United States Patent [19]
`Abraham et al.
`
`[11] Patent Number:
`[45] Date of Patent:
`
`5,983,270
`Nov. 9, 1999
`
`[54]
`
`[75]
`
`METHOD AND APPARATUS FOR
`MANAGING INTERNET矶TORK AND
`INTRANET矶TORK ACTIVITY
`
`Inventors: Dalen M. Abraham, Redmond; Todd
`A. Barnes, Snohomish; Paul F.
`Bouche, Bellevue; Thomas P. Bougetz,
`Bothell; Tracy A. Gosselin, Kent;
`Mark G. Grieve, Bellevue; Brent A.
`Langdon, Redmond; Robert C.
`Allison, Kirkland; Michael S. Nikkel,
`Redmond, all of Wash.
`
`[73]
`
`Assignee: Sequel Technology Corporation,
`Bellevue, Wash.
`
`[21]
`
`Appl. No.: 08/825,775
`
`[22]
`
`Filed:
`
`Apr. 2, 1997
`
`[60]
`
`[51]
`[52]
`[58]
`
`[56]
`
`Related U.S. Application Data
`Provisional application No. 60/040,424, Mar. 11, 1997.
`
`...... ..... ..... ...... ..... ..... ...... ..... G06F 13/00
`Int. Cl.6
`U.S. Cl. ....................... 709/224; 709/225; 709/250
`.................... 395/200.54, 200.56,
`Field of Search
`395/200.55, 200.59, 200.62, 200.8
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5/1994 Bixby et al. …………………....... 370/401
`5,317,568
`9/1994 Asl的eld et al. ................... 395/200.68
`5,347,633
`5,377,323 12/1994 v』sudevan .................... 395/200.56
`5,425,028
`6/1995 Britton et al. ………………........ 370/389
`5,522,045
`5/1996 Sandberg ……….................. 395/200.45
`5,606,668
`2/1997 Shwed
`5,742,769
`4/1998 Lee et al. ...................... 395/200.36
`
`FOREIGN PATENT DOCUMENTS
`
`0658837A2
`0658837A3
`
`6/1995
`6/1995
`
`European Pat. Off ..
`European Pat. Off ..
`
`OIBER PUBLICATIONS
`
`IBM Corp.,“Enforced Separation of Roles In A Multi User
`Operating System,” IBM Technical Disclosure Bulletin, vol.
`34, No. 7B, pp. 120-122 (Dec. 1991).
`
`J. Bruce Dawson,“Intrusion Protection for Networks,”
`B盯E (Apr. 1995).
`
`Jim Reid,“Open Systems Security: Traps and Pitfalls,”
`Computer & Security 14:496-517 (1995).
`
`S.M. Bellovin and W.R. Cheswick, "Network Firewalls,”
`IEEE Communiations Magazine, No. 9 New York, US
`(1994).
`
`(List continued on next page.)
`
`Primary Examiner Zarni Maung
`Attorney, Agent, or Firm---Christensen O’ Connor Johnson
`& Kindness PLLC
`
`[57]
`
`ABSTRACT
`
`In accordance with the present invention, a network man(cid:173)
`agement program (80) is provided that manages the com(cid:173)
`munication of data packets between an intranetwork ( 44)
`and an internetwork ( 40). An operator of a computer con(cid:173)
`nected to the intranetwork ( 44) inputs vital information
`regarding users of computers connected to the intranetwork
`( 44), mapping information regarding computers connected
`to the intranetwork ( 44), and policies to be applied against
`those users and computers, using a graphical user interface
`(GUI 70). The GUI (70) communicates the vital user
`information, mapping information and policies to a database
`(72) which stores and o职nizes the vital user information,
`mapping information and policies. A filter executive (76)
`optimizes the policies stored in the database (72) into a set
`of rules for each user and passes the rules to a filter engine
`(78). The filter engine (78) filters all outbound data packets
`transmitted from the intranetwork ( 44) to the internetwork
`( 40) and verifies all inbound data packets from the internet(cid:173)
`work ( 40) according to the rules provided by the filter
`executive (76). The filter 己xecutive (76) also communicates
`the mapping information stored in the database (72) to a
`naming service manager (74) which further updates the
`mapping information and returns the updated mapping infor(cid:173)
`mation to the filter executive (76). Consequently, the filter
`executive (78) filters the data packets accordi吨 to the most
`recent mapping information.
`
`72 Claims, 70 Drawing Sheets
`
`J
`
`54
`严
`50
`'"
`54
`,.
`/
`-
`_,
`_/’__ _,.
`,/’__ .,,
`J ’ , '
`’
`' -一--俨工___ L_
`「 ----- f---L τ
`' ----一一
`L
`i I
`I: i I
`i 「→「 i
`I:
`! I G皿
`! I G田 Ii
`: I GUI
`Ii
`Ii
`ii
`! I
`! I
`I :
`I :
`I :
`-----…__ ,
`:..,_ ____『-----~
`L←一一--『-----~
`
`44
`
`飞三:
`
`Panasonic-1005
`Page 1 of 112
`
`
`Abraham et al.
`
`[11] Patent Number:
`[45] Date of Patent:
`
`5,983,270
`Nov. 9, 1999
`
`[54]
`
`[75]
`
`METHOD AND APPARATUS FOR
`MANAGING INTERNET矶TORK AND
`INTRANET矶TORK ACTIVITY
`
`Inventors: Dalen M. Abraham, Redmond; Todd
`A. Barnes, Snohomish; Paul F.
`Bouche, Bellevue; Thomas P. Bougetz,
`Bothell; Tracy A. Gosselin, Kent;
`Mark G. Grieve, Bellevue; Brent A.
`Langdon, Redmond; Robert C.
`Allison, Kirkland; Michael S. Nikkel,
`Redmond, all of Wash.
`
`[73]
`
`Assignee: Sequel Technology Corporation,
`Bellevue, Wash.
`
`[21]
`
`Appl. No.: 08/825,775
`
`[22]
`
`Filed:
`
`Apr. 2, 1997
`
`[60]
`
`[51]
`[52]
`[58]
`
`[56]
`
`Related U.S. Application Data
`Provisional application No. 60/040,424, Mar. 11, 1997.
`
`...... ..... ..... ...... ..... ..... ...... ..... G06F 13/00
`Int. Cl.6
`U.S. Cl. ....................... 709/224; 709/225; 709/250
`.................... 395/200.54, 200.56,
`Field of Search
`395/200.55, 200.59, 200.62, 200.8
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`5/1994 Bixby et al. …………………....... 370/401
`5,317,568
`9/1994 Asl的eld et al. ................... 395/200.68
`5,347,633
`5,377,323 12/1994 v』sudevan .................... 395/200.56
`5,425,028
`6/1995 Britton et al. ………………........ 370/389
`5,522,045
`5/1996 Sandberg ……….................. 395/200.45
`5,606,668
`2/1997 Shwed
`5,742,769
`4/1998 Lee et al. ...................... 395/200.36
`
`FOREIGN PATENT DOCUMENTS
`
`0658837A2
`0658837A3
`
`6/1995
`6/1995
`
`European Pat. Off ..
`European Pat. Off ..
`
`OIBER PUBLICATIONS
`
`IBM Corp.,“Enforced Separation of Roles In A Multi User
`Operating System,” IBM Technical Disclosure Bulletin, vol.
`34, No. 7B, pp. 120-122 (Dec. 1991).
`
`J. Bruce Dawson,“Intrusion Protection for Networks,”
`B盯E (Apr. 1995).
`
`Jim Reid,“Open Systems Security: Traps and Pitfalls,”
`Computer & Security 14:496-517 (1995).
`
`S.M. Bellovin and W.R. Cheswick, "Network Firewalls,”
`IEEE Communiations Magazine, No. 9 New York, US
`(1994).
`
`(List continued on next page.)
