System for generation of a synchronization signal via stations connected via a packet switching network
US-9467722-B2 · Oct 11, 2016 · US
Filtering a Data Packet by Means of a Network Filtering Device
US2016248679A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016248679-A1 |
| Application number | US-201415026051-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 12, 2014 |
| Priority date | Sep 30, 2013 |
| Publication date | Aug 25, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier and a plurality of filtering devices.
First claim
Opening claim text (preview).
1 . A method for filtering a data packet ( 10 ) by means of a network filter device ( 100 ) between a first network (NW 1 ) and a second network (NW 2 ), having the following steps: multiplication ( 1 ) of the data packet ( 10 ) by a multiplication unit ( 200 ) to produce a first data packet ( 11 ) and at least one second data packet ( 12 ), wherein a content of the data packet ( 10 ) is produced identically in the first data packet ( 11 ) and at least in the second data packet ( 12 ); forwarding ( 2 ) of the first data packet ( 11 ) to a first filter device (FW 1 ) and at least of the second data packet ( 12 ) to a second filter device (FW 2 ); checking ( 3 ) of the first data packet ( 11 ) by the first filter device (FW 1 ) and at least of the second data packet ( 12 ) by the second filter device (FW 2 ) according to respective filter specifications (K 1 , K 2 ); production and transmission ( 4 ) of a first filter result (R 1 ) by the first filter device (FW 1 ) and at least of a second filter result (R 2 ) by the second filter device (FW 1 ) to a comparison unit ( 300 ); blocking ( 5 ) of forwarding of the data packet ( 10 ) between the first network ( 100 ) and the second network ( 200 ) if the comparison unit ( 300 ) identifies, on the basis of the first filter result (R 1 ) and at least the second filter result (R 2 ), a comparison result that deviates from a tolerance range. 2 . The method as claimed in claim 1 , wherein the respective filter specifications (K 1 , K 2 ) are identical and the first filter device (FW 1 ) and the second filter device (FW 2 ) are produced with different operating systems and/or are manufactured by different manufacturers. 3 . The method as claimed in claim 1 or 2 , wherein the blocking ( 5 ) outputs an alarm signal (A). 4 . The method as claimed in one of the preceding claims, wherein the blocking ( 5 ) blocks data traffic between the first network (NW 1 ) and the second network (NW 2 ). 5 . The method as claimed in one of the preceding claims, wherein the blocking ( 5 ) is performed if the first filter result (R 1 ) and the second filter result (R 2 ) are transmitted at an interval of time and the interval of time is outside a prescribeable time period. 6 . The method as claimed in one of the preceding claims, wherein the first filter result (R 1 ) transmitted is the first data packet ( 11 ) and/or the second filter result (R 2 ) transmitted is the second data packet ( 12 ) if the respective data packet ( 11 , 12 ) is identified as valid on the basis of the respective filter specification (K 1 , K 2 ). 7 . The method as claimed in one of the preceding claims, wherein the first filter result (R 1 ) transmitted is not a packet if the respective data packet ( 11 , 12 ) is identified as invalid on the basis of the respective filter specification (K 1 , K 2 ). 8 . The method as claimed in one of claims 1 to 6 , wherein the first filter result (R 1 ) transmitted and/or the second filter result (R 2 ) transmitted is/are a respective substitute packet (SR 1 , SR 2 ) if the respective data packet ( 11 , 12 ) is identified as invalid on the basis of the respective filter specification (K 1 , K 2 ). 9 . The method as claimed in one of the preceding claims, wherein the comparison unit ( 300 ) is presented with the respective filter result (R 1 , R 2 ) and with further filter results from a subsequently timed further check by the respective filter device (FW 1 , FW 2 ), and the comparison result is thus obtained by taking account of the further filter results. 10 . A network filter device ( 100 ) for filtering a data packet ( 10 ) between a first network (NW 1 ) and a second network (NW 2 ), comprising: a multiplication unit ( 200 ) for multiplying ( 1 ) the data packet ( 10 ) to produce a first data packet ( 11 ) and at least one second data packet ( 12 ), wherein a content of the data packet ( 10 ) can be produced identically in the first data packet ( 11 ) and at least in the second data packet ( 12 ), and for forwarding the first data packet ( 11 ) to a first filter device (FW 1 ) and also at least the second data packet ( 12 ) to a second filter device (FW 2 ); the first filter device (FW 1 ) for checking ( 3 ) the first data packet ( 11 ) and the second filter device (FW 2 ) for checking ( 3 ) the second data packet ( 12 ) according to respective filter specifications (K 1 , K 2 ) and for respectively transmitting a first filter result (R 1 ) and at least one second filter result (R 2 ) to a comparison unit ( 300 ); the comparison unit ( 300 ) for blocking ( 5 ) the data packet ( 10 ) if, on the basis of the first filter result (R 1 ) and at least the second filter result (R 2 ), a comparison result that deviates from a tolerance range can be identified. 11 . The network filter device ( 100 ) as claimed in claim 10 , additionally comprising a monitoring unit for carrying out one of the method steps as claimed in claims 3 to 5 .
Assignees
Inventors
Classifications
based on the physical or logical position · CPC title
- H04L47/125Primary
by balancing the load, e.g. traffic engineering · CPC title
in relation to timing considerations · CPC title
by filtering · CPC title
Utilisation of link capacity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016248679A1 cover?
- There is a need for coupling, for example within an automation area, particularly critical subareas with less critical subareas of the automation area. The invention relates to a method and a network filtering device for filtering a data packet between a first network and a second network. According to the invention, a data packet is checked several times in parallel by means of a multiplier an…
- Who is the assignee on this patent?
- Siemens Ag
- What technology area does this patent fall under?
- Primary CPC classification H04L47/125. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 25 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).