Method and system for caching at secure gateways
DC CAFCFirst Claim
Patent Images
1. A computer gateway for an intranet of computers, comprising:
- a scanner for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the security profiles comprises a list of computer commands that a corresponding one of the incoming files is programmed to perform;
a file cache for storing files that have been scanned by the scanner for future access, wherein each of the stored files is indexed by a file identifier; and
a security profile cache for storing the security profiles derived by the scanner, wherein each of the security profiles is indexed in the security profile cache by a file identifier associated with a corresponding file stored in the file cache; and
a security policy cache for storing security policies for intranet computers within the intranet, the security policies each including a list of restrictions for files that are transmitted to a corresponding subset of the intranet computers.
5 Assignments
Litigations
3 Petitions
Accused Products
Abstract
A computer gateway for an intranet of computers, including a scanner for scanning incoming files from the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform, a file cache for storing files, a security profile cache for storing security profiles for files, and a security policy cache for storing security policies for client computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. A method and a computer-readable storage medium are also described and claimed.
100 Citations
22 Claims
-
1. A computer gateway for an intranet of computers, comprising:
-
a scanner for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the security profiles comprises a list of computer commands that a corresponding one of the incoming files is programmed to perform; a file cache for storing files that have been scanned by the scanner for future access, wherein each of the stored files is indexed by a file identifier; and a security profile cache for storing the security profiles derived by the scanner, wherein each of the security profiles is indexed in the security profile cache by a file identifier associated with a corresponding file stored in the file cache; and a security policy cache for storing security policies for intranet computers within the intranet, the security policies each including a list of restrictions for files that are transmitted to a corresponding subset of the intranet computers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of operating a network gateway for an intranet of computers, the method comprising:
-
receiving a request from an intranet computer for a file; determining whether the requested file resides within a file cache at the network gateway; if said determining is affirmative; retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the requested file is programmed to perform; and if said determining is not affirmative; retrieving the requested file from the Internet; scanning the retrieved file to derive a security profile including a list of computer commands that the retrieved file is programmed to perform; storing the retrieved file within the file cache for future access; and storing the security profile for the retrieved file within the security profile cache for future access. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a request from an intranet computer for a file; determining whether the requested file resides within a file cache at the network gateway; if said determining is affirmative; retrieving a security profile for the requested file from a security profile cache at the network gateway, the security profile including a list of at least one computer command that the requested file is programmed to perform; and if said determining is not affirmative; retrieving the requested file from the Internet; scanning the retrieved file to derive a security profile including a list of computer commands that the retrieved file is programmed to perform; storing the retrieved file within the file cache for future access; and storing the security profile for the retrieved file within the security profile cache for future access.
-
-
14. A method of operating a network gateway for an intranet of computers, comprising:
-
retrieving a requested file from the Internet; scanning the retrieved file to determine computer commands that the file is programmed to perform; deriving a security profile for the retrieved file, the security profile including a list of at least one computer command that the retrieved file is programmed to perform; storing the retrieved file within a file cache of the network gateway for future access, and indexing the retrieved file in the file cache with a file identifier (ID); and storing the security profile for the retrieved file within a security profile cache of the network gateway for future access, and indexing the security profile in the security profile cache with the file ID of the retrieved file, so that when the same file is subsequently requested from the Internet, its security profile is readily accessible from the security profile cache without the need to perform said scanning. - View Dependent Claims (15, 16)
-
-
17. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
retrieving a requested file from the Internet; scanning the retrieved file to determine computer commands that the file is programmed to perform; deriving a security profile for the retrieved file, the security profile including a list of at least one computer command that the retrieved file is programmed to perform; storing the retrieved file within a file cache for future access, and indexing the retrieved file in the file cache with a file ID; and storing the security profile for the retrieved file within a security profile cache for future access, and indexing the security profile in the security profile cache with the file ID of the retrieved file, so that when the same file is subsequently requested from the Internet, its security profile is readily accessible from the security profile cache without the need to perform the scanning.
-
-
18. A computer gateway for an intranet of computers, comprising:
-
a scanner for scanning outgoing files from an intranet to the Internet and deriving security profiles for the outgoing files, wherein each of the security profiles comprises a list of computer commands that the file is programmed to perform; and a security profile cache for storing security profiles derived by the scanner, for future access, wherein each of the security profiles is indexed in the security profile cache by a file ID associated with a corresponding one of the outgoing files, wherein for each outgoing file, the computer gateway; checks whether a security profile for the outgoing file is stored in the security profile cache based on a file ID of the outgoing file, if the security profile for the outgoing file is stored in the security profile cache, retrieves the security profile from the security profile cache, and, if the security profile for the outgoing file is not stored in the security profile cache, passes the outgoing file to the scanner to derive a security profile for the outgoing file. - View Dependent Claims (19)
-
-
20. A method of operating a network gateway for an intranet of computers, comprising:
-
receiving an outgoing file from an intranet computer for transmission to an Internet destination; determining whether a security profile for the outgoing file resides within a security profile cache of the network gateway, the security profile including a list of at least one computer command that the requested file is programmed to perform; if said determining is affirmative; retrieving the security profile for the outgoing file from the security profile cache; and if said determining is not affirmative; scanning the outgoing file to derive a security profile for the received file, the security profile including a list of at least one computer command that the file is programmed to perform; and storing the security profile for the outgoing file within the security profile cache, for future access. - View Dependent Claims (21)
-
-
22. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving an outgoing file from an intranet computer for transmission to an Internet destination; determining whether a security profile for the outgoing file resides within a security profile cache, the security profile including a list of at least one computer command that the requested file is programmed to perform; if said determining is affirmative; retrieving a security profile for the outgoing file from the security profile cache; and if said determining is not affirmative; scanning the outgoing file to derive a security profile for the received file, the security profile including a list of at least one computer command that the file is programmed to perform; and storing the security profile for the outgoing file within the security profile cache, for future access.
-
Specification