Telecommunications defence system

US 10,498,757 B2
Filed: 09/10/2015
Issued: 12/03/2019
Est. Priority Date: 09/11/2014
Status: Active Grant

First Claim

Patent Images

1. A telecommunications defense system comprising at least one server, comprising at least one processor and memory, adapted to be in communication with a client telecommunications system via a telecommunications network, the telecommunications defense system comprising a shielding application and a scanning application;

a) the shielding application containing instructions which, when executed on the at least one server, cause the server to generate a shield signal which provides at least one shield operative to shield the client telecommunications system from at least one external vulnerability;

b) the scanning application containing instructions which, when executed on the at least one server, generate a first scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities without being shielded from the client telecommunications system by the shield, wherein the telecommunications defense system produces a first vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the first scanning signal;

c) the scanning application containing further instructions, which when executed on the at least one server, generate a second scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities whilst being shielded from the client telecommunications system by the at least one shield, wherein the telecommunications defense system produces a second vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the second scanning signal;

d) the telecommunications defense system being further operative to compare the first and second vulnerability signals and to generate an output signal based on the comparison, and indicative of any unshielded vulnerabilities.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A telecommunications defence system (TDS) comprises at least one server adapted to communicate with a client telecommunications system (ClientTS) via a telecommunications network, a shielding application (ShieldApp) and a scanning application (ScanApp). The ShieldApp causes the server to generate a shield signal providing at least one shield that shields the ClientTS from at least one external vulnerability. The ScanApp generates a first scanning signal which scans the ClientTS for vulnerabilities without shielding by the shield. The TDS produces a first signal indicative of vulnerabilities of the ClientTS determined by the first scanning signal. The ScanApp generates a second scanning signal which scans the ClientTS for vulnerabilities whilst being shielded. The TDS produces a second signal indicative of vulnerabilities of the ClientTS determined by the second scanning signal. The TDS compares the first and second signals and generates an output indicative of unshielded vulnerabilities.

Citations

24 Claims

1. A telecommunications defense system comprising at least one server, comprising at least one processor and memory, adapted to be in communication with a client telecommunications system via a telecommunications network, the telecommunications defense system comprising a shielding application and a scanning application;
- a) the shielding application containing instructions which, when executed on the at least one server, cause the server to generate a shield signal which provides at least one shield operative to shield the client telecommunications system from at least one external vulnerability;
  
  b) the scanning application containing instructions which, when executed on the at least one server, generate a first scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities without being shielded from the client telecommunications system by the shield, wherein the telecommunications defense system produces a first vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the first scanning signal;
  
  c) the scanning application containing further instructions, which when executed on the at least one server, generate a second scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities whilst being shielded from the client telecommunications system by the at least one shield, wherein the telecommunications defense system produces a second vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the second scanning signal;
  
  d) the telecommunications defense system being further operative to compare the first and second vulnerability signals and to generate an output signal based on the comparison, and indicative of any unshielded vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1 wherein the scanning application and the shielding application are provided on, or in communication with, a single server.
  - 3. The system of claim 1 wherein the scanning application and the shielding application are provided on, or in communication with, multiple servers in a server network.
  - 4. The system of claim 1 wherein the first scanning signal is arranged to bypass the at least one shield.
  - 5. The system of claim 4 wherein the first scanning signal is arranged to bypass the server altogether.
  - 6. The system of claim 4 wherein the first scanning signal is routed through the server but bypasses the at least one shield.
  - 7. The system of claim 1 wherein the first scanning signal is arranged to pass-through the server, that is, the first scanning signal is routed to the client telecommunications system via the server.
  - 8. The system of claim 1 wherein the first scanning signal comprises an identifier generated by the scanning application, which identifier is used by the system to control the routing of the first scanning signal and allow the first scanning signal to reach the client telecommunications system.
  - 9. The system of claim 8 wherein the identifier comprises the source IP address of the server.
  - 10. The system of claim 8 wherein the identifier comprises an electronic security certificate.
  - 11. The system of claim 8 wherein the identifier comprises an electronic signature comprising part of the first scanning signal.
  - 12. The system of claim 11 wherein the electronic signature is embedded into a header of the first scanning signal.
  - 13. The system of claim 1 further arranged to generate a pre-scan signal arranged to perform a pre-scan of the client telecommunications system so as to identify vulnerabilities of the client telecommunications system before the first scan is performed, the shielding application being arranged to generate a shield signal or signals in response to the vulnerabilities identified in the pre-scan.
  - 14. The system of claim 1 wherein the server comprises part of the client telecommunications system.
  - 15. The system of claim 1 wherein the server is a remote server in communication with the client telecommunications system.
  - 16. The system of claim 1 wherein the shield application comprises, or is operative to generate or activate, a shield or shields comprising a web application firewall (WAF).
  - 17. The system of claim 1 wherein the shield application comprises a shield generator operative to provide mitigation against a particular vulnerability of the client telecommunications system that is identified by the first or second scans by generating or activating an additional shield or shields, in dependence upon a third vulnerability signal.
  - 18. The system of claim 17 wherein the shield generator comprises a programmable shield application, stored on, or arranged to be in communication with, the server.
  - 19. The system of claim 1 wherein the output signal is indicative of the effectiveness of the shielding of the client telecommunications system.
  - 20. The system of claim 1, arranged to generate a correlation signal, correlating an attack detected on the client telecommunications system, with a vulnerability identified by the first or second scans.
  - 21. The system of claim 20 wherein the correlation signal is processed to generate an alarm signal.

