Movatterモバイル変換

[0]ホーム
URL:

USH1944H1 - Firewall security method and apparatus - Google Patents

Firewall security method and apparatusDownload PDF

Info

Publication number
USH1944H1
USH1944H1US09/047,207US4720798AUSH1944HUS H1944 H1USH1944 H1US H1944H1US 4720798 AUS4720798 AUS 4720798AUS H1944 HUSH1944 HUS H1944H
Authority
US
United States
Prior art keywords
security
firewall
computer
client
packets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/047,207
Inventor
William Roberts Cheswick
Edward G. Whitten
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia of America Corp
Original Assignee
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies IncfiledCriticalLucent Technologies Inc
Priority to US09/047,207priorityCriticalpatent/USH1944H1/en
Assigned to LUCENT TECHNOLOGIES, INC.reassignmentLUCENT TECHNOLOGIES, INC.ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: CHESWICK, W.R., WHITTEN, E.G.
Priority to TW088101536Aprioritypatent/TW414876B/en
Priority to CA002261553Aprioritypatent/CA2261553A1/en
Priority to EP99302021Aprioritypatent/EP0952715A2/en
Priority to KR1019990010002Aprioritypatent/KR19990078198A/en
Priority to JP11079042Aprioritypatent/JPH11353258A/en
Application grantedgrantedCritical
Publication of USH1944H1publicationCriticalpatent/USH1944H1/en
Abandonedlegal-statusCriticalCurrent

Links

Images

Classifications

Definitions

Landscapes

Abstract

A technique for the delivering a client-based firewall. A firewall security device is configured for connecting to individual clients, e.g., personal computers, for providing firewall security measures directly to the client. The firewall security device is configured as a electronic dongle which is attached to an external communications port of the client, e.g., the parallel communications port. The incoming communications stream to the client from, e.g., public networks, is passed through the firewall security device. In this way, the firewall security device applies and delivers a set of standard network security measures thereby protecting the client from security breaches triggered by the communications stream received from the public network. Advantageously, the firewall is delivered directly by the client without intervention, use, or connection to a separate firewall server.

