NETWORK SPLITTING DEVICE, SYSTEM AND METHOD USING VIRTUAL ENVIRONMENTS

US 20130003582A1
Filed: 03/03/2011
Published: 01/03/2013
Est. Priority Date: 03/05/2010
Status: Abandoned Application

First Claim

Patent Images

1. A network separation apparatus which allows a user terminal, connected to an internal network, to connect an external network, the apparatus comprising:

a packet transmission/reception unit configured to receive a packet generated in a virtual environment on the user terminal and transmit the packet either to the external network or the internal network;

a packet analysis unit configured to analyze the packet received from the packet transmission/reception unit; and

a packet processing unit configured to allow the packet to be transmitted to the external network or the internal network, separately, based on an analysis result of the packet from the packet analysis unit and a preset packet processing policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network separation apparatus allows a user terminal, connected to an internal network, to connect an external network. The network separation apparatus includes a packet transmission/reception unit to receive a packet generated in a virtual environment on the user terminal and transmit the packet either to the external network or the internal network. The apparatus also includes a packet analysis unit to analyze the packet received from the packet transmission/reception unit and a packet processing unit to allow the packet to be transmitted to the external network or the internal network, separately, based on an analysis result of the packet from the packet analysis unit and a preset packet processing policy.

Citations

14 Claims

1. A network separation apparatus which allows a user terminal, connected to an internal network, to connect an external network, the apparatus comprising:
- a packet transmission/reception unit configured to receive a packet generated in a virtual environment on the user terminal and transmit the packet either to the external network or the internal network;
  
  a packet analysis unit configured to analyze the packet received from the packet transmission/reception unit; and
  
  a packet processing unit configured to allow the packet to be transmitted to the external network or the internal network, separately, based on an analysis result of the packet from the packet analysis unit and a preset packet processing policy.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network separation apparatus of claim 1, wherein, if the packet processing policy is set to transmit a packet generated in the virtual environment only to the external network, the packet processing unit allows a packet destined for transmission to the external network and blocks a packet destined for transmission to the internal network.
  - 3. The network separation apparatus of claim 1, wherein the packet processing unit checks the destination IP address of the packet analyzed by the packet analysis unit, and if the destination IP address is an IP address representing the external network, transmits the packet to the external network.
  - 4. The network separation apparatus of claim 2, wherein the packet processing unit checks the destination IP address of the packet analyzed by the packet analysis unit, and if the destination IP address is an IP address representing the internal network, identifies the packet as attempting malicious access to the external network and blocks the access.
  - 5. The network separation apparatus of claim 1, wherein the packet is directly transmitted from the user terminal to the packet transmission/reception unit by tunneling.

6. A network separation system, the system comprising:
- a user terminal, connected to an internal network, configured to transmit a packet generated in a virtual environment via the internal network; and
  
  a network separation apparatus configured to analyze the packet received from the user terminal, and selectively transmitting the packet either to an external network or the internal network, separately, based on an analysis result and a preset packet processing policy.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The network separation system of claim 6, wherein the network separation apparatus comprises:
    - a packet analysis unit configured to analyze whether the packet received from the user terminal is a packet generated in the virtual environment; and
      
      a packet processing unit configured to selectively transmit the packet to the external network or the internal network, separately, based on the analysis result of the packet from the packet analysis unit and the preset packet processing policy.
  - 8. The network separation system of claim 6, wherein, if the packet processing policy is set to transmit a packet generated in the virtual environment only to the external network, the network separation apparatus checks the destination IP address of the analyzed packet, and if the IP address is an IP address representing the external network, the network separation apparatus transmits the packet to the external network.
  - 9. The network separation system of claim 6, wherein, if the packet processing policy is set to transmit a packet generated in the virtual environment only to the external network, the packet separation apparatus checks the destination IP address of the analyzed packet, and if the IP address is an IP address representing the internal network, the network separation apparatus identifies the packet as attempting malicious access to the internal network and blocks the packet.
  - 10. The network separation system of claim 6, wherein the user terminal directly transmits the packet generated in the virtual environment to the network separation apparatus by tunneling.

11. A method for network separation, the method comprising:
- generating a virtual environment when there is a need for a connection between a user terminal, connected to an internal network, and an external network;
  
  receiving a packet generated in the virtual environment;
  
  analyzing the received packet; and
  
  selectively transmitting the packet to either the external network or the internal network, separately, based on an analysis result of the packet and a preset packet processing policy.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein, if the packet processing policy is set to transmit a packet generated in the virtual environment only to the external network, said selectively transmitting the packet comprises allowing the packet destined for transmission to the external network and blocking the packet destined for transmission to the internal network.
  - 13. The method of claim 12, wherein said selectively transmitting the packet comprises checking the destination IP address of the packet to transmit the packet to the external network if the destination IP address is an IP address representing the external network, and identifying the packet as attempting malicious access to the external network and blocking the packet if the destination IP address is an IP address representing the internal network.
  - 14. The method of claim 11, wherein the packet is directly received from the user terminal by tunneling.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ahnlab Incorporated
Original Assignee
Ahnlab Incorporated
Inventors
Park, Heean, Kang, Kyung Wan, Kim, Kwang Tae

Application Number

US13/582,247
Publication Number

US 20130003582A1
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 69/22 Parsing or analysis of headers

NETWORK SPLITTING DEVICE, SYSTEM AND METHOD USING VIRTUAL ENVIRONMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SPLITTING DEVICE, SYSTEM AND METHOD USING VIRTUAL ENVIRONMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links