Method and system for extracting application protocol characteristics
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-017/30
출원번호
UP-0909645
(2004-08-02)
등록번호
US-7774835
(2010-08-30)
발명자
/ 주소
Raanan, Gil
Moran, Tal
Galant, Yaron
El-Hanani, Yuval
Reshef, Eran
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
Frommer Lawrence & Haug LLP
인용정보
피인용 횟수 :
0인용 특허 :
45
초록▼
A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message
A method and computer program for automatically and continually extracting application protocols (i.e., defining a set of allowable or authorized actions) for any application. The method involves receiving a message from a server before it is sent or in parallel with sending to a client. The message may be in response to a specific request for it from the client. The program then extracts the application protocol data from the server message. Working with a copy of the message, the program strips off the communications protocol(s) from the message and parses the remaining message to identify user-selectable options contained in the message such as commands, fields, etc. These items represent the set of allowable or authorized user actions for the particular “stage” of the current version of the application as set forth in the message. The set of allowable user actions is then stored by the extraction program in a protocol database accessible to a gateway or filter module.
대표청구항▼
What is claimed is: 1. A method executed on a gateway device for defining a set of allowable actions that may be taken by a client in communication with an application program residing on a server, the method comprising: receiving a server communication addressed to the client; extracting applicati
What is claimed is: 1. A method executed on a gateway device for defining a set of allowable actions that may be taken by a client in communication with an application program residing on a server, the method comprising: receiving a server communication addressed to the client; extracting application protocol data from the server communication to determine the set of allowable actions which may be taken in response to the server communication, the set of allowable actions being for a particular communication session between the client and the application program residing on the server; stripping communication protocol data from the server communication; parsing the stripped communication protocol data to extract a network address of the client; and storing the extracted application protocol data in a protocol database in association with the communication protocol data representing the network address of the client to thereby enable the particular communication session with the client. 2. The method of claim 1, further comprising parsing the stripped communication protocol data to extract an input field in the server communication. 3. The method of claim 1, further comprising parsing the stripped communication protocol data to identify a command in the server communication, wherein the client is allowed to use the command in communication with the application program. 4. The method of claim 1, wherein storing the extracted application protocol data in a protocol database comprises storing an input field with associated data type and length, the input field having been extracted from the server communication. 5. The method of claim 1, further comprising parsing the stripped communication protocol data to identify a hyperlink in the server communication. 6. The method of claim 1, further comprising using the stored application protocol data to filter communications between the client and the server. 7. The method of claim 1, wherein stripping communication protocol data from the server communication comprises stripping communication protocol data for multiple protocols. 8. The method of claim 1, wherein extracting application protocol data from the server communication is performed in real-time. 9. A computer-readable storage medium having instructions stored thereon that when executed by a computer causes the computer to: receive a server communication addressed to a client; extract application protocol data from the server communication to determine a set of allowable actions which may be taken in response to the server communication, the set of allowable actions being for a particular communication session between the client and the server; strip communication protocol data from the server communication; parse the stripped communication protocol data to extract a network address of the client; and store the extracted application protocol data in a protocol database in association with the communication protocol data representing the network address of the client to thereby enable the particular communication session with the client. 10. The computer-readable storage medium of claim 9, wherein the extracted application protocol data stored in the protocol database comprises an input field with associated data type and length, the input field having been extracted from the server communication. 11. The computer-readable storage medium of claim 9, wherein the stored application protocol data is used to filter communications between the client and the server. 12. The computer-readable storage medium of claim 9, wherein the communication protocol data comprises data for multiple protocols. 13. A communication system comprising: a server having an application stored thereon for use by a client; a protocol extraction module for extracting application protocol data for a plurality of protocols from a message sent by the server to the client, after stripping communication protocol data from the message, wherein the extracted application protocol data include a hyperlink; a protocol database for storing the extracted application protocol data; and a filter module for selectively allowing actions by the client in communication with the application, the allowed actions being based on the application protocol data stored on the protocol database. 14. The communication system of claim 13, wherein the communication protocol data are used for a particular communication session between a particular client and the server. 15. The communication system of claim 13, wherein the communication protocol data is used to filter communications between the client and the server. 16. A computing apparatus, that includes computer hardware modules to perform actions for defining a set of actions by a client, comprising: a protocol extraction module that extracts application protocol data in real-time for a particular communication session between the client and an application residing on a server, the application protocol data being extracted for a plurality of protocols from a message sent by the server to the client, after stripping communication protocol data from the message, wherein the extracted application protocol data include a hyperlink; a protocol database that stores the extracted application protocol data; and a filter module that selectively allows the actions by the client in communication with the application, the allowed actions being based on the application protocol data stored on the protocol database. 17. The computing apparatus of claim 16, wherein the protocol extraction module, the protocol database, and the filter module reside on the server. 18. The computing apparatus of claim 16, wherein the communication protocol data is used to filter communications between the client and the server. 19. The communication system of claim 13, wherein the communication protocol data are sent in the message from the server to the client. 20. The computing apparatus of claim 16, wherein the communication protocol data are sent in the message from the server to the client.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (45)
Vu Hung T. (Ottawa CAX), Apparatus and method for providing a secure gateway for communication and data exchanges between networks.
