Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Navy Patents the Firewall?

Posted by ryuzaki0 on from the i'd-have-gone-after-antivirus dept.

Krishna Dagli writes to mention a post by Bruce Schneier on his site indicating that the U.S. Navy may be patenting the Firewall. Whether or not it is their intention to do so is unclear. From the patent description: "In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer."

5 of 206 comments (clear)

  1. Re:Errr... by Grant,thompson · · Score: 4, Informative

    It really is a method to allow information to flow between secure and insecure networks without creating security leaks (as you mentioned). Here is an article published by some of the inventors: http://chacs.nrl.navy.mil/publications/CHACS/1998/ 1998kang-IEEE.pdf Also remember, this was filed for in 2003.

  2. It's all in the claims (broad vs. specific) by Andy+Dodd · · Score: 4, Informative

    From what I've read of the actual patent so far, it appears that it is a very specific implementation of a specific type of firewall.

    See claim 3 for example - What they are describing implies a machine with two dedicated processors with shared memory, one for each network. Note that for what they are describing, a typical SMP or dual core system does NOT count - It seems that they are effectively describing two seperate machines in one box that can communicate via shared memory.

    Also other claims imply that the patented system will be talking to each network at the application level, so it's more of a special form of proxy server rather than a firewall.

    I don't have time right now to read further details, but keep in mind that even specific patents can appear much broader than they are in the abstract. For example, one can't patent the wheel or a tire, but when patenting a tire with a specific tread pattern, it might appear in the abstract that the applicant is trying to patent the tire in general even when they're not.

    --
    retrorocket.o not found, launch anyway?
  3. Re:I was... by C-Shalom · · Score: 4, Informative

    The government has patented numerous things.
    The link below is just one of those things.
    NSA PCMCIA Card Connector
    Here is a page about how the NSA specifically creates and licenses these technologies and invention to the public.

    Your tax dollars at work, helping to generate more revenue with those tax dollars.

  4. Proxy firewalls by booch · · Score: 5, Informative

    The patent does not apply to packet filter firewalls (the majority of all firewalls, including the ones you listed) because it says the packets traverse the application layer. The market for application layer (proxy) firewalls is actually pretty narrow. The main contender (SideWinder) recently bought out the 2 main competitors (Gauntlet and CyberGuard). Whether it would apply to hybrid firewalls (packet filters that do deep inspection, like Checkpoint and Netscreen) is less clear.

    --
    Software sucks. Open Source sucks less.
  5. Re:Might not be a bad thing? by superid · · Score: 3, Informative

    The Navy doesn't collect royalties, they collect license fees. Go here to browse some patents. If you license one of mine, I get a percentage of the fee :)