Intelligent Network Security Resource Deployment System

US 20110209215A1
Filed: 02/22/2010
Published: 08/25/2011
Est. Priority Date: 02/22/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

(A) at a network traffic receiving subsystem;

(A)(1) receiving first network traffic;

(A)(2) identifying a first source of the first network traffic;

(A)(3) requesting a first present trust level of the first source from a present trust subsystem;

(A)(4) receiving the first present trust level of the first source from the present trust subsystem;

(A)(5) determining whether to provide the first network traffic to an intrusion prevention subsystem based on the first present trust level of the first source; and

(A)(6) providing the first network traffic to the intrusion prevention subsystem if it is determined that the first network traffic should be provided to the intrusion prevention subsystem.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic communication network includes a connectivity subsystem and security scanning resources. The connectivity subsystem checks the present trust level of the source of received traffic to determine if security scanning resources are to be used and how to use the security scanning resources.

10 Citations

View as Search Results

61 Claims

1. A method comprising:
- (A) at a network traffic receiving subsystem;
  
  (A)(1) receiving first network traffic;
  
  (A)(2) identifying a first source of the first network traffic;
  
  (A)(3) requesting a first present trust level of the first source from a present trust subsystem;
  
  (A)(4) receiving the first present trust level of the first source from the present trust subsystem;
  
  (A)(5) determining whether to provide the first network traffic to an intrusion prevention subsystem based on the first present trust level of the first source; and
  
  (A)(6) providing the first network traffic to the intrusion prevention subsystem if it is determined that the first network traffic should be provided to the intrusion prevention subsystem.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the network traffic receiving subsystem and the present trust subsystem are implemented in one subsystem.
  - 3. The method of claim 1, wherein the network traffic receiving subsystem and the present trust subsystem are implemented in a plurality of subsystems.
  - 4. The method of claim 1, wherein (A) further comprises:
    - (A)(7) receiving second network traffic;
      
      (A)(8) identifying a second source of the second network traffic, wherein the second source is the same as the first source;
      
      (A)(9) requesting a second present trust level of the second source from the present trust subsystem;
      
      (A)(10) receiving the second present trust level of the second source from the present trust subsystem, wherein the second present trust level differs from the first present trust level;
      
      (A)(11) determining whether to provide the second network traffic to the intrusion prevention subsystem based on the second present trust level of the first source; and
      
      (A)(12) providing the second network traffic to the intrusion present subsystem if it is determined that the second network traffic should be provided to the intrusion prevention subsystem.
  - 5. The method of claim 4, wherein (A)(5) comprises determining not to provide the first network traffic to the intrusion prevention subsystem, and wherein (A)(11) comprises determining to provide the second network traffic to the intrusion prevention subsystem.
  - 6. The method of claim 4, wherein (A)(5) comprises determining to provide the first network traffic to the intrusion prevention subsystem, and wherein (A)(11) comprises determining not to provide the second network traffic to the intrusion prevention subsystem.

10. A method comprising:
- (A) receiving, from a network traffic receiving subsystem, a first request for a first present trust level of a first source of first network traffic;
  
  (B) determining the first present trust level of the first source based on an identifier of the first source and a first policy associated with the first source; and
  
  (C) sending, to the network traffic receiving subsystem, a response specifying the first present trust level of the first network source.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 11. The method of claim 10, wherein (B) comprises determining the first present trust level based on the identifier, the first policy, and data descriptive of other network traffic received from the first source.
  - 12. The method of claim 10, wherein (B) comprises determining the first present trust level based on the identifier, the first policy, and a location of a network connection of the first source.
  - 13. The method of claim 10, wherein (B) comprises determining the first present trust level based on the identifier, the first policy, and information about a device used by the first source to access the network traffic receiving subsystem.
  - 14. The method of claim 13, wherein information about the device comprises a recent history of applications executed on the device.
  - 15. The method of claim 13, wherein (A) comprises receiving the request over a network from a switch.
  - 16. The method of claim 13, wherein (B) comprises determining the first present trust level using computer program instructions tangibly stored on a computer-readable medium and executed by at least one computer processor.
  - 17. The method of claim 13, wherein (A) comprises receiving the request at a present trust engine, wherein the network traffic receiving subsystem and the present trust engine are contained within a single hardware enclosure.
  - 18. The method of claim 17, wherein the network traffic receiving subsystem and the present trust engine are implemented on a single chip.
  - 19. The method of claim 13, wherein (B) comprises determining the first present trust level using at least one logic circuit contained with the single hardware enclosure.
  - 20. The method of claim 13, wherein information about the device comprises network traffic transmitted from or received by the device.
  - 21. The method of claim 13, wherein information about the device comprises a history of network connection locations at which the device connected to the network traffic receiving subsystem.
  - 22. The method of claim 10, wherein (B) comprises reading the first policy from a first policy object associated with the first source, and wherein (B) further comprises writing the first present trust level to the first policy object.
  - 23. The method of claim 10, wherein (B) comprises reading the first policy from a first policy object associated with the first source, and wherein (B) further comprises writing a second policy to the first policy object.
  - 24. The method of claim 23, wherein writing the second policy comprises:
    - selecting the second policy based on the first present trust level; and
      