Description

FIELD OF THE INVENTION
The present invention relates to network security and, more particularly, to a firewall security technique employed in computer networks.
BACKGROUND OF THE INVENTION
Advances in communications technology and the availability of powerful desktop computer hardware has increased the use of computers to access a variety of publicly available computer networks. For example, the speed of modems, which are well-known communication devices used for transforming a digital bit stream into an analog signal, has significantly increased thereby providing for the high-speed exchange of information across, e.g., the public switched telephone network (PSTN.) Today, a tremendous amount of information is exchanged between individual users located around the world via public computer networks, e.g., the Internet. One class of users includes private individuals and professional users interconnected via a private network, e.g., a corporate intranet.
The exchange of information between private and public computer networks has presented a variety of critical security issues for the protection of information on the private computer networks and the overall functionality of the private computer network itself. Numerous well publicized accounts exist of individuals known as “hackers” who have improperly breached the security of private computer networks and caused severe damage. In particular, some of the most sophisticated types of security threats are posed by programs which exploit certain vulnerabilities within network computing systems. To name a few, these program-related security threats include well-known logic bombs, trapdoors, trojan horses, viruses and worms, as described, e.g., by W. Stallings,Network and Internetwork Security Principles and Practice, Prentice-Hall, Inc., Englewood Cliffs, N.J., 1995. Such well-known software program threats either work independently (e.g., worms) to achieve their desired security breach, or require the invocation of a host program to be invoked to perform the desired disruptive actions (e.g., trapdoors, logic bombs, trojan horses or viruses.) Such damage has included the destruction of electronic files, alteration of databases, or the introduction of computer viruses which affect the operability of the private computer network or computer hardware connected to the private network.
Computer network security, at a minimum, is directed to ensuring the reliable operation of computing and networking resources, and protecting information within the private network from unauthorized disclosure or access. Network administrators responsible for the operation of private computer networks employ a variety of security measures to protect the network from external security breaches by unauthorized users. One well-known technique uses so-called “firewalls”. This security scheme essentially places a separate computer system, i.e., the firewall, between the private network and the public network, e.g., the Internet. Commonly, these firewalls are software-based gateways that are typically installed on a separate server to protect computers on a local area network (“LAN”) within a private network from attacks by outsiders, i.e., unauthorized users.
In particular, the firewall server maintains control over communications from and to the private network. Essentially, the firewall server imposes certain security measures on all users employing the private network. For example, firewalls may block access to new Internet services or sites on the well-known World Wide Web (“WWW”) because the security consequences are unknown or not accounted for by the present firewall configuration. One potential installation configuration of a firewall is that WWW clients can no longer directly contact WWW servers. Typically, this proves too restrictive, and network administrators employ so-called “proxy servers”. Proxy servers are designed with certain features which provide for the forwarding of requests from WWW clients through the firewall thereby providing communication flow to and from servers on the Internet.
FIG. 1 shows such a priorart network configuration100 employing separate servers, e.g.,firewall server120 andproxy server140, for delivering firewall security to, e.g.,private network130. As shown in FIG. 1,firewall server120 is a separate computer system situated betweenpublic network110 andprivate network130 for delivering network security measures to the communications exchanged between the networks. As will be appreciated, the investment in delivering the server-based firewall of FIG. 1 from a hardware, facilities management and network management perspective is significant. Of course, for very large private networks the cost of installing and maintaining such a dedicated server-based firewall is justified in view of the potential damage which network security breaches can inflict inside the private network. However, for small/medium sized networks and individual computer users, the cost of a server-based firewall security configuration can be prohibitive.
A need exists therefore for a client-based firewall technique which provides for network security within e.g., a private network.
SUMMARY OF THE INVENTION
The present invention provides a technique for delivering a client-based firewall. In accordance with the invention, a firewall security device is configured for connection to individual clients, e.g., personal computers, for providing firewall security measures directly to the client. The firewall security device, in accordance with the preferred embodiment of the invention, is configured as a electronic dongle which is attached to a communications port of the client, e.g., the parallel communications port. In accordance with the invention, the incoming communications stream to the client from, e.g., public networks, is passed through the firewall security device. In this way, the firewall security device applies and delivers a set of standard security routines thereby protecting the client from security breaches triggered by the communications traffic received from the public network. Illustratively, the set of security routines define at least one security level to which all communications exchanged by the client must comply thereby insuring that the integrity of the private network in which the client is interconnected. Advantageously, in accordance with the invention, the firewall is delivered directly by the client without intervention, use, or connection to a separate firewall server.
Electronic dongle devices are not new. Dongles have been used previously for the protection and control of individual software programs. Such dongles are described in, for example, U.S. Pat. No. 5,668,419, issued to O. Oktay, entitled “Reconfigurable Connector” which describes a reconfigurable connector for a peripheral device, and U.S. Pat. No. 5,568,552, issued to D. L. Davis, entitled “Method For Providing A Roving Software License From One Node To Another Node” which describes a device for enforcing certain software licensing restrictions. One conventional use of dongles was the packing of such devices along with a particular software package purchased or licensed by an individual user. Typically, the dongle was coupled to the parallel port of the user's personal computer. Thereafter, at various times during the execution of the software by the user, the software program transmits an authorization message to the computer's external communications port. Upon receipt of such a message, the dongle (if present) generates a unique identifier, e.g., a token, for transmission back to the executing software program. If the dongle is not present, the software program terminates. Otherwise, the software program compares the token to an internally stored identifier and permits further execution only if the responses match.
Thus, dongles are well-known devices for controlling access to and execution of individual programs by authorized users. It has, however, remained for the inventors herein to recognize that such devices provide an elegant tool by which a client-based firewall can be delivered to the reduce the risk of computer network security breaches in today's complex computer network arrangements resulting from the widespread exchange of communications between a variety of disparate networks.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a network configuration having a prior art server-based firewall;
FIG. 2 shows an illustrative firewall security device configured in accordance with the principles of the invention;
FIG. 3 shows an illustrative client configured with the firewall security device of FIG. 2 for delivering a client-based firewall in accordance with the invention;
FIG. 4 is a flowchart of illustrative operations performed, in accordance with the invention, by the firewall security device of FIG. 2;
FIG. 5 shows an illustrative system incorporating the client-based firewall of the invention and as depicted, illustratively, in FIG.2 and FIG. 3; and
FIG. 6 shows an illustrative TCP/IP stack arrangement of the client configured with the firewall security device as shown in FIG.3.
DETAILED DESCRIPTION
The present invention provides a technique for delivering a client-based firewall. In accordance with the invention, a firewall security device is configured for connection to individual clients, e.g., personal computers, for providing firewall security measures directly to the client. The firewall security device, in accordance with the preferred embodiment of the invention, is configured as a electronic dongle which is attached to a communications port of the client, e.g., the parallel communications port. In accordance with the invention, the incoming communications stream to the client from, e.g., public networks, is passed through the firewall security device. In this way, the firewall security device applies and delivers a set of standard security routines thereby protecting the client from security breaches triggered by the communications traffic received from the public network. Illustratively, the set of security routines define at least one security level to which all communications exchanged by the client must comply thereby insuring the integrity of the private network in which the client is interconnected. Advantageously, in accordance with the invention, the firewall is delivered directly by the client without intervention, use, or connection to a separate firewall server.
FIG. 2 shows an illustrativefirewall security device200 configured in accordance with the principles of the invention. More particularly,firewall security device200 includesprocessor205,communications buffer210, peripheral device I/O interface215, memory element220 (comprising random access memory (“RAM”)225 and non-volatile memory230),firewall routines235,cryptography routines240 andconnector245.Connector245 is, illustratively, a conventional parallel-type connector (e.g., a DB-25 connector) for coupling to, illustratively, a standard parallel communications port of a personal computer. In accordance with preferred embodiments of the invention,firewall security device200 is powered in a conventional manner as supplied from, e.g., the parallel communications port into whichfirewall security device200 is connected. In accordance with further embodiments of the invention, power is supplied tofirewall security device200 from a conventional battery source incorporated within the device itself. As will be appreciated, memory element220 further includesRAM225 in order to store data, e.g., certain computational results, generated in a conventional manner fromprocessor205.
Turning our attention briefly to FIG. 3, an illustrative embodiment of the invention is shown for configuring a user terminal, e.g.,personal computer300, withfirewall security device200 by connecting (see, directional arrow310)firewall security device200 toparallel communications port305. Thus configured,firewall security device200, in accordance with the invention, providespersonal computer300 with a complete client-based firewall security arrangement as further described below. As will be appreciated, the user terminal can by any hardware apparatus (e.g., stand-alone personal computer, networked personal computer, network terminal, etc.) which requires some level of security protection from unauthorized access to the apparatus itself or the network in which the apparatus is interconnected. Advantageously, in accordance with the invention, a client-based firewall is delivered without the need for the user terminal, e.g.,personal computer300, to have a connection with a separate server in a private network for the delivery of firewall security measures.
Turning our attention back to FIG. 2, peripheral device I/O interface215 facilitates the transfer of a communications stream throughfirewall security device200 in accordance with the invention. As will be appreciated the communications stream represents any conventional exchange of information by, e.g., a personal computer. For example, the communications stream can be a series of data bits as exchanged via conventional modem devices or a plurality of Transfer Control Protocol/Internet Protocol (“TCP/IP”) packets. Thus, the principles of the invention apply to a variety of communications streams for delivering the various security aspects of the invention. As will be readily understood, the communications stream is, in accordance with various embodiments of the invention, data which is exchanged via a conventional TCP/IP connection between a user terminal and network resource. As is well-known, TCP/IP is the protocol which is used in describing the way in which information is transferred across the Internet. Essentially, TCP/IP separates information into individual packets and routes these packets between the sending computer, e.g., server, and the receiving computer, e.g., client. TCP/IP and Internet communications are discussed in more detail, e.g., by D. Comer.,Internetworking with TCP/IP, Third edition, Prentice-Hall, Englewood Cliffs, N.J., 1995.
That is, whenfirewall security device200 is connected to a user terminal, e.g., as shown in FIG. 3, all communications traffic to and from the user terminal is passed throughfirewall security device200. Thus, peripheral device I/O interface215 facilitates the exchange of data communications between thefirewall security device200, the user terminal to whichfirewall security device200 is connected, and some external network, e.g., the Internet. The data communications exchange itself occurs in a conventional manner, e.g., in accordance with well-known parallel data communications transfers between computer hardware devices. In accordance with the preferred embodiment of the invention, the user terminal to whichfirewall security device200 is connected has certain conventional software drivers to facilitate the direction of all communications traffic exchanged by the user terminal throughfirewall security device200. In accordance with preferred embodiments of the invention, such software drivers are in the form of well-known dynamic link library (“DLL”) drivers. DLL's are well-known libraries of functions that applications link to at execution time as opposed to compile time and are described in more detail, e.g., by A. King,Inside Windows™95, Microsoft Press, Redmond, Wash., 1994. Thus, in accordance with the preferred embodiments of the invention, DLL's provide the facilities for the direction of all communications traffic exchanged by the user terminal throughfirewall security device200.
