An anti-virus A protection system and method for use within a data transmission network to protect against the transfer of viruses from a transmission originator originator, having a discrete transmission originator code code, to a subscriber/recipient subscriber/recipient, having a discrete subscriber/recipient IP address code code, over the data transmission network comprising the steps of includes: assigning a discrete security code to the transmission originator, originator; generating a transmission pack including a discrete subscriber/recipient IP address code element corresponding to the discrete subscriber/recipient IP address code of the subscriber/recipient, a discrete security code element corresponding to the discrete security code assigned to the transmission originator, a file extension element element, and a data packet element; transmitting the transmission pack to a data transfer control; authenticating the transmission pack with the discrete subscriber/recipient IP address code element, discrete security code element element, and discrete transmission originator code; transferring the authenticated transmission pack to the subscriber/recipient subscriber/recipient; and isolating the subscriber/recipient from an unauthenticated transmission pack pack, received by the data transfer control from a transmission originator originator, to prevent the transfer of an unauthenticated transmission pack to the subscriber/recipient.

Patent
   RE42212
Priority
Mar 14 2001
Filed
May 03 2006
Issued
Mar 08 2011
Expiry
Mar 14 2021
Assg.orig
Entity
Large
12
32
all paid
0. 31. A data transmission controller, comprising:
means for authenticating a transmission pack of data, including means for determining if the transmission pack includes a discrete security code element corresponding to a discrete security code assigned to an external transmission originator, where the discrete security code is one of plural pre-assigned security codes, and where each security code and corresponding security code element represents one of plural predetermined security levels; and
means for establishing a discrete data port for transmitting data of the transmission pack, where a type of the discrete data port is selected from plural predetermined data port types corresponding to the plural predetermined security levels.
0. 34. A protection method for controlling data transmission, comprising:
authenticating a received transmission pack of data, including determining if the transmission pack includes a discrete security code element corresponding to a discrete security code assigned to an external transmission originator, where the discrete security code is one of plural pre-assigned security codes, and where each security code and corresponding security code element represents one of plural predetermined security levels; and
in accordance with a result of the authenticating, establishing a discrete data port for transmitting data of the transmission pack, where a type of the discrete data port is selected from plural predetermined data port types corresponding to the plural predetermined security levels.
0. 13. A data transmission controller, comprising:
circuitry and control logic configured to:
authenticate a received transmission pack of data, including determining if the transmission pack includes a discrete security code element corresponding to a discrete security code assigned to an external transmission originator, where the discrete security code is one of plural pre-assigned security codes, and where each security code and corresponding security code element represents one of plural predetermined security levels; and
in accordance with a result of authentication, establish a discrete data port for transmitting data of the transmission pack, where a type of the discrete data port is selected from plural predetermined data port types corresponding to the plural predetermined security levels.
0. 46. A data transmission recipient, comprising:
a data processor; and
in-line circuitry and control logic associated with the data processor and configured to:
authenticate a received transmission pack of data, including determining if the transmission pack includes a discrete security code element corresponding to a discrete security code assigned to an external transmission originator, where the discrete security code is one of plural pre-assigned security codes, and where each security code and corresponding security code element represents one of plural predetermined security levels;
in accordance with a result of authentication, establish a discrete data port for transmitting data of the transmission pack, where a type of the discrete data port is selected from plural predetermined data port types corresponding to the plural predetermined security levels; and
transmit data of the authenticated transmission pack via the discrete data port to the data processor.
0. 50. A data transmission system, comprising:
at least one transmission originator, each transmission originator having at least one discrete security code assigned thereto;
at least one recipient, each recipient having at least one discrete recipient IP address code assigned thereto; and
a data transmission controller arranged in communication with the at least one transmission originator and the at least one recipient,
wherein the data transmission controller comprises circuitry and control logic configured to:
authenticate a transmission pack of data received from a discrete transmission originator, including
determining if the transmission pack includes a discrete security code element corresponding to a discrete security code assigned to the discrete transmission originator, where the discrete security code is one of plural pre-assigned security codes, and where each security code and corresponding security code element represents one of plural predetermined security levels;
in accordance with a result of authentication, establish a discrete data port for transmitting data of the transmission pack, where a type of the discrete data port is selected from plural predetermined data port types corresponding to the plural predetermined security levels; and
transmit data of the transmission pack via the discrete data port to a discrete recipient.
