System and method for delivering services over a network in a secure environment

US 20030208596A1
Filed: 05/01/2002
Published: 11/06/2003
Est. Priority Date: 05/01/2002
Status: Abandoned Application

First Claim

Patent Images

1. A network for delivering a plurality of services in a secured environment, comprising:

a service module supporting a service from said plurality of services; and

a load balancing switch to provide a virtual internet protocol address for said service, such that a data packet is routed to said service according to said virtual internet protocol address;

a distribution module coupled to said service module, wherein said distribution module routes said data packet to said load balancing switch; and

an integration security module coupled to said distribution module, wherein said integration security module passes said data packet to said distribution module when said data packet is authorized for said virtual internet protocol address.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for delivering services in a secure manner is disclosed. The system includes a network that delivers services to end users. The network includes a service module that supports a service. The service module can deliver more than one service. The network also includes a load balancing switch to provide a virtual internet protocol address for the service. A data packet enclosing a request for the service is routed by the load balancing switch. The network also includes a distribution module coupled to the service module and routes the data packet to the load balancing switch. The network also includes a security module to determine if the data packet is authorized for the virtual internet protocol address. If so, then the service is provided to the end user. If not, security measures are taken to deny the end user access to the services.

Citations

47 Claims

1. A network for delivering a plurality of services in a secured environment, comprising:
- a service module supporting a service from said plurality of services; and
  
  a load balancing switch to provide a virtual internet protocol address for said service, such that a data packet is routed to said service according to said virtual internet protocol address;
  
  a distribution module coupled to said service module, wherein said distribution module routes said data packet to said load balancing switch; and
  
  an integration security module coupled to said distribution module, wherein said integration security module passes said data packet to said distribution module when said data packet is authorized for said virtual internet protocol address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network of claim 1, wherein said integration security module comprises a security enhancing configuration.
  - 3. The service delivery network of claim 1, wherein said service is coupled to said load balancing switch by at least one host connection switch.
  - 4. The service delivery network of claim 1, wherein said service has a physical address.
  - 5. The service delivery network of claim 4, wherein physical address corresponds to said virtual internet protocol address.
  - 6. The network of claim 1, further comprising a service security module coupled to said service module, wherein said service security module passes said packet to said service module when said packet is authorized for said virtual internet protocol address.
  - 7. The network of claim 1, wherein said service includes a network attached device to support an application.
  - 8. The network of claim 7, wherein said network attached device is a server.
  - 9. The network of claim 8, wherein said server includes a host-based firewall.
  - 10. The network of claim 8, wherein software on said server is secured using minimization.
  - 11. The network of claim 8, wherein software on said server is secured using hardening.
  - 12. The network of claim 8, wherein said server implements a chroot environment.

13. A network configured to deliver a service over a network in a secured environment, comprising:
- a service module hosting said service, wherein said service correlates to a virtual internet protocol address;
  
  a load balancing switch to route information to said service according to said virtual internet protocol address; and
  
  a service security module to determine whether a data packet for said service is authorized according to said virtual internet protocol address.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The network of claim 13, wherein said service security module includes a security enhancing configuration.
  - 15. The network of claim 13, further comprising a distribution module coupled to said service security module, wherein said distribution module routes said data packet.
  - 16. The network of claim 15, further comprising an integration security module to determine whether said data packet is allowed to said distribution module.
  - 17. The network of claim 13, further comprising a filter associated with said service module to validate said data packet.
  - 18. The network of claim 13, further comprising an access control list associated with said service module to validate said data packet.
  - 19. The network of claim 13, wherein said service is hosted on a server having a host-based firewall to determine whether said data packet is allowable.

20. A method for delivering a request for a service over a network in a secure manner, comprising:
- receiving said request for said service, wherein said request comprises a data packet bound for a virtual internet protocol address;
  
  determining with a security module whether said data packet is authorized for said virtual internet protocol address; and
  
  forwarding said request to said service correlating to said virtual internet protocol address when said data packet is authorized by said security module.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20, wherein said security module is an integration security module.
  - 22. The method of claim 20, wherein said security module is a service security module.
  - 23. The method of claim 20, further comprising determining a protocol for said data packet.
  - 24. The method of claim 23, further comprising allowing said data packet to said service module according to said protocol.
  - 25. The method of claim 24, wherein said allowing includes filtering said data packet.
  - 26. The method of claim 24, wherein said allowing includes checking an access control list.
  - 27. The method of claim 20, further comprising providing said service from a service domain.
  - 28. The method of claim 20, further comprising rejecting said data packet when said request is not authorized for said virtual internet protocol address.