`
`Primary Examiner Zarni Maung
`Attorney, Agent, or Firm---Christensen O’ Connor Johnson
`& Kindness PLLC
`
`[57]
`
`ABSTRACT
`
`In accordance with the present invention, a network man(cid:173)
`agement program (80) is provided that manages the com(cid:173)
`munication of data packets between an intranetwork ( 44)
`and an internetwork ( 40). An operator of a computer con(cid:173)
`nected to the intranetwork ( 44) inputs vital information
`regarding users of computers connected to the intranetwork
`( 44), mapping information regarding computers connected
`to the intranetwork ( 44), and policies to be applied against
`those users and computers, using a graphical user interface
`(GUI 70). The GUI (70) communicates the vital user
`information, mapping information and policies to a database
`(72) which stores and o职nizes the vital user information,
`mapping information and policies. A filter executive (76)
`optimizes the policies stored in the database (72) into a set
`of rules for each user and passes the rules to a filter engine
`(78). The filter engine (78) filters all outbound data packets
`transmitted from the intranetwork ( 44) to the internetwork
`( 40) and verifies all inbound data packets from the internet(cid:173)
`work ( 40) according to the rules provided by the filter
`executive (76). The filter 己xecutive (76) also communicates
`the mapping information stored in the database (72) to a
`naming service manager (74) which further updates the
`mapping information and returns the updated mapping infor(cid:173)
`mation to the filter executive (76). Consequently, the filter
`executive (78) filters the data packets accordi吨 to the most
`recent mapping information.
`
`72 Claims, 70 Drawing Sheets
`
`J
`
`54
`严
`50
`'"
`54
`,.
`/
`-
`_,
`_/’__ _,.
`,/’__ .,,
`J ’ , '
`’
`' -一--俨工___ L_
`「 ----- f---L τ
`' ----一一
`L
`i I
`I: i I
`i 「→「 i
`I:
`! I G皿
`! I G田 Ii
`: I GUI
`Ii
`Ii
`ii
`! I
`! I
`I :
`I :
`I :
`-----…__ ,
`:..,_ ____『-----~
`L←一一--『-----~
`
`44
`
`飞三:
`
`Panasonic-1005
`Page 1 of 112
`
`
`
`5,983,270
`Page 2
`
`OIBER PUBLICATIONS
`
`D. Brent Chapman, Network (In) Security Through IP
`Packet Filtering, USENIX Symposium Proceedings, UNIX
`Security III, Baltimore, Maryland, Sep. 14-16, 1992.
`
`D. Brent Chapman and Elizabeth D. Zwicky, Building
`Internet Firewalls, Chapters 6 & 8 (0’ Reilly & Associates,
`Inc., 1995).
`Chris Hare and Kara时 it Siyan, Internet Firewalls and
`Networ古 Securi凯 Chapter 5 (New Riders Publishing, 2d Ed.
`1996).
`
`Panasonic-1005
`Page 2 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 1of70
`
`5,983,270
`
`由时4、凶。同时民)
`
`-
`
`N.导同
`
`Panasonic-1005
`Page 3 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 2 of 70
`
`5,983,270
`
`40
`
`48
`
`50
`
`60
`
`54
`
`/
`
`52
`
`54
`
`52
`
`54
`
`52
`
`Fig. 2.
`
`Panasonic-1005
`Page 4 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 3 of 70
`
`5,983,270
`
`66
`
`NETWORK
`INTERFACE
`
`64
`
`PROCESSING
`UNIT
`
`DISPLAY
`
`68
`
`70
`
`MASS MEMORY
`
`~
`
`RULES AND LOGGING
`DATABASE
`
`NAMING SERVICE
`MANAGER
`
`FILTER EXECUTIVE
`
`FILTER ENGINE
`
`NETWORK
`OPERATING SYSTEM
`
`80
`
`/ --
`
`/
`
`Fig. 3A.
`
`Panasonic-1005
`Page 5 of 112
`
`
`
`mw唱唱∞ω
`J飞。
`
`咀N
`
`d·∞·咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔品。『斗。
`
`Fig. 3C.
`
`OPERATING
`NETWORK
`
`SYSTEM
`
`AGENT
`HOST
`
`\」
`
`75
`
`69
`
`DISPLAY
`
`63
`
`CONTROLLER
`
`DOMAIN
`
`AGENT
`
`MASS MEMORY
`
`Fig. 3B.
`
`OPERATING
`NETWORK
`
`SYSTEM
`
`GUI
`
`70
`
`MEMORY
`
`57
`
`67
`
`DISPLAY
`
`~
`
`58
`
`INTERFACE
`NETWORK
`
`56
`
`Panasonic-1005
`Page 6 of 112
`
`
`
`mw唱唱∞ω
`J飞。
`
`唱N
`
`d·∞·咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔恼。『斗。
`
`Fig. 4.
`
`77
`
`HOST AGENT
`
`_/
`60
`
`I/''"
`I
`
`I
`
`AGENT
`
`CONTROLLER
`
`DOMAIN
`
`75
`
`44
`
`APPLICATION)
`(AGENT AND
`EXEClITIVE
`
`FILTER
`
`76
`
`74
`
`44
`
`\~斗
`
`--.J
`
`_____ .J
`
`---”·--.J
`
`44
`
`GUI
`
`GUI
`
`---L一
`
`50 ,
`
`,,,,
`
`70
`
`r-----
`
`--”
`
`---ι-
`
`54 ,
`
`70
`
`「’---…··
`
`~-
`
`---ι-
`
`--”
`54 ,
`
`70
`
`Panasonic-1005
`Page 7 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 6 of 70
`
`5,983,270
`
`200
`
`202
`
`NO
`
`YES
`
`LOOK UP ACCESS.LEVEL
`FOR CURRENT USER
`
`/
`
`DISPLAY MAIN
`WINDOW WITH ALL
`OPTIONS AVAILABLE
`
`DISPLAY MAIN
`WINDOW WITH SETUP.
`PROTOCOL AND
`SCHEDULING
`OPTIONS BLOCKED
`
`210
`
`214
`
`216
`
`DISPLAY MAIN WINDOW
`WITH SETUP,
`SCHEDULING, USER,
`COMPUTER AND
`PROTOCOL OPTIONS
`BLOCKED
`
`Fig. 5.
`
`Panasonic-1005
`Page 8 of 112
`
`
`
`mw唱唱∞ω
`
`唱N
`
`J飞。
`
`Fig. 6.
`
`d·∞·咱也畔伟国阵 z。4·P]{喝喝啤
`
`回田园。。畔斗。『斗。
`
`84
`
`曰E因
`
`Corpo『ate.Marketing
`Co『po『ate
`System Administrator
`锢cadams@吨,zcom
`
`cadams
`Adams
`
`Ca『ol
`
`Owne『ofGroup(s):
`Member of G『oup:
`Access Level:
`E ·mail Addre垂在
`Login Name:
`Last Name
`Middle Name:
`First Name:
`
`•
`
`、86
`
`'-..._
`
`L. ij Sveta. Basia
`t…哩King.Yvonne
`t·-·噎Gargaya.Manoi守\
`;“·啻Adams.Carol _
`出·啻Sales
`iH-啻:!I飞,la『ketirl g
`i主}哩Info町『t
`i主}·冒:!Finance
`
`i三}哩Co『po『ate
`
`-4
`
`sg
`
`89
`
`/’窜割Sveta. Basia
`_ Stone. A『t『uro
`Revell.Todd
`Ozaki. Ohiro A
`Martinez. Pedro
`Law『ence.David
`
`,e司King,'r’vonne
`
`Gargaya. Manoi
`Fields. David
`Dup『ee.Marcelle 85
`C『剧e.Whitney
`(
`Boone. Paul 91 92A /
`州何川9哩!!)
`
`)
`
`90C
`
`Panasonic-1005
`Page 9 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 8 of 70
`
`5,983,270
`
`Fig. 7A.
`
`220
`
`224
`
`SYS.ADM.
`SELECTS
`DESIRED CORP.
`DEFAULT
`OPTIONS
`(FIG. SA)
`
`UPDATE
`CORPORATE
`DEFAULT
`TABLE
`
`NO
`
`SET GLOBAL
`NETWORK
`PROTOCOL
`TRANSMIT FLAG
`
`ADDIMOD.IDEL.
`RECORDS IN
`GLOBAL
`NETWORK
`PROTOCOL
`TABLE
`
`236
`
`SYS. ADM. SELECTS
`DESIRED OPTIONS
`(FIG. BD)
`
`ADD
`RECORD
`TO TIME
`SCHEDULE
`TABLE
`
`SYS ADM.
`ADDS/
`MODIFIES/
`DELETES
`DESIRED
`GLOBAL
`NETWORK
`PROTOCOLS
`(FIGS SA
`AND SB)
`
`228
`
`SYS.ADM.丛DM.
