System and method for implementing a virtual backbone on a common network infrastructure

US 20010037384A1
Filed: 02/27/2001
Published: 11/01/2001
Est. Priority Date: 05/15/2000
Status: Abandoned Application

First Claim

Patent Images

1. A network system configured to carry data, comprising:

a plurality of networks, each network having at least one network device configured to transmit and receive data and having a network security policy;

a plurality of network control points, each network control point having at least one network control point device, wherein each of the plurality of network control points is connected to at least one of the plurality of networks, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network that is connected to the network control point device; and

a virtual backbone configured to connect the plurality of network control points to one another.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network system is provided which includes a plurality of networks where each network has at least one network device configured to transmit and receive data and has a network security policy. The secure network further includes a plurality of network control points where each network control point has at least one network control point device. Each of the plurality of network control points is connected to at least one of the plurality of networks. All network control point devices are configured to enforce the network security policy for the network to which it is connected. The secure network further includes a virtual backbone configured to connect the plurality of network control points to one another. The virtual backbone does not enforce any network security policy with respect to data being transmitted across the virtual backbone, except for source address integrity at the point the networks connect to a NCP.

Citations

36 Claims

1. A network system configured to carry data, comprising:
- a plurality of networks, each network having at least one network device configured to transmit and receive data and having a network security policy;
  
  a plurality of network control points, each network control point having at least one network control point device, wherein each of the plurality of network control points is connected to at least one of the plurality of networks, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network that is connected to the network control point device; and
  
  a virtual backbone configured to connect the plurality of network control points to one another.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A network system as defined in claim 1, wherein the virtual backbone does not enforce any network security policy with respect to data being transmitted across the virtual backbone.
  - 3. A network system as defined in claim 1, wherein the virtual backbone has a registry that stores an address range of the plurality of known networks that are connected to the virtual backbone.
  - 4. A network system as defined in claim 1, wherein the virtual backbone is implemented using one or more of the following:
    - communication lines, an internet service provider, a virtual private network, and a public network.
  - 5. A network system as defined in claim 1, wherein the virtual backbone is external to the plurality of networks.
  - 6. A network system as defined in claim 1, wherein the virtual backbone is external to the plurality of network control points.
  - 7. A network system as defined in claim 1, wherein the virtual backbone is configured to enforce source address integrity.
  - 8. A network system as defined in claim 1, wherein at least one of the network control point devices in each of the plurality of network control points has unrestricted network connectivity to at least one of the network control point devices within all of the other network control points within the same virtual backbone.
  - 9. A network system as defined in claim 1, wherein each of the plurality of networks is defined by an address range.
  - 10. A network system as defined in claim 9, wherein each of the network devices in each of the plurality of networks has an address contained within the address range.
  - 11. A network system as defined in claim 1, wherein each of the plurality of network control points ensures source address integrity.
  - 12. A network system as defined in claim 1, wherein the virtual backbone is an external network established and implemented by a plurality of internet service providers.

13. A network system configured to carry data, comprising:
- a virtual backbone;
  
  a plurality of network control points, each network control point having at least one network control point device, which is connected to the virtual backbone and configured to enforce a network security policy of a known network;
  
  a plurality of known networks, each known network is connected to at least one of the plurality of network control point devices and has a network security policy; and
  
  a plurality of unknown networks, each unknown network is connected to at least one of the plurality of network control point devices, and having no network security policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. A network system as defined in claim 13, wherein the virtual backbone has a registry that stores an adress range of the plurality of known networks that are connected to the virtual backbone.
  - 15. A network system as defined in claim 13, wherein the virtual backbone is an external network established and implemented by a plurality of internet service providers.
  - 16. A network system as defined in claim 13, wherein the virtual backbone is external to the plurality of known networks.
  - 17. A network system as defined in claim 13, wherein the virtual backbone is external to the plurality of network control points.
  - 18. A network system as defined in claim 13, wherein at least one of the network control point devices in each of the plurality of network control points has unrestricted network connectivity to at least one of the network control point devices within all of the other network control points within the same virtual backbone.
  - 19. A network system as defined in claim 13, wherein each of the plurality of known networks is defined by an address range.
  - 20. A network system as defined in claim 19, wherein each of the network devices in each of the plurality of known networks has an address contained within the address range.
  - 21. A network system as defined in claim 13, wherein the virtual backbone is configured to enforce source address integrity.
  - 22. A network system as defined in claim 13, wherein each of the network devices in each of the plurality of known networks has unrestricted network connectivity to all other network devices within the same known network.
  - 23. A network system as defined in claim 13, wherein each of the plurality of network control points ensures source address integrity.
  - 24. A network system as defined in claim 13, wherein the virtual backbone is implemented using one or more of the following:
    - communication lines, an internet service provider, a virtual private network, and a public network.

25. A network system configured to carry data, comprising:
- first and second known networks;
  
  first and second virtual backbones, each virtual backbone having an address registry, which includes addresses corresponding to network devices in the first and second known networks;
  
  a first network control point configured to connect the first known network to the first virtual backbone and configured to enforce a network security policy of the first known network;
  
  a second network control point configured to connect the second known network to the second virtual backbone and configured to enforce a network security policy of the second known network;
  
  a third network control point configured to connect to the first virtual backbone and configured to enforce source address integrity for the first and second virtual backbones; and
  
  a fourth network control point configured to be coupled to the third network control point and the second virtual backbone and configured to enforce source address integrity for the first and second virtual backbones.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. A network system as defined in claim 25, further comprising a third known network configured to connect to the third network control point.
  - 27. A network system as defined in claim 26, wherein the third network control point is configured to enforce a network security policy of the third known network.
  - 28. A network system as defined in claim 26, wherein the third known network is configured to connect to the fourth network control point.
  - 29. A network system as defined in claim 26, wherein the fourth network control point is configured to enforce a network security policy of the third known network.
  - 30. A network system as defined in claim 25, wherein the first and second virtual backbones are external networks established and implemented by a plurality of internet service providers.
  - 31. A network system as defined in claim 25, wherein the first and second virtual backbones are external to the first and second known networks.
  - 32. A network system as defined in claim 25, wherein the first and second virtual backbones are external to the network control points.
  - 33. A network system as defined in claim 25, wherein the first and second virtual backbones are configured to enforce source address integrity.
  - 34. A network system as defined in claim 25, wherein all of the network devices in the first and second known networks have unrestricted network connectivity to all other network devices within the same known network.
  - 35. A network system as defined in claim 25, wherein the first, second, third, and fourth network control points ensure source address integrity.
  - 36. A network system as defined in claim 25, wherein the first and second virtual backbones are implemented using one or more of the following:
    - communication lines, an internet service provider, a virtual private network, and a public network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Milligan, Michael, Garcia, Joseph, Pape, John M., Jemes, Brian

Application Number

US09/795,778
Publication Number

US 20010037384A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 61/5061   Pools of addresses

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 67/1097   for distributed storage of ...

H04L 69/40   for recovering from a failu...

H04L 9/40   Network security protocols

System and method for implementing a virtual backbone on a common network infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing a virtual backbone on a common network infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links