Forgot your password?
typodupeerror

U.S. Navy Patents the Firewall? 206

Posted by Zonk
from the i'd-have-gone-after-antivirus dept.
Krishna Dagli writes to mention a post by Bruce Schneier on his site indicating that the U.S. Navy may be patenting the Firewall. Whether or not it is their intention to do so is unclear. From the patent description: "In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer."
This discussion has been archived. No new comments can be posted.

U.S. Navy Patents the Firewall?

Comments Filter:
  • Ya ha! (Score:5, Funny)

    by Suspended_Reality (927563) on Friday July 07, 2006 @08:50AM (#15674862)
    I was going to make a "first post", but I think I read the Army is patenting that. Part of their Military Initiative to kill first, ask questions later.
    • by hey! (33014)
      Part of their Military Initiative to kill first, ask questions later.

      It's all about bits on the ground.
      • Part of their Military Initiative to kill first, ask questions later.

        The Military is going to patent "bringing people back to life", so then the above statement will actually be legit.
  • by Trigun (685027) <evil@NOSpAm.evilempire.ath.cx> on Friday July 07, 2006 @08:51AM (#15674866)
    And my cisco, and my netopia, and my netgear.

    • Proxy firewalls (Score:5, Informative)

      by booch (4157) <slashdot2010@craigb u c h e k . c om> on Friday July 07, 2006 @09:33AM (#15675213) Homepage
      The patent does not apply to packet filter firewalls (the majority of all firewalls, including the ones you listed) because it says the packets traverse the application layer. The market for application layer (proxy) firewalls is actually pretty narrow. The main contender (SideWinder) recently bought out the 2 main competitors (Gauntlet and CyberGuard). Whether it would apply to hybrid firewalls (packet filters that do deep inspection, like Checkpoint and Netscreen) is less clear.
      • SO called 'content filters' are not exactly new either. Checkpoint (among others) can sell you a very nice one, and has been able to for quite some time
      • Wasn't Marcus Ranum's 1990 firewall an application proxy?
    • I think Squid [squid-cache.org] is better prior art. A key feature is that the "firewall" implements a full TCP/IP stack and the decisions are made the application level.
  • by Greyfox (87712) on Friday July 07, 2006 @08:55AM (#15674889) Homepage Journal
    I would think that they don't really have a business purpose to do so since they don't sell a product and if anyone tried to sue the military over a patent the Government would just sieze the patent as being "vital to national security" or some such (I seem to recall that they can do that.)

    Maybe it's a sad attempt to prove that they're on the cutting edge of technology by patenting some newfangled idea that the rest of us have been using for years? I guess they probably have some catching up to do since EDS has been "working" on their IT infrastructure for years (That's why their stock price fell by half and never recovered don't you know? Well that and lying about the revenues that were coming in from it...)

    • by Kadin2048 (468275) <[slashdot.kadin] [at] [xoxy.net]> on Friday July 07, 2006 @09:02AM (#15674956) Homepage Journal
      Actually most of the time, the government does not seize patents. Not that they don't have the ability to, or that perhaps they don't just go ahead and infringe on them sometimes, but the military spends a lot of money buying stuff from contractors/vendors every year, because the vendor has a patent on stuff. If we were in the middle of World War III, the situation might be slightly different.

      So if someone in the Navy really did have a novel idea, it's not hard to imagine that they might want to get it patented, just as a defensive measure.

      My big question is: if the government patents something, wouldn't the invention automatically be in the public domain, provided that it wasn't classified? Normally all products produced by government employees in the course of their jobs are in the public domain, so I would think that a patent held by the Navy would be impossible to use aggressively.

      In that situation -- assuming that's true, and the Navy can't collect royalties -- then having the Navy (or other government agencies) patent stuff might be a very good idea. For the small taxpayer expense that it takes to file and maintain the patent, the country might be saved millions of dollars a year of royalties and litigation costs.
      • It's cheaper to make a declaritory statement saying "This is public domain, this is how to do it, and this is why it works. Have a nice day, thank you."
        The end result is it's public domain. Patented it costs 3-5 grand vs a PDF on a website.
        • Cheaper maybe but the Navy probably uses staff lawyers for the patent filing so the cost would be tiny. The truth is a patent does provide you better legal protection than any PDF on a website ever could.
          I would vote for cheap insurance.
        • Don't forget about Management by Resume. Many silly, inefficent, dollar wasting projects are committed because they will look better on a resume than the alternative. In this case which would you put on your resume?

          A: Obtained patent on secure network firewall protocols valued at $3 billion
          B: Researched secure network firewall stacks. Described implementation with publically available PDF?

          Besides which, Navy attorneys are probably a sunk cost, therefore the cost of the patent itself is zero.
      • by superid (46543) on Friday July 07, 2006 @09:42AM (#15675317) Homepage
        The Navy doesn't collect royalties, they collect license fees. Go here [navy.mil] to browse some patents. If you license one of mine, I get a percentage of the fee :)
      • Haven't you heard? This is the sequal, The Allies vs the "Axis of Evil!"

        Kidding aside, your last two points are good ones.

      • So if someone in the Navy really did have a novel idea, it's not hard to imagine that they might want to get it patented, just as a defensive measure.

        Seeing how tax dollars are paying for that, there are only 2 reasonable options for the navy:

        - Don't patent it, but ensure there is enough documentation to easily show 'prior art' in case someone else patents it
        - Patent it and give every tax payer a license to use the patent.

        • Patent it and give every tax payer a license to use the patent.

          There's no commercial analogue for that. Shareholders do not automatically get licences to the IP held by their company.

          </devil's advocate>
          • There's no commercial analogue for that. Shareholders do not automatically get licences to the IP held by their company.

            But then, companies aren't public services. Last time I looked, the military can invest huge amounts of money without ever making any kind of proffit simply because their purpose is defense, not making a proffit.

            So it is entirely reasonable that different rules apply.

        • Patent it and then license the patent to whoever wants it for a reasonable amount to collect money to offset the developement costs. Money then goes towards developing more new technology. (Although currently they do this and it goes back into the general fund)
    • I asked a Navy guy about this. He gave two reasons that Navy researchers are encouraged to get patents:
      1) To ensure that no one else can patent the same idea, and then charge the Navy for using it. Personally, I don't buy this, because the Navy could just establish a prior art database for these ideas to achieve the same effect.

      2) Being able to license the technology to non-Navy industries. I.e., medical applications. This justification at least seems, albeit distasteful.
      • It's a lot easier to establish prior art by pointing to a patent than in a self-maintained database. A self-maintained database of prior art that will actually hold up in court (proof of claimed dates, etc) is extremely difficult and it's actually easier to just patent something. Then you can just point to the date on your patent and no one can dispute that prior art (at least when trying to sink a patent with a later date), because those dates are maintained by a trusted and (technically) unbiased source
        • Perhaps a Notary Public could simply stamp something like that with the date?
        • A self-maintained database of prior art that will actually hold up in court (proof of claimed dates, etc) is extremely difficult and it's actually easier to just patent something.

          Not to mention the fact that by the time you're sitting around in court trying to prove this, the meter has begun to run on the hundreds of thousands of dollars it costs to defend yourself from a patent in court.

          Definately far better to have the patent in your hand than holding decades of prior art.
      • Not all licences from government patents are for medical industries - some(many) go to other industries; i.e. entertainment, communications, energy, etc

        It may be better in some cases that the Navy(or some other government department) own a patent rather put it into the public domain. If it's in the public domain there is no control on it but if it's patented and licensed then their is a measure of control. Some government non-exclusive licenses are based primarily on proper (and/or limited) usage of the
        • if it's in the public domain there is no control on it but if it's patented and licensed then their is a measure of control.

          Sorry, I don't buy that argument unless you can also explain why exactly the government should have such control.
          Also, as ITAR and similar treaties show, it is quite possible to have control in specific cases where national or international security becomes a concern.

          Some government non-exclusive licenses are based primarily on proper (and/or limited) usage of the device/concept rather
          • Quick question for you to answer so that I may better respond to you concern -- Do you believe that individuals and companies have the privilege of patents and subsequent licensing?