`ADDS/MODIFIES/
`DELETES USER (FIG.SE)
`
`248
`
`ADD RECORD FOR
`USER TO T品t\NSMIT
`LIST WITH
`ACTION.FLAG
`
`240
`
`246
`
`ADD/MODIFY/DELETE
`CORRESPONDING RECORD
`IN USERS TABLE, ACCESS
`TABLE, GROUP MEMBERS
`TABLE, USER POLICY
`TABLES AND USER
`QUOTA TABLE
`
`254
`
`SYS. ADM.IADM.
`ADDS/MODIFIES/
`DELETES USER'S
`COMPUTER
`(FIGS.SF AND BG )
`
`ADD/MODIFY/DELETE
`CORRESPONDING
`RECORDS IN USERS
`COMPUTER TABLE AND
`RELATED TABLES
`
`ADD RECORD FOR
`USER IN USER
`MAPPINGS TABLE
`
`SYS. ADM.IADM. ADDS/MODIFIES/DELETES
`DESIRED GROUP; MGR. ADDS/MODIFIES/
`DELETES DESIRED SUBGROUP (FIG. SL)
`
`ADD/MODIFY/DELETE CORRESPONDING
`RECORDS IN USER GROUP TABLE, GROUP
`POLICY AND QUOTA TABLES
`
`Panasonic-1005
`Page 10 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 9 of 70
`
`5,983,270
`
`SYS. ADM.IADM.
`ADDS USER iiS DESIRED GROUP; MGR.
`ADDS USER TO DESIRED SUBGROUP
`(FIG. BI)
`
`NO
`
`270
`
`ADD CORRESPONDING
`RECORDS IN GROUP
`MEMBERS TABLE AND USER
`POLICY AND QUOTA TABLES
`
`互IIDRECORD
`FOR USER TO
`TRAN SMπ LIST
`
`276
`
`NO
`
`SYS.ADM.
`ADDS/
`MODIFIES/
`DELETES
`DESIRED
`PROTOCOLS
`(FIGS. 8] AND BK)
`
`ADD/MODIFY/
`DELETE
`CORRESPONDING
`RECORDS IN
`PROTOCOL TABLE
`AND GROUP AND
`USER PROTOCOL
`277 I POLICY TABLES
`
`ADD RECORD TO
`TRANSMIT LIST FOR
`EACH AFFECTED USER
`
`SYS.ADM.I
`ADM./MGR.
`SETS POLICY
`(FIGS. 8M-8D)
`
`280
`
`286
`
`UPDATE CORRESPONDING
`RECORDS IN
`GROUP AND USER POLICY
`TABLES
`(PROTOCOL POLICY
`FIGS.WA AND 10BIFILE TYPE
`POLICY FIGS. 11A AND 1181
`SITE POLiCY FIG. 12)
`
`YES
`
`UPDATE
`CORRESPONDING
`RECORD IN USER
`POLICY TABLE
`(I.E叩 PROTOCOL
`POLICY/FILE TYPE
`POLICY/SITE
`POLICY)
`
`ADD RECORD
`FOR USER TO
`TRANSMIT LIST
`
`Fig. 7B.
`
`Panasonic-1005
`Page 11 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 10 of 70
`
`5,983,270
`
`294
`
`SYS. ADM./ADM./
`MGR.
`SETSOUOTA
`PO哑;icy
`(FIG. BQ)
`
`UPDATE
`CORRESPONDING
`RECORDS IN
`GROUP AND USER
`QUOTA TABLES
`(FIGS. 13A AND 13B)
`
`UPDATE
`CORRESPONDING
`RECORD IN USER
`QUOTA TABLE
`
`298
`
`Fig. 7C.
`
`304
`
`NO
`
`BWLDUSER
`POLICY TABLE
`
`SET USER
`POLICY
`TRANSMIT
`FLAG
`
`SET USER
`MAPPING
`TRANSMIT FLAG
`
`306
`
`308
`
`310
`
`312
`
`Panasonic-1005
`Page 12 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 11 of 70
`
`5,983,270
`
`.吨mw
`
`-M
`
`th叫
`
`一ω
`
`UC咽U
`
`::.l
`口
`
`忡UE 忡忡U主 ED--吾5 咽5 叫回
`
`-s
`
`coo-o』且4』OZZZ
`
`c
`
`i
`
`』
`0
`R
`忡
`8
`.9
`~
`0
`Q
`县
`宦庄
`且 E gi 正
`言~ ·a.. 旦
`Cl
`_IQ
`2"
`(l)
`0
`(l) C -1 c
`_::;飞:i
`.二E
`::ii
`ZI
`~哇,
`ID
`
`LU
`
`~ ~ ~I 岳
`回国国
`
`NM叩】【
`
`-
`
`~I
`
`..c~
`
`Fm苟-MCOZU仰的Em扫
`盲目。-t咱主3020咽CBZZO到
`
`Q
`00
`?『
`
`UZ-M
`
`>X
`
`UE 咽ZEEO且』OU
`
`的昌3咽』由白ω“咱国。且-eu
`
`Panasonic-1005
`Page 13 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 12 of 70
`
`5,983,270
`
`HOH
`
`-
`
`币。
`
`OZEEE
`。ZRFC
`。ZRF
`OZRFE
`。ZEE
`33
`
`OZ
`
`Z
`
`.闰mw
`
`-M
`W呐h叫
`
`HPMWMh
`
`ω忡。-u
`
`旦由百口
`
`-百川山
`
`咱可4
`
`忡忡-MO否 E .
`
`.
`
`∞至 22 口-EEZE
`
`是囚
`
`民 FEES 吾EZωszmEEZ
`
`囚
`
`号”。 zzz
`
`-E
`
`UEmZ 吕-EEZE
`
`白宫CZEE
`
`-m
`
`- EPE 吕-EUZ阻
`E ? EEE 咱ZEEo口回
`〉SmuE町ZC旬εo 口而且
`
`凹mEEEO 可
`
`主吐白刽
`
`...
`』ω
`
`”-DUOMO-冉hu--OSMUZZ-sz胃 Z
`
`Panasonic-1005
`Page 14 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 13 of 70
`
`5,983,270
`
`-umw
`-MWE
`
`『叫一且且咄
`
`一ω
`
`UC咽U
`
`五口
`
`-O
`
`UDEEE吾豆 UEEED」国
`
`的HH
`
`川的E-4
`
`…t
`
`on比
`
`UEm叩Z
`
`-o
`
`uo “。嗣同hu--OEMgZ喃喃唔
`
`Panasonic-1005
`Page 15 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 14 of 70
`
`5,983,270
`
`~
`’『
`
`国|
`
`~I 11 I I 11 I 11 11 I 11 I In 1~
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`I
`
`l
`
`』.. >
`
`lι
`
`::I
`
`←」=-
`
`E3的
`
`.
`
`。叹
`
`〉
`
`-~ ~
`
`吕∞
`
`2ι口口umO
`
`ER比00证。
`
`王且DD.-n巳
`
`室内比口口-ND
`
`En-OONF
`
`主同峙。口’FD
`
`E400
`
`ZJ飞00…FF
`
`…OF
`
`24DD.-∞0
`
`240OUD
`
`2《口。“0
`
`24004口
`
`E40口“0
`
`240OND
`E40DUNF
`E400·FD
`
`2400甜0
`
`2400剧。
`
`E汗毛1
`
`…的-DUOEEn比
`
`E 百-HωSU町 ωe =
`
`Panasonic-1005
`Page 16 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 15 of 70
`
`5,983,270
`
`-M
`
`∞-M听
`
`h叫
`
`古『苟
`
`-U
`
`UE町U
`
`~
`0
`
`{UCOZ
`
`}
`
`…ι
`
`30』臼』OE 』EUE
`
`可苟
`勘回-
`
`" ' '
`
`0 ...,
`c .E o
`τ~ ·~ gi
`S 营主革
`~cl) 占三
`理 E E~
`
`....
