×

System and method for providing network and computer firewall protection with dynamic address isolation to a device

  • US 10,057,295 B2
  • Filed: 07/18/2017
  • Issued: 08/21/2018
  • Est. Priority Date: 05/30/2007
  • Status: Active Grant
First Claim
Patent Images

1. A security system comprising:

  • a communication interface configured to transmit an outgoing data packet with an external outgoing header to an external network and to receive an incoming data packet with an external incoming header from the external network, the external outgoing header including a public internet protocol (IP) address as a source address of the outgoing data packet, the external incoming header including the public IP address as a destination address of the incoming data packet;

    an address translation engine configured to;

    receive the outgoing data packet with an internal outgoing header from an internal device, the internal outgoing header identifying an internal IP address of the internal device as the source address of the outgoing data packet;

    receive from the communication interface the incoming data packet with the external incoming header, the internal device including a particular application associated with the outgoing data packet and with the incoming data packet;

    translate the internal IP address of the outgoing data packet to the public IP address and assist in forming the external outgoing header based on the public IP address;

    translate the public IP address of the incoming data packet to the internal IP address and assist in forming an internal incoming header based on the internal IP address; and

    store association of the internal IP address and the public IP address to assist with address translation; and

    a hybrid firewall configured to;

    receive a particular application identifier associated with the particular application from the internal outgoing header of the outgoing data packet;

    select one of several application-level security evaluations based on the particular application identifier determined based on the incoming data packet;

    perform a network-level security evaluation and the one of the several application-level security evalutations on the incoming data packet; and

    allow the incoming data packet to pass to the particular application if the network-level security evaluation and the one of the several application-level security evaluations determine that there is no malicious code in the incoming data packet.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×