Reputation Based Load Balancing

US 20080178259A1
Filed: 01/24/2007
Published: 07/24/2008
Est. Priority Date: 01/24/2007
Status: Active Grant

First Claim

Patent Images

1. A reputation based network security system, the system comprising:

a communications interface operable to receive incoming and outgoing communications associated with a network;

a communication analyzer operable to derive an external entity associated with a communication;

a reputation engine operable to derive a reputation vector associated with the external entity, the reputation vector comprising an aggregation of reputable and non-reputable criteria in a plurality of categories comprising different types of communications;

a security engine operable to receive the reputation vector and to send the communication to one or more of a plurality of interrogation engines, wherein the security engine is operable to determine to which of the plurality of interrogation engines to send the communication based upon the reputation vector.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for operation upon one or more data processors for efficiently processing communications based upon reputation of an entity associated with the communication.

147 Citations

View as Search Results

21 Claims

1. A reputation based network security system, the system comprising:
- a communications interface operable to receive incoming and outgoing communications associated with a network;
  
  a communication analyzer operable to derive an external entity associated with a communication;
  
  a reputation engine operable to derive a reputation vector associated with the external entity, the reputation vector comprising an aggregation of reputable and non-reputable criteria in a plurality of categories comprising different types of communications;
  
  a security engine operable to receive the reputation vector and to send the communication to one or more of a plurality of interrogation engines, wherein the security engine is operable to determine to which of the plurality of interrogation engines to send the communication based upon the reputation vector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the security engine is operable to avoid sending the communication to an unwarranted interrogation engine where the reputation vector does not indicate that the external entity has a reputation for participating in activity identified by the unwarranted interrogation engine.
  - 3. The system of claim 1, wherein each of the one or more interrogation engines include a plurality of instances of the interrogation engine.
  - 4. The system of claim 3, wherein upon selection of an interrogation engine, the security engine can select a chosen instance of the interrogation engine, wherein the chosen instance of the interrogation engine is selected based upon the capacity of the chosen instance of the interrogation engine.
  - 5. The system of claim 1, wherein the security engine is operable to assign a high priority to the communication in an interrogation queue associated with the plurality of interrogation engines if the external entity is a reputable entity and to assign a low priority to the communication in the interrogation queue if the external entity is a disreputable entity.
  - 6. The system of claim 5, wherein quality of service is maximized for reputable entities, while quality of service is minimized for non-reputable entities.
  - 7. The system of claim 1, wherein each of the one or more interrogation engines comprise a plurality of instances of the interrogation engine, the instances of the interrogation engine being operable to reside on an edge protection device or an enterprise client device.
  - 8. The system of claim 1, wherein the reputation engine is a reputation server operable to provide reputation information to a plurality of edge protection devices and client devices.

9. A reputation based network security system, the system comprising:
- a communications interface operable to receive incoming and outgoing communications associated with a network;
  
  a communication analyzer operable to derive an external entity associated with a communication;
  
  a reputation engine operable to derive a reputation associated with the external entity, the reputation comprising an aggregation of reputable and non-reputable criteria associated with the external entity;
  
  a security engine operable assign priority information to a communication, wherein the security engine is operable to receive the reputation and assign a high priority to communications where the external entity is a reputable entity and to assign a low priority to communications where the external entity is a non-reputable entity, whereby the priority information is used by one or more interrogation engines to improve quality of service for reputable entities.

10. A computer implemented method operable to efficiently process communications based on a reputation associated with an external entity, comprising:
- receiving a communication associated with an external entity based upon origination or destination information associated with the communication;
  
  identifying the external entity associated with the received communication;
  
  deriving a reputation associated with the external entity based upon reputable and non-reputable criteria associated with the external entity;
  
  assigning a priority to the communication based upon the derived reputation associated with the external entity;
  
  executing one or more tests on the communication based upon the priority assigned to the communication.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, further comprising maximizing quality of service for messages that are assigned a high priority.
  - 12. The method of claim 10, wherein the derived reputation is a reputation vector, the reputation vector communicating the reputation associated with the external entity in a plurality of categories.
  - 13. The method of claim 12, further comprising bypassing any of said one or more tests if the reputation vector associated with the communication indicates that the external entity is a reputable entity with regard to the criteria tested by the bypassed test.
  - 14. The method of claim 10, wherein each of the one or more tests include a plurality of engines operable to perform said one or more tests.
  - 15. The method of claim 14, wherein the security engine is operable to distribute testing of communications including the received communication evenly across the plurality of engines based upon the capacity of the engines.
  - 16. The method of claim 10, wherein said one or more tests are executed by a plurality of engines operable to perform the test, the engines being operable to reside on an edge protection device or an enterprise client device.
  - 17. The method of claim 10, wherein the reputation is retrieved from a reputation server operable to provide reputation information to a plurality of edge protection devices and client devices.
  - 18. The method of claim 10, wherein the reputation is retrieved from a local reputation engine.

19. A computer implemented method operable to efficiently process communications based on a reputation associated with an external entity, comprising:
- receiving a communication associated with an external entity based upon origination or destination information associated with the communication;
  
  identifying the external entity associated with the received hypertext transfer protocol communication;
  
  deriving a reputation associated with the external entity based upon reputable and non-reputable criteria associated with the external entity;
  
  assigning the communication to one or more interrogation engines selected from among a plurality of interrogation engines, the selection of the one or more interrogation engines being based upon the derived reputation associated with the external entity and capacity of the interrogation engines; and
  
  executing said one or more interrogation engines on the communication.

20. One or more computer readable media having software program code operable to efficiently process communications based upon reputation of external entities associated with the communications, comprising:
- receiving a communication associated with an external entity based upon origination or destination information associated with the communication;
  
  identifying the external entity associated with the received hypertext transfer protocol communication;
  
  deriving a reputation associated with the external entity based upon reputable and non-reputable criteria associated with the external entity;
  
  assigning a priority to the communication based upon the derived reputation associated with the external entity;
  
  executing one or more tests on the communication based upon the priority assigned to the communication.

21. A computer implemented method operable to process communications based upon a reputation associated with an external entity, comprising:
- receiving a communication associated with an external entity based upon origination or destination information associated with the communication;
  
  identifying the external entity associated with the received communication;
  
  deriving a reputation associated with the external entity based upon reputable and non-reputable criteria associated with the external entity;
  
  assigning a processing path to the communication based upon the derived reputation associated with the external entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Krasser, Sven, Alperovitch, Dmitri, Judge, Paul, Willis, Lamar Lorenzo

Granted Patent

US 7,779,156 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06Q 30/0633   Lists, e.g. purchase orders...

H04L 63/104   Grouping of entities

H04L 63/1408   by monitoring network traff...

Reputation Based Load Balancing

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation Based Load Balancing

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links