Method and System for Digital Communication Security Using Computer Systems

US 20110131648A1
Filed: 11/30/2010
Published: 06/02/2011
Est. Priority Date: 11/30/2009
Status: Abandoned Application

First Claim

Patent Images

1. A system for network security, comprising:

a protected network comprising at least one protected server; and

a virtual network comprising at least one virtual server;

wherein the at least one virtual server is a ghost of the at least one protected server and is configured to;

receive a data packet;

run an inspection of the received data packet; and

send at least a portion of the inspected data packet to the protected network, in response to the data packet passing the inspection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are provided for network security. In one embodiment, the method may involve receiving a data packet (e.g. from a firewall). The method may involve running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion (e.g., servers(s) and/or application(s)) of a protected network. The method may involve sending the inspected data packet, or portion and/or modified version thereof, to the protected network, in response to the data packet passing the inspection within the virtual network. The method may also involve blocking passage of the data packet to the protected network, in response to the data packet failing the inspection.

Citations

20 Claims

1. A system for network security, comprising:
- a protected network comprising at least one protected server; and
  
  a virtual network comprising at least one virtual server;
  
  wherein the at least one virtual server is a ghost of the at least one protected server and is configured to;
  
  receive a data packet;
  
  run an inspection of the received data packet; and
  
  send at least a portion of the inspected data packet to the protected network, in response to the data packet passing the inspection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the virtual network is a virtual duplicate of the protected network.
  - 3. The system of claim 1, wherein the at least one virtual server receives the data packet from a firewall.
  - 4. The system of claim 1, wherein:
    - the at least one protected server comprises a protected application; and
      
      the at least one virtual server comprises at least one virtual application, the least one virtual application being a virtual duplicate of the protected application.
  - 5. The system of claim 4, wherein the at least one virtual server runs the inspection by applying at least one of a pre-application security utility and a post-application security utility.
  - 6. The system of claim 1, wherein the at least one virtual server blocks passage of the data packet to the protected network, in response to the data packet failing the inspection.
  - 7. The system of claim 1, wherein the portion comprises a modified version of the inspected data packet.

8. A method operable by a virtual entity in a network system, comprising:
- receiving a data packet;
  
  running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion of a protected network; and
  
  sending at least a portion of the inspected data packet to the protected network, in response to the data packet passing the inspection within the virtual network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the virtual entity comprises one of (a) the virtual network, (b) at least one virtual server of the virtual network, and (c) at least one virtual application of the at least one virtual server.
  - 10. The method of claim 8, wherein receiving comprises receiving the data packet from a firewall.
  - 11. The method of claim 8, wherein:
    - the protected network comprises at least one protected server;
      
      the at least one protected server comprises at least one protected application;
      
      the virtual network comprises at least one virtual server, the at least one virtual server being a ghost of the at least one protected server; and
      
      the at least one virtual server comprises at least one virtual application, the at least one virtual application being a virtual duplicate of the at least one protected application.
  - 12. The method of claim 11, wherein running the inspection comprises applying at least one of a pre-application security utility and a post-application security utility.
  - 13. The method of claim 8, further comprising blocking passage of the data packet to the protected network, in response to the data packet failing the inspection.
  - 14. The method of claim 8, wherein the portion comprises a modified version of the inspected data packet.

15. A computer program product, comprising:
- a computer-readable medium comprising code for causing a computer to;
  
  receive a data packet;
  
  run an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion of a protected network; and
  
  send at least a portion of the inspected data packet to the protected network, in response to the data packet passing the inspection within the virtual network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the computer-readable medium further comprises code for causing the computer to receive the data packet from a firewall.
  - 17. The computer program product of claim 15, wherein:
    - the protected network comprises at least one protected server;
      
      the at least one protected server comprises at least one protected application;
      
      the virtual network comprises at least one virtual server, the at least one virtual server being a ghost of the at least one protected server; and
      
      the at least one virtual server comprises at least one virtual application, the at least one virtual application being a virtual duplicate of the at least one protected application.
  - 18. The computer program product of claim 17, wherein the computer-readable medium further comprises code for causing the computer to apply at least one of a pre-application security utility and a post-application security utility.
  - 19. The computer program product of claim 15, wherein the computer-readable medium further comprises code for causing the computer to block passage of the data packet to the protected network, in response to the data packet failing the inspection.
  - 20. The computer program product of claim 15, wherein the portion comprises a modified version of the inspected data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Iwebgate Technology Limited (NetLinkz Ltd.)
Original Assignee
Iwebgate Technology Limited (NetLinkz Ltd.)
Inventors
Gargett, Charles Dunelm

Application Number

US12/957,042
Publication Number

US 20110131648A1
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/1408   by monitoring network traff...

H04L 63/1491   using deception as counterm...

Method and System for Digital Communication Security Using Computer Systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Digital Communication Security Using Computer Systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links