For example, the DLL can provide an additional layer in a conventional TCP/IP stack, between either the user terminal and IP layers, or between IP layers and well-known TCP/UDP layers, to intercept, divert, and/or block packets in accordance with invention. More particularly, turning our attention briefly to FIG. 6, an illustrative TCP/IP stack600 arrangement is shown for a client configured with firewall security device200 (see, e.g., the client configuration shown in FIG. 3.) TCP/IP stack600 residing on the client, e.g.,personal computer300, has various conventional layers such asethernet layer630,IP layer650,TCP layer660, andapplication layer670. As will be understood, such layers correspond to the well-known network interface layer, network (Internet) layer, transport layer, and application layer, respectively, of the standard TCP/IP stack. In accordance with this embodiment of the invention, TCP/IP stack600 further includesfirewall security layer640 implemented through a DLL, as described above, which facilitates the direction of all communications traffic exchanged by the client throughfirewall security device200 for delivering the various security aspects of the invention.
For example, as shown in FIG. 6, incoming communications stream610 (e.g., as received by personal computer300) is received and processed throughethernet layer630 and immediately directed throughfirewall security device200 for delivery of the client-base firewall in accordance with the invention. The direction ofincoming communications stream610 is facilitated byfirewall security layer640 as well as the continuing transmission and processing ofincoming communications stream610 up through TCP/IP stack600. Further, outgoing communications stream620 from the client, e.g.,personal computer300, is also transmitted down through TCP/IP600 stack tofirewall security device200 to ensure the security of the outgoing transmission, in accordance with the client-based firewall of the invention. As described above, in accordance with preferred embodiments of the invention, the exchange of communications between the client andfirewall security device200 is enable through the direct coupling of the security device to the parallel communications port of the client.
In various embodiments of the invention,communications buffer210, e.g., a first-in-first-out (“FIFO”) buffer, is used for queuing, in a conventional manner, the incoming communications stream tofirewall security device200. As will be appreciated, in further embodiments of the invention, the need forcommunications buffer210 can be eliminated when, e.g., the speed or configuration ofprocessor205 eliminates the need for any such data buffering.Processor205 in conjunction withfirewall routines235 andcryptography routines240 facilitate the delivery of the client-based firewall in accordance with the principles of the invention.
That is, in accordance with the preferred embodiment of the invention,firewall routines235 andcryptography routines240 govern the specific firewall security measures which will be applied to any communications stream being transmitted through the particular user terminal, e.g.,personal computer300, to whichfirewall security device200 is connected. As described previously,firewall routines235 and/orcryptography routines240 define at least one security level to which the communications stream of the user terminal must comply. Illustratively,firewall routines235 are delivered by commercially available firewall application software, e.g., the Lucent Managed Firewall available from Lucent Technologies Inc., which provide for conventional firewall functions such as the filtering and auditing of a communications stream at the packet, circuit, and/or application levels. Further,cryptography routines240 include, e.g., symmetric cryptography routines such as well-known Data Encryption Standard (“DES”) routines, or asymmetric cryptography routines such as well-known Rivest-Shamir-Adleman (“RSA”) routines. As will be appreciated,firewall routines235 andcryptography routines240 can be periodically updated directly by the user offirewall security device200 or by downloading certain updated routines from a central source, e.g., a server on the Internet.
In accordance with the invention,firewall routines235 facilitate the delivery of firewall security measures byfirewall security device200 to, e.g., the user terminal to which it is connected. For example,firewall security device200 may deliver a packet or circuit filter which permits all outgoing TCP connections but blocks all incoming TCP connections (except electronic mail) and also blocks all conventional User Datagram Protocol C“UDP”) packets except for well-known Domain Name Service (“DNS”) packets. Further, illustratively,firewall security device200 can deliver an application-level filter for checking the addressing and content of electronic mail transmitted to/from, e.g.personal computer300, for appropriate addressing schemes, file size, and/or the presence of computer viruses. As will be appreciated, in accordance with the invention,firewall security device200 can be configured to deliver a wide variety of firewall filtering arrangements useful in detecting and averting network security breaches.
FIG. 4 is a flowchart of illustrative operations performed by firewall security device200 (see, FIG. 2) in accordance with the principles of the invention. In particular, the communications stream exchanged by the user terminal to whichfirewall security device200 is connected is received (see, block400) byfirewall security device200. As described above, in accordance various embodiments of the invention, the communications stream is a plurality of TCP/IP packets being routed from a source machine to a destination machine. Thus,firewall security device200 applies the particular security measures defined byfirewall routines235 to the communications stream (see, block405). Therefore, through the application offirewall routines235 and/orcryptography routines240,firewall security device200 is enabled for determining whether the communications stream complies with the desired security level for the client to whichfirewall security device235 is connected. Moreover, in accordance with the invention,firewall security device200 provides for the detection of specific security violations contained within the communications stream and/or suspect communications (see, block410) which may lead to a security breach. If no such security violations are detected, the communications traffic is passed and continued for further transmission to the user terminal (see, block425.) Otherwise, if a security violation is detected, the individual non-complying packets are identified and blocked from further transmission (see, block415) within the user terminal thereby protecting the user terminal from any potential security breach. In further embodiments of the invention, it may also be desirable to generate a security alert (see, block420) to, e.g., a network security administrator, for further remedial action in addressing the security breach.
To further facilitate an understanding of the invention and further to the description of the invention above, FIG. 5 shows an illustrative system incorporating the client-based firewall of the invention. As shown in FIG. 5, the system includespublic network500, e.g., the Internet, andnetwork resources505,510,515,520, and525. Illustratively,network resources505 through525 can be linked together using files written in the well-known Hypertext Mark-up Language (“HTML”) thereby representing the well-known WWW. The WWW and HTML are described in more detail, e.g., by B. White,HTML and the Art of Authoring for the World Wide Web, Kluwer Academic Publishers, Norwell, Mass., 1996. Illustratively,private network530 is a network located within a particular user site, e.g., a corporation's headquarters building, having user terminals535-1,535-2,535-3, and535-4, each configured, in accordance with the invention, withfirewall security device200 and linked together viaLAN545. As will be appreciated, user terminals535-1 through5354 can be, e.g., stand-alone personal computers or network terminals. For simplicity of explanation herein, only one such LAN configuration is shown in FIG. 5, however, as will be appreciatedprivate network530 may include several such LAN configurations similar in nature toLAN545.
A particular user of any one of user terminals535-1 through535-4 may cause a client program executing on, e.g., user terminal535-3, to request certain resources which are available on the WWW, e.g., network resources505-525. As mentioned previously, such requests to the WWW via the Internet fromprivate network530 pose certain security risks to bothprivate network530 and user terminals535-1 through535-4. Thus, as shown in FIG. 5, user terminals535-1,535-2,535-3 and535-4, are each configured with firewall security device200 (see, also FIG. 3) for the delivery of certain security features, in accordance with the invention, to protectprivate network530 and its various computing resources. Illustratively,firewall security device200 is configured either locally, e.g., directly by user terminal535-1, or from central source, e.g., acommunications server550. Advantageously, in accordance with the invention, the need for a separate firewall computer system, i.e., a firewall server, betweenprivate network530 andpublic network560, e.g., the Internet, is completely eliminated.
That is, thefirewall security device200 attached to each of user terminals535-1 through535-4 monitors and maintains control over communications from and to the terminals. More particularly, the client-based firewall of the invention first determines if the requested connection between a user terminal in the private network and the public network is authorized. The client-based firewall serves as an intermediary between the user terminal in the private network and the public network and, if the connection is authorized, facilitates the requisite connection between the two networks. Alternatively, if the connection is unauthorized, the client-based firewall blocks the transmission and prevents any connection between the networks from occurring as described previously.
Illustratively, a user employing user terminal535-3 may access certain web pages on the WWW usingweb browser540. Web browsers are well-known software application programs (e.g., Netscape® v. 5.0, available from Netscape Communications) which enable a user to traverse the WWW and access the vast amount of information available throughout the WWW. Thus,web browser540 receives an input request from the user of user terminal535-3 and attempts to locate the information on the WWW by establishing a connection with the appropriate resource, e.g.,network resource505, on the WWW throughpublic network500. An authorized communication between user terminal535-3 andnetwork resource505 is established throughfirewall security device200 as connected to user terminal535-3. More particularly,firewall security device200, acting in conjunction with and on behalf ofweb browser540, will control the establishment of a conventional TCP/IP connection between user terminal535-3 andnetwork resource505. In accordance with the present embodiment, the TCP/IP connection between user terminal535-3 andnetwork resource505 is made usingcommunications server550 and acrosscommunication channels555 and560, respectively.
As seen from FIG. 5, all communications traffic betweenpublic network500 and user terminals535-1 through525-4 ofprivate network530 necessarily passes through the particularfirewall security device200 connected to the user terminals. In recognition of this communications traffic attribute, we have realized thatfirewall security device200, in electronic dongle device form, provides a preferred configuration for implementing the security advantages of our invention. However, as will be appreciated, the principles of the invention are also realized in other network environments and configurations.
For example, in accordance with a further embodiment of the invention, portablepersonal computer536 includesfirewall security device200 connected thereto. Illustratively, a remote user, e.g., a traveling business executive, requiring access toprivate network530 can gain access tocommunications server550 from a public network, e.g., the Internet, in a conventional manner. Upon establishing the connection withcommunications server550, the user of portablepersonal computer536 can, as described above, accesspublic network500 for the downloading of information from, e.g., the Internet. As will be apparent, such remote connection poses similar network security issues as raised by the network resource requests originating from any of the user terminals535-1 through535-4 located within the physical configuration ofprivate network530. Advantageously, in accordance with the invention, the client-based firewall facilitated by the coupling offirewall security device200 to portablepersonal computer536 mitigates such network security concerns.
Our invention allows for the delivery of firewall security measures to any authorized client either inside or outside of the private network without having to be connected to a dedicated network firewall server. Therefore, the security features delivered by the present invention are realized in a variety of network, hardware, and software configurations including, but not limited to, the system configuration of FIG.5. For example, the firewall security device configured in accordance with invention can be used to provide firewall capabilities to routers which are well-known apparatus used for the exchange of messages between local area networks and a backbone, e.g. a wide area network.
The foregoing merely illustrates the principles of the present invention. Therefore, the invention in its broader aspects is not limited to the specific details shown and described herein. Those skilled in the art will be able to devise numerous arrangements which, although not explicitly shown or described herein, embody those principles and are within their spirit and scope.