            For those who are wondering ... patents are not a right they are a privilege, much like a driver's licence. AS for your "ah yes ..." well who else would get to decide what is proper use? The owner of the patent has the right to stipulate conditions under which a patent/device/concept is licenced - in this case the owner just h
            • Quick question for you to answer so that I may better respond to you concern -- Do you believe that individuals and companies have the privilege of patents and subsequent licensing?

              At this moment they have that privilege indeed (and I agree with calling it a privilege)

              • Then why not allow government departments that invest their time and effort to have the privilege of patents and subsequent liscenses as well?

                Do you beleive that all companies should just be able to take a government department's work in a particular field and use it without having to pay for it?
                • Then why not allow government departments that invest their time and effort to have the privilege of patents and subsequent liscenses as well?

                  Patents exist to promote novel and usefull inventions. The method behind this is granting exclusive rights for a limited amount of time to the inventor so (s)he can compensate for investment and make a buck from the invention.

                  The granting of exclusive rights is how society 'pays' the inventor for his efford and investment.

                  In the case of a government department however
      • 2) Being able to license the technology to non-Navy industries. I.e., medical applications. This justification at least seems, albeit distasteful.

        Research payed for by tax dollars should be available to the public without this kind of barrier. Distasteful doesn't come anywhere near describing this.

      • Add 3) If your researchers get patents, they remain competitive with their civilian counterparts in the same tier, and can leave the service (or service affiliation) with an equivalent chance of better paying jobs and other such opportunities. If they don't get patents, publish and otherwise participate in the technological culture, they end up penalized for having served their country in their early careers.

        And 4) When someone asks what 'all that money' spent on government research went to, you have a nice
    • their stock price fell by half

      And having some crack-smoking Wall Street analyst "accidentally" downgrade EDS stock is completely irrelevant, right?? After all, he *did* apologise *after* the stock tumbled, but somehow "wups, didn't mean it" just doesn't cut it.

    • Maybe it's a sad attempt to prove that they're on the cutting edge of technology by patenting some newfangled idea that the rest of us have been using for years?

      That being said, how does one submit prior art for this application? This thing really needs to die last Tuesday.

      • OK, that was amazingly easy to find the answer to my own question there... after phone call number one, I have the following information:

        The USPTO's toll-free number is 800 786-9199 (free call anywhere in the US). They're really friendly people, and you'll get a human waaaay faster than you can, even in person, at the USPS.

        The patent examiner for this application is Syed Zia, and their phone number is 571-272-3798.

        This patent is about to be issued, ACT QUICKLY, DAMMIT!. You need to file a protest as [uspto.gov]

  • Ah HA! (Score:4, Funny)

    by Mayhem178 (920970) on Friday July 07, 2006 @08:55AM (#15674893)
    My Sorceress on Diablo II has prior art. She can lay down Firewalls like it's no one's business!

    Wait, what's this about networks?
  • Like it or not... (Score:4, Interesting)

    by mrjb (547783) on Friday July 07, 2006 @08:57AM (#15674915)
    The US government might actually be entitled to many internet patents, as all or most of the technology behind the (early) internet was financed with U.S. tax payer money. Which, in a democratic country, should (but not necessarily does) mean that those patents are in the public domain.
    • But, US != the world, so should the stuff of US taxpayers be public domain, and as such available to non-US countries as well? If you don't want that, how are you going to screen it? Or, if these are US-only patents, then it doesn't matter, but I don't think patents make much sense as long as they are not valid world-wide
  • I may be wrong, but (Score:2, Interesting)

    by michaelvkim (981938)
    isn't the US Government not allowed to have any IP rights?

    IP = Intellectual Property
    • Have you head what some of the ppl in the US government are saying?
      They don't have any "Intellectual Property"
    • Actually, they already have a patent for the process to produce toxic ricin.

      From Wikipedia:

      The process for creating ricin is well-known, in part because a patent was granted for it in 1952. The inventors named in US Patent 3,060,165 (granted October 23, 1962) "Preparation of Toxic Ricin", assigned to the U.S. Secretary of the Army, are Harry L. Craig, O.H. Alderks, Alsoph H. Corwin, Sally H. Dieke, and Charlotte Karel.