1. An anti-virus A protection method for use within a data transmission network to protect against the transmission of unwanted data from a transmission originator having a plurality of assigned security codes corresponding to a plurality of data security levels to a subscriber/recipient having a plurality of assigned discrete subscriber/recipient IP address codes over the data transmission network including a data transfer control means and a plurality of data transmission ports corresponding to the plurality of security levels, wherein said plurality of assigned security codes includes a first data security level code element and a second data security level code element and said plurality of data transmission ports include a first data transmission port and a second data transmission port such that data are transmitted through the first data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a first data security code level element and data are transmitted through the second data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a second data security level code element, whereas the anti-virus protection method comprising the steps of:
generating a transmission pack including a discrete security code element corresponding to the data security level selected by the transmission originator of the data to be transmitted and a discrete subscriber/recipient IP address code element corresponding to the discrete subscriber/recipient IP address code of the subscriber/recipient, subscriber/recipient;
transmitting data and said transmission pack to the data transfer control means that includes circuitry and logic to scan said transmission packets from the transmission originator for discrete security code elements and discrete subscriber/recipient IP address code elements to control the transfer of data from transmission originators to subscriber/recipients through said data transfer control means;
scanning said transmission pack to authenticate discrete subscriber/recipient IP address code elements and discrete security code elements; and
transferring data in authenticated transmission packs to the subscriber/recipient through the data transmission port corresponding to the data security level.
7. An anti-virus A protection method for use within a data transmission network to protect against the transmission of unwanted data from a transmission originator having a plurality of assigned security codes corresponding to a plurality of data security levels to a subscriber/recipient having an assigned discrete subscriber/recipient IP address code over the data transmission network including a data transfer control means and a plurality of data transmission ports corresponding to the plurality of security levels, wherein said plurality of assigned security codes includes a first data security level code element and a second data security level code element and said plurality of data transmission ports include a first data transmission port and a second data transmission port such that data are transmitted through the first data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a first data security code level element and data are transmitted through the second data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a second data security level code element, whereas the anti-virus protection method comprising the steps of:
generating a transmission pack including a discrete security code element corresponding to the data security level selected by the transmission originator of the data to be transmitted and a discrete subscriber/recipient IP address code element corresponding to the discrete subscriber/recipient IP address code of the subscriber/recipient, a file extension element and a data packet element;
transmitting data and said transmission pack to the data transfer control means that includes circuitry and logic to scan the transmission packets from the transmission originator for discrete security code elements and discrete subscriber/recipient IP address code elements to control the transfer of data from transmission originators to subscriber/recipients through the data transfer control means;
scanning said transmission pack for discrete subscriber/recipient IP address code elements and discrete security code elements; and
transferring data from authenticated transmission packs to the subscriber/recipient through the data transmission port corresponding to the data security level.
2. The anti-virus protection method of claim 1 wherein said plurality of assigned security codes further includes a third data security level code element such that data are transmitted through a third data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a third security level code element.
3. The anti-virus protection method of claim 1 wherein said plurality of assigned security codes further includes a third data security level code element such that transmitted data is isolated from the subscriber/recipient when an unauthenticated transmission pack is sent to prevent the transfer of the transmission pack to the subscriber/recipient.
4. The anti-virus protection method of claim 1 wherein said first data transmission port comprises a secure data port to transfer the data to the subscriber/recipient and said second data transmission port comprises a controlled data port wherein authenticated data are held for selective review by the subscriber/recipient before downloading by the subscriber/recipient.
5. The anti-virus protection method of claim 4 wherein said plurality of assigned security codes further includes a third data security level code element such that data are transmitted through a third data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a third security level code element.
6. The anti-virus protection method of claim 4 wherein said plurality of assigned security codes further includes a third data security level code element such that transmitted data is isolated from the subscriber/recipient when an unauthenticated transmission pack is sent to prevent the transfer of the transmission pack to the subscriber/recipient.
8. The anti-virus protection method of claim 7 wherein said plurality of assigned security codes further includes a third data security level code element such that data are transmitted through a third data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a third security level code element.
9. The anti-virus protection method of claim 7 wherein said plurality of assigned security codes further includes a third data security level code element such that data is isolated from the subscriber/recipient when an unauthenticated transmission pack to prevent the transfer of to the subscriber/recipient.
10. The anti-virus protection method of claim 7 wherein said first data transmission port comprises a secure data port to transfer the data to the subscriber/recipient and said second data transmission port comprises a controlled data port wherein authenticated data are held for selective review by the subscriber/recipient before downloading by the subscriber/recipient.
11. The anti-virus protection method of claim 10 wherein said plurality of assigned security codes further includes a third data security level code element such that data are transmitted through a third data transmission port to the subscriber/recipient when said discrete security code element is authenticated as a third security level code element.