      writing the second policy to the first policy object.
  - 25. The method of claim 23, wherein writing the second policy comprises replacing the first policy with the second policy in the first policy object.
  - 26. The method of claim 10:
    - wherein (B) comprises reading, from the first policy object, data descriptive of other network traffic received from the first source, and determining the first present trust level based on the identifier, the first policy, and the data descriptive of other network traffic; and
      
      wherein (B) further comprises updating the data descriptive of other network traffic based on the first network traffic.
  - 27. The method of claim 10, wherein (B) comprises:
    - (B)(1) identifying an original present trust level of the first source;
      
      (B)(2) performing a check, specified by the first policy, on the first source;
      
      (B)(3) determining, based on whether the first source passed the check, whether to modify the original present trust level of the first source;
      
      (B)(4) if it is determined that the original present trust level of the first source should be modified, then;
      
      (B)(4)(a) assigning a new present trust level to the first source; and
      
      (B)(4)(b) determining that the first present trust level of the first source is the new present trust level;
      
      (B)(5) if it is not determined that the original present trust level of the first source should be modified, then;
      
      (B)(5)(a) determining that the original present trust level of the first source is the first present trust level of the first source.
  - 28. The method of claim 27, wherein the new present trust level is a more trusted trust level than the original present trust level.
  - 29. The method of claim 27, wherein the new present trust level is a less trusted trust level than the original present trust level.
  - 30. The method of claim 27, wherein (B)(3) comprises:
    - (B)(3)(a) if it is determined that the first source did not pass the check, then determining whether to modify the original present trust level of the first source based on a reason that the first source did not pass the check.
  - 31. The method of claim 30, wherein (B)(4)(a) comprises:
    - assigning to the first source a first new present trust level that is less trusted than the original present trust level if the reason indicates a low-severity failure; and
      
      assigning to the first source a second new present trust level that is less trusted than the first new present trust level if the reason indicates a high-severity failure.

32. A method comprising:
- (A) receiving, from a network traffic receiving subsystem, a first request for a first present trust level of a first source of first network traffic;
  
  (B) determining the first present trust level of the first source based on an identifier of the first source and at least one of;
  
  other network traffic received from the first source;
  
  a location of a network connection of the first source; and
  
  an application associated with the first source;
  
  (C) sending, to the network traffic receiving subsystem, a response specifying the first present trust level of the first network source.

33. A system comprising:
- a network traffic receiving subsystem comprising;
  
  network traffic reception means for receiving first network traffic;
  
  first source identification means for identifying a first source of the first network traffic;
  
  first trust level request means for requesting a first present trust level of the first source from a present trust subsystem;
  
  first trust level reception means for receiving the first present trust level of the first source from the present trust subsystem;
  
  first determination means for determining whether to provide the first network traffic to an intrusion prevention subsystem based on the first present trust level of the first source; and
  
  first traffic provision means for providing the first network traffic to the intrusion prevention subsystem if it is determined that the first network traffic should be provided to the intrusion prevention subsystem.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The system of claim 33, further comprising the present trust subsystem.
  - 35. The system of claim 33, wherein the network traffic receiving subsystem further comprises:
    - second network traffic reception means for receiving second network traffic;
      
      second source identification means for identifying a second source of the second network traffic, wherein the second source is the same as the first source;
      
      second trust level request means for requesting a second present trust level of the second source from the present trust subsystem;
      
      second trust level reception means for receiving the second present trust level of the second source from the present trust subsystem, wherein the second present trust level differs from the first present trust level;
      
      second determination means for determining whether to provide the second network traffic to the intrusion prevention subsystem based on the second present trust level of the first source; and
      
      second traffic provision means for providing the second network traffic to the intrusion present subsystem if it is determined that the second network traffic should be provided to the intrusion prevention subsystem.
  - 36. The system of claim 35, wherein the first determination means comprises means for determining not to provide the first network traffic to the intrusion prevention subsystem, and wherein the second determination means comprises means for determining to provide the second network traffic to the intrusion prevention subsystem.
  - 37. The system of claim 35, wherein the first determination means comprises means for determining to provide the first network traffic to the intrusion prevention subsystem, and wherein the second determination means comprises means for determining not to provide the second network traffic to the intrusion prevention subsystem.