      So, yeah, it seems the gov't can patent stuff.

  • by DoofusOfDeath (636671) on Friday July 07, 2006 @08:59AM (#15674929)
    Instinctively, I hate the notion of the government patenting anything. It might be because it seems ridiculous that anything the taxpayers paid for should be made unavailable to them. But... I can't find anything in the constitution that makes this abhorent practice illegal or unjustified. My reaction seems motivated by civic virtue rather than a legal basis.

    Does anyone know of a solid legal reason that the government shouldn't be able to obtain patents?
    • by zeoslap (190553)
      Just because you patent something doesn't mean that it becomes unavailable; it just prevents someone else from patenting it. So as long as the government allows free use of its inventions there really isn't a problem with this at all.
      • Well, it could spark an arms race where everybody loses except the patent mafia.

        If the government is patenting then other players will feel the need to patent simply as a preemptive defensive measure in case the government changes it's mind and starts charging. Just like has already happened with public universities. Meaning the players will want to cross-license. Could create idea ghettos and major market distortion. Not to mention bureacratic overhead.

        To break a competitive vicious circle like this yo

    • If the government patents an invention funded by our tax dollars, it would
      prevent others coming along later to claim it as their own.
      There would be no need to fight about prior arts and such.
      As long as it's freely licensed, this could be a good thing.
    • I can only several reasons that the government patenting something might be fair:

      1) If a non-American entity (person, company, etc.) wants to use the technology, then it would basically be the American people selling the right to use the patented technology to non-Americans. In that way, Americans, who funded the research, win.

      2) In some sense, something that benefits the Navy does benefit Americans in general. When the Navy licenses a patented technology to a private company, this (hopefully) causes some
      • The main reason government entities patent technology is not so they can then profit from them, but rather to give credit to the people that worked to develop that technology. Since civil servants and military personnel are not allowed to profit from inventions they create while working for the government, the patent must be owned by the organization they work for (in this case the US Navy). This prevents the civil servants/military personnel from profiting off the technology, but gives them the credit, s
    • by ch-chuck (9622)
      I can't find anything in the constitution that makes this abhorent practice illegal or unjustified.

      Here it is, in Article I, section 8:

      "Congress shall have power . . . To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries."

  • Kabooom! (Score:5, Funny)

    by 955301 (209856) on Friday July 07, 2006 @08:59AM (#15674930) Journal
    I can't wait to see how they deliver the cease and desist orders.
  • Shouldn't be a problem... the means of implementing a system such as the one described have been public knowledge since about 1989 - so, forever, or just about.
  • Errr... (Score:5, Insightful)

    by sarlos (903082) on Friday July 07, 2006 @09:01AM (#15674946)
    I may be thinking of something else, but it sounds more like a method of keeping secure information on the secure network, not allowing it to leak to the unsecure network, while still allowing data to cross from the unsecure side to the secure side... From their description, it's based on a pump architecture:
    [0026] Referring to FIG. 1, there is shown in one embodiment of the present invention a high-level schematic of a communication network system 100 having a first communication network 102 having a first level of security or level of trust "x", and a second communication network 104 having a second level of security "y", where y
    • The quote got cut off, I should learn to hit that preview button...

      [0026] Referring to FIG. 1, there is shown in one embodiment of the present invention a high-level schematic of a communication network system 100 having a first communication network 102 having a first level of security or level of trust "x", and a second communication network 104 having a second level of security "y", where y is greater than x. Data communication between first and second networks 102, 104 is enabled through a network int

    • Re:Errr... (Score:4, Informative)

      by Grant,thompson (985589) on Friday July 07, 2006 @09:10AM (#15675008)
      It really is a method to allow information to flow between secure and insecure networks without creating security leaks (as you mentioned). Here is an article published by some of the inventors: http://chacs.nrl.navy.mil/publications/CHACS/1998/ 1998kang-IEEE.pdf [navy.mil] Also remember, this was filed for in 2003.
    • Re:Errr... (Score:3, Informative)

      by simong_oz (321118)
      This is in the DESCRIPTION of the patent. What they are actually (trying) to patent (this is a patent application, not a granted patent) is detailed in the CLAIMS. These are what you need to read, carefully, and probably with advice from a patent attorney.

