TRUSTED NETWORK INTERFACE

US 20090300353A1
Filed: 04/28/2009
Published: 12/03/2009
Est. Priority Date: 04/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances:

receiving, at a management system, warrant information identifying a network security appliance to execute one or more actions specified in the warrant information;

generating a control command instructing the network security appliance identified in the warrant information to execute the one or more actions specified in the warrant information;

digitally signing the control command with a digital certificate associated with the management system;

encrypting the digitally signed control command;

transmitting the digitally signed and encrypted control command to the network security appliance identified in the warrant information; and

receiving confirmation from the network security appliance that the one or more actions specified in the warrant information have been executed.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances.

Citations

22 Claims

1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances:
- receiving, at a management system, warrant information identifying a network security appliance to execute one or more actions specified in the warrant information;
  
  generating a control command instructing the network security appliance identified in the warrant information to execute the one or more actions specified in the warrant information;
  
  digitally signing the control command with a digital certificate associated with the management system;
  
  encrypting the digitally signed control command;
  
  transmitting the digitally signed and encrypted control command to the network security appliance identified in the warrant information; and
  
  receiving confirmation from the network security appliance that the one or more actions specified in the warrant information have been executed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the warrant information received at the management system is digitally signed and encrypted by a judicial control system.
  - 3. The method of claim 2 further comprising,receiving, at the judicial control system, an audit request from a public audit system;
    - andin response to the audit request, providing audit information including the status of the warrant to the public audit system
  - 4. The method of claim 3 wherein the audit request is digitally signed and encrypted by the public audit system, and wherein the audit information is digitally signed and encrypted by the judicial control system.
  - 5. The method of claim 1 wherein the network security appliance is interposed between a computer system and a public network, and wherein all network traffic between the computer system and the public network passes through the network security appliance.
  - 6. The method of claim 1 wherein the warrant information specifies an identifier associated with the network security device that uniquely identifies the network security device.
  - 7. The method of claim 6 wherein the identifier associated with the network security device is an internet protocol (IP) address of the computer system associated with the network security appliance.
  - 8. The method of claim 1 wherein the one or more actions specified in the warrant information includes providing data traffic information gathered by the security appliance to the management system.
  - 9. The method of claim 1 wherein the one or more actions specified in the warrant information includes providing a copy of data traffic passing through the security appliance to the management system.
  - 10. The method of claim 1 wherein the one or more actions specified in the warrant information includes performing one or more defensive actions.
  - 11. The method of claim 1 wherein the one or more actions specified in the warrant information includes performing one or more defensive actions.

12. A computer network comprising:
- a plurality of network security appliances, each network security appliance being interposed between a computer system and a public network;
  
  a management system configured to transmit control commands to the plurality of network security appliances via a public network;
  
  a judicial control system configured to receive warrant information identifying a network security appliance to execute one or more actions specified in the warrant information;
  
  wherein the judicial control system is configured to transmit the warrant information to the management system;
  
  wherein the management system is configured to transmit a control command to a network security appliance identified in the warrant information received from the judicial control system, the control command instructing the network security appliance to execute the one or more actions specified in the warrant information; and
  
  wherein the management system is configured to receive confirmation from the network security appliance that the one or more actions specified in the warrant information have been executed.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer network of claim 12 wherein the judicial control system is configured to digitally signed and encrypted the warrant information before transmitting the warrant information to the management system.
  - 14. The computer network of claim 12 further comprising:
    - a public audit system configured to transmit an audit request to the judicial control system; and
      
      wherein the judicial control system is configured to receive the audit request from the public audit system and to provide audit information including the status of the warrant to the public audit system in response to the audit request.
  - 15. The method of claim 14 wherein the audit request is digitally signed and encrypted by the public audit system, and wherein the audit information is digitally signed and encrypted by the judicial control system.
  - 16. The computer network of claim 12 wherein the network security appliance is interposed between a computer system and a public network, and wherein all network traffic between the computer system and the public network passes through the network security appliance.
  - 17. The computer network of claim 12 wherein the warrant information specifies an identifier associated with the network security device that uniquely identifies the network security device.
  - 18. The computer network of claim 17 wherein the identifier associated with the network security device is an internet protocol (IP) address of the computer system associated with the network security appliance.
  - 19. The computer network of claim 12 wherein the one or more actions specified in the warrant information includes providing data traffic information gathered by the security appliance to the management system.
  - 20. The computer network of claim 12 wherein the one or more actions specified in the warrant information includes providing a copy of data traffic passing through the security appliance to the management system.
  - 21. The computer network of claim 12 wherein the one or more actions specified in the warrant information includes performing one or more defensive actions.
  - 22. The computer network of claim 12 wherein the one or more actions specified in the warrant information includes performing one or more defensive actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Hart, Steven R.

Granted Patent

US 8,627,060 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2463/144   Detection or countermeasure...

H04L 43/00   Arrangements for monitoring...

H04L 63/0218   Distributed architectures, ...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

TRUSTED NETWORK INTERFACE

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED NETWORK INTERFACE

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links