12. The anti-virus protection method of claim 10 wherein said plurality of assigned security codes further includes a third data security level code element such that transmitted data is isolated from the subscriber/recipient when an unauthenticated transmission pack is sent to prevent the transfer of the transmission pack to the subscriber/recipient.
0. 14. The data transmission controller of claim 13, wherein the circuitry and control logic further are configured to authenticate the transmission pack by scanning and comparing elements of the transmission pack with an authentic transmission pack format.
0. 15. The data transmission controller of claim 13, wherein the circuitry and control logic further are configured to determine if the transmission pack includes a discrete recipient IP address code element corresponding to a discrete recipient IP address code of an external recipient.
0. 16. The data transmission controller of claim 15, wherein:
if the circuitry and control logic authenticate the IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then the circuitry and control logic establish a secure data port to transmit the data of the transmission pack to the external recipient.
0. 17. The data transmission controller of claim 16, wherein the discrete security code element is an encrypted key code, and the circuitry and control logic are configured to decode the encrypted key code.
0. 18. The data transmission controller of claim 15, wherein:
if the circuitry and control logic authenticate the IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then the circuitry and control logic establish a controlled data port to transmit the data of the transmission pack to a holding structure of the external recipient.
0. 19. The data transmission controller of claim 18, wherein the circuitry and control logic establish the controlled data port to transmit the data of the transmission pack to a mailbox of the external recipient.
0. 20. The data transmission controller of claim 18, wherein the circuitry and control logic establish the controlled data port to transmit the data of the transmission pack to a mini-server of the external recipient.
0. 21. The data transmission controller of claim 18, wherein the discrete security code element is a secure key code.
0. 22. The data transmission controller of claim 15, wherein:
if the circuitry and control logic fail to authenticate an IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then the circuitry and control logic transmit the transmission pack back to the external transmission originator.
0. 23. The data transmission controller of claim 15, wherein:
if the circuitry and control logic fail to authenticate an IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then the circuitry and control logic transmit the transmission pack to the external recipient for discrete review by the external recipient.
0. 24. The data transmission controller of claim 15, wherein:
if the circuitry and control logic authenticate the IP address code element, a discrete security code element corresponding to a first security level, and the transmission originator, then the circuitry and control logic establish a secure data port to transmit the data of the transmission pack to the external recipient;
if the circuitry and control logic authenticate the IP address code element, a discrete security code element corresponding to a second security level, and the transmission originator, then the circuitry and control logic establish a controlled data port to transmit the data of the transmission pack to a holding structure of the external recipient; and
if the circuitry and control logic fail to authenticate the IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then the circuitry and control logic transmit the transmission pack back to the external transmission originator.
0. 25. The data transmission controller of claim 13, wherein the data transmission controller is a router.
0. 26. The data transmission controller of claim 13, wherein the data transmission controller is a hub router.
0. 27. The data transmission controller of claim 13, wherein the data transmission controller is located at an internet service provider hub router.
0. 28. The data transmission controller of claim 13, wherein the data transmission controller is located at an NAP distribution point.
0. 29. The data transmission controller of claim 13, wherein the data transmission controller is part of a recipient personal computer.
0. 30. The data transmission controller of claim 13, wherein the data transmission controller is part of an Intranet terminal receiver/router.
0. 32. The data transmission controller of claim 31, wherein the means for authenticating further comprises means for scanning and comparing elements of the transmission pack with an authentic transmission pack format.
0. 33. The data transmission controller of claim 31, wherein the means for authenticating comprises means for determining if the transmission pack includes a discrete recipient IP address code element corresponding to a discrete recipient IP address code of an external recipient.
0. 35. The protection method of claim 34, wherein the authenticating further comprises:
scanning and comparing elements of the transmission pack with an authentic transmission pack format.
0. 36. The protection method of claim 35, wherein the authenticating further comprises:
determining if the transmission pack includes a discrete recipient IP address code element corresponding to a discrete recipient IP address code of an external recipient.
0. 37. The protection method of claim 36, further comprising:
if the scanning and comparing authenticate the IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then establishing a secure data port to transmit the data of the transmission pack to the external recipient.
0. 38. The protection method of claim 37, wherein the discrete security code element is an encrypted key code, and the authenticating further comprises decrypting the encrypted key code.
0. 39. The protection method of claim 36, further comprising:
if the scanning and comparing authenticate the IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then establishing a controlled data port to transmit the data of the transmission pack to a holding structure of the external recipient.
0. 40. The protection method of claim 39, further comprising transmitting the data of the transmission pack via the controlled data port to a mailbox of the external recipient.
