor transcription editing
US7441272B2 (en) * 2004-06-09 2008-10-21 Intel Corporation Techniques for self-isolation of networked devices
US8154987B2 (en) * 2004-06-09 2012-04-10 Intel Corporation Self-isolating and self-healing networked devices
US7300489B2 (en) * 2004-06-10 2007-11-27 Hoeganaes Corporation Powder metallurgical compositions and parts made therefrom
GB2432704B (en) * 2004-07-30 2009-12-09 Dictaphone Corp A system and method for report level confidence
US20060059551A1 (en) * 2004-09-13 2006-03-16 Utstarcom Inc. Dynamic firewall capabilities for wireless access gateways
US20060059558A1 (en) * 2004-09-15 2006-03-16 John Selep Proactive containment of network security attacks
US8819639B2 (en) * 2004-09-15 2014-08-26 Lakeside Software, Inc. System for selectively blocking execution of applications on a computer system
US7764795B2 (en) * 2004-10-20 2010-07-27 Oracle International Corporation Key-exchange protocol using a password-derived prime
US7650628B2 (en) * 2004-10-21 2010-01-19 Escription, Inc. Transcription data security
US7516480B2 (en) 2004-10-22 2009-04-07 Microsoft Corporation Secure remote configuration of targeted devices using a standard message transport protocol
US20060095960A1 (en) * 2004-10-28 2006-05-04 Cisco Technology, Inc. Data center topology with transparent layer 4 and layer 7 services
US20060095961A1 (en) * 2004-10-29 2006-05-04 Priya Govindarajan Auto-triage of potentially vulnerable network machines
US7797749B2 (en) * 2004-11-03 2010-09-14 Intel Corporation Defending against worm or virus attacks on networks
US20080222532A1 (en) * 2004-11-30 2008-09-11 Mester Michael L Controlling and Monitoring Propagation Within a Network
US7478424B2 (en) * 2004-11-30 2009-01-13 Cymtec Systems, Inc. Propagation protection within a network
US20060117387A1 (en) * 2004-11-30 2006-06-01 Gunsalus Bradley W Propagation protection of email within a network
US7836412B1 (en) 2004-12-03 2010-11-16 Escription, Inc. Transcription editing
US7568224B1 (en) 2004-12-06 2009-07-28 Cisco Technology, Inc. Authentication of SIP and RTP traffic
US20060123398A1 (en) * 2004-12-08 2006-06-08 Mcguire James B Apparatus and method for optimization of virtual machine operation
JP2006168994A (en) * 2004-12-16 2006-06-29 Heidelberger Druckmas Ag Device for adjusting sheet spacing to guide in conveyance through printing technical machine
WO2006068869A3 (en) * 2004-12-20 2006-09-08 Corning Inc Method of making a glass envelope
US8484295B2 (en) 2004-12-21 2013-07-09 Mcafee, Inc. Subscriber reputation filtering method for analyzing subscriber activity and detecting account misuse
WO2007055770A3 (en) * 2005-11-07 2009-04-30 C Scott Chasin Trusted communication network
US9160755B2 (en) 2004-12-21 2015-10-13 Mcafee, Inc. Trusted communication network
US8738708B2 (en) 2004-12-21 2014-05-27 Mcafee, Inc. Bounce management in a trusted communication network
WO2006067951A1 (en) * 2004-12-22 2006-06-29 Matsushita Electric Industrial Co., Ltd. Access control device, and access control method
US7610610B2 (en) 2005-01-10 2009-10-27 Mcafee, Inc. Integrated firewall, IPS, and virus scanner system and method
US8266320B1 (en) * 2005-01-27 2012-09-11 Science Applications International Corporation Computer network defense
US8261341B2 (en) * 2005-01-27 2012-09-04 Nokia Corporation UPnP VPN gateway configuration service
US7953814B1 (en) 2005-02-28 2011-05-31 Mcafee, Inc. Stopping and remediating outbound messaging abuse
US9015472B1 (en) 2005-03-10 2015-04-21 Mcafee, Inc. Marking electronic messages to indicate human origination
US7613610B1 (en) 2005-03-14 2009-11-03 Escription, Inc. Transcription data extraction
CN100414929C (en) * 2005-03-15 2008-08-27 华为技术有限公司 Text transmission method in protocal network of mobile internet
US7620733B1 (en) 2005-03-30 2009-11-17 Cisco Technology, Inc. DNS anti-spoofing using UDP
US8898162B2 (en) * 2005-04-01 2014-11-25 International Business Machines Corporation Methods, systems, and computer program products for providing customized content over a network
US7665128B2 (en) * 2005-04-08 2010-02-16 At&T Corp. Method and apparatus for reducing firewall rules
US7802144B2 (en) 2005-04-15 2010-09-21 Microsoft Corporation Model-based system monitoring
US7490140B2 (en) * 2005-05-12 2009-02-10 International Business Machines Corporation Peer data transfer orchestration
US8549513B2 (en) 2005-06-29 2013-10-01 Microsoft Corporation Model-based virtual system provisioning
US8166538B2 (en) * 2005-07-08 2012-04-24 Microsoft Corporation Unified architecture for remote network access
KR100663546B1 (en) * 2005-07-08 2007-01-02 주식회사 케이티 A malignant bot confrontation method and its system
DE102005035697A1 (en) * 2005-07-27 2007-02-08 Siemens Ag A method for establishing a direct inter-network communications link
US8032372B1 (en) 2005-09-13 2011-10-04 Escription, Inc. Dictation selection
US7870602B2 (en) * 2005-09-14 2011-01-11 At&T Intellectual Property I, L.P. System and method for reducing data stream interruption during failure of a firewall device
JP4950606B2 (en) * 2005-09-30 2012-06-13 トレンドマイクロ株式会社 Communication system, security management device and access control method
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
US7941309B2 (en) 2005-11-02 2011-05-10 Microsoft Corporation Modeling IT operations/policies
US8266696B2 (en) * 2005-11-14 2012-09-11 Cisco Technology, Inc. Techniques for network protection based on subscriber-aware application proxies
US20070174296A1 (en) * 2006-01-17 2007-07-26 Andrew Gibbs Method and system for distributing a database and computer program within a network
US7540416B2 (en) * 2006-02-14 2009-06-02 Ricoh Company, Ltd. Smart card authentication system with multiple card and server support
US8077708B2 (en) * 2006-02-16 2011-12-13 Techguard Security, Llc Systems and methods for determining a flow of data
US20070271613A1 (en) * 2006-02-16 2007-11-22 Joyce James B Method and Apparatus for Heuristic/Deterministic Finite Automata
US20070204323A1 (en) * 2006-02-24 2007-08-30 Rockwell Automation Technologies, Inc. Auto-detection capabilities for out of the box experience
US8041946B2 (en) * 2006-02-28 2011-10-18 The Boeing Company Data transfer between networks operating at different security levels
US8561127B1 (en) 2006-03-01 2013-10-15 Adobe Systems Incorporated Classification of security sensitive information and application of customizable security policies
US20070257923A1 (en) * 2006-03-15 2007-11-08 Colin Whitby-Strevens Methods and apparatus for harmonization of interface profiles
US9602538B1 (en) * 2006-03-21 2017-03-21 Trend Micro Incorporated Network security policy enforcement integrated with DNS server
US7788712B2 (en) * 2006-06-05 2010-08-31 Ricoh Company, Ltd. Managing access to a document-processing device using an identification token
US7761912B2 (en) * 2006-06-06 2010-07-20 Microsoft Corporation Reputation driven firewall
US20070288645A1 (en) * 2006-06-08 2007-12-13 International Business Machines Corporation Method and System for Persistent and Reliable Data Transmission
US9178907B2 (en) 2006-06-09 2015-11-03 Mcafee, Inc. System, method and computer program product for detecting encoded shellcode in network traffic
US7886351B2 (en) * 2006-06-19 2011-02-08 Microsoft Corporation Network aware firewall
US8286071B1 (en) 2006-06-29 2012-10-09 Escription, Inc. Insertion of standard text in transcriptions
US20080134300A1 (en) * 2006-07-08 2008-06-05 David Izatt Method for Improving Security of Computer Networks
US8020206B2 (en) 2006-07-10 2011-09-13 Websense, Inc. System and method of analyzing web content
US8615800B2 (en) * 2006-07-10 2013-12-24 Websense, Inc. System and method for analyzing web content
US7836495B2 (en) * 2006-07-28 2010-11-16 Microsoft Corporation Remote configuration of software component using proxy
US20080059619A1 (en) * 2006-08-31 2008-03-06 Microsoft Corporation Configuring a Perimeter Network
US8332435B2 (en) * 2006-10-03 2012-12-11 Salesforce.Com, Inc. Method and system for customizing a user interface to an on-demand database service
US9137663B2 (en) 2006-11-02 2015-09-15 Cisco Technology, Inc. Radio frequency firewall coordination
US9654495B2 (en) 2006-12-01 2017-05-16 Websense, Llc System and method of analyzing web addresses
US7899670B1 (en) 2006-12-21 2011-03-01 Escription Inc. Server-based speech recognition
US8156557B2 (en) * 2007-01-04 2012-04-10 Cisco Technology, Inc. Protection against reflection distributed denial of service attacks
US7779156B2 (en) * 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US8122493B2 (en) * 2007-01-25 2012-02-21 Drako Dean M Firewall based on domain names
US8015174B2 (en) 2007-02-28 2011-09-06 Websense, Inc. System and method of controlling access to the internet
US8316427B2 (en) 2007-03-09 2012-11-20 International Business Machines Corporation Enhanced personal firewall for dynamic computing environments
US8695081B2 (en) * 2007-04-10 2014-04-08 International Business Machines Corporation Method to apply network encryption to firewall decisions
US20080255928A1 (en) * 2007-04-10 2008-10-16 Thomas Joseph Tomeny Trusted networks of unique identified natural persons
US20080263132A1 (en) * 2007-04-23 2008-10-23 David Saintloth Apparatus and method for efficient real time web language translations
US8584227B2 (en) * 2007-05-09 2013-11-12 Microsoft Corporation Firewall with policy hints
US8166534B2 (en) 2007-05-18 2012-04-24 Microsoft Corporation Incorporating network connection security levels into firewall rules
US8370919B2 (en) * 2007-06-26 2013-02-05 Microsoft Corporation Host firewall integration with edge traversal technology
US20090046848A1 (en) * 2007-08-15 2009-02-19 Lockheed Martin Corporation Encryption management system
