Distributed firewall system and method

US007536715B2

United States Patent

Markham

(io) Patent No.: (45) Date of Patent:

US 7,536,715 B2 May 19, 2009

DISTRIBUTED FIREWALL SYSTEM AND
METHOD

Inventor: Thomas R. Markham, Anoka, MN (US)

Assignee: Secure Computing Corporation, San

Jose, CA (US)

Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 743 days.

Appl.No.: 10/304,469

Filed: Nov. 25, 2002

Prior Publication Data

US 2003/0126468 Al Jul. 3, 2003

Related U.S. Application Data

Continuation of application No. PCT/US01/17153, filed on May 25, 2001.

Int. CI.

G06F 9/00 (2006.01)

U.S. CI 726/11; 726/12; 726/13;

713/153; 713/154; 709/238; 370/351

Field of Classification Search 713/151 155;

726/11-13; 709/238; 370/351 See application file for complete search history.

References Cited

U.S. PATENT DOCUMENTS

5,557,742 A * 9/1996 Smahaetal 726/22

5,748,736 A 5/1998 Mittra

5,758,069 A 5/1998 Olsen

5,889,958 A * 3/1999 Willens 709/229

5,896,499 A 4/1999 McKelvey 395/187.01

5,898,784 A * 4/1999 Kirbyetal 713/153

5,915,008 A * 6/1999 Dulman 379/221.08

5,953,335 A 9/1999 Erimli et al.

A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.

45 Claims, 11 Drawing Sheets

"Application U.S. Appl. No. 10/234,223 Non-Final Office Action mailed Mar. 7, 2006", 13.

"Application U.S. Appl. No. 10/281,843 Final office action mailed Dec. 13, 2006", 11 pgs.

"Application U.S. Appl. No. 10/281,843 Non Final office action mailed Jun. 28, 2006", 16 pgs.

"Application U.S. Appl. No. 10/281,843 Notice of allowance mailed Apr. 20, 2007", 7 pgs.

"Application U.S. Appl. No. 10/281,843 Response filed Sep. 28, 2006 to Non Final office action mailed Jun. 28, 2006", 19 pgs. "Final office action mailed Oct. 30, 2006 in U.S. Appl. No. 10/234,233", 25 pgs.

"International Search Report mailed Jun. 10, 2002 in PCT Application No. PCT/US01/17153", 3 pgs.

"Non-Final Office Action mailed Nov. 21, 2006 in U.S. Appl. No. 10/304,469", 10 pgs.

"Non-Final Office Action Mailed Jul. 24, 2007 in U.S. Appl. No. 10/234,223 26 pgs", OARN,26.

"Non-Final Office Action mailed Sep. 29, 2006 in U.S. Appl. No. 10/234,224", 10 pgs.

"Notice of Allowance mailed Jan. 31, 2007 in U.S. Appl. No. 10/234,224", 9 pgs.

"Notice of Allowance mailed Oct. 4, 2007 in U.S. Appl. No. 10/281,843", NOAR,6 pgs.

"Office Action mailed Mar. 7, 2006 in U.S. Appl. No. 10/234,223", 13 pgs.

"Office Action mailed Jun. 13, 2006 in U.S. Appl. No. 10/304,469", 12 pgs.

"Office action response mailed Aug. 7, 2006 in U.S. Appl. No. 10/234,223", 19 pgs.

"Request for Continued Examination mailed Apr. 30, 2007 in U.S. Appl. No. 10/234,223", 18 pgs.

"Response filed Dec. 29, 2006 to non-final action mailed Sep. 29, 2006 in U.S. Appl. No. 10/234,224", 15 pgs.

"Response to Non-Final Office Action mailed Aug. 7, 2006 in U.S. Appl. No. 10/234,223", 19 pgs.

"Supplement Notice of Allowance mailed Apr. 3, 2007 in U.S. Appl. No. 10/234,224", 3 pgs.

Eli, H., "Secure Virtual Priviate networks: The Future of Data Communications", International Journal of Network Management, 9, (1999),213-220.

Harney, H. , et al., "Group Secure Association Key Management Protocol", http://www.watersprings.org/pub/id/draft-harney-spartagsakmp-sec-02.txt, Internet Engineering Task Force,(Jun. 30,

2000) ,1-41.

McDaniel, P. , et al., "Antigone: A Flexible Framework for Secure Group Communication", http://antigone.eecs.umich.edu/publications/usec99.pdf, (May 23, 1999),1-15.

McDaniel, P. , et al., "Flexibly Constructing Secure Groups in Antigone 2.0", DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings, vol. 2. (Jun. 12,

2001) ,55-67.

Zao, J. , et al., "Domain Based Internet Security Policy Management", http://www.ir.bbn.com/_{krash/pubs/zao_discexOO.pdf, BBN Technologies Inc.,(Dec. 31, 1999),41-53. "U.S. Appl. No. 10/234,223, Final Office Action mailed Feb. 22, 2008", FOAR, 27 pgs.

"U.S. Appl. No. 10/234,223 Response filed Nov. 26, 2007 to Office Action mailed Jul. 24, 2007", 14 pgs.

"U.S. Appl. No. 10/234,223, Response filed Jul. 17, 2008 to Final Office Action mailed Feb. 22, 2008, 12 pgs."

"U.S. Appl. No. 10/234,223, Non-Final Office Action mailed Sep. 25, 2008", OARN, 24 pgs.

* cited by examiner