Internet service provider method and apparatus

US 20020194506A1
Filed: 06/12/2002
Published: 12/19/2002
Est. Priority Date: 06/19/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for use in an internet service provider environment for providing internet access to a plurality of subscriber environments, comprising the steps of:

receiving a packet intended for a destination subscriber environment amongst the plurality of subscriber environments;

discriminating the packet to deny the packet if considered insecure;

else passing the packet toward the destination subscriber environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for use in an internet service provider environment (10), for providing internet (20) access to a plurality of subscriber environments. A packet intended for a destination subscriber environment is discriminated to deny the packet if it is considered insecure. Performing this discrimination in the internet service provider environment (10) allows a centralized security service for a large number of subscriber environments (30) each having internet access through the internet service provider environment (10). Each subscriber environment (30) is maintained in a secure state to inhibit subversion such as by malicious attacks, even where the subscriber environment (30) is allocated a static IP address and maintains connection for a relatively long duration session. Also, technical expertise required of a subscriber operating the subscriber environment (30) is minimized.

24 Citations

View as Search Results

22 Claims

1. A method for use in an internet service provider environment for providing internet access to a plurality of subscriber environments, comprising the steps of:
- receiving a packet intended for a destination subscriber environment amongst the plurality of subscriber environments;
  
  discriminating the packet to deny the packet if considered insecure;
  
  else passing the packet toward the destination subscriber environment.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, comprising receiving a subscription from one or more of the subscriber environments to a centralised security service, and selectively discriminating the packet only if the destination subscriber environment has subscribed to the centralised security service.
  - 3. The method of claim 1, wherein the discriminating step comprises applying one or more discriminating filters according to a level of service subscribed to by the destination subscriber environment.

4. A method of providing internet access to a plurality of subscriber environments by an internet service provider environment, comprising the steps of:
- receiving a security subscription from one or more of the plurality of subscriber environments;
  
  receiving a packet intended for a destination subscriber environment amongst the plurality of subscriber environments;
  
  if a security subscription has been received from the destination subscriber environment, then discriminating the packet with reference to one or more discriminating filters to deny the packet if considered insecure;
  
  else passing the packet for delivery to the destination subscriber environment.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method of claim 4, comprising:
    - forming a security policy for a subscriber environment in response to receiving a security subscription; and
      
      discriminating a packet for a destination subscriber environments in accordance with the security policy for that subscriber environment.
  - 6. The method of claim 5, comprising storing the security policy in a security subscription table comprising security policy records indexed by an IP address allocated to each subscriber environment.
  - 7. The method of claim 6, comprising retrieving a stored security policy for a destination subscriber environment according to a destination IP address of the packet.
  - 8. The method of claim 4, wherein the received security subscription determines a level of service for the subscriber environment;
    - and the discriminating step includes selecting one or more discriminating filters to apply to the packet according to the level of service for the destination subscriber environment.
  - 9. The method of claim 4, wherein the discriminating step comprises any one or more of:
    - (a) comparing a source IP address of the packet against one or more control lists;
      
      (b) determining whether the packet is a response to a request from within the destination subscriber environment; and
      
      (c) discriminating the packet according to its content, or the application type of its content.

10. An internet service provider apparatus providing internet access to a plurality of subscriber environments, the apparatus comprising:
- an edge router coupleable to core routers of a global data network;
  
  an ISP telecommunications interface coupleable to a plurality of subscriber environments; and
  
  a packet discriminator arranged to discriminate packets passing between the edge router and the ISP telecommunications interface.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The apparatus of claim 10, wherein the packet discriminator comprises at least one discriminating filter.
  - 12. The apparatus of claim 10, wherein the packet discriminator comprises an IP packet filter arranged to discriminate packets by comparing a source IP address of a packet against one or more control lists.
  - 13. The apparatus of claim 10, wherein the packet discriminator comprises at least one application level filter arranged to discriminate a packet according to content and application type.
  - 14. The apparatus of claim 10, wherein the packet discriminator comprises a HTTP response filter arranged to discriminate packets according to responses requested from within a subscriber environment.
  - 15. The apparatus of claim 10, wherein the packet discriminator performs packet discrimination selectively according to a destination IP address of each packet.
  - 16. The apparatus of claim 10, wherein the packet discriminator performs packet discrimination only for one or more subscriber environments which have subscribed to a centralised security service.
  - 17. The apparatus of claim 16, wherein the packet discriminator performs packet discrimination according to a level of service which has been subscribed to by the one or more subscriber environments.
  - 18. The apparatus of claim 17, wherein the packet discriminator performs packet discrimination by applying a selected one or more discriminating filters according to the level of service.
  - 19. The apparatus of claim 10, wherein the packet discriminator performs packet discrimination of a packet destined for a destination subscriber environment amongst the plurality of subscribers environments, in accordance with a stored security policy for the destination subscriber environment.
  - 20. The apparatus of claim 19, wherein the stored security policy includes a security subscription table comprising security profile records indexed by an IP address allocated to each subscriber environment.

21. An apparatus providing internet access to a plurality of subscriber environments from an internet service provider environment, the apparatus comprising:
- a packet discriminator arranged to discriminate a packet destined for a destination subscriber environment amongst the plurality of subscriber environments, by applying zero or more discriminating filters according to a level of service subscribed to by the destination subscriber environment.

22. A system connecting a subscriber user apparatus to a global data network, comprising:
- a subscriber telecommunications interface coupled to the subscriber user apparatus;
  
  a telecommunications environment coupled to the subscriber telecommunications interface; and
  
  an internet service provider environment coupled to the telecommunications environment, the internet service provider environment including an edge router coupleable to the global data network, an ISP telecommunications interface coupled to the telecommunications environment, and a packet discriminator arranged to discriminate packets passing between the edge router and the ISP telecommunications interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Banks, David Murray, Wiley, Anthony J.

Application Number

US10/166,600
Publication Number

US 20020194506A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2874   Processing of data for dist...

H04L 63/0236   Filtering by address, proto...

H04L 63/1458   Denial of Service

H04M 11/062   using different frequency b...

Internet service provider method and apparatus

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Internet service provider method and apparatus

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links