US20090064166A1 (en) * 2007-08-28 2009-03-05 Arimilli Lakshminarayana B System and Method for Hardware Based Dynamic Load Balancing of Message Passing Interface Tasks
US8528070B2 (en) * 2007-09-05 2013-09-03 Hewlett-Packard Development Company, L.P. System and method for secure service delivery
FR2922705B1 (en) * 2007-10-23 2011-12-09 Sagem Defense Securite bidirectional gateway security level strengthens
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8181111B1 (en) 2007-12-31 2012-05-15 Synchronoss Technologies, Inc. System and method for providing social context to digital activity
US20090178131A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Globally distributed infrastructure for secure content management
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US8910255B2 (en) * 2008-05-27 2014-12-09 Microsoft Corporation Authentication for distributed secure content management system
US20090296583A1 (en) * 2008-05-29 2009-12-03 Dolezilek David J Systems, Methods, and Apparatus for Recording Network Events Associated with a Power Generation or Delivery System
JP4582203B2 (en) * 2008-06-06 2010-11-17 コニカミノルタビジネステクノロジーズ株式会社 Image forming apparatus, communication control method and a communication control program in the apparatus
US7970670B2 (en) * 2008-08-05 2011-06-28 Exchange Holdings Inc. Electronic credit default futures market
US20100042988A1 (en) * 2008-08-14 2010-02-18 Microsoft Corporation Installation Management using Virtual Machines
US20100058355A1 (en) * 2008-09-01 2010-03-04 Microsoft Corporation Firewall data transport broker
US8621065B1 (en) 2008-10-23 2013-12-31 Amazon Technologies, Inc. Dynamic blocking of suspicious electronic submissions
US20100138910A1 (en) * 2008-12-03 2010-06-03 Check Point Software Technologies, Ltd. Methods for encrypted-traffic url filtering using address-mapping interception
US8612592B2 (en) * 2009-01-23 2013-12-17 Cisco Technology, Inc. Protected device initiated pinhole creation to allow access to the protected device in response to a domain name system (DNS) query
US8289969B2 (en) 2009-01-26 2012-10-16 Hewlett-Packard Development Company, L.P. Network edge switch configuration based on connection profile
CN101877696B (en) * 2009-04-30 2014-01-08 国际商业机器公司 Equipment and method for reconfiguring false response messages under network application environment
US8316136B2 (en) * 2009-05-22 2012-11-20 Silver Spring Networks, Inc. Multi-protocol network registration and address resolution
CA2763513A1 (en) * 2009-05-26 2010-12-02 Roy Barkan Systems and methods for efficient detection of fingerprinted data and information
US8934495B1 (en) * 2009-07-31 2015-01-13 Anue Systems, Inc. Filtering path view graphical user interfaces and related systems and methods
US8018943B1 (en) 2009-07-31 2011-09-13 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US8098677B1 (en) 2009-07-31 2012-01-17 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US8418079B2 (en) * 2009-09-01 2013-04-09 James J. Nicholas, III System and method for cursor-based application management
US8255006B1 (en) 2009-11-10 2012-08-28 Fusionone, Inc. Event dependent notification system and method
US9531674B2 (en) * 2009-11-11 2016-12-27 Microsoft Technology Licensing, Llc Virtual host security profiles
US9015318B1 (en) 2009-11-18 2015-04-21 Cisco Technology, Inc. System and method for inspecting domain name system flows in a network environment
US9009293B2 (en) * 2009-11-18 2015-04-14 Cisco Technology, Inc. System and method for reporting packet characteristics in a network environment
US9148380B2 (en) * 2009-11-23 2015-09-29 Cisco Technology, Inc. System and method for providing a sequence numbering mechanism in a network environment
US8792495B1 (en) 2009-12-19 2014-07-29 Cisco Technology, Inc. System and method for managing out of order packets in a network environment
US20110231891A1 (en) * 2010-03-18 2011-09-22 Tovar Tom C Systems and Methods for Expression of Disassociation with Online Content
US8381281B2 (en) 2010-04-07 2013-02-19 International Business Machines Corporation Authenticating a remote host to a firewall
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
CN101883048B (en) * 2010-06-25 2012-10-10 陶洋 Routing method of multi-dimensional network
US8787303B2 (en) 2010-10-05 2014-07-22 Cisco Technology, Inc. Methods and apparatus for data traffic offloading at a router
US8943428B2 (en) 2010-11-01 2015-01-27 Synchronoss Technologies, Inc. System for and method of field mapping
US9003057B2 (en) 2011-01-04 2015-04-07 Cisco Technology, Inc. System and method for exchanging information in a mobile wireless network environment
US9916420B2 (en) 2011-02-18 2018-03-13 Nuance Communications, Inc. Physician and clinical documentation specialist workflow integration
US9679107B2 (en) 2011-02-18 2017-06-13 Nuance Communications, Inc. Physician and clinical documentation specialist workflow integration
US10032127B2 (en) 2011-02-18 2018-07-24 Nuance Communications, Inc. Methods and apparatus for determining a clinician's intent to order an item
US8799021B2 (en) 2011-02-18 2014-08-05 Nuance Communications, Inc. Methods and apparatus for analyzing specificity in clinical documentation
US8788289B2 (en) 2011-02-18 2014-07-22 Nuance Communications, Inc. Methods and apparatus for linking extracted clinical facts to text
US8738403B2 (en) 2011-02-18 2014-05-27 Nuance Communications, Inc. Methods and apparatus for updating text in clinical documentation
US8694335B2 (en) 2011-02-18 2014-04-08 Nuance Communications, Inc. Methods and apparatus for applying user corrections to medical fact extraction
US9904768B2 (en) 2011-02-18 2018-02-27 Nuance Communications, Inc. Methods and apparatus for presenting alternative hypotheses for medical facts
US8768723B2 (en) 2011-02-18 2014-07-01 Nuance Communications, Inc. Methods and apparatus for formatting text for clinical fact extraction
US8549609B2 (en) * 2011-05-31 2013-10-01 Red Hat, Inc. Updating firewall rules
US8743690B1 (en) 2011-06-14 2014-06-03 Cisco Technology, Inc. Selective packet sequence acceleration in a network environment
US8948013B1 (en) 2011-06-14 2015-02-03 Cisco Technology, Inc. Selective packet sequence acceleration in a network environment
US8737221B1 (en) 2011-06-14 2014-05-27 Cisco Technology, Inc. Accelerated processing of aggregate data flows in a network environment
US8792353B1 (en) 2011-06-14 2014-07-29 Cisco Technology, Inc. Preserving sequencing during selective packet acceleration in a network environment
US8683573B2 (en) * 2011-06-27 2014-03-25 International Business Machines Corporation Detection of rogue client-agnostic nat device tunnels
US8955128B1 (en) 2011-07-27 2015-02-10 Francesco Trama Systems and methods for selectively regulating network traffic
US8631244B1 (en) 2011-08-11 2014-01-14 Rockwell Collins, Inc. System and method for preventing computer malware from exfiltrating data from a user computer in a network via the internet
US9936037B2 (en) 2011-08-17 2018-04-03 Perftech, Inc. System and method for providing redirections
US8832798B2 (en) 2011-09-08 2014-09-09 International Business Machines Corporation Transaction authentication management including authentication confidence testing
US8590018B2 (en) 2011-09-08 2013-11-19 International Business Machines Corporation Transaction authentication management system with multiple authentication levels
US20140032733A1 (en) 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
US20140053234A1 (en) 2011-10-11 2014-02-20 Citrix Systems, Inc. Policy-Based Application Management
US8806570B2 (en) 2011-10-11 2014-08-12 Citrix Systems, Inc. Policy-based application management
US8886925B2 (en) 2011-10-11 2014-11-11 Citrix Systems, Inc. Protecting enterprise data through policy-based encryption of message attachments
EP2748717A4 (en) * 2011-11-15 2015-01-21 Nicira Inc Architecture of networks with middleboxes
US9628585B2 (en) 2011-12-27 2017-04-18 Intel Corporation Systems and methods for cross-layer secure connection set up
EP2807574A4 (en) * 2012-01-24 2015-11-18 L 3 Comm Corp Methods and apparatus for managing network traffic
US9059853B1 (en) 2012-02-22 2015-06-16 Rockwell Collins, Inc. System and method for preventing a computing device from obtaining unauthorized access to a secure network or trusted computing environment
US8661246B1 (en) 2012-04-09 2014-02-25 Rockwell Collins, Inc. System and method for protecting certificate applications using a hardened proxy
US8832820B2 (en) * 2012-06-25 2014-09-09 International Business Machines Corporation Isolation and security hardening among workloads in a multi-tenant networked environment
US8745755B2 (en) 2012-10-12 2014-06-03 Citrix Systems, Inc. Controlling device access to enterprise resources in an orchestration framework for connected devices
US9516022B2 (en) 2012-10-14 2016-12-06 Getgo, Inc. Automated meeting room
US20140109176A1 (en) 2012-10-15 2014-04-17 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
US8910239B2 (en) 2012-10-15 2014-12-09 Citrix Systems, Inc. Providing virtualized private network tunnels
US20140109171A1 (en) 2012-10-15 2014-04-17 Citrix Systems, Inc. Providing Virtualized Private Network tunnels
US9971585B2 (en) 2012-10-16 2018-05-15 Citrix Systems, Inc. Wrapping unmanaged applications on a mobile device
US9606774B2 (en) 2012-10-16 2017-03-28 Citrix Systems, Inc. Wrapping an application with field-programmable business logic
US20140108793A1 (en) 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
RU2517411C1 (en) * 2012-10-24 2014-05-27 Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" Method of managing connections in firewall