Claims (28)

We claim:
1. A computer security apparatus comprising:
a memory for storing a plurality of security routines, the plurality of security routines defining at least one security requirement;
a connector for connecting the computer security apparatus to a user terminal; and
a processor for applying at least one security routine to a communications stream of the user terminal, at least a portion of the communications stream being transmitted through the computer security apparatus.
2. The computer security apparatus of claim1 wherein the communications stream is received by the user terminal from a public network.
3. The computer security apparatus of claim2 wherein the connector is connected to a communications port of the user terminal.
4. The computer security apparatus of claim2 further comprising:
a buffer for storing the communications stream received from the public network.
5. A firewall security device comprising:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security requirement;
a connector for connecting the firewall security device to a user terminal; and
a processor for applying at least one firewall security routine to a plurality of packets transmitted through the firewall security device and determining whether particular ones of the plurality of packets are in compliance with the at least one security requirement.
6. The firewall security device of claim5 wherein the connecting the firewall security device to the user terminal is made through a parallel communications port of the user terminal.
7. The firewall security device of claim6 wherein the memory further comprises a plurality of cryptography routines for use in the determining whether the particular ones of the plurality of packets are in compliance with the at least one security requirement.
8. A firewall security device for use with a computer having a communications port, the firewall security device comprising:
a memory for storing a firewall security application program, the firewall security application program containing a plurality of firewall security routines which define at least one level of security;
a connector for connecting the firewall security device to the communications port of the computer; and
a processor for executing the firewall security application program and determining whether a plurality of packets transmitted to the computer from a public network are in compliance with the level of security, the plurality of packets being transmitted through the firewall security device prior to any further processing by the computer.
9. The firewall security device of claim8 further comprising a communications buffer for storing the plurality of packets and blocking particular ones of the plurality of packets, determined by the processor to be not in compliance with the level of security, from further processing by the computer.
10. The firewall security device of claim8 wherein the communications port is a parallel communications port.
11. The firewall security device of claim9 wherein the level of security is determined as a function of a private network configuration in which the computer is connected.
12. A dongle for providing a client-based firewall, the dongle comprising:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security level;
a connector for connecting the dongle to a client computer; and
a processor for applying at least one firewall security routine to a plurality of packets transmitted through the dongle and determining whether particular ones of the plurality of packets are in compliance with the at least one security level.
13. The dongle of claim12 wherein the particular ones of the plurality of packets determined to be in compliance with the at least one security level are transmitted to the client computer for further processing.
14. The dongle of claim13 wherein the plurality of packets are transmitted to the dongle upon receipt by the client computer.
15. A client-based firewall system comprising:
a computer having at least one communications port;
a firewall security dongle connected to the at least one communications port, the firewall security dongle including:
a memory for storing a plurality of firewall security routines, the plurality of firewall security routines defining at least one security level;
a processor for applying at least one firewall security routine to a data communications stream transmitted through the firewall security dongle and determining whether the data communications stream complies with the security level.
16. The client-based firewall system of claim15 wherein the data communications stream includes a plurality of TCP/IP packets.
17. The client-based firewall system of claim15 wherein the firewall security dongle blocks particular ones of the packets not complying with the security level.
18. The client-based firewall system of claim16 wherein the level of security is determined as a function of a private network configuration in which the computer is connected.
19. A method for providing a client-based firewall, the method comprising:
receiving, in a firewall security dongle, a transmission of a communications stream, the firewall security dongle including a plurality of network security routines and being connected to a communications port of a particular client computer of a plurality of client computers in a private network;
applying at least one network security routine to the communications stream; and
determining whether the communications stream complies with a level of security defined by the at least one network security routine.
20. The method of claim19 further comprising the steps of:
continuing the transmission of the communications stream from the firewall security dongle to the client computer if the communications stream complies with the level of security, otherwise, blocking the transmission of the communications stream from further processing by the client computer.
21. The method of claim20 wherein the blocking the transmission of the communications stream further includes the step of generating a security alert.
22. The method of claim20 wherein the transmission of the communications stream includes a plurality of packets transmitted from a public network to the private network.
23. The method of claim22 wherein the level of security is determined as a function of a configuration of the private network.
24. A computer network security method, the method comprising the steps of:
connecting a security device to at least one computer of a plurality of computers being interconnected within a private network, the security device including at least one set of security routines which define at least one network security level;
transmitting a plurality of packets received by the at least one computer through the security device connected thereto; and
determining if the plurality of packets transmitted through the security device comply with the network security level.
25. The method of claim24 further comprising the step of:
blocking a further transmission of the plurality packets by the computer if the determining step found that any packet of the plurality of packets did not comply with the network security level.
26. The method of claim25 wherein the plurality of packets received by the computer are from a public network.
27. The method of claim26 wherein the plurality of packets from the public network were transmitted as a function of a request from the private network for accessing a particular resource within the public network.
28. The method of claim26 including the further step of:
updating the set of security routines from a central source.
US09/047,2071998-03-241998-03-24Firewall security method and apparatusAbandonedUSH1944H1 (en)

Priority Applications (6)

Application NumberPriority DateFiling DateTitle
US09/047,207USH1944H1 (en)1998-03-241998-03-24Firewall security method and apparatus
TW088101536ATW414876B (en)1998-03-241999-02-02Firewall security method and apparatus
CA002261553ACA2261553A1 (en)1998-03-241999-02-10Firewall security method and apparatus
EP99302021AEP0952715A2 (en)1998-03-241999-03-16Firewall security method and apparatus
KR1019990010002AKR19990078198A (en)1998-03-241999-03-24Firewall security method and apparatus
JP11079042AJPH11353258A (en)1998-03-241999-03-24Method and device for fire wall security

