Method and network for containing the spread of damage from a network element subject to compromise

US 20030200488A1
Filed: 04/17/2002
Published: 10/23/2003
Est. Priority Date: 04/17/2002
Status: Abandoned Application

First Claim

Patent Images

1. A computer network including at least one identifiable network element subject to compromise, said network comprising, in combination:

a) at least one controller for performing or denying a service request of at least one network element;

b) at least one sensor for detecting and identifying at least one possibly compromised network element;

c) at least one directory for storing identifications of possibly compromised network elements; and

d) said network being arranged so that said at least one directory is addressable by said at least one sensor and accessible to said at least one controller whereby said at least one controller can deny a requested service to a requesting network element that is possibly compromised.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer network for containing the spread of damage from a compromised element. A sensor is arranged to detect suspicious behavior of other identifiable network elements. When such suspicious behavior is detected, the identity of such network element is addressed and input to a directory. Such directory is addressable by various network elements, including network servers and routers or gateways that define choke points of the network, over either a network infrastructure (wide area network) or network interconnections (local area network). Such network architecture permits the various choke point network elements (controllers) to refer to the status of network elements requesting services, such as network configuration, that could result in the spread of damage, when deciding to provide or deny such services.

Citations

29 Claims

1. A computer network including at least one identifiable network element subject to compromise, said network comprising, in combination:
- a) at least one controller for performing or denying a service request of at least one network element;
  
  b) at least one sensor for detecting and identifying at least one possibly compromised network element;
  
  c) at least one directory for storing identifications of possibly compromised network elements; and
  
  d) said network being arranged so that said at least one directory is addressable by said at least one sensor and accessible to said at least one controller whereby said at least one controller can deny a requested service to a requesting network element that is possibly compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A computer network as defined in claim 1 wherein said at least one controller is arranged to provide an indication of possible compromise to a requesting element.
  - 3. A computer network as defined in claim 2 including a network element arranged to provide a user with an indication of possible compromise in response to receipt of such an indication from a controller.
  - 4. A computer network as defined in claim 3 including a network element arranged to halt operation in response to receipt of an indication of possible compromise from a controller.
  - 5. A computer network as defined in claim 1 wherein said at least one controller comprises a network server.
  - 6. A computer network as defined in claim 1 wherein said at least one controller comprises a router.
  - 7. A computer network as defined in claim 1 wherein said at least one controller comprises an authentication server.
  - 8. A computer network as defined in claim 1 further characterized in that said computer network comprises a wide area network that includes a plurality of local area networks that are mutually-addressable over a network infrastructure.
  - 9. A computer network as defined in claim 1 further characterized in that said computer network comprises a local area network that includes a plurality of network elements that are mutually-addressable over local area network interconnections.
  - 10. A computer network as defined in claim 1 wherein said at least one controller is arranged to respond to a request for a network configuration.
  - 11. A computer network as defined in claim 1 wherein said at least one controller is arranged to respond to request for a credential.
  - 12. A computer network as defined in claim 1 wherein identifications of possibly compromised elements can be manually removed from said at least one directory.

13. A wide area computer network comprising, in combination:
- a) a plurality of local area networks;
  
  b) said local area networks being mutually addressable over a network infrastructure;
  
  c) each of said local area networks including a plurality of identifiable network elements, at least one of said network elements being subject to compromise;
  
  d) at least one local area network including a controller for servicing or denying a service request of at least one network element;
  
  e) at least one sensor for detecting and identifying at least one possibly compromised network element;
  
  f) at least one directory for storing identifications of possibly compromised network elements; and
  
  g) said network being arranged so that said at least one directory is addressable by said at least one sensor and accessible to said at least one controller whereby said at least one controller can deny a requested service to a requesting network element that is possibly compromised.
- View Dependent Claims (14, 15, 16, 17)
- - 14. A wide area computer network as defined in claim 13 wherein said controller comprises a network server.
  - 15. A wide area computer network as defined in claim 13 wherein said controller comprises a router.
  - 16. A wide area computer network as defined in claim 13 wherein said controller comprises an authentication server.
  - 17. A wide area computer network as defined in claim 13 wherein identifications of possibly compromised elements can be manually removed from said at least one directory.

18. A local area computer network including at least one identifiable network element subject to compromise, said local area network comprising, in combination:
- a) a plurality of network elements;
  
  b) said network elements being mutually addressable over local area network interconnections;
  
  c) at least one controller for servicing or denying a service request of at least one network element;
  
  d) at least one sensor for detecting and identifying at least one possibly compromised network element;
  
  e) at least one directory for storing identifications of possibly compromised network elements; and
  
  f) said network being arranged so that said at least one directory is addressable by said at least one sensor and accessible to said at least one controller whereby said at least one controller can deny a requested service to a requesting network element that is possibly compromised.
- View Dependent Claims (19, 20, 21, 22)
- - 19. A local area computer network as defined in claim 18 wherein said controller comprises a network server.
  - 20. A local area computer network as defined in claim 18 wherein said controller comprises a router.
  - 21. A local area computer network as defined in claim 18 wherein said controller comprises an authentication server.
  - 22. A local area computer network as defined in claim 18 wherein identifications of possibly compromised elements can be manually removed from said at least one directory.

23. A method for containing the spread of damage within a computer network of the type that includes at least one uniquely identifiable network element subject to compromise, said method comprising the steps of:
- a) sensing a possibly compromised network element;
  
  then b) storing the identification of said possibly compromised network element in a directory accessible to network elements that comprise choke points of said network;
  
  then c) referring to said directory for network element identifications when a service is requested of a network element comprising a choke point of said network; and
  
  then d) denying said requested service when the identification of said requesting network element is present in said directory.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. A method as defined in claim 23 further including the step of providing an indication of possible compromise to a requesting network element identified as possibly compromised.
  - 25. A method as defined in claim 24 wherein the step of sensing further includes the step of observing traffic on said network.
  - 26. A method as defined in claim 24 wherein the step of providing an indication further includes the step of notifying a user of said compromised element.
  - 27. A method as defined in claim 24 wherein the step of providing an indication further includes the step of halting operation of said possibly compromised network element.
  - 28. A method as defined in claim 23 wherein said requested service comprises the assignment of a network configuration.
  - 29. A method as defined in claim 23 wherein said requested service comprises the provision of a credential to a user of said requesting network element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Lloyd, Paul C.

Application Number

US10/125,625
Publication Number

US 20030200488A1
Time in Patent Office

Days
Field of Search
US Class Current

714/43
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/145 the attack involving the pr...

Method and network for containing the spread of damage from a network element subject to compromise

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and network for containing the spread of damage from a network element subject to compromise

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links