`
`-U
`
`〉ω」忡忡UUU4
`
`由EUZEUED口
`
`…忡忡U』可可4-EE-u
`
`-moJ
`
`UEmac
`
`‘n Q
`
`F叫
`
`口
`
`UE 咽Z百咽」
`
`-E
`
`tc-且它主主
`
`UEmwZ苟且hh
`
`”ω”=E 由 ZmH冒4
`
`Panasonic-1005
`Page 17 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 16 of 70
`
`5,983,270
`
`.问mw.导同
`
`的巨咱可咽υ
`
`UKE节旦出可OZ百mJ
`
`主hhDFdm而∞∞飞NN飞∞
`
`U可
`
`旦』宅。主切mJ
`
`BUZ口
`
`--3川甲
`
`哥<
`
`Cl
`
`飞\
`
`~ ~Ii
`
`百M帽ω 、“g 咽-Hd飞。“明wazg””’飞且由国2且geu
`
`ll
`
`Panasonic-1005
`Page 18 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 17 of 70
`
`5,983,270
`
`-U
`
`∞-
`
`MW
`
`咱h叫
`
`EA--且且咱
`
`一由UC咱U
`
`』t
`D
`
`队。-m
`
`…忡忡由』可可4且一
`
`UEmZ』旦EEDU
`
`MU-2阜EEUEMRHd飞
`
`Panasonic-1005
`Page 19 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 18 of 70
`
`5,983,270
`
`响。H
`
`bE4
`
`.国mw.导同
`
`-U
`
`UE咱U
`
`:::.c.:::
`a
`
`一口」咱U、仲E吧-uJ飞
`
`…』由CE口
`
`40且30』由』3叫
`
`UEmz
`
`且=EUEUZ唱唱唱
`
`Panasonic-1005
`Page 20 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 19 of 70
`
`5,983,270
`
`阳叫
`。。
`
`b。
`’‘ 同
`
`。OH
`
`吼叫一且且咱
`
`-U
`
`UE咽U
`
`』丘
`。
`
`HHH
`
`回…
`
`hNH
`
`Em』口且』口ω
`
`民30』白。叫
`
`、.....
`
`甘古J飞
`
`也=OM白白 MM曲”=啊WRHd飞
`
`Panasonic-1005
`Page 21 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 20 of 70
`
`5,983,270
`
`院院\
`
`F回嗣暨…···1
`
`:
`l
`
`:
`
`l
`
`-E
`
`.导同
`
`ω忡。己
`
`ω百-u口
`
`--可…-
`
`可可《
`
`-0
`
`岳王量主可-83回
`8 -oEUUE口百且固
`
`BEE
`口FFEE
`自丘主∞冒
`RRaE
`苟且挝写叶吕刽
`
`Z回
`
`-o
`
`uSEEEZω-EE
`
`MSEUBEn-EE苟且-B且司Z胃言胃Z
`
`Panasonic-1005
`Page 22 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 21 of 70
`
`5,983,270
`
`r、
`。、
`
`气『一且且咄 -u
`
`ucmu
`
`ν问mw
`
`-U
`W咱
`
`们叫
`
`:-:.::::
`口
`
`HE-4
`
`.
`
`U』Dnh
`
`UE 昭Z
`
`-O
`
`UEHEMLED-苟且m且也4 唱唱,飞
`
`Panasonic-1005
`Page 23 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 22 of 70
`
`5,983,270
`
`\
`
`.叫∞.导同
`
`{m
`
`EE 亘古亘古 EE03
`uι口ι}-DUD-口』ιuu-EDE忡。ι
`
`{n
`k←
`
`主的]一百主
`
`{n
`k←
`
`hb-DUDHO』且』旦的EE ←出一正
`
`b -OUD-E 且』
`
`且DUO-D』ι-uu-A盯EM
`
`由EZωut咱罩-E』H由EZ“国的电mUZOR--BUEM--L
`
`i 仲i
`l al
`i c.:q
`! oi
`i 亘;,~...
`
`:睛,:
`<-
`
`回国回国
`
`Panasonic-1005
`Page 24 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 23 of 70
`
`5,983,270
`
`-E
`
`∞.导同
`
`肝、
`电F
`F叫
`
`F…··
`
`旦出-u口
`
`E→
`
`咀…-
`
`它可4
`
`中a3
`一、-.-...
`由
`主0
`」.ij
`中9
`:::; 由
`~ -『.. -‘…
`a.
`I]) x N
`ι3 LLJ
`回··
`[::.
`c
` ν¥
`
`。c
`
`中9
`
`LLJ
`....
`
`~ ~机~
`喃喃
`
`国EZ由ut咱ZHE』HmEZ回归且RU
`
`--ELU--uh
`
`Panasonic-1005
`Page 25 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 24 of 70
`
`5,983,270
`
`E…
`
`
`
`的回可】〔
`
`21且咄 -u
`
`ucmu
`
`-z
`
`mw.导同
`
`』~
`D
`
`/、
`
`主I
`
`],)
`
`EDZ
`
`且=UBd
`
`…E
`
`D-仲EUEEMU--L
`
`== 、飞/
`
`E」u-E
`
`EEZZ百由E 国Eh-唱唱,飞
`
`Panasonic-1005
`Page 26 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 25 of 70
`
`5,983,270
`
`-o
`
`mw·艳阳
`
`旧时由-u口
`
`t节
`ω
`
`百可4
`
`的由〉
`
`U』盯由仲』田里咱U
`
`Eoud 』旦·主主主
`
`Uz--E口的』O叮
`
`且一百〉-DSE2同
`
`c
`0
`
`占坷忡
`n1. 监
`忡 E 耳-
`;=;
`Q) I
`010
`
`...
`
`du-E 口U.主主主
`
`忡EDotmU叮叮
`
`忡忡由主品
`
`[>
`Q)
`E
`d口z
`
`Q)
`
`忡由刮目可EBuι仲E3=咱。-MW仲UUU咱主 ozd
`
`uu-3E忡忡mwuu42-∞
`
`川的EZ白ι主且-EU「22 忡忡UUUmhzu巳
`
`咄咄}【
`
`ummuu』帽罩、UUHB= BMD』忡团EZ曲叨且『且-ORhUM币的
`
`U')
`田·.
`甸甸回
`
`忡U〉
`
`...
`
`EDZEDM忡百且
`
`....
`
`...
`
`的3』旦U且.主主主
`
`忡2EZU且
`
`Panasonic-1005
`Page 27 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 26 of 70
`
`5,983,270
`
`.民∞.导同
`
`『A
`
`EB司
`
`-U
`
`UC咱υ
`
`b丘
`口
`
`回…
`
`A
`
`主I
`
`D z
`
`、.妃,
`
`U忡
`忡E
`
`mv它4ι一
`
`…Z
`
`工可旦出一咱3臼辛-3…~
`
`UUEmz2日
`
`ut」2日
`
`h喃VH
`
`EER且EM曲也””uuud飞U虐的mH哩,『
`
`Panasonic-1005
`Page 28 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 27 of 70
`
`5,983,270
`
`-o
`
`mw-M町、同
`
`气可它飞EZ
`
`UBER
`
`--E30
`
`奇古飞EZBFU32EEEEZtE」@
`
`旬出\ U忡可UUUZUUEE-dto主-UEFa32白且FZE』曲的3m =EDZm一旦〉ED3臼咽四口」
`
`EEHUu--咽ZMD』钟团EZ“um且mu
`
`--D也咽翩。=白
`
`产…叫道主
`
`Panasonic-1005
`Page 29 of 112
`
`
`
`mw唱唱∞ω
`
`咀N
`
`J飞。
`
`d·∞·咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔N∞。『斗。
`
`138
`
`ACTION.FLAG
`DOMAIN.NAME
`COMPUTER.NAME
`LOGIN.NAME
`ACTION.FLAG
`SOURCE.IP ADDRESS
`USER.ID
`
`USER MAPPING
`
`ACTION.FLAG
`USER.ID
`
`134
`
`TRANSMIT LIST
`
`Fig. 9D.
`
`135
`
`ACTION.FLAG
`
`FILTER ACTION
`
`Fig. 9A.