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
US09/047,207USH1944H1 (en)1998-03-241998-03-24Firewall security method and apparatus

Publications (1)

Publication NumberPublication Date
USH1944H1true USH1944H1 (en)2001-02-06

Family

ID=21947652

Family Applications (1)

Application NumberTitlePriority DateFiling Date
US09/047,207AbandonedUSH1944H1 (en)1998-03-241998-03-24Firewall security method and apparatus

Country Status (6)

CountryLink
US (1)USH1944H1 (en)
EP (1)EP0952715A2 (en)
JP (1)JPH11353258A (en)
KR (1)KR19990078198A (en)
CA (1)CA2261553A1 (en)
TW (1)TW414876B (en)

Cited By (50)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20020010800A1 (en)*2000-05-182002-01-24Riley Richard T.Network access control system and method
US20020049899A1 (en)*1998-09-012002-04-25Stacy KenworthyNetwork attached device with dedicated firewall security
US20020116644A1 (en)*2001-01-302002-08-22Galea Secured Networks Inc.Adapter card for wirespeed security treatment of communications traffic
US20030014659A1 (en)*2001-07-162003-01-16Koninklijke Philips Electronics N.V.Personalized filter for Web browsing
US20030051162A1 (en)*2000-06-092003-03-13Christopher KirchmannData line interrupter switch
US20030061509A1 (en)*2001-09-272003-03-27Fisher Lee AdamToken-based authentication for network connection
US20030177394A1 (en)*2001-12-262003-09-18Dmitri DozortsevSystem and method of enforcing executable code identity verification over the network
US20040103290A1 (en)*2002-11-222004-05-27Mankins David P.System and method for controlling the right to use an item
US20040133772A1 (en)*2003-01-072004-07-08Battelle Memorial InstituteFirewall apparatus and method for voice over internet protocol
US6763467B1 (en)*1999-02-032004-07-13Cybersoft, Inc.Network traffic intercepting method and system
US20040139343A1 (en)*2003-01-102004-07-15Acer Inc.Security system and method for PnP device coupled to network client
US20040143764A1 (en)*2003-01-132004-07-22Kartik KaleedhassSystem and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US20040162992A1 (en)*2003-02-192004-08-19Sami Vikash KrishnaInternet privacy protection device
US20040260943A1 (en)*2001-08-072004-12-23Frank PiepiorraMethod and computer system for securing communication in networks
US20050182968A1 (en)*2002-01-242005-08-18David IzattIntelligent firewall
US6971028B1 (en)*1999-08-302005-11-29Symantec CorporationSystem and method for tracking the source of a computer attack
US20050289337A1 (en)*2004-06-242005-12-29Murata Kikai Kabushiki KaishaElectronic mail server device and electronic mail processing method
US20060025075A1 (en)*2004-08-022006-02-02Woo-Suk ChungEnhanced bluetooth communication system
US20060085839A1 (en)*2004-09-282006-04-20Rockwell Automation Technologies, Inc.Centrally managed proxy-based security for legacy automation systems
US7117527B1 (en)*2000-12-292006-10-03Cisco Technology, Inc.Device, system, and method for capturing email borne viruses
US7127738B1 (en)*2000-10-182006-10-24Nortel Networks LimitedLocal firewall apparatus and method
US20060282539A1 (en)*2005-06-142006-12-14Cisco Technology, Inc. (A California Corporation)Method and apparatus for conveying data through an ethernet port
US20070061883A1 (en)*1999-07-142007-03-15Symantec CorporationSystem and method for generating fictitious content for a computer
US20070157315A1 (en)*1999-08-302007-07-05Symantec CorporationSystem and method for using timestamps to detect attacks
US20070199060A1 (en)*2005-12-132007-08-23Shlomo TouboulSystem and method for providing network security to mobile devices
US20070266421A1 (en)*2006-05-122007-11-15Redcannon, Inc.System, method and computer program product for centrally managing policies assignable to a plurality of portable end-point security devices over a network
US20080071770A1 (en)*2006-09-182008-03-20Nokia CorporationMethod, Apparatus and Computer Program Product for Viewing a Virtual Database Using Portable Devices
US20080098478A1 (en)*2006-10-202008-04-24Redcannon, Inc.System, Method and Computer Program Product for Administering Trust Dependent Functional Control over a Portable Endpoint Security Device
US20080141349A1 (en)*1999-07-142008-06-12Symantec CorporationSystem and method for computer security
US20080276302A1 (en)*2005-12-132008-11-06Yoggie Security Systems Ltd.System and Method for Providing Data and Device Security Between External and Host Devices
US20090064331A1 (en)*1999-07-142009-03-05Symantec CorporationSystem and method for preventing detection of a selected process running on a computer
US20090126003A1 (en)*2007-05-302009-05-14Yoggie Security Systems, Inc.System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device
US7546234B1 (en)2003-01-082009-06-09Xambala, Inc.Semantic processing engine
US20090249465A1 (en)*2008-03-262009-10-01Shlomo TouboulSystem and Method for Implementing Content and Network Security Inside a Chip
US20100037321A1 (en)*2008-08-042010-02-11Yoggie Security Systems Ltd.Systems and Methods for Providing Security Services During Power Management Mode
US7761605B1 (en)2001-12-202010-07-20Mcafee, Inc.Embedded anti-virus scanner for a network adapter
US20100212012A1 (en)*2008-11-192010-08-19Yoggie Security Systems Ltd.Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device
US20100241736A1 (en)*2004-11-152010-09-23Logmein, Inc.Method and apparatus for performing a peer-to-peer file transfer
US7992206B1 (en)*2006-12-142011-08-02Trend Micro IncorporatedPre-scanner for inspecting network traffic for computer viruses
US8170020B2 (en)2005-12-082012-05-01Microsoft CorporationLeveraging active firewalls for network intrusion detection and retardation of attack
US8181237B2 (en)2006-07-082012-05-15Arxceo CorporationMethod for improving security of computer networks
US8185943B1 (en)*2001-12-202012-05-22Mcafee, Inc.Network adapter firewall system and method
US20130276088A1 (en)*2012-04-172013-10-17Microsoft CorporationIdentity management with high privacy features
US8595820B1 (en)2003-12-172013-11-26Rpx CorporationSurround security system
US8613091B1 (en)*2004-03-082013-12-17Redcannon Security, Inc.Method and apparatus for creating a secure anywhere system
US9762614B2 (en)2014-02-132017-09-12Cupp Computing AsSystems and methods for providing network security using a secure digital device
US9973501B2 (en)2012-10-092018-05-15Cupp Computing AsTransaction security systems and methods
US10243971B2 (en)*2016-03-252019-03-26Arbor Networks, Inc.System and method for retrospective network traffic analysis
US11157976B2 (en)2013-07-082021-10-26Cupp Computing AsSystems and methods for providing digital content marketplace security
US11178223B2 (en)*2018-11-072021-11-16Phacil, LlcSystem and method for non-network dependent cybersecurity