Skeen Marion D. (3826 Magnolia Dr. Palo Alto CA 94306) Bowles Mark (30 Tripp Ct. Woodside CA 94062), Apparatus and method for providing decoupling of data exchange details for providing high performance communication betw.
Skeen Marion D. (Palo Alto CA) Bowles Mark (Woodside CA), Apparatus and method for providing decoupling of data exchange details for providing high performance communication betw.
Amstein Peter R. ; Blumer Thomas P. ; Coburn ; IV Arthur L. ; Forgaard Randy J. ; Schulert Andrew J. ; Stefanik Ted ; Mauceri Robert J., Computer system and computer-implemented process for creation and maintenance of online services.
Hirsch Thomas S. (Bedford MA) Bianchi Richard S. (Billerica MA) Perry Ron B. (Wilton NH) Buck Kenneth J. (Tyngsboro MA), Copy file mechanism for transferring files between a host system and an emulated file system.
Abraham Dalen M. ; Barnes Todd A. ; Bouche Paul F. ; Bougetz Thomas P. ; Gosselin Tracy A. ; Grieve Mark G. ; Langdon Brent A. ; Allison Robert C. ; Nikkel Michael S., Method and apparatus for managing internetwork and intranetwork activity.
Rechef Eran,ILX ; Raanan Gil,ILX ; Solan Eilon,ILX, Method and system for maintaining restricted operating environments for application programs or operating systems.
Chiu Suet Mui ; Dockter Michael Jon ; Farber Joel Frank ; Pauser Michael Leon ; Richardt Randal James, Method for creating a hypertext language for a distributed computer network.
Bruno Richard Frank ; Katseff Howard Paul ; Markowitz Robert Edward ; Perea Carlos Alberto ; Robinson Bethany Scott ; Suresh Sethuraman ; Williams Hugh L., Network access to internet and stored multimedia services from a terminal supporting the H.320 protocol.
Anderson Craig D. ; Anderson Mark B. ; Cookmeyer Eugene N. ; Daniels Ralph A. ; Wheat Lee E. ; Lingle Roger A., Protocol analyzer for monitoring digital transmission networks.
Mousseau Gary P. (Waterloo CAX) Lazaridis Mihal (Waterloo CAX) Little Herb A. (Waterloo CAX) Barnstijn Michael A. (Waterloo CAX), Remote control of gateway functions in a wireless data communication network.
Jacobs Dwayne C. (Austin TX) Wangler James A. (Cedar Park TX), Remote password administration for a computer network among a plurality of nodes sending a password update message to al.
Scarr James L. (Akron OH) Karolick Katherine (Brecksville OH) Reid Nacine M. (Parma Hights OH) Pressler Armin (Indianapolis IN) Bartkus Sandy J. (Midland MI), Script-based system for testing a multi-user computer system.
Holden James M. (Valley Center CA) Levin Stephen E. (Poway CA) Wrench ; Jr. Edwin H. (San Diego CA), Support of limited write downs through trustworthy predictions in multilevel security of computer network communications.
Pepe David Mathew (Middletown NJ) Blitzer Lisa B. (Manalapan NJ) Brockman James Joseph (Perrineville NJ) Cruz William (Eatontown NJ) Hakim Dwight Omar (Matawan NJ) Hovey Richard Reid (Somerville NJ) , System and method for providing protocol translation and filtering to access the world wide web from wireless or low-ban.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
Held Andrew G. (Kirkland WA) Jung Edward (Seattle WA) Zbikowski Mark (Woodinville WA), System for selectively setting a server node, evaluating to determine server node for executing server code, and downloa.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Okamoto Toshio,JPX ; Shimbo Atsushi,JPX ; Ishiyama Masahiro,JPX, User identification data management scheme for networking computer systems using wide area network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.