22. A server or server network, comprising at least one processor and memory, of a telecommunications defense system, the server being adapted to be in communication with a client telecommunications system via a telecommunications network, the server or server network comprising a shielding application and a scanning application;
- a) the shielding application containing instructions which, when executed on the at least one server, cause the server to generate a shield signal which provides at least one shield operative to shield the client telecommunications system from at least one external vulnerability;
  
  b) the scanning application containing instructions which, when executed on the at least one server, generate a first scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities without being shielded from the client telecommunications system by the shield, wherein a first vulnerability signal is produced indicative of any vulnerabilities of the client telecommunications system determined by the first scanning signal;
  
  c) the scanning application containing further instructions, which when executed on the at least one server, generate a second scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities whilst being shielded from the client telecommunications system by the at least one shield, wherein a second vulnerability signal is produced indicative of any vulnerabilities of the client telecommunications system determined by the second scanning signal;
  
  d) the server being further operative to compare the first and second vulnerability signals and to generate an output signal based on the comparison, and indicative of any unshielded vulnerabilities.

23. A method of defending a client telecommunications system using a telecommunications defense system comprising at least one server comprising at least one processor and memory, adapted to be in communication with the client telecommunications system via a telecommunications network, the telecommunications defense system comprising a shielding application and a scanning application;
- the method comprising steps of;
  
  a) executing instructions of the shielding application on the at least one server to cause the server to generate a shield signal which provides at least one shield operative to shield the client telecommunications system from at least one external vulnerability;
  
  b) executing instructions of the scanning application on the at least one server to generate a first scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities without being shielded from the client telecommunications system by the shield;
  
  c) producing a first vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the first scanning signal;
  
  d) executing further instructions of the scanning application on the at least one server to generate a second scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities whilst being shielded from the client telecommunications system by the at least one shield;
  
  e) producing a second vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the second scanning signal;
  
  f) comparing the first and second vulnerability signals and generating an output signal based on the comparison, and indicative of any unshielded vulnerabilities.

24. A telecommunications network comprising a telecommunications defense system provided with at least one server comprising at least one processor and memory, adapted to be in communication with a client telecommunications system via a telecommunications network, the telecommunications defense system comprising a shielding application and a scanning application;
- a) the shielding application containing instructions which, when executed on the at least one server, cause the server to generate a shield signal which provides at least one shield operative to shield the client telecommunications system from at least one external vulnerability;
  
  b) the scanning application containing instructions which, when executed on the at least one server, generate a first scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities without being shielded from the client telecommunications system by the shield, wherein the telecommunications defense system produces a first vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the first scanning signal;
  
  c) the scanning application containing further instructions, which when executed on the at least one server, generate a second scanning signal over the telecommunications network which scans the client telecommunications system for vulnerabilities whilst being shielded from the client telecommunications system by the at least one shield, wherein the telecommunications defense system produces a second vulnerability signal indicative of any vulnerabilities of the client telecommunications system determined by the second scanning signal;
  
  d) the telecommunications defense system being further operative to compare the first and second vulnerability signals and to generate an output signal based on the comparison, and indicative of any unshielded vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samuel Geoffrey Pickles
Original Assignee
Samuel Geoffrey Pickles
Inventors
Pickles, Samuel Geoffrey
Primary Examiner(s)
Moorthy, Aravind K

Application Number

US15/510,769
Publication Number

US 20170264632A1
Time in Patent Office

1,545 Days
Field of Search

726 13, 726 22, 726 25
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0236   Filtering by address, proto...

H04L 63/0281   Proxies

H04L 63/0823   using certificates cryptogr...

H04L 63/1433   Vulnerability analysis

H04L 67/01   Protocols

H04L 67/53   using third party service p...

H04L 69/22   Parsing or analysis of headers

Telecommunications defence system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Telecommunications defence system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links