US9113347B2 (en) 2012-12-05 2015-08-18 At&T Intellectual Property I, Lp Backhaul link for distributed antenna system
US10009065B2 (en) 2012-12-05 2018-06-26 At&T Intellectual Property I, L.P. Backhaul link for distributed antenna system
US8725645B1 (en) 2013-01-04 2014-05-13 Cetrus LLC Non-invasive metering system for software licenses
US9215225B2 (en) 2013-03-29 2015-12-15 Citrix Systems, Inc. Mobile device locking with context
US9355223B2 (en) 2013-03-29 2016-05-31 Citrix Systems, Inc. Providing a managed browser
US9280377B2 (en) 2013-03-29 2016-03-08 Citrix Systems, Inc. Application with multiple operation modes
US9985850B2 (en) 2013-03-29 2018-05-29 Citrix Systems, Inc. Providing mobile device management functionalities
US9413736B2 (en) 2013-03-29 2016-08-09 Citrix Systems, Inc. Providing an enterprise application store
US9306943B1 (en) * 2013-03-29 2016-04-05 Emc Corporation Access point—authentication server combination
US8850049B1 (en) 2013-03-29 2014-09-30 Citrix Systems, Inc. Providing mobile device management functionalities for a managed browser
US9999038B2 (en) 2013-05-31 2018-06-12 At&T Intellectual Property I, L.P. Remote distributed antenna system
US9525524B2 (en) 2013-05-31 2016-12-20 At&T Intellectual Property I, L.P. Remote distributed antenna system
US8897697B1 (en) 2013-11-06 2014-11-25 At&T Intellectual Property I, Lp Millimeter-wave surface-wave communications
US9209902B2 (en) 2013-12-10 2015-12-08 At&T Intellectual Property I, L.P. Quasi-optical coupler
US9467385B2 (en) 2014-05-29 2016-10-11 Anue Systems, Inc. Cloud-based network tool optimizers for server cloud networks
US9781044B2 (en) 2014-07-16 2017-10-03 Anue Systems, Inc. Automated discovery and forwarding of relevant network traffic with respect to newly connected network tools for network tool optimizers
US9692101B2 (en) 2014-08-26 2017-06-27 At&T Intellectual Property I, L.P. Guided wave couplers for coupling electromagnetic waves between a waveguide surface and a surface of a wire
US9768833B2 (en) 2014-09-15 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for sensing a condition in a transmission medium of electromagnetic waves
US10063280B2 (en) 2014-09-17 2018-08-28 At&T Intellectual Property I, L.P. Monitoring and mitigating conditions in a communication network
US9628854B2 (en) 2014-09-29 2017-04-18 At&T Intellectual Property I, L.P. Method and apparatus for distributing content in a communication network
US10050847B2 (en) 2014-09-30 2018-08-14 Keysight Technologies Singapore (Holdings) Pte Ltd Selective scanning of network packet traffic using cloud-based virtual machine tool platforms
US9615269B2 (en) 2014-10-02 2017-04-04 At&T Intellectual Property I, L.P. Method and apparatus that provides fault tolerance in a communication network
US9685992B2 (en) 2014-10-03 2017-06-20 At&T Intellectual Property I, L.P. Circuit panel network and methods thereof
US9503189B2 (en) 2014-10-10 2016-11-22 At&T Intellectual Property I, L.P. Method and apparatus for arranging communication sessions in a communication system
US9762289B2 (en) 2014-10-14 2017-09-12 At&T Intellectual Property I, L.P. Method and apparatus for transmitting or receiving signals in a transportation system
US9973299B2 (en) 2014-10-14 2018-05-15 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a mode of communication in a communication network
US9564947B2 (en) 2014-10-21 2017-02-07 At&T Intellectual Property I, L.P. Guided-wave transmission device with diversity and methods for use therewith
US9520945B2 (en) 2014-10-21 2016-12-13 At&T Intellectual Property I, L.P. Apparatus for providing communication services and methods thereof
US9653770B2 (en) 2014-10-21 2017-05-16 At&T Intellectual Property I, L.P. Guided wave coupler, coupling module and methods for use therewith
US9769020B2 (en) 2014-10-21 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for responding to events affecting communications in a communication network
US9577306B2 (en) 2014-10-21 2017-02-21 At&T Intellectual Property I, L.P. Guided-wave transmission device and methods for use therewith
US9780834B2 (en) 2014-10-21 2017-10-03 At&T Intellectual Property I, L.P. Method and apparatus for transmitting electromagnetic waves
US9312919B1 (en) 2014-10-21 2016-04-12 At&T Intellectual Property I, Lp Transmission device with impairment compensation and methods for use therewith
US9627768B2 (en) 2014-10-21 2017-04-18 At&T Intellectual Property I, L.P. Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9558078B2 (en) 2014-10-28 2017-01-31 Microsoft Technology Licensing, Llc Point in time database restore from storage snapshots
US9544006B2 (en) 2014-11-20 2017-01-10 At&T Intellectual Property I, L.P. Transmission device with mode division multiplexing and methods for use therewith
US9654173B2 (en) 2014-11-20 2017-05-16 At&T Intellectual Property I, L.P. Apparatus for powering a communication device and methods thereof
US9800327B2 (en) 2014-11-20 2017-10-24 At&T Intellectual Property I, L.P. Apparatus for controlling operations of a communication device and methods thereof
US9954287B2 (en) 2014-11-20 2018-04-24 At&T Intellectual Property I, L.P. Apparatus for converting wireless signals and electromagnetic waves and methods thereof
US9680670B2 (en) 2014-11-20 2017-06-13 At&T Intellectual Property I, L.P. Transmission device with channel equalization and control and methods for use therewith
US10009067B2 (en) 2014-12-04 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for configuring a communication interface
US9742462B2 (en) 2014-12-04 2017-08-22 At&T Intellectual Property I, L.P. Transmission medium and communication interfaces and methods for use therewith
US9544275B2 (en) * 2015-01-28 2017-01-10 defend7, Inc. Communication tunneling in application container environments
US9898319B2 (en) * 2015-02-12 2018-02-20 National Central University Method for live migrating virtual machine
US9876570B2 (en) 2015-02-20 2018-01-23 At&T Intellectual Property I, Lp Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9749013B2 (en) 2015-03-17 2017-08-29 At&T Intellectual Property I, L.P. Method and apparatus for reducing attenuation of electromagnetic waves guided by a transmission medium
US20160315662A1 (en) 2015-04-24 2016-10-27 At&T Intellectual Property I, Lp Passive electrical coupling device and methods for use therewith
US9705561B2 (en) 2015-04-24 2017-07-11 At&T Intellectual Property I, L.P. Directional coupling device and methods for use therewith
US9948354B2 (en) 2015-04-28 2018-04-17 At&T Intellectual Property I, L.P. Magnetic coupling device with reflective plate and methods for use therewith
US9793954B2 (en) 2015-04-28 2017-10-17 At&T Intellectual Property I, L.P. Magnetic coupling device and methods for use therewith
US9490869B1 (en) 2015-05-14 2016-11-08 At&T Intellectual Property I, L.P. Transmission medium having multiple cores and methods for use therewith
US9748626B2 (en) 2015-05-14 2017-08-29 At&T Intellectual Property I, L.P. Plurality of cables having different cross-sectional shapes which are bundled together to form a transmission medium
US9871282B2 (en) 2015-05-14 2018-01-16 At&T Intellectual Property I, L.P. At least one transmission medium having a dielectric surface that is covered at least in part by a second dielectric
US9917341B2 (en) 2015-05-27 2018-03-13 At&T Intellectual Property I, L.P. Apparatus and method for launching electromagnetic waves and for modifying radial dimensions of the propagating electromagnetic waves
US9992134B2 (en) 2015-05-27 2018-06-05 Keysight Technologies Singapore (Holdings) Pte Ltd Systems and methods to forward packets not passed by criteria-based filters in packet forwarding systems
US9866309B2 (en) 2015-06-03 2018-01-09 At&T Intellectual Property I, Lp Host node device and methods for use therewith
US9912381B2 (en) 2015-06-03 2018-03-06 At&T Intellectual Property I, Lp Network termination and methods for use therewith
US20160359887A1 (en) * 2015-06-04 2016-12-08 Cisco Technology, Inc. Domain name system (dns) based anomaly detection
US9913139B2 (en) 2015-06-09 2018-03-06 At&T Intellectual Property I, L.P. Signal fingerprinting for authentication of communicating devices
US9997819B2 (en) 2015-06-09 2018-06-12 At&T Intellectual Property I, L.P. Transmission medium and method for facilitating propagation of electromagnetic waves via a core
US9608692B2 (en) 2015-06-11 2017-03-28 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9820146B2 (en) 2015-06-12 2017-11-14 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9667317B2 (en) 2015-06-15 2017-05-30 At&T Intellectual Property I, L.P. Method and apparatus for providing security using network traffic adjustments
US9865911B2 (en) 2015-06-25 2018-01-09 At&T Intellectual Property I, L.P. Waveguide system for slot radiating first electromagnetic waves that are combined into a non-fundamental wave mode second electromagnetic wave on a transmission medium
US9509415B1 (en) 2015-06-25 2016-11-29 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a fundamental wave mode on a transmission medium
US9640850B2 (en) 2015-06-25 2017-05-02 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a non-fundamental wave mode on a transmission medium
US9641485B1 (en) 2015-06-30 2017-05-02 PacketViper LLC System and method for out-of-band network firewall
US9836957B2 (en) 2015-07-14 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for communicating with premises equipment
US9722318B2 (en) 2015-07-14 2017-08-01 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10033107B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10033108B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave having a wave mode that mitigates interference
