최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0342772 (1994-11-21) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 766 인용 특허 : 0 |
An apparatus and method for providing a secure firewall between a private network and a public network are disclosed. The apparatus is a gateway station having an operating system that is modified to disable communications packet forwarding, and further modified to process any communications packet
An apparatus and method for providing a secure firewall between a private network and a public network are disclosed. The apparatus is a gateway station having an operating system that is modified to disable communications packet forwarding, and further modified to process any communications packet having a network encapsulation address which matches the device address of the gateway station. The method includes enabling the gateway station to transparently initiate a first communications session with a client on a first network requesting a network service from a host on a second network, and a second independent communications session with the network host to which the client request was addressed. The data portion of communications packets from the first session are passed to the second session, and vice versa, by application level proxies which are passed the communications packets by the modified operating system. Data sensitivity screening is preferably performed on the data to ensure security. Only communications enabled by a security administrator are permitted. The advantage is a transparent firewall with application level security and data screening capability.
A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of: (a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets wi
A method of providing a secure gateway between a private network and a potentially hostile network, comprising the steps of: (a) addressing communications packets directly to a host on the potentially hostile network as if there were a communications path to the host, but encapulating the packets with a hardware destination address that matches a device address of the gateway; (b) accepting at the gateway communications packets from either network that are encapsulated with a hardware destination address which matches the device address of the gateway; (c) determining at the gateway whether there is a process bound to a destination port number of an accepted communications packet; (d) establishing transparently at the gateway a first communications session with a source address/source port of the accepted communications packet if there is a process bound to the destination port number, else dropping the packet; (e) establishing transparently at the gateway a second communications session with a destination address/destination port of the accepted communications packet if a first communications session is established; and (f) transparently moving data associated with each subsequent communications packet between the respective first and second communications sessions, whereby the first session communicates with the source and the second session communicates with the destination using the data moved between the first and second sessions.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.