Method and apparatus for geographically regulating inbound and outbound network communications

US 20070300296A1
Filed: 01/26/2007
Published: 12/27/2007
Est. Priority Date: 01/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for a geographic filter of information transmitting, or that could transmit, on a network, the method comprising:

a) a network object on which the method is embodied;

b) configuring network object components by means of;

sending or receiving information used to generate a set of persistent geographic associations, and least one geographic security assertion;

c) optimizing said information in accordance with at least one algorithm;

d) instantiating at least one geographic security assertions by means of redefining said geographic security assertion into a compact representation in which a contextual property of memory storage inherently determines a security action;

e) receiving information and extracting communication attributes, and, comparing the extracted attributes to the compact memory representation of said geographic security assertions, the result of said comparison resulting in a predetermined action being taken in response to said information; and

f) logging operational attributes and the reporting of said logged attributes.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for regulating and analyzing inbound and outbound communications in and between computer networks on the basis of geographic security assertions are provided. Geographic information is collected, optimized, and shared between network objects to enforce network access control on the basis of configurable security assertions. Security assertions are configured and metrics displayed using maps and other geographic data in a graphical user interface.

64 Citations

View as Search Results

20 Claims

1. A method for a geographic filter of information transmitting, or that could transmit, on a network, the method comprising:
- a) a network object on which the method is embodied;
  
  b) configuring network object components by means of;
  
  sending or receiving information used to generate a set of persistent geographic associations, and least one geographic security assertion;
  
  c) optimizing said information in accordance with at least one algorithm;
  
  d) instantiating at least one geographic security assertions by means of redefining said geographic security assertion into a compact representation in which a contextual property of memory storage inherently determines a security action;
  
  e) receiving information and extracting communication attributes, and, comparing the extracted attributes to the compact memory representation of said geographic security assertions, the result of said comparison resulting in a predetermined action being taken in response to said information; and
  
  f) logging operational attributes and the reporting of said logged attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the network object is a personal computer.
  - 3. The method of claim 1, wherein the network object is a network gateway.
  - 4. The method of claim 1, wherein the network object is a server.
  - 5. The method of claim 4, wherein the network object is an application gateway.
  - 6. The method of claim 4, wherein the protected network object is a mail server.
  - 7. The method of claim 1, wherein the network object is a web proxy server.
  - 8. The method of claim 1, wherein the protected network object includes other network services utilizing the Internet Protocol for communication.
  - 9. The method of claim 1, wherein a geographic security assertion is at least one Resource Identifier and a Device Action.
  - 10. The method of claim 1, wherein a possible optimization algorithm is a conversion algorithm.
  - 11. The method of claim 1, wherein the compact representation of geographic security assertions is a table or tree structure.
  - 12. The method of claim 1, wherein the contextual property of a memory structure is a whitelist.
  - 13. The method of claim 1 wherein the contextual property of a memory structure is a blacklist.
  - 14. The method of claim 1, wherein a communication protocol attribute is an IP address field within a protocol header.
  - 16. The method of claim 1, wherein the configuring is based on geographic security assertions provided by an automated remote process.
  - 17. The method of claim 1, wherein the information used to generate a set of persistent geographic associations is retrieved by an automated process.
  - 18. The method of claim 1, wherein logging information is displayed using textual and graphical depictions of Device Actions and Resource Identifiers.
  - 19. The method of claim 1, wherein configuration and logging information is shared between network objects and geographic filter devices via the means of a separate remote service
  - 20. The method of claim 16, wherein the automated remote process is a threat feed.

15. A computer program product implementing the method of blocking incoming and outgoing network traffic from countries, geographic regions, and other entities associated with geographic regions, constituting a geographic filter, the method comprising:
- a. a Network device such as a server on which the method is embodied;
  
  b. Executing computer code for collecting geographic information in which IP address groups are associated with countries and with entities affiliated with countries;
  
  c. Executing computer code for utilizing security assertions that define network object access privileges for said countries;
  
  d. Executing computer code for redefining security assertions into a list of IP addresses that are used to enforce access control;
  
  e. Executing computer code for storing said list of IP addresses within a persistent memory structure;
  
  f. Executing computer code for examining IP network traffic, extracting IP addresses, and comparing the extracted IP addresses to a list of IP addresses and other information sources;
  
  g. Executing computer code to respond to network traffic based on the locating of an IP address within a table; and
  
  h. Executing computer code for Logging, Aggregating, and Displaying the operational attributes of a given geographic filter device and its peers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ioRhythm, Inc.
Original Assignee
ioRhythm, Inc.
Inventors
Stracener, Tom, Cain, Shelby, Kudla, Aaron, Luck, Marce

Granted Patent

US 8,584,226 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

G06F 2203/04806   Zoom, i.e. interaction tech...

G06F 3/0484   for the control of specific...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

H04L 63/107   wherein the security polici...

H04L 67/52   specially adapted for the l...

Method and apparatus for geographically regulating inbound and outbound network communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for geographically regulating inbound and outbound network communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links