`
`136
`
`NOTIFY.FLAG
`LOG.FLAG
`FILE.EXTENSION
`ACCESS.FLAG
`SITE.FLAG
`PORT.NUMBER
`DEST.IP ADDRESS
`USER.ID
`ACTION.FLAG
`RULE.1YPE.CODE
`USER POLICY
`
`L/112
`
`RULE.1YPE.CODE
`NOTIFY.FLAG
`ACCESS.FLAG
`LOG.FLAG
`PORT.NUMBER
`GLOBAL.PROTOCOL.NAME
`GLOBAL.PROTOCOL.ID
`PROTOCOLS
`
`GLOBAL NETWORK
`
`NOTIFY.FLAG
`BLOCK.NET.SERVICES.FLAG
`
`I T此'\NS.LOAD.INTERVAL
`
`『LOG.NO.BLOCK.FLAG
`\ I LOG.ON.OFF.FLAG
`110飞l 飞IPASS.THRU.FLAG
`
`CORPORATE DEFAULT
`
`Panasonic-1005
`Page 30 of 112
`
`
`
`咀N
`
`斗。
`
`mw唱唱∞ω
`
`咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔N唱。『斗。
`
`-F
`
`d
`
`Fig. 9B.
`
`-
`
`。。
`
`句,-
`嘈t
`
`ras
`
`··t
`
`’
`
`-w 一
`
`-
`
`-
`…
`…
`VI-EE
`EE-TLTL
`
`E
`-E
`「 l 寸
`
`L
`
`124
`
`E -山…
`E
`叩…mM-
`T-E
`E
`-d一?囚-
`L-R
`
`…
`
`127
`
`126
`
`'-=--------」
`1 IP .Af5DRESS今
`.----------
`ADDRESSES
`
`SITE IP
`
`L---~ SITE.ID
`
`1 SITE.NAME 1
`~ 1
`I
`
`一一IFDN
`1 SITE.ID
`__ §!IEJ足一
`
`123
`
`: PROTOCOL.NA岛fEi_/
`! PROTOCOL.ID
`·'
`-------------, ,-116
`
`I
`
`PROTOCOLS
`
`L------------1
`1 PORT.NUMBER
`I
`--丁PROTOCOLALIAS,-
`
`122
`
`117
`
`IP.ADDRESS
`COMPUTER.NAME
`COMPUTER.ID
`
`COMPUTERS
`
`PERSONAL.RESTRICT.BY
`CURRE!\厅.RESTRICT.BY
`PERSONAL.ACCESS
`CURRENT.ACCESS
`FILETYPE.ID
`USER.ID
`GROUP.ID
`USER FILE TYPE POLICY
`
`PERSONAL.RESTRICT.BY
`CURRENT.RESTRICT.BY
`PERSONAL.ACCESS
`CURRENT.ACCESS
`SITE.ID
`USER.ID
`GROUP.ID
`
`USER SITE POLICY
`
`PERSONAL.RESTRICT.BY
`CURRENT.RESTRICT.BY
`PERSONALACCESS
`CURRENT.ACCESS
`PROTOCOL.ID
`USER.ID
`GROUP.ID
`USER PROTOCOL POLICY
`
`120
`
`125
`
`PERSONAL.QUOTA
`CURRENT.QUOTA
`USER.ID
`GROUP.ID
`
`USER QUOTAS
`
`USER.ID
`GROUP.ID
`
`已〉----
`
`MEMBERS
`
`GROUP
`
`ACCESS.LEVEL
`
`-•USER.ID
`
`19飞ACCESSLE阳L
`
`USER.ID
`COMPUTER.ID
`COMPUTERS
`
`USER
`
`115
`
`DOMAIN.NAME
`EMAIL.ADDRESS
`LOGIN.NAME
`LAST.NAME
`MIDDLE.INITIAL
`FIRST.NAME
`USER.ID
`
`USERS
`
`118
`
`Panasonic-1005
`Page 31 of 112
`
`
`
`mw唱唱∞ω
`
`咀N
`
`J飞。
`
`d·∞·咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔ω。。『斗。
`
`PERSONAL.QUOTA
`CURRENT.QUOTA
`GROUP.ID
`GROUP
`
`132
`
`:〈主
`
`-122
`
`PARENT.GROUP.ID
`GROUP.OWNER
`GROUP.NAME
`GROUP.ID
`
`USER GROUP
`
`PERSONAL.RESTRICT.BY
`CURRENT.RESTRICT.BY
`PERSONAL.ACCESS
`CURRENT .ACCESS
`FILETYPE.ID
`GROUP.ID
`
`GROUP FILE 1YPE POLICY
`
`131
`
`'129
`
`PERSONAL.RESTRICT.BY
`CURRENT.RESTRICT.BY
`PERSONAL.ACCESS
`CURRENT .ACCESS
`SITE.ID
`SITE.FLAG
`GROUP.ID
`GROUP SITE POLICY
`
`PERSONAL.RESTRICT.BY
`CURRENT.RESTRICT.BY
`PERSONAL.ACCESS
`CURRENT .ACCESS
`PROTOCOL.ID
`GROUP.ID
`
`GROUP PROTOCOL
`
`POLICY
`
`END TIME
`STARTTIME
`ENDDAY
`STARIDAY
`PROTOCOL.ID
`GROUP.ID
`RESTRICTION.ID
`TIME SCHEDULE
`
`114
`
`Fig. 9C.
`
`FILE.EXTENSION
`FILETYPE.ID
`
`FILE TYPES
`
`128
`
`127
`
`SITE.NAME
`F一ID;
`SITE.ID
`
`SITES
`
`130
`
`126
`
`SITE IP
`
`IP.ADDRESS
`SIπ.ID
`ADDRESSES
`
`PORT.NUMBER
`PROTOCOL.ALIAS
`PROTOCOL.NA岛fE
`PROTOCOL.ID
`
`PROTOCOLS
`
`116
`
`Panasonic-1005
`Page 32 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 31 of 70
`
`5,983,270
`
`320
`
`322
`
`324
`
`GET GROUP PROTOCOL
`POLICY RECORD FOR
`HIGHLIGHTED GROUP
`
`NO
`
`326
`
`YES
`SET GROUP’S CURRENT ACCESS
`AND PERSONALACCESS TO
`DENY
`
`328
`
`330
`
`332
`
`SET GROUP’S CURRENT.RESTRICT.BY AND
`PERSONAL.RESTRICT.BY TO HIGHLIGHTED
`GROUP.ID
`
`SET CURRENT ACCESS= DENY AND
`CURRENT.RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`IN GROUP PROTOCOL POLICY RECORD
`OF EACH SUBGROUP OF THE
`HIGHLIGHTED GROUP
`
`SET CURRENT ACCESS= DENY AND
`CURRENT.RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`IN USER PROTOCOL POLICY RECORD OF
`EACH USER BELONGING TO
`HIGHLIGHTED GROUP AND ITS
`SUBGROUPS
`
`334
`
`ADD A RECORD TO TRANSMil咱 LIST
`FOR EACH USER BELONGING TO
`HIGHLIGHTED GROUP AND ITS
`SUBGROUPS
`
`336
`
`Fig. 10A.
`
`Panasonic-1005
`Page 33 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 32 of 70
`
`5,983,270
`
`338
`
`340
`
`SET CURRENT .ACCESS TO ALLOW AND
`ALL OTHER FLAGS TO NULL IN
`HIGHLIGHTED GROUP PROTOCOL
`POLICY RECORD
`
`GET GROUP PROTOCOL POLICY
`RECORD FOR FIRST SUBGROUP OF
`HIGHLIGHTED GROUP
`
`342
`
`NO
`
`354
`
`GET GROUP
`PROTOCOL
`POLICY
`RECORD FOR
`NEXI'
`SUBGROUP
`OF GROUP
`
`SET SUBGROUP’S
`CURRENT .ACCESS=
`PARENT’s
`CURRENT .ACCESS AND
`SUBGROUP’s
`CURRE1'厅:RESTRICT.BY
`=PARENT GROUP.ID
`
`NO
`
`SET SUBGROUP’S
`CURRENT .ACCESS =
`PERSONAL.ACCESS AND
`CURRENT.RESTRICT.BY
`= SUBGROUP.ID
`
`350
`
`SET SUBGROUP'S
`CURRE1'厅'.ACCESS
`=ALLOW AND
`CURRENT.
`RESTRICT.BY=
`NULL
`
`NO
`
`368
`
`GET USER
`PROTOCOL
`POLICY
`RECORD
`FORNEXI'
`USER
`
`366
`
`SET CURRENT .ACCESS=
`PERSONAL.ACCESS AND
`CURRE1'厅:RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`
`SET USER’S
`CURRENT .ACCESS =
`ALLOW AND
`CURRENT.RESTRICT.