38. A present trust engine comprising:
- first network traffic reception means for receiving, from a network traffic receiving subsystem, a first request for a first present trust level of a first source of first network traffic;
  
  a present policy manager to use present policy logic to determine the first present trust level of the first source based on an identifier of the first source and a first policy associated with the first source; and
  
  first response means for sending, to the network traffic receiving subsystem, a response specifying the first present trust level of the first network source.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 39. The present trust engine of claim 38, wherein the present policy logic comprises logic to determine the first present trust level based on the identifier, the first policy, and data descriptive of other network traffic received from the first source.
  - 40. The present trust engine of claim 38, wherein the present policy logic comprises logic to determine the first present trust level based on the identifier, the first policy, and a location of a network connection of the first source.
  - 41. The present trust engine of claim 38, wherein the present policy logic comprises logic to determine the first present trust level based on the identifier, the first policy, and information about a device used by the first source to access the network traffic receiving subsystem.
  - 42. The present trust engine of claim 38, wherein information about the device comprises a recent history of applications executed on the device.
  - 43. The present trust engine of claim 38, wherein the means for receiving comprises means for receiving the request over a network from a switch.
  - 44. The present trust engine of claim 38, wherein the present policy logic comprises computer program instructions tangibly stored on a computer-readable medium and executed by at least one computer processor.
  - 45. The present trust engine of claim 38, further comprising the network traffic receiving subsystem, and wherein the network traffic receiving subsystem and the present trust engine are contained within a single hardware enclosure.
  - 46. The present trust engine of claim 45, further comprising the network traffic receiving subsystem, and wherein the network traffic receiving subsystem and the present trust engine are implemented on a single chip.
  - 47. The present trust engine of claim 38, wherein the present policy manager comprises at least one logic circuit contained with the single hardware enclosure.
  - 48. The present trust engine of claim 38, wherein information about the device comprises network traffic transmitted from or received by the device.
  - 49. The present trust engine of claim 38, wherein information about the device comprises a history of network connection locations at which the device connected to the network traffic receiving subsystem.
  - 50. The present trust engine of claim 38, wherein the present policy manager comprises a first policy object, means for reading the first policy from the first policy object associated with the first source, and means for writing the first present trust level to the first policy object.
  - 51. The present trust engine of claim 38, wherein the present policy manager comprises a first policy object, means for reading the first policy from a first policy object associated with the first source, and means for writing a second policy to the first policy object.
  - 52. The present trust engine of claim 51, wherein the means for writing the second policy comprises:
    - means for selecting the second policy based on the first present trust level; and
      
      means for writing the second policy to the first policy object.
  - 53. The present trust engine of claim 51, wherein the means for writing the second policy comprises means for replacing the first policy with the second policy in the first policy object.
  - 54. The present trust engine of claim 38, wherein the present policy manager comprises:
    - a first policy object;
      
      means for reading from the first policy object data descriptive of other network traffic received from the first source;
      
      and means for determining the first present trust level based on the identifier, the first policy, and the data descriptive of other network traffic; and
      
      means for updating the data descriptive of other network traffic based on the first network traffic.
  - 55. The present trust engine of claim 38, wherein the present policy logic comprises:
    - logic to identify an original present trust level of the first source;
      
      logic to perform a check, specified by the first policy, on the first source;
      
      logic to determine, based on whether the first source passed the check, whether to modify the original present trust level of the first source;
      
      logic to assign a new present level trust to the first source and to determine that the first present trust level of the first source is the new present trust level if it is determined that the original present trust level of the first source should be modified; and
      
      logic to determine that the original present trust level of the first source is the first present trust level of the first source if it is not determined that the original present trust level of the first source should be modified.
  - 56. The present trust engine of claim 55, wherein the new present trust level is a more trusted trust level than the original present trust level.
  - 57. The present trust engine of claim 55, wherein the new present trust level is a less trusted trust level than the original present trust level.
  - 58. The present trust engine of claim 55, wherein the logic to determine whether to modify the original present trust level comprises logic to determine whether to modify the original present trust level of the first source based on a reason that the first source did not pass the check if it is determined that the first source did not pass the check.
  - 59. The present trust engine of claim 58, wherein the logic to assign a new present trust level comprises:
    - logic to assign to the first source a first new present trust level that is less trusted than the original present trust level if the reason indicates a low-severity failure; and
      
      logic to assign to the first source a second new present trust level that is less trusted than the first new present trust level if the reason indicates a high-severity failure.

60. A method comprising:
- (A) receiving, from a network traffic receiving subsystem, a first request for a first present trust level of a first source of first network traffic;
  
  (B) determining the first present trust level of the first source based on an identifier of the first source and at least one of;
  
  other network traffic received from the first source;
  
  a location of a network connection of the first source; and
  
  an application associated with the first source;
  
  (C) sending, to the network traffic receiving subsystem, a response specifying the first present trust level of the first network source.

61. A system comprising:
- first network traffic reception means for receiving, from a network traffic receiving subsystem, a first request for a first present trust level of a first source of first network traffic;
  
  a present policy manager to use present policy logic to determine the first present trust level of the first source based on an identifier of the first source and at least one of;
  
  other network traffic received from the first source;
  
  a location of a network connection of the first source; and
  
  an application associated with the first source;
  
  first response means for sending, to the network traffic receiving subsystem, a response specifying the first present trust level of the first network source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Kabbara, Hazem

Application Number

US12/710,223
Publication Number

US 20110209215A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/105 Multiple levels of security

H04L 63/1425 Traffic logging, e.g. anoma...

Intelligent Network Security Resource Deployment System

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

61 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent Network Security Resource Deployment System

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

61 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links