US9847566B2 (en) 2015-07-14 2017-12-19 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a field of a signal to mitigate interference
US10044409B2 (en) 2015-07-14 2018-08-07 At&T Intellectual Property I, L.P. Transmission medium and methods for use therewith
US9853342B2 (en) 2015-07-14 2017-12-26 At&T Intellectual Property I, L.P. Dielectric transmission medium connector and methods for use therewith
US9628116B2 (en) 2015-07-14 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and methods for transmitting wireless signals
US9882257B2 (en) 2015-07-14 2018-01-30 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9608740B2 (en) 2015-07-15 2017-03-28 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9793951B2 (en) 2015-07-15 2017-10-17 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9871283B2 (en) 2015-07-23 2018-01-16 At&T Intellectual Property I, Lp Transmission medium having a dielectric core comprised of plural members connected by a ball and socket configuration
US9948333B2 (en) 2015-07-23 2018-04-17 At&T Intellectual Property I, L.P. Method and apparatus for wireless communications to mitigate interference
US9912027B2 (en) 2015-07-23 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for exchanging communication signals
US9749053B2 (en) 2015-07-23 2017-08-29 At&T Intellectual Property I, L.P. Node device, repeater and methods for use therewith
US10020587B2 (en) 2015-07-31 2018-07-10 At&T Intellectual Property I, L.P. Radial antenna and methods for use therewith
US9461706B1 (en) 2015-07-31 2016-10-04 At&T Intellectual Property I, Lp Method and apparatus for exchanging communication signals
US9735833B2 (en) 2015-07-31 2017-08-15 At&T Intellectual Property I, L.P. Method and apparatus for communications management in a neighborhood network
US9967173B2 (en) 2015-07-31 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9904535B2 (en) 2015-09-14 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for distributing software
US10009901B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method, apparatus, and computer-readable storage medium for managing utilization of wireless resources between base stations
US10009063B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an out-of-band reference signal
US10051629B2 (en) 2015-09-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an in-band reference signal
US9705571B2 (en) 2015-09-16 2017-07-11 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system
US9769128B2 (en) 2015-09-28 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for encryption of communications over a network
US9729197B2 (en) 2015-10-01 2017-08-08 At&T Intellectual Property I, L.P. Method and apparatus for communicating network management traffic over a network
US9882277B2 (en) 2015-10-02 2018-01-30 At&T Intellectual Property I, Lp Communication device and antenna assembly with actuated gimbal mount
US9876264B2 (en) 2015-10-02 2018-01-23 At&T Intellectual Property I, Lp Communication system, guided wave switch and methods for use therewith
US10051483B2 (en) 2015-10-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for directing wireless signals
US9912419B1 (en) 2016-08-24 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for managing a fault in a distributed antenna system
US9860075B1 (en) 2016-08-26 2018-01-02 At&T Intellectual Property I, L.P. Method and communication node for broadband distribution
US9991580B2 (en) 2016-10-21 2018-06-05 At&T Intellectual Property I, L.P. Launcher and coupling system for guided wave mode cancellation
US9876605B1 (en) 2016-10-21 2018-01-23 At&T Intellectual Property I, L.P. Launcher and coupling system to support desired guided wave mode
US9927517B1 (en) 2016-12-06 2018-03-27 At&T Intellectual Property I, L.P. Apparatus and methods for sensing rainfall
US10020844B2 (en) 2016-12-06 2018-07-10 T&T Intellectual Property I, L.P. Method and apparatus for broadcast communication via guided waves
US10027397B2 (en) 2016-12-07 2018-07-17 At&T Intellectual Property I, L.P. Distributed antenna system and methods for use therewith
US9893795B1 (en) 2016-12-07 2018-02-13 At&T Intellectual Property I, Lp Method and repeater for broadband distribution
US10069535B2 (en) 2016-12-08 2018-09-04 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves having a certain electric field structure
US9998870B1 (en) 2016-12-08 2018-06-12 At&T Intellectual Property I, L.P. Method and apparatus for proximity sensing
US9911020B1 (en) 2016-12-08 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for tracking via a radio frequency identification device
US9838896B1 (en) 2016-12-09 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for assessing network coverage
US9973940B1 (en) 2017-02-27 2018-05-15 At&T Intellectual Property I, L.P. Apparatus and methods for dynamic impedance matching of a guided wave launcher

Citations (79)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799156A (en) * 1986-10-01 1989-01-17 Strategic Processing Corporation Interactive market management system
US4823338A (en) * 1987-08-03 1989-04-18 American Telephone And Telegraph Company Virtual local area network
US4896319A (en) * 1988-03-31 1990-01-23 American Telephone And Telegraph Company, At&T Bell Laboratories Identification and authentication of end user systems for packet communications network services
US4914619A (en) * 1987-10-19 1990-04-03 International Business Machines Corporation Apparatus and method for interconnecting an application of a transparent services access facility to remote source
US4926416A (en) * 1987-12-18 1990-05-15 Alcatel N.V. Method and facilities for hybrid packet switching
US4985889A (en) * 1988-02-04 1991-01-15 Sprint International Communications Corporation Data packet switching
US4991204A (en) * 1988-12-05 1991-02-05 Nippon Telegraph And Telephone Corporation Adaptive routing control method
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US5048081A (en) * 1989-12-28 1991-09-10 At&T Bell Laboratories Arrangement for routing packetized messages
US5067123A (en) * 1989-07-03 1991-11-19 Fujitsu Limited System for controlling data transmission in atm switching network
US5084867A (en) * 1989-09-19 1992-01-28 Fujitsu Limited Routing method and routing system for switching system having a plurality of paths
US5091903A (en) * 1989-08-09 1992-02-25 Alcatel N.V. Switching network and switching-network module for an atm system
US5101404A (en) * 1988-08-26 1992-03-31 Hitachi, Ltd. Signalling apparatus for use in an ATM switching system
US5115431A (en) * 1990-09-28 1992-05-19 Stratacom, Inc. Method and apparatus for packet communications signaling
US5166931A (en) * 1990-09-04 1992-11-24 At&T Bell Laboratories Communications network dynamic addressing arrangement
US5168492A (en) * 1991-04-11 1992-12-01 Northern Telecom Limited Rotating-access ATM-STM packet switch
US5185860A (en) * 1990-05-03 1993-02-09 Hewlett-Packard Company Automatic discovery of network elements
US5185743A (en) * 1990-02-08 1993-02-09 Fujitsu Limited Signaling cell switching system
US5204857A (en) * 1990-08-20 1993-04-20 Kabushiki Kaisha Toshiba ATM exchange system
US5204987A (en) * 1990-01-12 1993-04-20 Hans Klingel Apparatus for treating steel edges of skis and other runner devices
US5208811A (en) * 1989-11-06 1993-05-04 Hitachi, Ltd. Interconnection system and method for heterogeneous networks
US5214646A (en) * 1990-01-31 1993-05-25 Amnon Yacoby System and method for interconnecting local area networks
US5216669A (en) * 1990-03-23 1993-06-01 Siemens Aktiengesellschaft Method for setting up virtual connections in switching equipment operating according to an asynchronous transfer mode
US5218602A (en) * 1991-04-04 1993-06-08 Dsc Communications Corporation Interprocessor switching network
US5231631A (en) * 1989-08-15 1993-07-27 At&T Bell Laboratories Arrangement for regulating traffic in a high speed data network
US5233607A (en) * 1988-09-30 1993-08-03 Siemens Aktiengesellschaft Communication system for forming virtual, annular networks in a time-division multiplex packet switching network
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5249178A (en) * 1990-07-26 1993-09-28 Nec Corporation Routing system capable of effectively processing routing information
US5253247A (en) * 1990-08-20 1993-10-12 Kabushiki Kaisha Toshiba Traffic control method and traffic control system for controlling cell traffic in an asynchronous transfer mode communication network
US5255266A (en) * 1990-10-20 1993-10-19 Fujitsu Limited ATM switching unit
US5258752A (en) * 1988-11-25 1993-11-02 Sumitomo Electric Industries, Ltd. Broad band digital exchange
US5258979A (en) * 1990-03-20 1993-11-02 Fujitsu Limited ATM communication system with optimal traffic control by changing the allocated bandwidth
US5260999A (en) * 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
US5271010A (en) * 1990-10-20 1993-12-14 Fujitsu Limited Virtual identifier conversion system
US5274680A (en) * 1990-11-23 1993-12-28 Thomson-Csf Device for the transmission of synchronous information by an asynchronous network, notably an ATM network
US5282244A (en) * 1991-06-24 1994-01-25 At&T Bell Laboratories Virtual signaling network method
US5285441A (en) * 1992-03-17 1994-02-08 At&T Bell Laboratories Errorless line protection switching in asynchronous transer mode (ATM) communications systems
US5311509A (en) * 1991-09-13 1994-05-10 International Business Machines Corporation Configurable gigabits switch adapter
US5323389A (en) * 1992-08-14 1994-06-21 Fore Systems, Inc. ATM cell interface and method for dispatching an ATM cell
US5339318A (en) * 1991-10-24 1994-08-16 Fujitsu Limited VPI and VCI assignment system in ATM system