`BY=NULL
`
`ADD RECORD FOR USER
`TOTRANSMπ LIST
`
`364
`
`Fig.10B.
`
`Panasonic-1005
`Page 34 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 33 of 70
`
`5,983,270
`
`372
`
`376
`
`ADD RECORD FOR CURRENT GROUP TO GROUP FILE TYPE POLIC
`TABLE E何TH CURRENT .ACCESS AND PERSONAL.ACCESS =
`DENY AND CURRENT.RESTRICT.BY AND PERSONAL.RESTRICT.BY=
`CURRENT GROUP.ID
`
`378
`
`ADD RECORD TO FILE TYPE TABLE
`
`380
`
`SET CURRENT .ACCESS =DENY AND CURRENT.RESTRICT.BY=
`CURRENT GROUP.ID IN GROUP FILE TYPE POLICY RECORD OF
`EACH CHILD GROUP (IF CHILD DOES NOT HA VE A RECORD,
`ADDA RECORD E何THSA岛fE SETTINGS)
`
`382
`
`SET CURRENT .ACCESS =DENY AND CURRENT.RESTRICT.BY= CURRENT
`GROUP.ID IN USER FILE TYPE POLICY RECORD OF EACH MEMBER OF
`CURRENT GROUP AND CURRENT GROUP’S CHILDREN (IF USER DOES NO
`HA VE A RECORD, ADD A RECORD WITH SAME SETTINGS)
`
`384
`
`ADD A RECORD TO T品生NSMIT LIST FOR EACH MEMBER OF
`CURRENT GROUP AND CURRENT GROUP’S CHILDREN
`
`Fig. 11A.
`
`Panasonic-1005
`Page 35 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 34 of 70
`
`5,983,270
`
`DELETE CURRENT GROUP’S
`RECORD FROM GROUP FILE
`TYPE POLICY TABLE
`
`GET GROUP FILE TYPE
`POLICY RECORD FOR FIRST
`CHILD OF GROUP
`
`388
`
`390
`
`DELETE
`CHILD’s
`RECORD
`FROM
`GROUP
`FILEIYPE
`POLICY
`TABLE
`
`396
`
`398
`
`GET GROUP
`FILEIYPE
`POLICY
`RECORD FOR
`NEXI'CIDLD
`OF GROUP
`
`MAINTAIN
`ALL
`SETITNGS
`IN
`CHILD
`RECORD
`
`400
`
`SET CHILD’s
`CURRENT .ACCESS=
`PERSONAL.ACCESS AND
`CURRENT.RESTRICT.BY=
`CHILD GROUP.ID
`
`GET USER FILE TYPE POLICY
`RECORD FOR FIRST USER
`IN USER LIST
`
`406
`
`410
`
`DELETE USER’S
`RECORD FROM
`USER FILE TYPE
`POLICY TABLE
`
`组8
`
`GET USER
`FILEIYPE
`POLICY
`RECORD FOR
`NEXT USER
`
`YES
`SET USER’S CURRENT .ACCESS
`=PERSONAL.ACCESS AND
`CURRENT.RESTRICT.BY=
`CURRENT GROUP.ID
`
`414
`
`ADD RECORD FOR USER
`TO TRANSMIT LIST
`
`Fig.11B.
`
`Panasonic-1005
`Page 36 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 35 of 70
`
`5,983,270
`
`422
`
`REPEAT BLOCKS
`EXCEPT SET
`CURRENT ACCESS=
`ALLOW AND
`CURRENT.RESTRICT.
`BY=NULL
`
`437
`
`426
`
`REQUEST DNS LOOKUP FOR FULLY QUALIFIED DOMAIN NAME
`
`ADD RECORD TO SITE TABLE; IDENTIFY DENIED SITE
`
`ADD A RECORD FOR HIGHLIGHTED GROUP TO GROUP SITE
`POLICY TABLE FOR SITE WITH CURRENT ACCESS AND
`PERSONALACCESS =DENY AND CURRENT.RESTRICT.BY AND
`PERSONAL.RESTRICT.BY= HIGHLIGHTED GROUP.ID
`
`SET CURRENT.ACCESS= DENY AND
`CURRENT.RESTRICT.BY= HIGHLIGHTED GROUP.ID
`IN GROUP SITE POLICY RECORD OF EACH SUBGROUP
`(IF SUBGROUP DOES NOT HA VE A RECORD ADD A RECORD
`E何TH SAME SETTINGSTO GROUP SITE POLICY TABLE)
`
`SET CURRENT ACCESS= DENY AND
`CURRENT.RESTRICT.BY= HIGHLIGHTED GROUP.ID
`IN USER SITE POLICY RECORD OF EACH USER BELONGING TO
`HIGHLIGHTED GROUP AND ITS SUBGROUPS (IF USER DOES NOT
`HA VE A RECORD ADD A RECORD WITH SAME SETTINGS TO USER
`SITE POLICY TABLE)
`
`ADD A RECORD TO TRANSMIT LIST FOR EACH USER BELONGING
`TO HIGHLIGHTED GROUP AND ITS SUBGROUPS
`
`430
`
`432
`
`434
`
`436
`
`Fig. 12.
`
`Panasonic-1005
`Page 37 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 36 of 70
`
`5,983,270
`
`440
`
`442
`
`GET GROUP αUOTARECORD
`FOR HIGHLIGHTED GROUP
`
`448
`
`ISSUE
`ERROR
`MESSAGE
`
`SET HIGHLIGHTED GROUP’S CURRENT.OUOTA AND
`
`cuRlfnf.股硝即~!:~iftAZ揣品货员IP.ID
`
`FOR EACH SUBGROUP OF HIGHLIGHTED GROUP
`WHOSE CURRENT.OUOTA =
`0 OR> INPUT OU OTA.
`OVERRIDE SUBGROUP’S CURRENT αUOTA=
`INPUT QUOTA AND SET CURRENT.RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`IN SUBGROUP’S GROUP QUOTA RECORD
`
`450
`
`452
`
`FOR EACH MEMBER OF HIGHLIGHTED
`GROUP OR HIGHLIGHTED GROUP’s
`SUBGROUP WHOSE
`CURRENT.OUOTA =
`0 OR> INPUT OU OTA.
`OVERRIDE USER'~ CURRENT QUOTA=
`INPUT OU OTA AND
`SET CURRENT.RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`IN USER’S GROUP QUOTA RECORD
`
`454
`
`456
`
`Fig. 13A.
`
`Panasonic-1005
`Page 38 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 37 of 70
`
`5,983,270
`
`HIGHLIGHTED GROUP’S
`CURRENT.QUOTA=
`PERSONAL.QUOTA= 0
`AND CURRENT.RESTRICT.BY=
`HIGHLIGHTED GROUP.ID
`
`4
`
`GET GROUP QUOTA RECORD
`FOR FIRST SUBGROUP OF
`HIGHLIGHTED GROUP
`
`460
`
`SET HIGHLIGHTED GROUP'S
`CURRENT.OUOTA =
`PARENT CURRENT.QUOTA,
`PERSONAL.OUOT'A = 0
`.
`AND CURRENT.RESTRICT.BY=
`PARENT GROUP.ID
`
`468
`
`SET SUBGROUP’s
`CURRENT.
`QUOTA=OAND
`CURRENT.
`RESTRICT.BY=
`HIGHLIGHTED
`GROUP.ID
`
`SET SUBGROUP’S
`CURRENT.QUOTA=
`PARENT’s
`CURRE却j¥UOTA
`CURRENT.RESTRICT.BY=
`PARENT GROUP.ID
`
`SET SUBGROUP'S
`CURRENT.OUOTA =
`PERSONAL.OUOTA AND
`CURRENT.RESTRICT.BY=
`SUBGROUP.ID
`
`GET GROUP
`αUOTA
`RECORD
`FOR NEXT
`SUBGROUP
`
`YES
`
`GET USER UOTA RECORD FOR USER
`BELONGING TO HIGHLIGHTED AND ANY OFI
`ITS SUBGROUPS
`
`472
`
`Fig. 13B.