      Once a patent application has been published (usually at 12/18 months after filing), it then gets passed on to the patent office in each country to be examined. It is entirely possible that a patent has got to this stage without anyone "official" actually
    • Yep, that's about it. This is not about blocking the flow of network traffic, it's about tracking documents with varying levels of security attached.

      The Navy, along with many other government agencies, tracks secrecy of certain information by grades: Classified, Secret, Top Secret (or some such arrangement). If you create a new document and it includes some information from a classified document and some information from a Top Secret document, the new document is graded as Top Secret due to the most secure

      • but offhand I can't remember any attempts to do this in the network infrastructure.

        This is a hard enough problem to be worth a patent, if it's even possible. Such a system has to block both a "read up" in which a system cleared for Secret asks for Top Secret information, it also has to prevent "write down", in which a Top Secret system which has been Trojaned or operated by Aldrich Ames tries to send information to a Secret or unclassified system.

        Sound easy? Stop and think about covert channels.
  • by digitaldc (879047) * on Friday July 07, 2006 @09:03AM (#15674962)
    ...ZoneAlarm patents sonar & stealth marine technology
  • by hmbcarol (937668) on Friday July 07, 2006 @09:05AM (#15674975)
    The Holy Grail when I worked with military networks (admittedly 10 years ago) was "multilevel security" which could enable a "top secret" and "secret" network to coexist and share data in a very controlled way. Information can go up, but never down. The hard part is how do you receive mail or do other things which require a two-way protocol? We built boxes which could sit in the middle and could pass messages. This appears to be a more advanced version of that.
  • by StreamCipher (986418) on Friday July 07, 2006 @09:05AM (#15674979)
    intellectual property lawyers will fight wars in courtrooms.

    Countries possessing patents of mass destruction (PMD) will be sanctioned first, and later sued by the Air Force.

    If other countries think we kick ass now, wait until they meet our legions of lawyers.
  • USNVY - 23.40 +1.40
  • By patenting the firewall the Navy may stop those companies that seem to patent things solely to send you extortion notes for licensing. Typically the federal gov't can't/doesn't license them. Since they are taxpayer funded they seem to be "Ours." Actually there are a lot of patents that I wish they had. Anyone know for sure if this will essentially place the firewall patent in the public domain?
  • From what I've read of the actual patent so far, it appears that it is a very specific implementation of a specific type of firewall.

    See claim 3 for example - What they are describing implies a machine with two dedicated processors with shared memory, one for each network. Note that for what they are describing, a typical SMP or dual core system does NOT count - It seems that they are effectively describing two seperate machines in one box that can communicate via shared memory.

    Also other claims imply that the patented system will be talking to each network at the application level, so it's more of a special form of proxy server rather than a firewall.

    I don't have time right now to read further details, but keep in mind that even specific patents can appear much broader than they are in the abstract. For example, one can't patent the wheel or a tire, but when patenting a tire with a specific tread pattern, it might appear in the abstract that the applicant is trying to patent the tire in general even when they're not.
    • How dare you attempt to bring an actual understanding of how patents work to a discussion of patents?!

      This is Slashdot, where a patent on a device that cures every known type of cancer by pushing a button is obviously invalid because I had a device with a button on it YEARS ago.
  • jesus harold christ. (Score:3, Informative)

    by hamburger lady (218108) on Friday July 07, 2006 @09:12AM (#15675027)
    i love it. "the navy patents the firewall!!!one!". and they include a link to a Patent Application.

    here's a tip: an application aint a patent.

  • Warning! (Score:5, Insightful)

    by jbeaupre (752124) on Friday July 07, 2006 @09:16AM (#15675067)
    To all of you shooting from the hip: STOP! You're just making a fool of yourself.
    Read the claims. Read them in light of the description of the patent. And learn patent terminology. Then you can make some general statements. And if it's only a publication (like this navy one), not a patent, don't even bother with that.
    If you must draw a conclusion, and you're sure this is about a firewall, then at least go the step to know they are claiming a type of firewall. Which is perfectly legit (as long as it contains a new, non-obvious element). If you think otherwise, go learn about patents, come back, and then we'll talk.

