Self-shielding dynamic network architecture
First Claim
Patent Images
1. A method for self-shielding a dynamic network architecture system for preventing or reducing the impact of attacks thereon including the steps of:
- modifying the manner in which network requests are performed using a process that makes re-routing invisible to a host machine, including assigning a customer non routable Internet Protocol for each user, at each session on each operating dynamic network architecture system;
automatically conveying identify across the dynamic network architecture system to determine an appropriate policy;
uniquely identifying a user and limiting an amount of network information the user is entitled to see;
enforcing devise and user specific policy based on ports, protocols, and destinations;
automatically encapsulating and de-encapsulating traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system; and
automatically translating traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system.
8 Assignments
0 Petitions
Accused Products
Abstract
A shielding is provided to prevent attacks on network architecture or reduce the impact thereof. The system reconfigures the network differently for each user, operating system, and host and the configuration changes as time passes. The system can use dynamic redirection to create a reconfigurable network, and include intermediary nodes to dynamically reconfigure the network infrastructure for all traffic.
-
Citations
17 Claims
-
1. A method for self-shielding a dynamic network architecture system for preventing or reducing the impact of attacks thereon including the steps of:
-
modifying the manner in which network requests are performed using a process that makes re-routing invisible to a host machine, including assigning a customer non routable Internet Protocol for each user, at each session on each operating dynamic network architecture system; automatically conveying identify across the dynamic network architecture system to determine an appropriate policy; uniquely identifying a user and limiting an amount of network information the user is entitled to see; enforcing devise and user specific policy based on ports, protocols, and destinations; automatically encapsulating and de-encapsulating traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system; and automatically translating traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A self-shielding dynamic network architecture system enclave for preventing or reducing the impact of attacks thereon including:
-
a dynamic network architecture system, and a host machine, the dynamic network architecture system configured to modify the manner in which network requests are performed using a process that makes re-routing invisible to the host machine, including assigning a custom non routable Internet Protocol for each user, at each session on each operating dynamic network architecture system, the dynamic network architecture system further configured to automatically convey identity to determine an appropriate policy and uniquely identifies a user and limits an amount of network information the user is entitled to see, and enforce device and user specific policy based on ports, protocols, and destinations; and the dynamic network architecture system further configured to automatically encapsulate and de-encapsulate traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A self-shielding dynamic network architecture system enclave for preventing or reducing the impact of attacks thereon including:
-
a dynamic network architecture system, and a host machine, the dynamic network architecture system configured to modify the manner in which a network requests are performed using a process that makes re-routing invisible to the host machine, including assigning a custom non routable Internet Protocol for each user, at each session on each operating dynamic network architecture system, the dynamic network architecture system further configured to automatically convey identity to determine an appropriate policy and uniquely identifies a user and limits an amount of network information the user is entitled to see, and enforce device and user specific policy based on ports, protocols, and destinations; and the dynamic network architecture system further configured to automatically translate traffic as needed to support communication with non-protected systems and/or protocols not native to the dynamic network architecture system.
-
Specification