US5345446A (en) * 1992-11-06 1994-09-06 At&T Bell Laboratories Establishing telecommunications call paths in broadband communication networks
US5345445A (en) * 1992-11-06 1994-09-06 At&T Bell Laboratories Establishing telecommunications calls in a broadband network
US5345443A (en) * 1992-04-30 1994-09-06 At&T Bell Laboratories Network-based digital bandwidth-on-demand
US5357510A (en) * 1992-02-19 1994-10-18 Fujitsu Limited Apparatus and a method for supervising and controlling ATM traffic
US5361256A (en) * 1992-11-27 1994-11-01 International Business Machines Corporation Inter-domain multicast routing
US5363433A (en) * 1991-05-08 1994-11-08 Fujitsu Limited Information acquisition system
US5373504A (en) * 1992-04-09 1994-12-13 Fujitsu Limited Apparatus and a method for setting a communication path
US5375206A (en) * 1991-03-11 1994-12-20 Hewlett-Packard Company Method for licensing software
US5392402A (en) * 1993-06-29 1995-02-21 Bell Communications Research, Inc. Broadband intelligent telecommunications network and method employing a resource system to support network services
US5394398A (en) * 1992-08-28 1995-02-28 Siemens Aktiengesellschaft Method and circuit arrangement for the transmission of message cells within an ATM network
US5394393A (en) * 1991-09-06 1995-02-28 Thomson-Csf Method for the routing of a packet of data in a digital transmission network
US5436727A (en) * 1993-03-08 1995-07-25 Sony Corporation Distance measuring method and apparatus
US5490252A (en) * 1992-09-30 1996-02-06 Bay Networks Group, Inc. System having central processor for transmitting generic packets to another processor to be altered and transmitting altered packets back to central processor for routing
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5548646A (en) * 1994-09-15 1996-08-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
US5617540A (en) * 1995-07-31 1997-04-01 At&T System for binding host name of servers and address of available server in cache within client and for clearing cache prior to client establishes connection
US5631897A (en) * 1993-10-01 1997-05-20 Nec America, Inc. Apparatus and method for incorporating a large number of destinations over circuit-switched wide area network connections
US5636371A (en) * 1995-06-07 1997-06-03 Bull Hn Information Systems Inc. Virtual network mechanism to access well known port application programs running on a single host system
US5680461A (en) * 1995-10-26 1997-10-21 Sun Microsystems, Inc. Secure network protocol system and method
US5699528A (en) * 1995-10-31 1997-12-16 Mastercard International, Inc. System and method for bill delivery and payment over a communications network
US5708659A (en) * 1993-10-20 1998-01-13 Lsi Logic Corporation Method for hashing in a packet network switching system
US5740549A (en) * 1995-06-12 1998-04-14 Pointcast, Inc. Information and advertising distribution system and method
US5774660A (en) * 1996-08-05 1998-06-30 Resonate, Inc. World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network
US5778367A (en) * 1995-12-14 1998-07-07 Network Engineering Software, Inc. Automated on-line information service and directory, particularly for the world wide web
US5802320A (en) * 1995-05-18 1998-09-01 Sun Microsystems, Inc. System for packet filtering of data packets at a computer network interface
US5831971A (en) * 1996-08-22 1998-11-03 Lucent Technologies, Inc. Method for leaky bucket traffic shaping using fair queueing collision arbitration
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
US5848231A (en) * 1996-02-12 1998-12-08 Teitelbaum; Neil System configuration contingent upon secure input
US5950195A (en) * 1996-09-18 1999-09-07 Secure Computing Corporation Generalized security policy management system and method
US5999518A (en) * 1996-12-04 1999-12-07 Alcatel Usa Sourcing, L.P. Distributed telecommunications switching system and method
US6003047A (en) * 1996-12-30 1999-12-14 Emc Corporation Non-hierarchical application interface for HTML-based network storage management programs
US6023762A (en) * 1997-07-09 2000-02-08 Northern Telecom Limited Multi-view personalized communications agent
US6052788A (en) * 1996-10-17 2000-04-18 Network Engineering Software, Inc. Firewall providing enhanced network security and user transparency
US6061346A (en) * 1997-01-17 2000-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Secure access method, and associated apparatus, for accessing a private IP network
US6115393A (en) * 1991-04-12 2000-09-05 Concord Communications, Inc. Network monitoring
US6321333B1 (en) * 1998-10-14 2001-11-20 Wave Systems Corporation Efficient digital certificate processing in a data processing system
US6647422B2 (en) * 1996-02-26 2003-11-11 Network Engineering Technologies, Inc. Web server employing multi-homed, modular framework
US6687833B1 (en) * 1999-09-24 2004-02-03 Networks Associates, Inc. System and method for providing a network host decoy using a pseudo network protocol stack implementation
US6754831B2 (en) * 1998-12-01 2004-06-22 Sun Microsystems, Inc. Authenticated firewall tunneling framework

Family Cites Families (147)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4727243A (en) 1984-10-24 1988-02-23 Telenet Communications Corporation Financial transaction system
US4799153A (en) * 1984-12-14 1989-01-17 Telenet Communications Corporation Method and apparatus for enhancing security of communications in a packet-switched data communications system
US4713753A (en) * 1985-02-21 1987-12-15 Honeywell Inc. Secure data processing system architecture with format control
US4802217A (en) * 1985-06-07 1989-01-31 Siemens Corporate Research & Support, Inc. Method and apparatus for securing access to a computer facility
US5236952A (en) * 1986-03-11 1993-08-17 Hoffmann-La Roche Inc. Catechol derivatives
US4893307A (en) * 1988-02-29 1990-01-09 International Business Machines Corporation Method and apparatus for linking SNA terminals to an SNA host over a packet switched communications network
US5191611A (en) * 1989-04-03 1993-03-02 Lang Gerald S Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients
US5434981A (en) 1989-09-28 1995-07-18 Rockwell International Corporation Functionally programmable PCM data analyzer and transmitter for use in telecommunication equipment
US5138712A (en) 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
EP0453863A3 (en) * 1990-04-27 1994-04-06 Nat Semiconductor Corp
FR2661579A1 (en) * 1990-04-27 1991-10-31 Trt Telecom Radio Electr signal phasing device in a system has double the digital path.
US5124984A (en) * 1990-08-07 1992-06-23 Concord Communications, Inc. Access controller for local area network
GB2249460B (en) * 1990-09-19 1994-06-29 Intel Corp Network providing common access to dissimilar hardware interfaces
US5116931A (en) * 1990-09-28 1992-05-26 Olin Corporation Thermoset polyurethane elastomers and polyurea elastomers made using high functionality, low unsaturation level polyols prepared with double metal cyanide catalysts
US5453981A (en) 1990-10-16 1995-09-26 Kabushiki Kaisha Toshiba Method of controlling communication network incorporating virtual channels exchange nodes and virtual paths exchange nodes
GB9102646D0 (en) * 1991-02-07 1991-03-27 Fisons Plc Analytical device
JPH04276942A (en) 1991-03-05 1992-10-02 Fujitsu Ltd Setting system for logic channel in atm network
US5442630A (en) 1991-05-24 1995-08-15 Gagliardi; Ugo O. ISDN interfacing of local area networks
US5444703A (en) * 1991-05-24 1995-08-22 Gagliardi; Ugo O. ISDN interfacing of personal computers
US5479407A (en) 1991-05-24 1995-12-26 Ko; Cheng-Hsu Channel utilization method and system for ISDN
US5438508A (en) 1991-06-28 1995-08-01 Digital Equipment Corporation License document interchange format for license management system
US5204897A (en) 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5577209A (en) * 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
JPH0797782B2 (en) * 1991-09-18 1995-10-18 インターナショナル・ビジネス・マシーンズ・コーポレイション Adjustment method of heterogeneous transaction
WO1993011480A1 (en) 1991-11-27 1993-06-10 Intergraph Corporation System and method for network license administration
US5295137A (en) * 1992-02-12 1994-03-15 Sprint International Communications Corp. Connection establishment in a flat distributed packet switch architecture
US5457681A (en) 1992-06-05 1995-10-10 Washington University ATM-Ethernet portal/concentrator
US5463552A (en) 1992-07-30 1995-10-31 Aeg Transportation Systems, Inc. Rules-based interlocking engine using virtual gates
US5311596A (en) * 1992-08-31 1994-05-10 At&T Bell Laboratories Continuous authentication using an in-band or out-of-band side channel
US5444702A (en) 1992-09-14 1995-08-22 Network Equipment Technologies, Inc. Virtual network using asynchronous transfer mode
US5519707A (en) * 1992-10-13 1996-05-21 Synoptics Communications, Inc. Multiplexing of communications services on a virtual service path in an ATM network or the like
CA2104753C (en) 1992-10-29 1999-02-16 Kotikalapudi Sriram Bandwidth allocation, transmission scheduling, and congestion avoidance in broadband atm networks
US5828893A (en) * 1992-12-24 1998-10-27 Motorola, Inc. System and method of communicating between trusted and untrusted computer systems
KR960003505B1 (en) 1992-12-29 1996-03-14 양승택 Atm multiplexing processor
US5434914A (en) * 1992-12-31 1995-07-18 At&T Corp. Name translation in communications networks
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5351146A (en) * 1993-03-01 1994-09-27 At&T Bell Laboratories All-optical network architecture
JP3287901B2 (en) * 1993-03-12 2002-06-04 シャープ株式会社 Identification data confirmation process in a data driven processing system