    PS:plurality is a very common patent term. It means more than one (duh!). Not even worth making a comment about, but someone felt compelled to jabber about it.
    • Most insightful post on this thread. I couldn't agree more. Every time there is a patent story on slashdot your post should be automatically linked at the top.
  • by rs232 (849320) on Friday July 07, 2006 @09:17AM (#15675073)
    Marcus J. Ranum .. is recognized as the inventor [awprofessional.com] of the proxy firewall, and the implementor of the first commercial firewall product.
  • How much do you trust a network or rather the users and programs on that network? Experience showed us that there is no such thing as a trusted network. Corporate intranets are suddenly pentrated by laptops, WIFI and other mobile devices. SSH tunnels create unmonitorable connections to the outside world. Email and Webdownloads create other holes. So again, how can anybody define "trust" in a network, or even a "network" in the first place?
  • What are they going to do? Them and what army? And even if, I am in another country. Ha!
  • But what if the government were to seize these rights on the grounds that no-one else could claim them as their own, and such third party scum would not be able to sue the pants off someone else. They own the rights, which in actuality are held by the public domain.
  • PRIOR ART! PRIOR ART!

    How can the patent office allow anyone to get a patent on anything that has already been in general use for ages?
  • by JetScootr (319545) on Friday July 07, 2006 @10:21AM (#15675666) Journal
    Read claim 3: "The method of claim 2, wherein the configuring includes implementing the network interface system with distinct sets of first and second processors, the first and second processors having a shared memory."
    This puts the firewall smack into the hardware, not on the extension cord going out of the building. This is a firewall between computers that are in the same cabinet, not on the same internet. It also provides for loadleveling in Claim 6:
    "...via an interprocessor communication channel; ...configuring the interprocessor communication channel to communicate moving averages ...and configuring the network interface system to prevent the shared memory from overflowing ...by controlling the ... network interface system. "
    Further claims in the patent app show that the data is not transferred by just any program, but by an API on the firewall CPU and the boxen on either side of the firewall. This looks like some seriously secure stuff here.
    Also, your normal firewall allows inside ("your" computer) to talk outside (the internet) freely, but prevents outside from getting in. This patent app specifies that the outside can talk freely to the inside, but the inside can't just blab to the world. This keeps the worms in the can. It also randomizes time signatures so that form of black box analysis won't tell you anything.
    • This patent app specifies that the outside can talk freely to the inside, but the inside can't just blab to the world.

      Is that what happens when you plug your cables in your router/firewall backwards? No, really, help me here, why is that secure?

  • Wouldn't this be what Smoothwall does? http://www.smoothwall.org/ [smoothwall.org]

    I've got it running at home. It's got 3 NICs, Green, Orange and Red. Red is Internet (not trusted), Green is local private network (trusted), and Orange is local webservers, etc (partially trusted).

    It's got a built in IDS, Snort proxy, packet and connection logging, etc.etc. and addon modules give things like web content filtering and bandwidth management.

    Does this count as an application level firewall? I'd think with the IDS it does, but
    • One problem with many FOSS projects is that all the website talks about is "release x.y.z, bugs fixed: this ant, that gnat, yonder blunder," etc.
      I looked over the smoothie website quickly and didn't see a list of features. The main page talks about the history of the project, not features of the product.
      This is epidemic among open source projects and Linux distros.

      So in answer to yer question, after reading the smoothie website, I can't tell if it's some newfangled firewall or an ice cream fruit drink.
  • I think China already holds patents and trademarks for all things *wall, other than the Berlin wall.
  • by QuantumFTL (197300) * <justin.wickNO@SPAMgmail.com> on Friday July 07, 2006 @11:50AM (#15676531)
    Now that's what I call a Submarine Patent!

    *ducks*
  • In retaliation, I'll patent "a large, centrally-organized flotilla of military ships and aircraft, and supporting infrastructure."

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...