`
`Panasonic-1005
`Page 39 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 38 of 70
`
`5,983,270
`
`494
`
`GET USER
`αUOTA
`RECORD
`FOR NEXT
`USER
`
`SET USER’S CURRENT.QUOTA =
`CURRENT.QUOTA OF USER’S GROUP
`AND
`SET USER’S CURRENT.RESTRICT.BY=
`USER’S GROUP.ID
`
`SET
`CURRE哩S:_UOTA =。
`CURRENT.RESTRICT.BY=
`NULL
`
`SET CURRENT.QUOTA =
`PERSONAL.OlIOTA
`AND-
`CURRENT.RESTRICT.BY=
`NULL
`
`488
`
`Fig.13C.
`
`496
`
`Panasonic-1005
`Page 40 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 39 of 70
`
`5,983,270
`
`500
`
`502
`
`GET FIRST RECORD IN
`TRANSMIT LIST
`
`USING USER.ID AS INDEX, SCAN
`USER PROTOCOL POLICY TABLE
`FOR ALL USER’S RECORDS
`
`504
`
`FOR EACH PROTOCOL.ID, ADD RECORD TO
`USER RULE TABLE IDENTIF凹NG: USER.ID,
`RULE.TYPE.CODE= PROTOCOL,
`PORT.NuMBER, ACCESS.FLAG, LOG.FLAG,
`NOηFY.FLAG, ACTION.FLAG
`
`I r- 506
`
`USING USER.ID AS INDEX, SCAN USER FILE
`TYPE POLICY TABLE FOR ALL USER’S RECORDS
`
`508
`
`FOR EACH FILE.TYPE.ID, ADD RECORD TO
`USER RULE TABLE IDENTIFYING: USER.ID,
`RULE.TYPE.CODE =FILE TYPE,
`FILE.EXTENSION ACCESS.FLAG, LOG.FLAG,
`NOTIFY.FLAG, ACTION.FLAG
`
`I
`
`,.-- 510
`
`USING USER.ID AS INDEX, SCAN USER SITE
`POLICY TABLE FOR ALL USER’S RECORDS
`
`512
`
`FOR EACH SITE.ID, ADD RECORD TO USER
`RULE TABLE IDENTIFYING: USER.ID,
`RULE.TYPE.CODE = SITE.
`DEST.IP ADDRESS, SITE.FLAG, ACCESS.FLAG,
`LOG.FLAG, NOTIFY.FLAG, ACTION.FL生G
`
`I ,.-- 514
`
`516
`
`GET NEXT RECORD
`INTRANSMπ LIST
`
`Fig. 14.
`
`Panasonic-1005
`Page 41 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 40 of 70
`
`5,983,270
`
`START
`FILTER
`EXECUTIVE
`
`526
`
`530
`
`NO
`
`YES
`
`INITIALIZE FILTER ENGINE
`(FIG.16)
`
`A口1NG AS A NAMING SERVICE AGENT,
`SEND REGISTRATION REQUEST TO
`NAMING SERVICE MANAGER
`
`ACTING AS A NAMING SERVICE
`APPLICATION, SEND REGISTRATION
`REQUEST TO NAMING SER盯CE
`MANAGER
`
`KICKOFF LOGGING THREADS
`(FIG. 23)
`
`KICKOFF NOTIFICATION THREAD
`(FIG. 2 η
`
`532
`
`538
`
`540
`
`Fig. 15A.
`
`Panasonic-1005
`Page 42 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 41 of 70
`
`5,983,270
`
`WAIT
`PREDETERMINED
`TIME INTERVAL
`
`READ CORPORATE
`DEFAULT TABLE
`FROM DATABASE
`
`548
`
`550
`
`DEFINE
`CORPORATE
`RULES
`
`SET CORP.
`RULES READY
`FLAG
`
`SEND
`CORPORAτ'E
`RULES TO
`FILTER
`ENGINE
`
`556
`
`SET GLOBAL
`NETWORK RULES
`READY FLAG
`
`554
`
`READ GLOBAL NETWORK
`PROTOCOLS TABLE AND
`DEFINE INBOUND AND
`OUTBOUND GLOBAL
`NETWORK RULES
`
`SEND
`GLOBAL
`RULES TO
`FILTER
`ENGINE
`
`READ USER POLICY
`TABLE AND DEFINE
`USER RULES
`(FIG.18)
`
`SEND USER MAPPING
`TABLE TO NAMING
`SERVICE MANAGER
`
`562
`
`557
`
`SET USER RULES
`READY FLAG
`
`563
`
`566
`SEND USER
`RULES TO
`FILTER ENGINE
`
`572
`
`READ TIME SCHEDULE
`TABLE AND DEFINE
`TIMER RULES
`(FIG. 20)
`
`CLEAR FLAGS
`
`SET TIMER RULES
`READY FLAG
`
`Fig. 15B.
`
`SEND TIMER RULES TO
`FILTER ENGINE
`
`Panasonic-1005
`Page 43 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 42 of 70
`
`5,983,270
`
`580
`
`KICKOFF IP ADDRESS
`RESOLUTION OF
`LOGGED HOST NAMES
`
`HASDNS
`VALIDATION TIMER
`EXPIRED?
`
`KICKOFF DNS VALIDATION
`OF LOGGED IP ADDRESSES
`
`KICKOFF αUOTA
`CALCULA 10NS
`(FIG. 26)
`
`Fig. 15C.
`
`Panasonic-1005
`Page 44 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 43 of 70
`
`5,983,270
`
`590
`
`START
`INIπALIZING
`FILTER ENGINE
`
`592
`
`YES
`
`593
`
`594
`
`READ CORPORATE DEFAULT
`TABLE AND DEFINE
`CORPORATE RULES
`
`596飞J SET CORP. RULES READY
`FLAG
`
`598
`
`READ GLOBAL NETWORK
`PROTOCOLS TABLE AND DEFINE
`INBOUND AND OUTBOUND
`GLOBAL NETWORK RULES
`
`600
`
`READ USER POLICY TABLE
`AND DEFINE USER RULES
`(FIG.18)
`
`602
`
`SET USER RULES
`READY FLAG
`
`604
`
`START FILTER
`ENGINE
`
`605
`
`SEND CORPORATE RULES,
`GLOBAL NETWORK RULES
`AND USER RULES TO
`FILTER ENGINE
`
`606
`
`Fig. 16.
`
`Panasonic-1005
`Page 45 of 112
`
`
`
`mw唱唱∞ω
`
`咀N
`
`J飞。
`
`d·∞·咱也畔伟国阵
`
`z。4·P]{喝喝啤
`
`回田园。。畔品品。
`『斗。
`
`Fig. 17.
`
`队153
`
`55 队1
`
`59
`
`J
`
`u140
`
`ACTION.FLAG
`USER.LOGGED.IN.FLAG
`DOMAIN.NAME
`COMPUTER.NAME
`LOGIN.NAME
`SOURCE.IP ADDRESS
`USER.ID
`
`USER MAPPING RULES
`
`58
`
`u-1
`
`ACTION.FLAG
`NOTIFYINONOTIFY.RULE
`LOG/NOLOG.RULE
`ALLOW/DENY.RULE
`PORT.NUMBER= WILDCARD
`PROTOCOL.ID
`RULE.1YPE.CODE =PROTOCOL
`
`NOTIFY/NONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW/DENY.RULE= ALLOW
`PORT.NUMBER
`PROTOCOL.ID
`RULE.1YPE.CODE =PROTOCOL
`
`ACTION.FLAG
`NOTI.凹'/NONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW/DENY.RULE
`DEST.IP ADDRESS
`PORT.NUMBER
`PROTOCOL.ID
`USER.ID
`RULE.1YPE.CODE = SITE
`ACTION.FLAG
`NOTIFYINONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW/DENY.RULE= DENY
`PORT.NUMBER
`PROTOCOL.ID
`USER.ID
`RULE.1YPE.CODE =PROTOCOL
`
`lr154
`
`IN.OUT.FLAG= OUT
`RULE.1YPE.CODE
`NOTIFYINONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW/DENY.RULE
`SOURCE.PORT.NUMBER
`PROTOCOL.NUMBER
`
`OUTBOUND GLOBAL
`
`NETWORK RULES
`
`lr152
`
`IN.OUT.FLAG =IN
`RULE.1YPE.CODE
`NOπFYINONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW/DENY.RULE
`DEST.PORT.NUMBER
`PROTOCOL.ID
`
`NETWORK RULES
`INBOUND GLOBAL
`
`l/157
`/
`
`ACTION.FLAG
`NOTIFYINONOTIFY.RULE
`LOG/NO LOG.RULE
`ALLOW.DENY.RULE= DENY
`
`USER.ID
`RULE.1YPE.CODE =FILE TYPE
`
`0 I FILE.EXTENSION(S)
`
`USER RULES
`
`vis
`
`DEFAULT.NO.NOTIFY.RULE
`DEFAULT.LOG.RULE
`DEFAULT.DENY.RULE
`NOTIFY.ON.OFF.RULE
`LOG.ON.OFF.RULE
`PASS.THRU.RULE
`LOG.NO.BLOCK.RULE
`
`CORPORATE RULES
`
`Panasonic-1005
`Page 46 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 45 of 70
`
`5,983,270
`
`608
`
`610
`
`IDENTIFY FIRST USER
`
`614
`
`DEFINE
`FILE.EXT.DENY.RULE
`
`618
`
`DEFINE A
`PROTOCOL.DENY.RULE FOR
`EACH DENIED PROTOCOL
`
`622
`
`YES
`
`DEFINE SITE
`RULES
`(FIG.19)
`
`DEFINE A
`PROTOCOL.ALLOW.RULE FOR
`EACH ALLOWED PROTOCOL
`
`624
`
`IDENTIFY
`NEXT
`USER
`
`628
`
`DEFINE DENY.UNKNO肌TN.