US5491752A (en) * 1993-03-18 1996-02-13 Digital Equipment Corporation, Patent Law Group System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
JPH077524A (en) 1993-04-06 1995-01-10 Siemens Ag Method for accessing address identifier of communication subscriber
US5420858A (en) * 1993-05-05 1995-05-30 Synoptics Communications, Inc. Method and apparatus for communications from a non-ATM communication medium to an ATM communication medium
JPH06335079A (en) * 1993-05-19 1994-12-02 Fujitsu Ltd Cell multiplexer in atm network
US5394402A (en) * 1993-06-17 1995-02-28 Ascom Timeplex Trading Ag Hub for segmented virtual local area network with shared media access
US5473677A (en) 1993-06-23 1995-12-05 At&T Corp. Telecommunications network architecture and system
CA2124379C (en) 1993-06-25 1998-10-27 Porta Thomas F. La Distributed processing architecture for control of broadband and narrowband communications networks
US5509010A (en) * 1993-06-25 1996-04-16 At&T Corp. Communications signaling protocols
JPH0721135A (en) * 1993-07-02 1995-01-24 Fujitsu Ltd Data processing system with duplex monitor function
EP0648034A1 (en) 1993-09-08 1995-04-12 ALCATEL BELL Naamloze Vennootschap Communication network and computer network server and interface modules used therein
US5590199A (en) * 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5414833A (en) * 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
US5455953A (en) 1993-11-03 1995-10-03 Wang Laboratories, Inc. Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket
US5425090A (en) * 1993-12-07 1995-06-13 Bell Communications Research, Inc. System and method for providing advanced intelligent network services
US5473679A (en) 1993-12-09 1995-12-05 At&T Corp. Signaling system for broadband communications networks
US5838918A (en) * 1993-12-13 1998-11-17 International Business Machines Corporation Distributing system configuration information from a manager machine to subscribed endpoint machines in a distrubuted computing environment
US5606668A (en) * 1993-12-15 1997-02-25 Checkpoint Software Technologies Ltd. System for securing inbound and outbound data packet flow in a computer network
US5887235A (en) * 1993-12-16 1999-03-23 Xerox Corporation Variable gloss fuser
US5426636A (en) * 1993-12-20 1995-06-20 At&T Corp. ATM distribution networks for narrow band communications
US5428607A (en) * 1993-12-20 1995-06-27 At&T Corp. Intra-switch communications in narrow band ATM networks
US5422882A (en) * 1993-12-20 1995-06-06 At&T Corp. ATM networks for narrow band communications
US5452297A (en) 1993-12-20 1995-09-19 At&T Corp. Access switches for large ATM networks
US5457684A (en) 1993-12-21 1995-10-10 At&T Ipm Corp. Delay-less signal processing arrangement for use in an ATM network
US5495411A (en) 1993-12-22 1996-02-27 Ananda; Mohan Secure software rental system using continuous asynchronous password verification
US5428609A (en) * 1994-01-03 1995-06-27 At&T Corp. STM-to-ATM converters
US5412654A (en) * 1994-01-10 1995-05-02 International Business Machines Corporation Highly dynamic destination-sequenced destination vector routing for mobile computers
US5522042A (en) * 1994-01-28 1996-05-28 Cabletron Systems, Inc. Distributed chassis agent for distributed network management
US5485455A (en) * 1994-01-28 1996-01-16 Cabletron Systems, Inc. Network having secure fast packet switching and guaranteed quality of service
US5450394A (en) 1994-03-10 1995-09-12 Northern Telecom Limited Delay monitoring of telecommunication networks
US5548721A (en) * 1994-04-28 1996-08-20 Harris Corporation Method of conducting secure operations on an uncontrolled network
US5495533A (en) * 1994-04-29 1996-02-27 International Business Machines Corporation Personal key archive
US5608447A (en) * 1994-05-27 1997-03-04 Bell Atlantic Full service network
US5416842A (en) * 1994-06-10 1995-05-16 Sun Microsystems, Inc. Method and apparatus for key-management scheme for use with internet protocols at site firewalls
US5644706A (en) * 1994-06-20 1997-07-01 Microsoft Corporation Failure detection and reporting for a computer mail gateway
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5414701A (en) * 1994-07-22 1995-05-09 Motorola, Inc. Method and data structure for performing address compression in an asynchronous transfer mode (ATM) system
CN1082522C (en) * 1994-08-12 2002-04-10 艾弗里·丹尼森公司 Tackified emulsion pressure-sensitive adhesive
US5623605A (en) * 1994-08-29 1997-04-22 Lucent Technologies Inc. Methods and systems for interprocess communication and inter-network data transfer
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5526414A (en) * 1994-10-26 1996-06-11 Northern Telecom Limited Dynamically controlled routing using virtual nodes
US5623601A (en) * 1994-11-18 1997-04-22 Milkway Networks Corporation Apparatus and method for providing a secure gateway for communication and data exchanges between networks
US5715403A (en) * 1994-11-23 1998-02-03 Xerox Corporation System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
US5629980A (en) 1994-11-23 1997-05-13 Xerox Corporation System for controlling the distribution and use of digital works
US5715397A (en) * 1994-12-02 1998-02-03 Autoentry Online, Inc. System and method for data transfer and processing having intelligent selection of processing routing and advanced routing features
US5550984A (en) * 1994-12-07 1996-08-27 Matsushita Electric Corporation Of America Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US5483527A (en) * 1994-12-21 1996-01-09 At&T Corp. Terminal adapter for interfacing an ATM network with a STM network
US6792337B2 (en) * 1994-12-30 2004-09-14 Power Measurement Ltd. Method and system for master slave protocol communication in an intelligent electronic device
JPH08235114A (en) * 1995-02-28 1996-09-13 Hitachi Comput Eng Corp Ltd Server access method and charge information managing method
JP4008049B2 (en) * 1995-03-20 2007-11-14 富士通株式会社 Address transmitting device, address transmission method and address transmission system
US5729689A (en) * 1995-04-25 1998-03-17 Microsoft Corporation Network naming services proxy agent
US5632011A (en) * 1995-05-22 1997-05-20 Sterling Commerce, Inc. Electronic mail management system for operation on a host computer system
US5734865A (en) * 1995-06-07 1998-03-31 Bull Hn Information Systems Inc. Virtual local area network well-known port routing mechanism for mult--emulators in an open system environment
US5721908A (en) * 1995-06-07 1998-02-24 International Business Machines Corporation Computer network for WWW server data access over internet
US5671412A (en) * 1995-07-28 1997-09-23 Globetrotter Software, Incorporated License management system for software applications
US5878212A (en) * 1995-07-31 1999-03-02 At&T Corp. System for updating mapping or virtual host names to layer-3 address when multimedia server changes its usage state to busy or not busy
US5657390A (en) * 1995-08-25 1997-08-12 Netscape Communications Corporation Secure socket layer application program apparatus and method
US5657452A (en) * 1995-09-08 1997-08-12 U.S. Robotics Corp. Transparent support of protocol and data compression features for data communication
US5889943A (en) * 1995-09-26 1999-03-30 Trend Micro Incorporated Apparatus and method for electronic mail virus detection and elimination
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
GB9520035D0 (en) * 1995-09-30 1995-12-06 Ibm Load balancing of connections to parallel servers
US5765152A (en) * 1995-10-13 1998-06-09 Trustees Of Dartmouth College System and method for managing copyrighted electronic media
US5802053A (en) * 1995-10-13 1998-09-01 International Business Machines Corporation Transport gateway between a native network and a mixed network
US5638448A (en) * 1995-10-24 1997-06-10 Nguyen; Minhtam C. Network with secure communications sessions
US5687235A (en) * 1995-10-26 1997-11-11 Novell, Inc. Certificate revocation performance optimization
US5826029A (en) * 1995-10-31 1998-10-20 International Business Machines Corporation Secured gateway interface
US5960086A (en) * 1995-11-02 1999-09-28 Tri-Strata Security, Inc. Unified end-to-end security methods and systems for operating on insecure networks
FI102860B1 (en) * 1995-11-07 1999-02-26 Nokia Telecommunications Oy A method and system for performing an electronic payment transaction,
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system
US5764626A (en) * 1995-11-17 1998-06-09 Telecommunications Techniques Corporation Rate-matched cell identification and modification, replacement, or insertion for test and measurement of ATM network virtual connections
US6064671A (en) * 1995-12-08 2000-05-16 Killian; Michael G. Multi-homed end system for increasing computers network bandwidth
US5602918A (en) * 1995-12-22 1997-02-11 Virtual Open Network Environment Corp. Application level security system and method
US5632600A (en) * 1995-12-22 1997-05-27 General Electric Company Reinforced rotor disk assembly
US6035105A (en) * 1996-01-02 2000-03-07 Cisco Technology, Inc. Multiple VLAN architecture system
WO1997026734A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network
US5826014A (en) * 1996-02-06 1998-10-20 Network Engineering Software Firewall system for protecting network elements connected to a public network
US5862348A (en) * 1996-02-09 1999-01-19 Citrix Systems, Inc. Method and apparatus for connecting a client node to a server node based on load levels
US7028049B1 (en) * 1996-02-17 2006-04-11 Allcare Health Management System, Inc. Standing order database search system and method for internet and internet application
US5673322A (en) * 1996-03-22 1997-09-30 Bell Communications Research, Inc. System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks