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
DE19952527C2 (en)1999-10-302002-01-17Ibrixx Ag Fuer Etransaction Ma Process and transaction interface for secure data exchange between distinguishable networks
US6584186B1 (en)*2000-01-122003-06-24Lucent Technologies Inc.Protecting communications network integrity
US20020108059A1 (en)*2000-03-032002-08-08Canion Rodney S.Network security accelerator
FR2825489B1 (en)*2001-06-052003-09-05Marguerite Paolucci SECURE INDIVIDUAL AUTHENTICATION METHOD FOR CONNECTION TO AN INTERNET / INTRANET SERVER BY REMOTE FURENT ACCESS
US7360242B2 (en)2001-11-192008-04-15Stonesoft CorporationPersonal firewall with location detection
US7325248B2 (en)2001-11-192008-01-29Stonesoft CorporationPersonal firewall with location dependent functionality
JP2006309501A (en)*2005-04-282006-11-09Kwok-Yan LeungRemote control device
JP2006309504A (en)*2005-04-282006-11-09Kwok-Yan LeungExtension connector
JP4502141B2 (en)2007-09-182010-07-14富士ゼロックス株式会社 Information processing apparatus, information processing system, and information processing program
JP7006178B2 (en)*2017-11-242022-01-24オムロン株式会社 Security monitoring device

Citations (11)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US4609777A (en)1984-02-221986-09-02Gordian Systems, Inc.Solid state key for controlling access to computer software
US4685055A (en)1985-07-011987-08-04Thomas Richard BMethod and system for controlling use of protected software
US4771462A (en)*1987-02-181988-09-13Hannan Forrest ACommunication port encryption/decryption method and apparatus
US5081675A (en)1989-11-131992-01-14Kitti KittirutsunetornSystem for protection of software in memory against unauthorized use
US5386369A (en)1993-07-121995-01-31Globetrotter Software Inc.License metering system for software applications
US5568552A (en)1994-09-071996-10-22Intel CorporationMethod for providing a roving software license from one node to another node
US5615344A (en)1992-11-121997-03-25New Media Corp.Apparatus used to interface a peripheral device to a computer employing a reconfigurable interface circuit
US5666411A (en)1994-01-131997-09-09Mccarty; Johnnie C.System for computer software protection
US5668419A (en)1995-06-301997-09-16Canon Information Systems, Inc.Reconfigurable connector
US5706426A (en)1996-02-071998-01-06United Microelectronics CorporationSoftware protection method and apparatus
US5987611A (en)*1996-12-311999-11-16Zone Labs, Inc.System and methodology for managing internet access on a per application basis for client computers connected to the internet

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US4609777A (en)1984-02-221986-09-02Gordian Systems, Inc.Solid state key for controlling access to computer software
US4685055A (en)1985-07-011987-08-04Thomas Richard BMethod and system for controlling use of protected software
US4771462A (en)*1987-02-181988-09-13Hannan Forrest ACommunication port encryption/decryption method and apparatus
US5081675A (en)1989-11-131992-01-14Kitti KittirutsunetornSystem for protection of software in memory against unauthorized use
US5615344A (en)1992-11-121997-03-25New Media Corp.Apparatus used to interface a peripheral device to a computer employing a reconfigurable interface circuit
US5386369A (en)1993-07-121995-01-31Globetrotter Software Inc.License metering system for software applications
US5666411A (en)1994-01-131997-09-09Mccarty; Johnnie C.System for computer software protection
US5568552A (en)1994-09-071996-10-22Intel CorporationMethod for providing a roving software license from one node to another node
US5668419A (en)1995-06-301997-09-16Canon Information Systems, Inc.Reconfigurable connector
US5706426A (en)1996-02-071998-01-06United Microelectronics CorporationSoftware protection method and apparatus
US5987611A (en)*1996-12-311999-11-16Zone Labs, Inc.System and methodology for managing internet access on a per application basis for client computers connected to the internet