`PROTOCOLS.RULE
`FOR EACH USER
`
`DEFINE
`ALLOW.UNKNOWN.PROTOCOLS.
`RULE FOR EACH USER
`
`630
`
`Fig. 18.
`
`Panasonic-1005
`Page 47 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 46 of 70
`
`5,983,270
`
`636
`
`START
`DEFINING SITE
`RULES
`
`NO
`
`640 、
`
`642 飞
`
`644
`
`646
`
`SCAN USER POLICY
`TABLE FOR ALL SITES
`DENIED TO USER
`
`SCAN USER POLICY TABLE
`FOR ALL SITES ALLOWED
`TO USER
`
`SCAN USER POLICY TABLE
`FOR ALL ALLOWED
`PROTOCOLS
`
`SCAN USER POLICY TABLE
`FOR ALL ALLOWED
`PROTOCOLS
`
`COMBINE EACH DENIED
`SIπ 阳TH EACH
`ALLO饥TED PROTOCOL
`AND CREATE A SITE/
`PROTOCOL.DENY.RULE
`FOR EACH DENIED SITE/
`ALLOWED PROTOCOL
`COMBINATION
`
`COMBINE EACH ALLOWED
`SIπ WITH EACH ALLOWED
`PROTOCOL AND
`CREATE A SITE/
`PROTOCOL.ALLOW.RULE
`FOR EACH ALLOWED SITE/
`ALLOWED PROTOCOL
`COMBINATION
`
`CREATE A SITE/
`PROTOCOLALLOW.RULE
`FOR ALL ALLOWED
`PROTOCOLS
`
`CREATE A SITE/
`PROTOCOL.DENY.RULE FOR
`ALL ALLOWED PROTOCOLS
`
`656
`
`,-648
`
`,-650
`
`652
`
`654
`
`Fig. 19.
`
`Panasonic-1005
`Page 48 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 47 of 70
`
`5,983,270
`
`658
`
`START
`DEFINING
`口’MER RULES
`
`659
`
`READ GLOBAL NETWORK
`PROTOCOLS TABLE AND DEFINE
`INBOUND AND OUTBOUND
`GLOBAL NETWORK RULES
`
`660
`
`662
`
`REORDER RECORDS IN TIME
`SCHEDULE TABLE BY
`PROTOCOL.ID AND
`START.DAY
`
`GET FIRST RECORD IN
`REORDERED TIME
`SCHEDULE TABLE
`
`670
`
`GET NEXT
`RECORD IN TIME
`SCHEDULE
`TABLE
`
`DEFINE BOTII AN
`INBOUND AND
`OUTBOUND GLOBAL
`NETWORK PROTOCOL
`RULE FOR
`CORRESPONDING
`PROTOCOL
`
`666
`
`668
`
`NO
`
`Fig. 20.
`
`Panasonic-1005
`Page 49 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 48 of 70
`
`5,983,270
`
`680
`
`682
`
`START FILTER ENGINE
`
`YES
`INSPECT PACKET FOR PORT.NUMBER.
`PROTOCOL.NUMBER, SOURCE.IP .ADDRESS,
`DEST.IP .ADDRESS AND FILE.EXTENSION
`
`684
`
`FILTER INTERCEPTEDPACKET
`(FIG.22)
`
`686
`
`690
`
`696
`
`704
`
`706
`
`NO
`
`DENY PACKET
`
`700
`
`SEND NOTIFICATION
`REQ旧STTO DATABASE
`
`Fig. 21.
`
`Panasonic-1005
`Page 50 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 49 of 70
`
`5,983,270
`
`710
`
`RETURN
`DEFAULT
`FILTER.
`RESULT:
`LOG明
`DENY, NO
`NOTIFY
`
`721
`
`RETURN
`FILTER.RESULT
`LOG/NO LOG
`ALLOW/DENY
`NOTIFY/NO
`NOTIFY
`
`NO
`MAP SOURCE.IP .ADDRESS OF
`PACKET TO USER.ID IN USER
`MAPPll证G TABLE
`
`728
`
`722
`
`718
`
`RETURN DEFAULT
`FILTER.RESULT:
`LOG, DENY, NO
`NOTIFY
`
`RETURN DEFAULT
`FILTER.RESULT:
`LOG, DENY, NO
`NOTIFY
`
`RETURN
`FILTER.RESULT
`LOG/NO LOG
`ALLOW/DENY
`NOTIFY/NO
`NOTIFY
`
`RETURN DEFAULT
`FILTER.RESULT:LOG,
`DENY, NO NOTIFY
`
`750
`
`744
`
`746
`
`Fig. 22.
`
`Panasonic-1005
`Page 51 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 50 of 70
`
`5,983,270
`
`ME3
`
`A
`
`户UP3
`
`盯肌M
`
`WAK证
`
`sω四
`
`’BMMW
`
`E侧mm
`ωHMn
`mk拍刀
`
`α01
`
`WAIT FOR TRANS.LOAD.INTERVAL
`TO EXPIRE
`
`764
`
`CONDENSE ONE-MINUTE IP
`PACKET LISTS INTO IP LOG
`LOAD TABLE
`
`766
`
`EXPORT IP LOG I
`LOAD TABLE TO
`DATABASE
`
`,,,-- 767
`
`KICKOFF IP LOG I ~ 768
`TABLE
`RESOLUTION
`(FIG. 24)
`
`Fig. 23.
`
`Panasonic-1005
`Page 52 of 112
`
`
`
`U.S. Patent
`
`Nov. 9, 1999
`
`Sheet 51 of 70
`
`5,983,270
`
`START
`RESOLVING
`IP LOG TABLE
`
`770
`
`COPY IP LOG LOAD TABLE RECORDS
`INTO IP LOG WORK TABLE AND
`EMPTY LOAD TABLE
`
`774
`
`GET FIRST RECORD IN IP
`LOG WORK TABLE
`
`PERFORM DNS LOOK UP FOR
`DOMAIN.NAME CORRESPONDING TO
`DEST.IP ADDRESS
`
`ADD RECORD TO SITE CACHE WORK
`TABLE IDENTIFYING DOMAIN.NAME
`AND DEST.IP ADDRESS
`
`STORE SITE.ID IN
`CORRESPONDING IP LOG WORK
`RECORD
`
`777
`
`780
`
`782
`
`Fig. 24.
`
`789
`
`YES
`STORE NAME.IDiJF N豆ME
`CACHE RECORD IN
`CORRESPONDING IP LOG
`WORK RECORD
`
`786
`
`ADD RECORD TO NAME
`CACHE WORK TABLE
`IDENTIFYING USER.NAME
`AND SOURCE.IP.ADDRESS
`
`STORE NAME.ID OF NAME
`CACHE WORK RECORD IN
`CORRESPONDING IP LOG
`WORK RECORD
`
`792
`
`ADD RECORD TO PROTOCOL
`CACHE WORK TABLE
`IDENTIFYING PROTOCOL.ID,
`PORT.NUMBER AND
`PROTOCOL.NAME
`
`794
`
`GET
`NEXT
`RECORD
`IN
`IP LO
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
