Dynamic security shielding through a network resource

US 20080263654A1
Filed: 04/17/2007
Published: 10/23/2008
Est. Priority Date: 04/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented services system, comprising:

a detection component of a host device for detecting a need for a service; and

a routing component for dynamically routing host traffic to a remote component to obtain the service based on the need or host policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture for facilitating access of remote system software functionality by a host machine for the redirection of incoming and/or outgoing host traffic through the remote system for protection services to the host machine. The host machine can gain the benefits of effective protection software such as firewall, intrusion protection software, and anti-malware services, of the remote machine. The host machine can choose to exercise traffic redirection when there is a risk of being compromised, and then revert back to direct communications when the risk has been averted. The host machine takes advantage of the resources available on the remote machine in substantially realtime with minimal disruption to the host and/or the remote machine operations. This facilitates widespread and temporary protection of network systems for a more secure working environment and improved customer experience.

52 Citations

View as Search Results

20 Claims

1. A computer-implemented services system, comprising:
- a detection component of a host device for detecting a need for a service; and
  
  a routing component for dynamically routing host traffic to a remote component to obtain the service based on the need or host policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the service is a protection service and the remote component is a fixed security proxy server.
  - 3. The system of claim 1, wherein the remote component is a remote device that hosts the service and the remote device is elected and configured to act as proxy server to provide the service for the host traffic.
  - 4. The system of claim 1, wherein the routing component generates a virtual private network (VPN) connection to the remote component to obtain the service.
  - 5. The system of claim 1, wherein the need detected by the detection component is associated with receipt of at least one of a risk beacon, pulled or pushed configuration information, or an auto-generated trigger based on machine-awareness of a lack of software associated with the service.
  - 6. The system of claim 1, wherein the need is associated with at least one of a firewall service, an intrusion protection service, or an anti-malware service.
  - 7. The system of claim 1, further comprising a selection component for selecting which system of a plurality of remote systems to route the host traffic.
  - 8. The system of claim 1, wherein the routing component routes the host traffic directly to the host device without routing the traffic through the remote component.
  - 9. The system of claim 1, wherein the host device initiates indirect communications of the host traffic by forming a VPN to the remote component via which the host traffic is routed to and from the remote component by the routing component.
  - 10. The system of claim 1, wherein the host device reverts back to direct communications of the host traffic by re-registering a non-VPN address or acquiring a new address.
  - 11. The system of claim 1, wherein the remote component is a wireless device elected to serve as a proxy for the service based on at least one of device service data or capabilities data.

12. A computer-implemented method of providing services, comprising acts of:
- receiving a signal at a client associated with a need for a protection service;
  
  detecting available remote resources of a wireless network for the service;
  
  selecting a first resource of the available remote resources;
  
  routing client traffic to the first resource over the wireless network; and
  
  processing the client traffic through the service to protect the client.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising dynamically performing at least one of the acts of detecting, selecting, or routing.
  - 14. The method of claim 12, further comprising initiating communications to the first resource by acts of:
    - forming a VPN between the client and the first resource; and
      
      deprecating old non-VPN addresses on local network interfaces.
  - 15. The method of claim 12, further comprising initiating communications to the first resource by acts of:
    - deregistering non-VPN addresses from a domain name server (DNS); and
      
      deleting old non-VPN, non-static, addresses when the non-VPN addresses become inactive.
  - 16. The method of claim 12, further comprising reverting back to direct communications by one or more acts of:
    - re-registering an unexpired non-VPN address in a DNS or acquiring a new non-VPN address;
      
      deprecating the acquired new VPN address to prevent a new connection from being formed on the first resource, which is a VPN server; and
      
      terminating the VPN when no new connection is active over the VPN.
  - 17. The method of claim 12, wherein the client is one of a plurality of wireless clients, which one or more of the plurality of wireless clients is detected as the remote resources based on advertisement of an ad-hoc network by the one or more of the plurality of wireless clients.
  - 18. The method of claim 12, wherein the first resource disconnects from the wireless network, which is an ad-hoc network, and reconnects as an access point-network address translation device.
  - 19. The method of claim 18, wherein the client deprecates and deletes an address used for direct communications.

20. A computer-implemented system, comprising:
- computer-implemented means for receiving a signal at a client associated with a need for a protection service;
  
  computer-implemented means for detecting available remote resources for the service;
  
  computer-implemented means for selecting a first resource of the available remote resources;
  
  computer-implemented means for routing client traffic to the first resource; and
  
  computer-implemented means for processing the client traffic through the service to protect the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dadhia, Rajesh K., Bahl, Pradeep

Granted Patent

US 8,079,074 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 61/2503   Translation of Internet pro...

H04L 61/5014   using dynamic host configur...

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 67/563   Data redirection of data ne...

Dynamic security shielding through a network resource

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security shielding through a network resource

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links