29. A system for delivering a request for a service over a network in a secure manner, comprising:
- means for receiving said request for said service, wherein said request comprises a data packet bound for a virtual internet protocol address;
  
  means for determining with a security module whether said data packet is authorized for said virtual internet protocol address; and
  
  means for forwarding said request to said service correlating to said virtual internet protocol address when said data packet is authorized by said security module..

30. A method for providing a service over a secured network, comprising:
- performing a security check on a request for said service, wherein said service correlates to a virtual internet protocol address within said secured network;
  
  determining whether said request is allowed for said service according to said virtual internet protocol address; and
  
  forwarding said request to a service domain correlating to said virtual internet protocol address according to said security check.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The method of claim 30, further comprising delivering said service to an end user corresponding to said request.
  - 32. The method of claim 30, wherein said security check is an integration security module.
  - 33. The method of claim 30, wherein said security check is a service security module.
  - 34. The method of claim 30, wherein said security check is a security enhancing device.
  - 35. The method of claim 30, wherein said security check is a filter.
  - 36. The method of claim 30, wherein said security check is an access control list.

37. A system for providing a service over a secured network, comprising:
- means for performing a security check on a request for said service, wherein said service correlates to a virtual internet protocol address within said secured network;
  
  means for determining whether said request is allowed for said service according to said virtual internet protocol address; and
  
  means for forwarding said request to said service correlating to said virtual internet protocol address according to said security check.

38. A method for authorizing a data packet having a request for a service over a network, comprising:
- receiving said data packet at a security module; and
  
  forwarding said data packet to a service supporting said service according to said security module.
- View Dependent Claims (39, 40, 41, 42, 43)
- - 39. The method of claim 38, further comprising allowing said data packet to said service according to a virtual internet protocol address of said service.
  - 40. The method of claim 38, wherein said security module is a service security module.
  - 41. The method of claim 40, further comprising accessing a service module having said service according to said service security module.
  - 42. The method of claim 38, wherein said security module is an integration security module.
  - 43. The method of claim 42, further comprising accessing a distribution module coupled to said service according to said integration security module such that said distribution module routes said data packet to said service.

44. A system for authorizing a data packet having a request for a service over a network, comprising:
- means for receiving said data packet at a security module; and
  
  means for forwarding said data packet to a service domain supporting said service according to security module.

45. A computer program product comprising a computer useable medium having computer readable code embodied therein for delivering a request for a service over a network in a secure manner, the computer program product adapted when run on a computer to execute steps, including:
- receiving said request for said service, wherein said request comprises a data packet bound for a virtual internet protocol address;
  
  determining with a security module whether said data packet is authorized for said virtual internet protocol address; and
  
  forwarding said request to a service domain correlating to said virtual internet protocol address when said data packet is authorized by said security module.

46. A computer program product comprising a computer useable medium having computer readable code embodied therein for providing a service over a secured network, the computer program product adapted when run on a computer to execute steps, including:
- performing a security check on a request for said service, wherein said service correlates to a virtual internet protocol address within said secured network;
  
  determining whether said request is allowed for said service according to said virtual internet protocol address; and
  
  forwarding said request to a service domain correlating to said virtual internet protocol address according to said security check.

47. A computer program product comprising a computer useable medium having computer readable code embodied therein for authorizing a data packet having a request for a service over a network, the computer program product adapted when run on a computer to execute steps, including:
- receiving said data packet at a security module; and
  
  forwarding said data packet to a service domain supporting said service according to said security module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Lofstrand, Mikael, Carolan, Jason T.

Application Number

US10/136,412
Publication Number

US 20030208596A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0236   Filtering by address, proto...

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1023   based on a hash applied to ...

H04L 67/1027   Persistence of sessions dur...

System and method for delivering services over a network in a secure environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for delivering services over a network in a secure environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links