Systems and methods for providing network security using a secure digital device
DCFirst Claim
1. A secure digital security system comprising:
- a data store;
a file management module configured to receive a transfer file from a host device over a virtual file interface configured to assist in transferring data at file transfer speeds between the host device and the secure digital security system, the transfer file possibly containing a data store command or a virtual file containing network traffic intercepted at the host device, the transfer file including header information indicating whether the transfer file includes the data store command or the virtual file containing the network traffic, the network traffic including one of incoming network traffic to the host device or outgoing network traffic from the host device, the data store command including a particular command to retrieve or store data in the data store;
a controller configured to manage the data store command by retrieving or storing the data in the data store;
a security policy management module configured to evaluate the network traffic in the virtual file for compliance with a security policy;
a traffic access determination module configured to generate a security indication whether to allow or to deny the network traffic in accordance with the evaluation; and
a module configured to provide to the host device over the virtual file interface the security indication whether to allow or to deny the network traffic.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.
-
Citations
24 Claims
-
1. A secure digital security system comprising:
-
a data store; a file management module configured to receive a transfer file from a host device over a virtual file interface configured to assist in transferring data at file transfer speeds between the host device and the secure digital security system, the transfer file possibly containing a data store command or a virtual file containing network traffic intercepted at the host device, the transfer file including header information indicating whether the transfer file includes the data store command or the virtual file containing the network traffic, the network traffic including one of incoming network traffic to the host device or outgoing network traffic from the host device, the data store command including a particular command to retrieve or store data in the data store; a controller configured to manage the data store command by retrieving or storing the data in the data store; a security policy management module configured to evaluate the network traffic in the virtual file for compliance with a security policy; a traffic access determination module configured to generate a security indication whether to allow or to deny the network traffic in accordance with the evaluation; and a module configured to provide to the host device over the virtual file interface the security indication whether to allow or to deny the network traffic. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method in a secure digital security system, the secure digital security system including a data store and at least one security engine, the method comprising:
-
receiving a transfer file from a host device over a virtual file interface configured to transfer data at file transfer speeds, the transfer file possibly containing a data store command or a virtual file containing network traffic intercepted at the host device, the transfer file including header information indicating whether the transfer file includes the data store command or the virtual file containing the network traffic, the network traffic including one of incoming network traffic to the host device or outgoing network traffic from the host device, the data store command including a particular command to retrieve or store data in the data store; if the header information indicates that the transfer file includes the data store command, then receiving the data store command; managing the data store command by retrieving or storing the data in the data store; if the header information indicates that the transfer file includes the virtual file containing the network traffic, then using the at least one security engine to evaluate the network traffic in the virtual file for compliance with a security policy; generating a security indication whether to allow or to deny the network traffic in accordance with the evaluation; and providing to the host device the security indication whether to allow or to deny the network traffic. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
a host device including; at least one processor; a virtual file interface configured to assist in transferring file data at file transfer speeds to a secure digital security system, the secure digital security system including a security engine configured to conduct a security process on network traffic; and memory storing computer instructions, the computer instructions configured to cause the at least one processor to; receive a data store command including a particular command to retrieve or store data in a data store; intercept network traffic, the intercepted network traffic including one of incoming network traffic to the host device or outgoing network traffic from the host device; package the intercepted network traffic as one or more virtual files containing the intercepted network traffic, the one or more virtual files including header information, the header information indicating that the one or more virtual files contain intercepted network traffic and not file data; provide the one or more virtual files with the header information to the virtual file interface, the virtual file interface configured to assist in transferring the one or more virtual files with the header information as the file data at the file transfer speeds to the secure digital security system, the secure digital security system configured to use the header information to determine whether the one or more virtual files contain intercepted network traffic, the secure digital security system further configured to conduct the security process on the intercepted network traffic contained in the one or more virtual files and to generate a security indication indicating whether the intercepted network traffic is deemed safe according to the security process; receive the security indication from the secure digital security system; and allow the system to process the intercepted network traffic when the security indication indicates that the intercepted network traffic is safe according to the security process; the secure digital security system comprising; the data store; a controller configured to manage the data store command by retrieving or storing the data in the data store; a file management module configured to receive the one or more virtual files from the host device over the virtual file interface; a security policy management module configured to evaluate the network traffic in the one or more virtual files for compliance with a security policy; a traffic access determination module configured to generate the security indication whether to allow or to deny the network traffic in accordance with the evaluation; and a module configured to provide to the host device over the virtual file interface the security indication whether to allow or to deny the network traffic. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving a data store command by a host device, the data store command including a particular command to retrieve or store data in a data store, the host device including at least one processor and a virtual file interface configured to assist in transferring file data at file transfer speeds to a secure digital security system, the secure digital security system including the data store and including a security engine configured to conduct a security process on network traffic; intercepting network traffic by the host device, the intercepted network traffic including one of incoming network traffic to the host device or outgoing network traffic from the host device; packaging by the host device the intercepted network traffic as one or more virtual files containing the intercepted network traffic, the one or more virtual files including header information, the header information indicating that the one or more virtual files contain intercepted network traffic and not file data; providing by the host device the one or more virtual files with the header information to the virtual file interface, the virtual file interface assisting in transferring the one or more virtual files with the header information as the file data at the file transfer speeds to the secure digital security system; receiving by the secure digital security system the one or more virtual files from the host device over the virtual file interface; using by the secure digital security system the header information to determine that the one or more virtual files contain intercepted network traffic; evaluating by the secure digital security system the network traffic in the one or more virtual files for compliance with a security policy; generating by the secure digital security system a security indication whether to allow or to deny the network traffic in accordance with the evaluation; providing by the secure digital security system to the host device over the virtual file interface the security indication whether to allow or to deny the network traffic; receiving by the host device the security indication from the secure digital security system; and processing by the host device the intercepted network traffic when the security indication indicates that the intercepted network traffic is safe according to the security process. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification