×

System and method for providing network and computer firewall protection with dynamic address isolation to a device

  • US 10,284,603 B2
  • Filed: 06/12/2018
  • Issued: 05/07/2019
  • Est. Priority Date: 05/30/2007
  • Status: Active Grant
First Claim
Patent Images

1. A security system comprising:

  • a communication interface configured to transmit an outgoing data packet with an external outgoing header to an external network and to receive an incoming data packet with an external incoming header from the external network, the external outgoing header including an external internet protocol (IP) address as a source address of the outgoing data packet, the external incoming header including the external IP address as a destination address of the incoming data packet;

    an address translation engine configured to;

    receive the outgoing data packet with an internal outgoing header from an internal device, the internal outgoing header identifying an internal IP address of the internal device as the source address of the outgoing data packet;

    receive from the communication interface the incoming data packet with the external incoming header, the internal device including a particular application associated with the outgoing data packet and with the incoming data packet;

    translate the internal IP address of the outgoing data packet to the external IP address and assist in forming the external outgoing header based on the external IP address;

    translate the external IP address of the incoming data packet to the internal IP address and assist in forming an internal incoming header based on the internal IP address; and

    store association of the internal IP address and the external IP address to assist with address translation; and

    a hybrid firewall configured to;

    receive a particular application identifier associated with the particular application from the internal outgoing header of the outgoing data packet;

    select one of several application-level security evaluations based on the particular application identifier determined based on the incoming data packet;

    perform a network-level security evaluation and the one of the several application-level security evaluations on the incoming data packet; and

    allow the incoming data packet to pass to the particular application if the network-level security evaluation and the one of the several application-level security evaluations do not identify malicious code in the incoming data packet.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×