Cited By (140)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20020049899A1 (en)*1998-09-012002-04-25Stacy KenworthyNetwork attached device with dedicated firewall security
US8892600B2 (en)1998-09-012014-11-18Robust Networks, LlcNetwork attached device with dedicated firewall security
US7739302B2 (en)*1998-09-012010-06-15Stacy KenworthyNetwork attached device with dedicated firewall security
US6763467B1 (en)*1999-02-032004-07-13Cybersoft, Inc.Network traffic intercepting method and system
US20040230840A1 (en)*1999-02-032004-11-18Radatti Peter V.Network traffic intercepting method and system
US7503069B2 (en)*1999-02-032009-03-10Cybersoft, Inc.Network traffic intercepting method and system
US8549640B2 (en)1999-07-142013-10-01Symantec CorporationSystem and method for computer security
US7854005B2 (en)1999-07-142010-12-14Symantec CorporationSystem and method for generating fictitious content for a computer
US20070061883A1 (en)*1999-07-142007-03-15Symantec CorporationSystem and method for generating fictitious content for a computer
US7827605B2 (en)1999-07-142010-11-02Symantec CorporationSystem and method for preventing detection of a selected process running on a computer
US20090064331A1 (en)*1999-07-142009-03-05Symantec CorporationSystem and method for preventing detection of a selected process running on a computer
US20080141349A1 (en)*1999-07-142008-06-12Symantec CorporationSystem and method for computer security
US8578490B2 (en)1999-08-302013-11-05Symantec CorporationSystem and method for using timestamps to detect attacks
US20070157315A1 (en)*1999-08-302007-07-05Symantec CorporationSystem and method for using timestamps to detect attacks
US6971028B1 (en)*1999-08-302005-11-29Symantec CorporationSystem and method for tracking the source of a computer attack
US20020010800A1 (en)*2000-05-182002-01-24Riley Richard T.Network access control system and method
US20030051162A1 (en)*2000-06-092003-03-13Christopher KirchmannData line interrupter switch
US7127738B1 (en)*2000-10-182006-10-24Nortel Networks LimitedLocal firewall apparatus and method
US7117527B1 (en)*2000-12-292006-10-03Cisco Technology, Inc.Device, system, and method for capturing email borne viruses
US20020116644A1 (en)*2001-01-302002-08-22Galea Secured Networks Inc.Adapter card for wirespeed security treatment of communications traffic
US20030014659A1 (en)*2001-07-162003-01-16Koninklijke Philips Electronics N.V.Personalized filter for Web browsing
US7430759B2 (en)*2001-08-072008-09-30Innominate Security Technologies AgMethod and computer system for securing communication in networks
US20040260943A1 (en)*2001-08-072004-12-23Frank PiepiorraMethod and computer system for securing communication in networks
US7134140B2 (en)*2001-09-272006-11-07Mcafee, Inc.Token-based authentication for network connection
US20030061509A1 (en)*2001-09-272003-03-27Fisher Lee AdamToken-based authentication for network connection
US9876818B2 (en)2001-12-202018-01-23McAFEE, LLC.Embedded anti-virus scanner for a network adapter
US8627443B2 (en)*2001-12-202014-01-07Mcafee, Inc.Network adapter firewall system and method
US20120192262A1 (en)*2001-12-202012-07-26Mcafee, Inc., A Delaware CorporationNetwork adapter firewall system and method
US8185943B1 (en)*2001-12-202012-05-22Mcafee, Inc.Network adapter firewall system and method
US9055098B2 (en)2001-12-202015-06-09Mcafee, Inc.Embedded anti-virus scanner for a network adapter
US7761605B1 (en)2001-12-202010-07-20Mcafee, Inc.Embedded anti-virus scanner for a network adapter
US20030177394A1 (en)*2001-12-262003-09-18Dmitri DozortsevSystem and method of enforcing executable code identity verification over the network
US6944772B2 (en)2001-12-262005-09-13D'mitri DozortsevSystem and method of enforcing executable code identity verification over the network
US8082578B2 (en)2002-01-242011-12-20Arxceo CorporationIntelligent firewall
US20050182968A1 (en)*2002-01-242005-08-18David IzattIntelligent firewall
US7644436B2 (en)*2002-01-242010-01-05Arxceo CorporationIntelligent firewall
US20090288158A1 (en)*2002-01-242009-11-19Arxceo CorporationIntelligent firewall
US20040103290A1 (en)*2002-11-222004-05-27Mankins David P.System and method for controlling the right to use an item
US20040133772A1 (en)*2003-01-072004-07-08Battelle Memorial InstituteFirewall apparatus and method for voice over internet protocol
US7546234B1 (en)2003-01-082009-06-09Xambala, Inc.Semantic processing engine
US7548848B1 (en)2003-01-082009-06-16Xambala, Inc.Method and apparatus for semantic processing engine
US7281264B2 (en)*2003-01-102007-10-09Acer Inc.Security system and method for PnP device coupled to network client
US20040139343A1 (en)*2003-01-102004-07-15Acer Inc.Security system and method for PnP device coupled to network client
US20040143764A1 (en)*2003-01-132004-07-22Kartik KaleedhassSystem and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US8799644B2 (en)*2003-01-132014-08-05Karsof Systems LlcSystem and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US20040162992A1 (en)*2003-02-192004-08-19Sami Vikash KrishnaInternet privacy protection device
US8595820B1 (en)2003-12-172013-11-26Rpx CorporationSurround security system
US8613091B1 (en)*2004-03-082013-12-17Redcannon Security, Inc.Method and apparatus for creating a secure anywhere system
US20050289337A1 (en)*2004-06-242005-12-29Murata Kikai Kabushiki KaishaElectronic mail server device and electronic mail processing method
US20060025075A1 (en)*2004-08-022006-02-02Woo-Suk ChungEnhanced bluetooth communication system
US7596353B2 (en)*2004-08-022009-09-29Samsung Electronics Co., Ltd.Enhanced bluetooth communication system
US7950044B2 (en)*2004-09-282011-05-24Rockwell Automation Technologies, Inc.Centrally managed proxy-based security for legacy automation systems
US20060085839A1 (en)*2004-09-282006-04-20Rockwell Automation Technologies, Inc.Centrally managed proxy-based security for legacy automation systems
US20100241736A1 (en)*2004-11-152010-09-23Logmein, Inc.Method and apparatus for performing a peer-to-peer file transfer
US8782168B2 (en)*2004-11-152014-07-15Logmein, Inc.Gateway-assisted file transfer
US8364780B2 (en)*2004-11-152013-01-29LogMeln, Inc.Gateway-assisted file transfer
US20130238749A1 (en)*2004-11-152013-09-12Logmein, Inc.Gateway-assisted file transfer
US20060282539A1 (en)*2005-06-142006-12-14Cisco Technology, Inc. (A California Corporation)Method and apparatus for conveying data through an ethernet port
US8170020B2 (en)2005-12-082012-05-01Microsoft CorporationLeveraging active firewalls for network intrusion detection and retardation of attack
US10621344B2 (en)2005-12-132020-04-14Cupp Computing AsSystem and method for providing network security to mobile devices
US10089462B2 (en)*2005-12-132018-10-02Cupp Computing AsSystem and method for providing network security to mobile devices
US10417421B2 (en)2005-12-132019-09-17Cupp Computing AsSystem and method for providing network security to mobile devices
US8381297B2 (en)*2005-12-132013-02-19Yoggie Security Systems Ltd.System and method for providing network security to mobile devices
US10541969B2 (en)*2005-12-132020-01-21Cupp Computing AsSystem and method for implementing content and network security inside a chip
US9747444B1 (en)*2005-12-132017-08-29Cupp Computing AsSystem and method for providing network security to mobile devices
US11461466B2 (en)*2005-12-132022-10-04Cupp Computing AsSystem and method for providing network security to mobile devices
US11822653B2 (en)*2005-12-132023-11-21Cupp Computing AsSystem and method for providing network security to mobile devices
US8627452B2 (en)2005-12-132014-01-07Cupp Computing AsSystem and method for providing network security to mobile devices
US10313368B2 (en)2005-12-132019-06-04Cupp Computing AsSystem and method for providing data and device security between external and host devices
US20070199060A1 (en)*2005-12-132007-08-23Shlomo TouboulSystem and method for providing network security to mobile devices
US20140090046A1 (en)*2005-12-132014-03-27Yoggie Security Systems Ltd.System and method for providing network security to mobile devices
US10839075B2 (en)2005-12-132020-11-17Cupp Computing AsSystem and method for providing network security to mobile devices
US9781164B2 (en)*2005-12-132017-10-03Cupp Computing AsSystem and method for providing network security to mobile devices
US20230252142A1 (en)*2005-12-132023-08-10Cupp Computing AsSystem and method for providing network security to mobile devices
US20080276302A1 (en)*2005-12-132008-11-06Yoggie Security Systems Ltd.System and Method for Providing Data and Device Security Between External and Host Devices
US9497622B2 (en)*2005-12-132016-11-15Cupp Computing AsSystem and method for providing network security to mobile devices
US20150215282A1 (en)*2005-12-132015-07-30Cupp Computing AsSystem and method for implementing content and network security inside a chip
US20070266421A1 (en)*2006-05-122007-11-15Redcannon, Inc.System, method and computer program product for centrally managing policies assignable to a plurality of portable end-point security devices over a network
US8181237B2 (en)2006-07-082012-05-15Arxceo CorporationMethod for improving security of computer networks
US20080071770A1 (en)*2006-09-182008-03-20Nokia CorporationMethod, Apparatus and Computer Program Product for Viewing a Virtual Database Using Portable Devices
US20080098478A1 (en)*2006-10-202008-04-24Redcannon, Inc.System, Method and Computer Program Product for Administering Trust Dependent Functional Control over a Portable Endpoint Security Device
US7992206B1 (en)*2006-12-142011-08-02Trend Micro IncorporatedPre-scanner for inspecting network traffic for computer viruses
US11652829B2 (en)2007-03-052023-05-16Cupp Computing AsSystem and method for providing data and device security between external and host devices
US10419459B2 (en)2007-03-052019-09-17Cupp Computing AsSystem and method for providing data and device security between external and host devices
US10999302B2 (en)2007-03-052021-05-04Cupp Computing AsSystem and method for providing data and device security between external and host devices
US10567403B2 (en)2007-03-052020-02-18Cupp Computing AsSystem and method for providing data and device security between external and host devices
US9391956B2 (en)2007-05-302016-07-12Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US20090126003A1 (en)*2007-05-302009-05-14Yoggie Security Systems, Inc.System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device
US9756079B2 (en)2007-05-302017-09-05Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US8365272B2 (en)2007-05-302013-01-29Yoggie Security Systems Ltd.System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10951659B2 (en)2007-05-302021-03-16Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US10057295B2 (en)2007-05-302018-08-21Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US10904293B2 (en)2007-05-302021-01-26Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US12255926B2 (en)2007-05-302025-03-18Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US20180302444A1 (en)2007-05-302018-10-18Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US11757941B2 (en)2007-05-302023-09-12CUPP Computer ASSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US10284603B2 (en)2007-05-302019-05-07Cupp Computing AsSystem and method for providing network and computer firewall protection with dynamic address isolation to a device
US11757835B2 (en)2008-03-262023-09-12Cupp Computing AsSystem and method for implementing content and network security inside a chip
US20090249465A1 (en)*2008-03-262009-10-01Shlomo TouboulSystem and Method for Implementing Content and Network Security Inside a Chip
US12192170B2 (en)2008-03-262025-01-07Cupp Computing AsSystem and method for implementing content and network security inside a chip
US11050712B2 (en)2008-03-262021-06-29Cupp Computing AsSystem and method for implementing content and network security inside a chip
US8869270B2 (en)2008-03-262014-10-21Cupp Computing AsSystem and method for implementing content and network security inside a chip
US11449613B2 (en)2008-08-042022-09-20Cupp Computing AsSystems and methods for providing security services during power management mode
US9516040B2 (en)2008-08-042016-12-06Cupp Computing AsSystems and methods for providing security services during power management mode
US10404722B2 (en)2008-08-042019-09-03Cupp Computing AsSystems and methods for providing security services during power management mode
US12314396B2 (en)2008-08-042025-05-27Cupp Computing AsSystems and methods for providing security services during power management mode
US11947674B2 (en)2008-08-042024-04-02Cupp Computing AsSystems and methods for providing security services during power management mode
US20100037321A1 (en)*2008-08-042010-02-11Yoggie Security Systems Ltd.Systems and Methods for Providing Security Services During Power Management Mode
US11775644B2 (en)2008-08-042023-10-03Cupp Computing AsSystems and methods for providing security services during power management mode
US10084799B2 (en)2008-08-042018-09-25Cupp Computing AsSystems and methods for providing security services during power management mode
US8631488B2 (en)2008-08-042014-01-14Cupp Computing AsSystems and methods for providing security services during power management mode
US9106683B2 (en)2008-08-042015-08-11Cupp Computing AsSystems and methods for providing security services during power management mode
US10951632B2 (en)2008-08-042021-03-16Cupp Computing AsSystems and methods for providing security services during power management mode
US9843595B2 (en)2008-08-042017-12-12Cupp Computing AsSystems and methods for providing security services during power management mode
US10417400B2 (en)2008-11-192019-09-17Cupp Computing AsSystems and methods for providing real time security and access monitoring of a removable media device
US11036836B2 (en)2008-11-192021-06-15Cupp Computing AsSystems and methods for providing real time security and access monitoring of a removable media device
US8789202B2 (en)2008-11-192014-07-22Cupp Computing AsSystems and methods for providing real time access monitoring of a removable media device
US11604861B2 (en)2008-11-192023-03-14Cupp Computing AsSystems and methods for providing real time security and access monitoring of a removable media device
US20100212012A1 (en)*2008-11-192010-08-19Yoggie Security Systems Ltd.Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device
US20130276088A1 (en)*2012-04-172013-10-17Microsoft CorporationIdentity management with high privacy features
US8752158B2 (en)*2012-04-172014-06-10Microsoft CorporationIdentity management with high privacy features
US11757885B2 (en)2012-10-092023-09-12Cupp Computing AsTransaction security systems and methods
US12301574B2 (en)2012-10-092025-05-13Cupp Computing AsTransaction security systems and methods
US10397227B2 (en)2012-10-092019-08-27Cupp Computing AsTransaction security systems and methods
US10904254B2 (en)2012-10-092021-01-26Cupp Computing AsTransaction security systems and methods
US9973501B2 (en)2012-10-092018-05-15Cupp Computing AsTransaction security systems and methods
US12380476B2 (en)2013-07-082025-08-05Cupp Computing AsSystems and methods for providing digital content marketplace security
US11157976B2 (en)2013-07-082021-10-26Cupp Computing AsSystems and methods for providing digital content marketplace security
US11743297B2 (en)2014-02-132023-08-29Cupp Computing AsSystems and methods for providing network security using a secure digital device
US20180205760A1 (en)2014-02-132018-07-19Cupp Computing AsSystems and methods for providing network security using a secure digital device
US10666688B2 (en)2014-02-132020-05-26Cupp Computing AsSystems and methods for providing network security using a secure digital device
US10291656B2 (en)2014-02-132019-05-14Cupp Computing AsSystems and methods for providing network security using a secure digital device
US12034772B2 (en)2014-02-132024-07-09Cupp Computing AsSystems and methods for providing network security using a secure digital device
US9762614B2 (en)2014-02-132017-09-12Cupp Computing AsSystems and methods for providing network security using a secure digital device
US11316905B2 (en)2014-02-132022-04-26Cupp Computing AsSystems and methods for providing network security using a secure digital device
US10243971B2 (en)*2016-03-252019-03-26Arbor Networks, Inc.System and method for retrospective network traffic analysis
US12041126B2 (en)2018-11-072024-07-16Phacil, LlcSystem and method for non-network dependent cybersecurity
US11503117B2 (en)2018-11-072022-11-15Phacil, LlcSecure expeditionary AI sense-understand-decide-act system and method
US11399060B2 (en)2018-11-072022-07-26Phacil, LlcSystem and method for continuous AI management and learning
US11178223B2 (en)*2018-11-072021-11-16Phacil, LlcSystem and method for non-network dependent cybersecurity