0. 41. The protection method of claim 39, further comprising transmitting the data of the transmission pack via the controlled data port to a mini-server of the external recipient.
0. 42. The protection method of claim 39, wherein the discrete security code element is a secure key code.
0. 43. The protection method of claim 36, further comprising:
if the scanning and comparing fail to authenticate an IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then transmitting the transmission pack back to the external transmission originator.
0. 44. The protection method of claim 36, further comprising:
if the scanning and comparing fail to authenticate an IP address code element, a discrete security code element corresponding to a predetermined security level, and the transmission originator, then transmitting the transmission pack to the external recipient for discrete review by the external recipient.
0. 45. The protection method of claim 36, further comprising:
if the scanning and comparing authenticate the IP address code element, a discrete security code element corresponding to a first security level, and the transmission originator, then establishing a secure data port to transmit the data of the transmission pack to the external recipient;
if the scanning and comparing authenticate the IP address code element, a discrete security code element corresponding to a second security level, and the transmission originator, then establishing a controlled data port to transmit the data of the transmission pack to a holding structure of the external recipient; and
if the scanning and comparing fail to authenticate an IP address code element, a discrete security code element corresponding to a predetermined security level, or the transmission originator, then transmitting the transmission pack back to the external transmission originator.
0. 47. The data transmission recipient of claim 46, wherein the data transmission recipient is a personal computer.
0. 48. The data transmission recipient of claim 46, wherein the data transmission recipient is a local area network.
0. 49. The data transmission recipient of claim 46, wherein the data transmission recipient is an Intranet terminal receiver/router.
0. 51. The system of claim 50, wherein the at least one transmission originator is pre-assigned plural discrete security codes having different security levels.
0. 52. The system of claim 50, wherein the data transmission controller comprises circuitry and control logic configured to:
authenticate the transmission pack of data received from the discrete transmission originator, including
scanning and comparing elements of the transmission pack with an authentic transmission pack format.
0. 53. The system of claim 50, wherein said data transmission controller comprises circuitry and control logic configured to:
authenticate a transmission pack of data received from a discrete transmission originator, including
determining if the transmission pack includes a discrete recipient IP address code element corresponding to a discrete recipient IP address code of the discrete recipient, and
transmit the data of the transmission pack via the discrete data port to the discrete recipient.

This anti-virusan anti-virus are efficiently attained and and, since certain changes may be made in the above construction without departing from the scope of the invention, it is intended that all matter contained in the above description or shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.

It is also to be understood that the following claims are intended to cover all of the generic and specific features of the invention herein described, and all statements of the scope of the invention which, as a matter of language, might be said to fall therebetween.

Now that the invention has been described,

Hoffman, Terry G.

Patent Priority Assignee Title
10382595, Jan 29 2014 SMART SECURITY SYSTEMS LLC Systems and methods for protecting communications
10637839, May 24 2012 SMART SECURITY SYSTEMS LLC Systems and methods for protecting communications between nodes
10778659, May 24 2012 SMART SECURITY SYSTEMS LLC System and method for protecting communications
11283774, Sep 17 2015 SECTURION SYSTEMS, INC Cloud storage using encryption gateway with certificate authority identification
11288402, Mar 29 2013 SECTURION SYSTEMS, INC. Security device with programmable systolic-matrix cryptographic module and programmable input/output interface
11429540, Apr 01 2013 SECTURION SYSTEMS, INC. Multi-level independent security architecture
11750571, Oct 26 2015 SECTURION SYSTEMS, INC. Multi-independent level secure (MILS) storage encryption
11783089, Mar 29 2013 SECTURION SYSTEMS, INC. Multi-tenancy architecture
11792169, Sep 17 2015 SECTURION SYSTEMS, INC. Cloud storage using encryption gateway with certificate authority identification
9325676, May 24 2012 TOLA, KENNETH; SMART SECURITY SYSTEMS LLC Systems and methods for protecting communications between nodes
9348927, May 07 2012 TOLA, KENNETH; SMART SECURITY SYSTEMS LLC Systems and methods for detecting, identifying and categorizing intermediate nodes
