Context-aware network and situation management for crypto-partitioned networks

US 10,454,891 B2
Filed: 06/30/2017
Issued: 10/22/2019
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for providing network management, the method comprising:

gathering first network information from first network elements in one or more trusted networks;

receiving second network information through a one-way guard, the second information from second network elements in one or more untrusted networks;

correlating one or more data flows associated with the first network information to one or more encrypted data tunnels associated with the second network information to form fused network information;

generating a cross-domain network topology for the one or more trusted networks and the one or more untrusted networks based on the fused network information, wherein the cross-domain network topology depicts at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network; and

managing at least one of the second network elements identified in the cross-domain topology.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

Citations

20 Claims

1. A method for providing network management, the method comprising:
- gathering first network information from first network elements in one or more trusted networks;
  
  receiving second network information through a one-way guard, the second information from second network elements in one or more untrusted networks;
  
  correlating one or more data flows associated with the first network information to one or more encrypted data tunnels associated with the second network information to form fused network information;
  
  generating a cross-domain network topology for the one or more trusted networks and the one or more untrusted networks based on the fused network information, wherein the cross-domain network topology depicts at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network; and
  
  managing at least one of the second network elements identified in the cross-domain topology.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein managing the at least one of the second network elements identified in the cross-domain topology comprises:
    - querying data from the at least one of the second network elements.
  - 3. The method of claim 2, further comprising:
    - querying data from the at least one of the second network elements using simple network management protocol (SNMP).
  - 4. The method of claim 1, wherein managing the at least one of the second network elements identified in the cross-domain topology comprises:
    - setting network management data at the at least one of the second network elements identified in the cross-domain topology.
  - 5. The method of claim 4, further comprising:
    - setting network management data at the at least one of the second network elements identified in the cross-domain topology using simple network management protocol (SNMP).
  - 6. The method of claim 1, further comprising:
    - managing at least one of the first network elements identified in the cross-domain topology.
  - 7. The method of claim 1, further comprising:
    - storing the first network information and the second network information in a database located in a first trusted network of the one or more trusted networks.
  - 8. The method of claim 7, further comprising:
    - sending the first network information and the second network information from the database to a second trusted network of the one or more trusted networks.
  - 9. The method of claim 1, wherein the first network elements and the second network elements may be one or more of an inline network encryptor, a router, or a switch.

10. An apparatus comprising:
- a computing device located in a first trusted network of one or more trusted networks, the computing device executing a network management system, the computing device comprising;
  
  a database configured to store network information; and
  
  one or more processors configured to;
  
  gather first network information from first network elements in the one or more trusted networks;
  
  receive second network information through a one-way guard, the second information from second network elements in one or more untrusted networks;
  
  correlate one or more data flows associated with the first network information to one or more encrypted data tunnels associated with the second network information to form fused network information;
  
  generate a cross-domain network topology for the one or more trusted networks and the one or more untrusted networks based on the fused network information, wherein the cross-domain network topology depicts at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network; and
  
  manage at least one of the second network elements identified in the cross-domain topology.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, wherein to manage the at least one of the second network elements identified in the cross-domain topology, the one or more processors are further configured to:
    - query data from the at least one of the second network elements.
  - 12. The apparatus of claim 11, wherein the one or more processors are further configured to:
    - query data from the at least one of the second network elements using simple network management protocol (SNMP).
  - 13. The apparatus of claim 10, wherein to manage the at least one of the second network elements identified in the cross-domain topology, the one or more processors are further configured to:
    - set network management data at the at least one of the second network elements identified in the cross-domain topology.
  - 14. The apparatus of claim 13, wherein the one or more processors are further configured to:
    - set network management data at the at least one of the second network elements identified in the cross-domain topology using simple network management protocol (SNMP).
  - 15. The apparatus of claim 10, wherein the one or more processors are further configured to:
    - manage at least one of the first network elements identified in the cross-domain topology.
  - 16. The apparatus of claim 10, wherein the one or more processors are further configured to:
    - store the first network information and the second network information in the database.
  - 17. The apparatus of claim 16, wherein the one or more processors are further configured to:
    - send the first network information and the second network information from the database to a second trusted network of the one or more trusted networks.

18. A computer-readable storage medium storing instructions that, when executed, cause one or more processors to:
- gather first network information from first network elements in one or more trusted networks;
  
  receive second network information through a one-way guard, the second information from second network elements in one or more untrusted networksreceive at least the second network information through a one-way guard;
  
  correlate one or more data flows associated with the first network information to one or more encrypted data tunnels associated with the second network information to form fused network information;
  
  generate a cross-domain network topology for the one or more trusted networks and the one or more untrusted networks based on the fused network information, wherein the cross-domain network topology depicts at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network; and
  
  manage at least one of the second network elements identified in the cross-domain topology.
- View Dependent Claims (19, 20)
- - 19. The computer-readable storage medium of claim 18, wherein the instructions further cause the one or more processors to:
    - query data from the at least one of the second network elements.
  - 20. The computer-readable storage medium of claim 18, wherein the instructions further cause the one or more processors to:
    - set network management data at the at least one of the second network elements identified in the cross-domain topology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Burnett, Benjamin L., Charan, Deborah K., Pozzo, Fabio, Ramanujan, Ranga
Primary Examiner(s)
Madamba, Glenford J

Application Number

US15/639,045
Publication Number

US 20170310638A1
Time in Patent Office

844 Days
Field of Search

709223
US Class Current
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

Context-aware network and situation management for crypto-partitioned networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Context-aware network and situation management for crypto-partitioned networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links