Also Published As

Publication numberPublication date
EP0952715A2 (en)1999-10-27
CA2261553A1 (en)1999-09-24
TW414876B (en)2000-12-11
KR19990078198A (en)1999-10-25
JPH11353258A (en)1999-12-24

Similar Documents

PublicationPublication DateTitle
USH1944H1 (en)Firewall security method and apparatus
CN1086086C (en)Security system for interconnected computer networks
US7428590B2 (en)Systems and methods for reflecting messages associated with a target protocol within a network
US6981143B2 (en)System and method for providing connection orientation based access authentication
US5896499A (en)Embedded security processor
US6205551B1 (en)Computer security using virus probing
US7503069B2 (en)Network traffic intercepting method and system
US7818565B2 (en)Systems and methods for implementing protocol enforcement rules
US6351810B2 (en)Self-contained and secured access to remote servers
US20080178278A1 (en)Providing A Generic Gateway For Accessing Protected Resources
US20040088423A1 (en)Systems and methods for authentication of target protocol screen names
US20040109518A1 (en)Systems and methods for a protocol gateway
GB2317792A (en)Virtual Private Network for encrypted firewall
Friedman et al.Building firewalls with intelligent network interface cards
EP1643709B1 (en)Data processing system and method
Hutchins et al.Enhanced Internet firewall design using stateful filters final report
ZhangInternet firewall
HarrisFirewalls and virtual private networks
Schaefer et al.Networked information discovery and retrieval tools: security capabilities and needs
FanA survey of the Internet security and firewalls and strengthening the security on the CS Internetwork at the University of Nevada, Reno
Frommer et al.On Firewalls and Tunneling
MXPA96002964A (en)Security system for interconnected computer networks

Legal Events

DateCodeTitleDescription
ASAssignment

Owner name:LUCENT TECHNOLOGIES, INC., NEW JERSEY

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHESWICK, W.R.;WHITTEN, E.G.;REEL/FRAME:009128/0294;SIGNING DATES FROM 19980319 TO 19980324

STCFInformation on status: patent grant

Free format text:PATENTED CASE
[8]ページ先頭
©2009-2025 Movatter.jp