9992180, May 24 2012 SMART SECURITY SYSTEMS LLC Systems and methods for protecting communications between nodes
Patent Priority Assignee Title
5416842, Jun 10 1994 Sun Microsystems, Inc. Method and apparatus for key-management scheme for use with internet protocols at site firewalls
5432850, Jul 02 1992 AVAYA Inc Method and apparatus for secure data transmission
5511122, Jun 03 1994 The United States of America as represented by the Secretary of the Navy; UNITED STATES OF AMERICA, THE, AS REPRESENTED BY THE SECRETARY OF THE NAVY Intermediate network authentication
5623600, Sep 26 1995 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
5898830, Oct 17 1996 GraphOn Corporation Firewall providing enhanced network security and user transparency
5930479, Oct 21 1996 CALLAHAN CELLULAR L L C Communications addressing system
5958051, Nov 27 1996 Sun Microsystems, Inc. Implementing digital signatures for data streams and data archives
5968126, Apr 02 1997 VPNX COM, INC User-based binding of network stations to broadcast domains
5978567, Jul 27 1994 CSC Holdings, LLC System for distribution of interactive multimedia and linear programs by enabling program webs which include control scripts to define presentation by client transceiver
5983350, Sep 18 1996 McAfee, LLC Secure firewall supporting different levels of authentication based on address or encryption status
5991810, Aug 01 1997 RPX Corporation User name authentication for gateway clients accessing a proxy cache server
6049877, Jul 16 1997 International Business Machines Corporation; International Business Machines Corp Systems, methods and computer program products for authorizing common gateway interface application requests
6065118, Aug 09 1996 Citrix Systems, Inc Mobile code isolation cage
6067620, Jul 30 1996 Round Rock Research, LLC Stand alone security device for computer networks
6092194, Nov 06 1997 FINJAN LLC System and method for protecting a computer and a network from hostile downloadables
6098172, Sep 12 1997 THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT Methods and apparatus for a computer network firewall with proxy reflection
6105027, Mar 10 1997 DROPBOX, INC Techniques for eliminating redundant access checking by access filters
6108583, Oct 28 1997 Georgia Tech Research Corporation Adaptive data security system and method
6157721, Aug 12 1996 INTERTRUST TECHNOLOGIES CORP Systems and methods using cryptography to protect secure computing environments
6158011, Aug 26 1997 SSL SERVICES LLC Multi-access virtual private network
6202081, Jul 21 1998 Hewlett Packard Enterprise Development LP Method and protocol for synchronized transfer-window based firewall traversal
6229806, Dec 30 1997 Google Technology Holdings LLC Authentication in a packet data system
6292569, Aug 12 1996 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
6324648, Dec 14 1999 Intellectual Ventures II LLC Secure gateway having user identification and password authentication
6480963, Jun 17 1998 Fujitsu Limited Network system for transporting security-protected data
6510464, Dec 14 1999 Intellectual Ventures II LLC Secure gateway having routing feature
6523068, Aug 27 1999 Hewlett Packard Enterprise Development LP Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association
6732279, Mar 14 2001 Kioba Processing, LLC Anti-virus protection system and method
7028335, Mar 05 1998 Hewlett Packard Enterprise Development LP Method and system for controlling attacks on distributed network address translation enabled networks
7120802, Aug 12 1996 Intertrust Technologies Corp. Systems and methods for using cryptography to protect secure computing environments
20020040439,
20020069356,
////
Executed onAssignorAssigneeConveyanceFrameReelDoc
Aug 14 2007HOFFMAN, TERRY GEORGETERMAN SOFTWARE APPLICATIONS L L C ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0198810519 pdf
Aug 12 2015TERMAN SOFTWARE APPLICATIONS L L C CHARTOLEAUX KG LIMITED LIABILITY COMPANYMERGER SEE DOCUMENT FOR DETAILS 0373330536 pdf
Oct 31 2019CHARTOLEAUX KG LIMITED LIABILITY COMPANYINTELLECTUAL VENTURES ASSETS 153 LLCASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0509240693 pdf
Nov 15 2019INTELLECTUAL VENTURES ASSETS 153 LLCKioba Processing, LLCASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0514100205 pdf
Date Maintenance Fee Events
Sep 23 2011M1552: Payment of Maintenance Fee, 8th Year, Large Entity.
Oct 27 2015M1553: Payment of Maintenance Fee, 12th Year, Large Entity.


Date Maintenance Schedule
Mar 08 20144 years fee payment window open
Sep 08 20146 months grace period start (w surcharge)
Mar 08 2015patent expiry (for year 4)
Mar 08 20172 years to revive unintentionally abandoned end. (for year 4)
Mar 08 20188 years fee payment window open
Sep 08 20186 months grace period start (w surcharge)
Mar 08 2019patent expiry (for year 8)
Mar 08 20212 years to revive unintentionally abandoned end. (for year 8)
Mar 08 202212 years fee payment window open
Sep 08 20226 months grace period start (w surcharge)
Mar 08 2023patent expiry (for year 12)
Mar 08 20252 years to revive unintentionally abandoned end. (for year 12)