US5742604A (en) * 1996-03-28 1998-04-21 Cisco Systems, Inc. Interswitch link mechanism for connecting high-performance network switches
US6026379A (en) * 1996-06-17 2000-02-15 Verifone, Inc. System, method and article of manufacture for managing transactions in a high availability system
US6360256B1 (en) * 1996-07-01 2002-03-19 Sun Microsystems, Inc. Name service for a redundant array of internet servers
US5903732A (en) * 1996-07-03 1999-05-11 Hewlett-Packard Company Trusted gateway agent for web server programs
JPH1032610A (en) * 1996-07-12 1998-02-03 Nec Corp Virtual private network constituting method in mobile data communication
US5805820A (en) * 1996-07-15 1998-09-08 At&T Corp. Method and apparatus for restricting access to private information in domain name systems by redirecting query requests
US5812671A (en) * 1996-07-17 1998-09-22 Xante Corporation Cryptographic communication system
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6003084A (en) * 1996-09-13 1999-12-14 Secure Computing Corporation Secure network proxy for connecting entities
US5903718A (en) * 1996-09-16 1999-05-11 International Business Machines Corporation Remote program monitor method and system using a system-under-test microcontroller for self-debug
US5983350A (en) * 1996-09-18 1999-11-09 Secure Computing Corporation Secure firewall supporting different levels of authentication based on address or encryption status
US6195357B1 (en) * 1996-09-24 2001-02-27 Intervoice Limited Partnership Interactive information transaction processing system with universal telephony gateway capabilities
US6119236A (en) * 1996-10-07 2000-09-12 Shipley; Peter M. Intelligent network security device and method
US5935245A (en) * 1996-12-13 1999-08-10 3Com Corporation Method and apparatus for providing secure network communications
US5911776A (en) * 1996-12-18 1999-06-15 Unisys Corporation Automatic format conversion system and publishing methodology for multi-user network
US6308328B1 (en) * 1997-01-17 2001-10-23 Scientific-Atlanta, Inc. Usage statistics collection for a cable data delivery system
US6119165A (en) * 1997-11-17 2000-09-12 Trend Micro, Inc. Controlled distribution of application programs in a computer network
FI105753B (en) * 1997-12-31 2000-09-29 Ssh Comm Security Oy Package authentication method changes the network address and protocol transformation in the presence of
US6157624A (en) * 1998-01-05 2000-12-05 Motorola, Inc. Method and apparatus for linking terminals using private secondary service paths (PSSP) in a satellite communication system
US6453419B1 (en) * 1998-03-18 2002-09-17 Secure Computing Corporation System and method for implementing a security policy
US20010011253A1 (en) * 1998-08-04 2001-08-02 Christopher D. Coley Automated system for management of licensed software
US7116707B1 (en) * 1998-11-05 2006-10-03 Cisco Technology, Inc. Modem failover without call loss
US6728748B1 (en) * 1998-12-01 2004-04-27 Network Appliance, Inc. Method and apparatus for policy based class of service and adaptive service level management within the context of an internet and intranet
EP1041775A1 (en) * 1999-03-30 2000-10-04 International Business Machines Corporation Router monitoring in a data transmission system utilizing a network dispatcher for a cluster of hosts
US6654892B1 (en) * 1999-06-08 2003-11-25 Sun Microsystems, Inc. Methods and apparatus for permitting transactions across firewalls
US6484143B1 (en) * 1999-11-22 2002-11-19 Speedera Networks, Inc. User device and system for traffic management and content distribution over a world wide area network
US7003555B1 (en) * 2000-06-23 2006-02-21 Cloudshield Technologies, Inc. Apparatus and method for domain name resolution
US6954790B2 (en) * 2000-12-05 2005-10-11 Interactive People Unplugged Ab Network-based mobile workgroup system
EP1370344A4 (en) * 2001-02-27 2004-04-28 Gradipore Ltd Polymeric membranes and uses thereof
US6947981B2 (en) * 2002-03-26 2005-09-20 Hewlett-Packard Development Company, L.P. Flexible data replication mechanism

Patent Citations (81)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4799156A (en) * 1986-10-01 1989-01-17 Strategic Processing Corporation Interactive market management system
US4823338A (en) * 1987-08-03 1989-04-18 American Telephone And Telegraph Company Virtual local area network
US4823338B1 (en) * 1987-08-03 1998-11-10 At & T Information Systems Inc Virtual local area network
US4914619A (en) * 1987-10-19 1990-04-03 International Business Machines Corporation Apparatus and method for interconnecting an application of a transparent services access facility to remote source
US4926416A (en) * 1987-12-18 1990-05-15 Alcatel N.V. Method and facilities for hybrid packet switching
US4985889A (en) * 1988-02-04 1991-01-15 Sprint International Communications Corporation Data packet switching
US4896319A (en) * 1988-03-31 1990-01-23 American Telephone And Telegraph Company, At&T Bell Laboratories Identification and authentication of end user systems for packet communications network services
US5101404A (en) * 1988-08-26 1992-03-31 Hitachi, Ltd. Signalling apparatus for use in an ATM switching system
US5023907A (en) * 1988-09-30 1991-06-11 Apollo Computer, Inc. Network license server
US5233607A (en) * 1988-09-30 1993-08-03 Siemens Aktiengesellschaft Communication system for forming virtual, annular networks in a time-division multiplex packet switching network
US5258752A (en) * 1988-11-25 1993-11-02 Sumitomo Electric Industries, Ltd. Broad band digital exchange
US4991204A (en) * 1988-12-05 1991-02-05 Nippon Telegraph And Telephone Corporation Adaptive routing control method
US5067123A (en) * 1989-07-03 1991-11-19 Fujitsu Limited System for controlling data transmission in atm switching network
US5091903A (en) * 1989-08-09 1992-02-25 Alcatel N.V. Switching network and switching-network module for an atm system
US5231631A (en) * 1989-08-15 1993-07-27 At&T Bell Laboratories Arrangement for regulating traffic in a high speed data network
US5084867A (en) * 1989-09-19 1992-01-28 Fujitsu Limited Routing method and routing system for switching system having a plurality of paths
US5208811A (en) * 1989-11-06 1993-05-04 Hitachi, Ltd. Interconnection system and method for heterogeneous networks
US5048081A (en) * 1989-12-28 1991-09-10 At&T Bell Laboratories Arrangement for routing packetized messages
US5204987A (en) * 1990-01-12 1993-04-20 Hans Klingel Apparatus for treating steel edges of skis and other runner devices
US5214646A (en) * 1990-01-31 1993-05-25 Amnon Yacoby System and method for interconnecting local area networks
US5185743A (en) * 1990-02-08 1993-02-09 Fujitsu Limited Signaling cell switching system
US5258979A (en) * 1990-03-20 1993-11-02 Fujitsu Limited ATM communication system with optimal traffic control by changing the allocated bandwidth
US5216669A (en) * 1990-03-23 1993-06-01 Siemens Aktiengesellschaft Method for setting up virtual connections in switching equipment operating according to an asynchronous transfer mode
US5185860A (en) * 1990-05-03 1993-02-09 Hewlett-Packard Company Automatic discovery of network elements
US5249178A (en) * 1990-07-26 1993-09-28 Nec Corporation Routing system capable of effectively processing routing information
US5204857A (en) * 1990-08-20 1993-04-20 Kabushiki Kaisha Toshiba ATM exchange system
US5253247A (en) * 1990-08-20 1993-10-12 Kabushiki Kaisha Toshiba Traffic control method and traffic control system for controlling cell traffic in an asynchronous transfer mode communication network
US5166931A (en) * 1990-09-04 1992-11-24 At&T Bell Laboratories Communications network dynamic addressing arrangement
US5115431A (en) * 1990-09-28 1992-05-19 Stratacom, Inc. Method and apparatus for packet communications signaling
US5271010A (en) * 1990-10-20 1993-12-14 Fujitsu Limited Virtual identifier conversion system
US5255266A (en) * 1990-10-20 1993-10-19 Fujitsu Limited ATM switching unit
US5274680A (en) * 1990-11-23 1993-12-28 Thomson-Csf Device for the transmission of synchronous information by an asynchronous network, notably an ATM network
US5375206A (en) * 1991-03-11 1994-12-20 Hewlett-Packard Company Method for licensing software
US5218602A (en) * 1991-04-04 1993-06-08 Dsc Communications Corporation Interprocessor switching network
US5168492A (en) * 1991-04-11 1992-12-01 Northern Telecom Limited Rotating-access ATM-STM packet switch
US6115393A (en) * 1991-04-12 2000-09-05 Concord Communications, Inc. Network monitoring
US5363433A (en) * 1991-05-08 1994-11-08 Fujitsu Limited Information acquisition system
US5282244A (en) * 1991-06-24 1994-01-25 At&T Bell Laboratories Virtual signaling network method
US5260999A (en) * 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
US5394393A (en) * 1991-09-06 1995-02-28 Thomson-Csf Method for the routing of a packet of data in a digital transmission network
US5311509A (en) * 1991-09-13 1994-05-10 International Business Machines Corporation Configurable gigabits switch adapter
US5339318A (en) * 1991-10-24 1994-08-16 Fujitsu Limited VPI and VCI assignment system in ATM system
US5357510A (en) * 1992-02-19 1994-10-18 Fujitsu Limited Apparatus and a method for supervising and controlling ATM traffic
US5285441A (en) * 1992-03-17 1994-02-08 At&T Bell Laboratories Errorless line protection switching in asynchronous transer mode (ATM) communications systems
US5373504A (en) * 1992-04-09 1994-12-13 Fujitsu Limited Apparatus and a method for setting a communication path
US5345443A (en) * 1992-04-30 1994-09-06 At&T Bell Laboratories Network-based digital bandwidth-on-demand
