Communications traffic segregation for security purposes

US 20070136783A1
Filed: 12/08/2005
Published: 06/14/2007
Est. Priority Date: 12/08/2005
Status: Active Grant

First Claim

Patent Images

1. A method for applying a communications traffic security policy including one or both of a detection policy and an enforcement policy, the method comprising:

segregating a distinct communications traffic flow based upon characteristics of the distinct communications traffic flow which exhibits a security value; and

, applying one or both of the detection policy and the enforcement policy to the segregated communications traffic flow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.

23 Citations

View as Search Results

20 Claims

1. A method for applying a communications traffic security policy including one or both of a detection policy and an enforcement policy, the method comprising:
- segregating a distinct communications traffic flow based upon characteristics of the distinct communications traffic flow which exhibits a security value; and
  
  , applying one or both of the detection policy and the enforcement policy to the segregated communications traffic flow.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1 wherein applying one or both of the detection policy and the enforcement policy includes one or both of:
    - determining via the detection policy whether the segregated communications traffic flow is associated with malware; and
      
      , enforcing via the enforcement policy a malware policy.
  - 3. A method according to claim 1 wherein the security value is defined by a difference between user-interactive communications traffic flows and non-interactive communications traffic flows.
  - 4. A method according to claim 1 wherein the segregated communications traffic is one of:
    - allowed to continue its flow if the detection policy does not determine an association with malware; and
      
      , blocked from its flow if the detection policy determines an association with malware.
  - 5. A method according to claim 1 wherein the enforcement of the enforcement policy includes blocking flow of the segregated communications traffic if the detection policy determines an association with malware.
  - 6. A method according to claim 1 wherein segregating a communications traffic flow is one or both of:
    - performed by a computer with respect to a communications traffic flow within the computer; and
      
      , performed by a centralized security engine with respect to one or more communications traffic flows from one or more computers.
  - 7. A method according to claim 6 wherein one or both of the detection and enforcement policies are implemented by one or both of the computer and the centralized security engine.
  - 8. A method according to claim 1 wherein segregating a communications traffic flow includes segregating by security value two or more communications traffic flows.
  - 9. A method according to claim 8 wherein one or both of the detection and enforcement policies are applied to one or both of the two or more segregated communications traffic flows.
  - 10. A method according to claim 8 wherein segregating the two or more communications traffic flows includes dynamically tagging one or more of the two or more communications traffic flows.
  - 11. A method according to claim 10 further including tracking one or more of the dynamically tagged communications traffic flows.
  - 12. A method according to claim 10 further including tracking one or more of the communications traffic flows which have not been dynamically tagged.
  - 13. A method according to claim 1 wherein the detection policy includes rules for using a certain minimum number of traffic flows generated in a certain minimal period of time.
  - 14. A computer-readable medium having computer-executable instructions for performing a computer process implementing the method of claim 1.

15. A method for applying a communications traffic policy comprising:
- segregating communications traffic flows as one or both of user-interactive and non-interactive;
  
  tracking one or both of the segregated communications traffic flows;
  
  determining whether one or both of the tracked one or both communications traffic flows is associated with malware; and
  
  one or both of enforcing a malware policy and allowing the communications traffic to flow.
- View Dependent Claims (16, 17, 18, 19)
- - 16. A method according to claim 15 wherein segregating a category of communications traffic flows includes segregating by security value two or more communications traffic flows.
  - 17. A method according to claim 16 wherein one or both of a detection and enforcement policies are applied to one or both of the two or more segregated communications traffic flows.
  - 18. A method according to claim 16 wherein segregating the two or more communications traffic flows includes dynamically tagging one or more of the two or more communications traffic flows.
  - 19. A computer-readable medium having computer-executable instructions for performing a computer process implementing the method of claim 15.

20. A computer system including a computing device and a connection for connecting the computing device to a network, the computer system further including:
- a security policy component connected to or within one or both of the computing device and the connection;
  
  the security policy component having a processor and adapted to be executed therby is one or both of a detection module and an enforcement module;
  
  the security policy component also being adapted to execute one or both of a detection module and an enforcement module in relation to a segregated communications traffic flow, the one or both of the detection and the enforcement policies defining a category for the segregation of the segregated communications traffic flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yariv, Eran, Abzarian, David, Shelest, Art

Granted Patent

US 7,698,548 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/1441 Countermeasures against mal...

Communications traffic segregation for security purposes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communications traffic segregation for security purposes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links