Secure network and method of establishing communication amongst network devices that have restricted network connectivity
First Claim
1. A secure network configured to carry data, comprising:
- a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble partitions, each anti-bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of anti-bubbles have the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each of the plurality of anti-bubble partitions is connected to at least one network control point to form an anti-bubble boundary, the network control point is used to provide a connection between any two network devices, and wherein at least one of the network control point devices is configured to enforce the network security policy of the anti-bubble that is connected to the network control point device.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure network is provided which includes a plurality of anti-bubbles having a plurality of anti-bubble partitions. Each anti-bubble partition has at least one network device configured to transmit and receive data. All the network devices that belong to or correspond to a particular anti-bubble have the same network security policy. Data may not be transmitted between two network devices in the same anti-bubble or two network devices in different anti-bubble partitions of the same anti-bubble. The secure network also includes a plurality of network control points, which has one or more network control point devices having at least one interface. Each anti-bubble partition is connected to at least one network control point. The network control point is used to provide a connection between at least two network devices. Each network control point device is configured to enforce the network security policy of all the anti-bubbles that are connected to it. During the transmission of data from one network device to another network device, one or more network control points are traversed.
-
Citations
56 Claims
-
1. A secure network configured to carry data, comprising:
-
a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble partitions, each anti-bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of anti-bubbles have the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each of the plurality of anti-bubble partitions is connected to at least one network control point to form an anti-bubble boundary, the network control point is used to provide a connection between any two network devices, and wherein at least one of the network control point devices is configured to enforce the network security policy of the anti-bubble that is connected to the network control point device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
17. A secure network configured to transmit data, comprising:
-
a first and a second anti-bubble, each anti-bubble having a distinct network security policy and a plurality of anti-bubble partitions, each anti-bubble partition having a plurality of network devices configured to transmit and receive data; and
a plurality of network control points, each network control point having one or more network control point devices, each network control point device having at least one interface, wherein each anti-bubble partition is connected to at least one and no more than two network control points to provide a connection between a network device in the first anti-bubble and a network device in the second anti-bubble, and wherein each one of the network control point devices is configured to enforce the network security policy of at least one of the anti-bubbles.
-
-
34. A secure network configured to carry data, comprising:
-
a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble partitions, each anti-bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of anti-bubbles having the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each anti-bubble partition is connected to only one network control point, which is used to provide a connection between any two network devices of different anti-bubbles, and wherein each one of the network control point devices is configured to enforce the network security policy of the anti-bubble that the network control point device is connected to and wherein when data is transmitted from one network device to another network device, two network control points are traversed.
-
-
48. A secure network configured to carry data, comprising:
-
a plurality of anti-bubbles, each anti-bubble having a plurality of anti-bubble partitions, each anti-bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of anti-bubbles have the same network security policy;
a plurality of bubbles, each bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of bubbles have the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each anti-bubble partition and each bubble partition is connected to one of the plurality of network control points, which are used to provide a connection between two or more network devices of different anti-bubbles and two or more network devices of the plurality of bubbles, and wherein each one of the network control point devices is configured to enforce the network security policy of the anti-bubble and bubble that the network control point device is connected to.
-
Specification