Flexible network security system and method for permitting trusted process

US 20070226788A1
Filed: 12/27/2004
Published: 09/27/2007
Est. Priority Date: 12/31/2003
Status: Active Grant

First Claim

Patent Images

1. A network security system for permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:

a port monitoring unit for extracting information about a server port being used through a network communication program;

an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information;

an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and

a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a flexible network security system and method for permitting a trusted process. The system includes a port monitoring unit for extracting information about a server port being used through a network communication program, an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information, an internal permitted by the firewall, and registering the extracted information, an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.

17 Citations

View as Search Results

10 Claims

1. A network security system for permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- a port monitoring unit for extracting information about a server port being used through a network communication program;
  
  an internal permitted program storage for extracting information about a program for which communication is permitted by the firewall, and registering the extracted information;
  
  an internal permitted port storage, if the port monitoring unit extracts the information about the server port being used using the program registered in the internal permitted program storage, registering the extracted information about the server port; and
  
  a device for making the firewall flexible, determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage, and if the destination port has not been registered, transmitting the corresponding packet to the firewall, and if the destination port has been registered, allowing the corresponding packet to bypass the firewall.
- View Dependent Claims (2, 3)
- - 2. The network security system as set forth in claim 1, wherein the information about the program, which is extracted and registered in the internal permitted program storage, includes information about a program name, an entire path of the program, and a program Message Digest 5 (MD5) hash value.
  - 3. The network security system as set forth in claim 1, wherein the information about the server port, which is extracted and registered in the internal permitted port storage, includes information about an entire path of the program, a protocol, and a port.

4. A network security method of permitting a trusted process using a firewall, the firewall protecting a corresponding network connection of a computer to a network by setting restrictions on information communicated between networks, comprising:
- the first step of extracting information about a server port being used through a network communication program;
  
  the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted program storage;
  
  the third step of, if information about the server port being used is extracted using the program registered in the internal permitted program storage at the first step, registering the information about the extracted server port in internal permitted port storage;
  
  the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage;
  
  the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall; and
  
  the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the corresponding packet to bypass the firewall.
- View Dependent Claims (8, 9)
- - 8. The network security method as set forth in claim 4, wherein the information about the program, which is extracted and registered at the second step, includes information about a program name, an entire path of the program, and a program Message Digest 5 (MD5) hash value.
  - 9. The network security method as set forth in claim 4, wherein the information of the server port, which is extracted and registered at the third step, includes information about an entire path of the program, a protocol, and a port.

5. (canceled)

6. (canceled)

7. (canceled)

10. A computer-readable recording medium for performing a network security method using a firewall, the medium storing a program for executing the method, the method comprising:
- the first step of extracting information about a server port being used through a network communication program;
  
  the second step of extracting information about a program for which communication is permitted by the firewall, and registering the extracted information in an internal permitted program storage;
  
  the third step of, if information about the server port being used is extracted using the program registered in the internal permitted program storage at the first step, registering the information about the extracted server port in an internal permitted port storage;
  
  the fourth step of determining whether a destination port of a packet of inbound traffic has been registered in the internal permitted port storage;
  
  the fifth step of, if, as a result of the determination at the fourth step, the destination port has not been registered, transmitting the packet of inbound traffic to the firewall; and
  
  the sixth step of, if, as a result of the determination at the fourth step, the destination port has been registered, allowing the corresponding packet to bypass the firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CAP Company Limited
Original Assignee
CAP Company Limited
Inventors
Lee, Dong-Hyuk

Granted Patent

US 8,544,078 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

Flexible network security system and method for permitting trusted process

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible network security system and method for permitting trusted process

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links