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5323389A (en) * 1992-08-14 1994-06-21 Fore Systems, Inc. ATM cell interface and method for dispatching an ATM cell
US5394398A (en) * 1992-08-28 1995-02-28 Siemens Aktiengesellschaft Method and circuit arrangement for the transmission of message cells within an ATM network
US5490252A (en) * 1992-09-30 1996-02-06 Bay Networks Group, Inc. System having central processor for transmitting generic packets to another processor to be altered and transmitting altered packets back to central processor for routing
US5345446A (en) * 1992-11-06 1994-09-06 At&T Bell Laboratories Establishing telecommunications call paths in broadband communication networks
US5345445A (en) * 1992-11-06 1994-09-06 At&T Bell Laboratories Establishing telecommunications calls in a broadband network
US5361256A (en) * 1992-11-27 1994-11-01 International Business Machines Corporation Inter-domain multicast routing
US5509070A (en) * 1992-12-15 1996-04-16 Softlock Services Inc. Method for encouraging purchase of executable and non-executable software
US5436727A (en) * 1993-03-08 1995-07-25 Sony Corporation Distance measuring method and apparatus
US5392402A (en) * 1993-06-29 1995-02-21 Bell Communications Research, Inc. Broadband intelligent telecommunications network and method employing a resource system to support network services
US5631897A (en) * 1993-10-01 1997-05-20 Nec America, Inc. Apparatus and method for incorporating a large number of destinations over circuit-switched wide area network connections
US5708659A (en) * 1993-10-20 1998-01-13 Lsi Logic Corporation Method for hashing in a packet network switching system
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
US5548646A (en) * 1994-09-15 1996-08-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
US5802320A (en) * 1995-05-18 1998-09-01 Sun Microsystems, Inc. System for packet filtering of data packets at a computer network interface
US5636371A (en) * 1995-06-07 1997-06-03 Bull Hn Information Systems Inc. Virtual network mechanism to access well known port application programs running on a single host system
US5740549A (en) * 1995-06-12 1998-04-14 Pointcast, Inc. Information and advertising distribution system and method
US5617540A (en) * 1995-07-31 1997-04-01 At&T System for binding host name of servers and address of available server in cache within client and for clearing cache prior to client establishes connection
US5680461A (en) * 1995-10-26 1997-10-21 Sun Microsystems, Inc. Secure network protocol system and method
US5699528A (en) * 1995-10-31 1997-12-16 Mastercard International, Inc. System and method for bill delivery and payment over a communications network
US5778367A (en) * 1995-12-14 1998-07-07 Network Engineering Software, Inc. Automated on-line information service and directory, particularly for the world wide web
US6850940B2 (en) * 1995-12-14 2005-02-01 Network Engineering Software, Inc. Automated on-line information service and directory, particularly for the world wide web
US5848231A (en) * 1996-02-12 1998-12-08 Teitelbaum; Neil System configuration contingent upon secure input
US6647422B2 (en) * 1996-02-26 2003-11-11 Network Engineering Technologies, Inc. Web server employing multi-homed, modular framework
US5774660A (en) * 1996-08-05 1998-06-30 Resonate, Inc. World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network
US5831971A (en) * 1996-08-22 1998-11-03 Lucent Technologies, Inc. Method for leaky bucket traffic shaping using fair queueing collision arbitration
US5950195A (en) * 1996-09-18 1999-09-07 Secure Computing Corporation Generalized security policy management system and method
US6052788A (en) * 1996-10-17 2000-04-18 Network Engineering Software, Inc. Firewall providing enhanced network security and user transparency
US5999518A (en) * 1996-12-04 1999-12-07 Alcatel Usa Sourcing, L.P. Distributed telecommunications switching system and method
US6003047A (en) * 1996-12-30 1999-12-14 Emc Corporation Non-hierarchical application interface for HTML-based network storage management programs
US6061346A (en) * 1997-01-17 2000-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Secure access method, and associated apparatus, for accessing a private IP network
US6023762A (en) * 1997-07-09 2000-02-08 Northern Telecom Limited Multi-view personalized communications agent
US6321333B1 (en) * 1998-10-14 2001-11-20 Wave Systems Corporation Efficient digital certificate processing in a data processing system
US6754831B2 (en) * 1998-12-01 2004-06-22 Sun Microsystems, Inc. Authenticated firewall tunneling framework
US6687833B1 (en) * 1999-09-24 2004-02-03 Networks Associates, Inc. System and method for providing a network host decoy using a pseudo network protocol stack implementation

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040103322A1 (en) * 1996-02-06 2004-05-27 Wesinger Ralph E. Firewall providing enhanced network security and user transparency
US20050235348A1 (en) * 1996-02-06 2005-10-20 Coley Christopher D System for preventing unwanted access to information on a computer
US20060112424A1 (en) * 1996-02-06 2006-05-25 Christopher Coley Method for authenticating a user access request
US20060112276A1 (en) * 1996-02-06 2006-05-25 Coley Christopher D Method for authenticating a user access request
US20060053486A1 (en) * 1996-10-17 2006-03-09 Graphon Nes Sub, Llc. Method for providing a virtual private network connection
US20060288408A1 (en) * 1996-10-17 2006-12-21 Graphon Corporation Virtual private network
US20070101421A1 (en) * 1996-10-17 2007-05-03 Graphon Corporation Virtual private network
US20070185691A1 (en) * 2006-02-09 2007-08-09 Yuichi Kimura Method and system for evaluating environmental impact occurring during an activity cycle
US20070261110A1 (en) * 2006-05-02 2007-11-08 Cisco Technology, Inc., A California Corporation Packet firewalls of particular use in packet switching devices
WO2007133316A2 (en) * 2006-05-02 2007-11-22 Cisco Technology, Inc. Packet firewalls of particular use in packet switching devices
WO2007133316A3 (en) * 2006-05-02 2008-04-10 Cisco Tech Inc Packet firewalls of particular use in packet switching devices
US8024787B2 (en) * 2006-05-02 2011-09-20 Cisco Technology, Inc. Packet firewalls of particular use in packet switching devices
US20080163357A1 (en) * 2006-12-29 2008-07-03 Hisky Xiao Virtual firewall
US8127347B2 (en) * 2006-12-29 2012-02-28 02Micro International Limited Virtual firewall
US8340090B1 (en) 2007-03-08 2012-12-25 Cisco Technology, Inc. Interconnecting forwarding contexts using u-turn ports

Also Published As

Publication number Publication date Type
US20060053486A1 (en) 2006-03-09 application
US20040088586A1 (en) 2004-05-06 application
US7249378B2 (en) 2007-07-24 grant
US20030005334A1 (en) 2003-01-02 application
US7028336B2 (en) 2006-04-11 grant
US20040103321A1 (en) 2004-05-27 application
US6804783B1 (en) 2004-10-12 grant
US20050149747A1 (en) 2005-07-07 application
US7269847B2 (en) 2007-09-11 grant
US20040073812A1 (en) 2004-04-15 application
US20030196122A1 (en) 2003-10-16 application
US20070101421A1 (en) 2007-05-03 application
US7249376B2 (en) 2007-07-24 grant
US6751738B2 (en) 2004-06-15 grant
US6052788A (en) 2000-04-18 grant
US20040103322A1 (en) 2004-05-27 application
US20040088706A1 (en) 2004-05-06 application
US20050022030A1 (en) 2005-01-27 application
US20060288408A1 (en) 2006-12-21 application
US20050021595A1 (en) 2005-01-27 application
US20040098624A1 (en) 2004-05-20 application
US5898830A (en) 1999-04-27 grant
US7424737B2 (en) 2008-09-09 grant

Similar Documents

Publication Publication Date Title
US6795917B1 (en) Method for packet authentication in the presence of network address translations and protocol conversions
US7735116B1 (en) System and method for unified threat management with a relational rules methodology
US6684243B1 (en) Method for assigning a dual IP address to a workstation attached on an IP data transmission network
US7143438B1 (en) Methods and apparatus for a computer network firewall with multiple domain support
US8332464B2 (en) System and method for remote network access
Bellovin et al. Network firewalls
US6154839A (en) Translating packet addresses based upon a user identifier
US6219786B1 (en) Method and system for monitoring and controlling network access
US6104716A (en) Method and apparatus for lightweight secure communication tunneling over the internet
US7587499B1 (en) Web-based security and filtering system with proxy chaining
US6751677B1 (en) Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway
Oppliger Security technologies for the world wide web
US7900240B2 (en) Multilayer access control security system
US6718388B1 (en) Secured session sequencing proxy system and method therefor
US6170012B1 (en) Methods and apparatus for a computer network firewall with cache query processing
US7316028B2 (en) Method and system for transmitting information across a firewall
US7661131B1 (en) Authentication of tunneled connections
US8549646B2 (en) Methods, media and systems for responding to a denial of service attack
US7386889B2 (en) System and method for intrusion prevention in a communications network
US7194761B1 (en) Methods and apparatus providing automatic client authentication
US20040093419A1 (en) Method and system for secure content delivery
US5828893A (en) System and method of communicating between trusted and untrusted computer systems
US7954144B1 (en) Brokering state information and identity among user agents, origin servers, and proxies
US20020066029A1 (en) Method for accessing home-network using home-gateway and home-portal server and apparatus thereof
US20050044350A1 (en) System and method for providing a secure connection between networked computers