Transparent Provisioning of Network Access to an Application

US 20130263247A1
Filed: 03/08/2013
Published: 10/03/2013
Est. Priority Date: 06/23/2000
Status: Active Grant

First Claim

Patent Images

1. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:

interfacing with the network so as to be able to intercept any packet of the plurality of packets;

intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and

analyzing, with a processor, the intercepted packet and deleting the intercepted packet based on the analysis.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.

82 Citations

View as Search Results

51 Claims

1. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
- interfacing with the network so as to be able to intercept any packet of the plurality of packets;
  
  intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and
  
  analyzing, with a processor, the intercepted packet and deleting the intercepted packet based on the analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the analyzing comprises applying one or more rules to the intercepted packet to determine if the intercepted packet is malformed, andwherein the deleting comprises deleting the intercepted packet when the intercepted packet is determined to be malformed.
  - 3. The method of claim 1, further comprising:
    - detecting a security attack based on the analysis of the intercepted packet; and
      
      absorbing the detected security attack.
  - 4. The method of claim 1, wherein the analyzing comprises determining that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and determining whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination.
  - 5. The method of claim 1, wherein interfacing with the network comprises interfacing between the network and a first application network interface of a first application, the first application being provided by a first application service provider and operative to provide a first service via the network, the first application including the first application network interface capable of connecting the first application to the network, the network carrying the plurality of packets in a first format incompatible with the first application, the at least one intended destination being separate from the first application.
  - 6. The method of claim 5, further comprising evaluating each of the intercepted packets based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service.
  - 7. The method of claim 6, further comprising converting, independent of the first application and the first service provided thereby, the intercepted packet from the first format to a second format compatible with the first application and incompatible with the network, storing information representative thereof and providing the converted intercepted packet to the first application via the first application network interface to facilitate the performance of the first service with respect to the intercepted packet, if the intercepted packet is one of the specified first subset.
  - 8. The method of claim 6, further comprising forwarding the intercepted packet to the network if the intercepted packet is not one of the specified first subset.
  - 9. The method of claim 6, further comprising deleting the intercepted packet if the intercepted packet is not one of the specified first subset.
  - 10. The method of claim 1, wherein the intercepted portion of packets comprises a first intercepted packet and a second intercepted packet, andwherein the method further comprises:
    - storing data related to the first intercepted packet when the first intercepted packet is determined to be malformed; and
      
      deleting the second intercepted packet as a function of the stored data related to the first intercepted packet.
  - 11. The method of claim 10, wherein applying the one or more rules to the second intercepted packet comprises applying one or more rules comprising a function and an action to be taken to the second intercepted packet, the action to be taken comprising deleting the second intercepted packet, andwherein the function takes the stored data related to the first intercepted packet into account.
  - 12. The method of claim 1, wherein the one or more rules comprise a function and an action to be taken, the action to be taken comprising the deleting.
  - 13. The method of claim 12, wherein the function comprises comparing one or more portions of the intercepted packet with one or more predefined values, the determination of whether the intercepted packet is malformed being based on the comparing.

14. A system for transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
- a system network interface operative to interface with the network;
  
  a packet interceptor coupled with the system network interface and operative to intercept each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and
  
  a processor coupled with the packet interceptor and operative to detect a security attack based on the intercepted packet, and absorb the detected security attack, the detection comprising a determination that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and a determination whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The system of claim 14, wherein the processor is further operative to apply one or more rules to the intercepted packet to determine if the intercepted packet is malformed, and delete the intercepted packet when the intercepted packet is determined to be malformed.
  - 16. The system of claim 14, wherein the processor is further operative to absorb the detected security attack by responding to the intercepted packet or deleting the intercepted packet.
  - 17. The system of claim 14, wherein the system network interface is further operative to interface between the network and a first application network interface of a first application, the first application being provided by a first application service provider and operative to provide a first service via the network, the first application including the first application network interface operable to connect the first application to the network, the network carrying the plurality of packets in a first format incompatible with the first application, the at least one intended destination being separate from the first application.
  - 18. The system of claim 17, further comprising a packet evaluator coupled with the packet interceptor and operative to evaluate each of the intercepted packets based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service.
  - 19. The system of claim 18, further comprising a packet converter coupled with the packet evaluator and operative to convert, independent of the first application and the first service provided thereby, the intercepted packet from the first format to a second format compatible with the first application and incompatible with the network, store information representative thereof and provide the converted intercepted packet to the first application via the first application network interface to facilitate the performance of the first service with respect to the intercepted packet, if the intercepted packet is one of the specified first subset.
  - 20. The system of claim 18, further comprising a packet forwarder coupled with the packet evaluator and operative to forward the intercepted packet to the network if the intercepted packet is not one of the specified first subset.
  - 21. The system of claim 18, further comprising a packet remover coupled with the packet evaluator and operative to delete the intercepted packet if the intercepted packet is not one of the specified first subset.
  - 22. The system of claim 14, wherein the intercepted portion of packets comprises a first intercepted packet and a second intercepted packet, andwherein the processor is further operative to store data related to the first intercepted packet when the first intercepted packet is determined to be malformed, and delete the second intercepted packet as a function of the stored data related to the first intercepted packet when the second intercepted packet is determined to be malformed.
  - 23. The system of claim 22, wherein the processor is further operative to apply the one or more rules to the second intercepted packet, the one or more rules comprising a function and an action to be taken, the action to be taken comprising the deletion of the second intercepted packet, and the function taking the stored data related to the first intercepted packet into account.
  - 24. The system of claim 14, wherein the one or more rules comprise a function and an action to be taken, the action to be taken comprising the deletion.
  - 25. The system of claim 24, wherein the function comprises comparison of one or more portions of the intercepted packet with one or more predefined values, the determination of whether the intercepted packet is malformed being based on the comparison.

26. A method of transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the method comprising:
- interfacing with the network so as to be able to intercept any packet of the plurality of packets;
  
  intercepting each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination;
  
  analyzing the intercepted packet and absorbing the intercepted packet based on the analysis, the analyzing comprising determining that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and determining whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The method of claim 26, wherein the analyzing further comprises applying one or more rules to the intercepted packet to determine if the intercepted packet is malicious, andwherein the absorbing comprising deleting the intercepted packet when the intercepted packet is determined to be malicious.
  - 28. The method of claim 26, wherein the absorbing comprises responding to the intercepted packet or deleting the intercepted packet.
  - 29. The method of claim 26, wherein interfacing with the network comprises interfacing between the network and a first application network interface of a first application, the first application being provided by a first application service provider and operative to provide a first service via the network, the first application including the first application network interface capable of connecting the first application to the network, the network carrying the plurality of packets in a first format incompatible with the first application, the at least one intended destination being separate from the first application.
  - 30. The method of claim 29, further comprising evaluating each of the intercepted packets based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service.
  - 31. The method of claim 30, further comprising converting, independent of the first application and the first service provided thereby, the intercepted packet from the first format to a second format compatible with the first application and incompatible with the network, storing information representative thereof and providing the converted intercepted packet to the first application via the first application network interface to facilitate the performance of the first service with respect to the intercepted packet, if the intercepted packet is one of the specified first subset.
  - 32. The method of claim 30, further comprising forwarding the intercepted packet to the network if the intercepted packet is not one of the specified first subset.
  - 33. The method of claim 30, further comprising deleting the intercepted packet if the intercepted packet is not one of the specified first subset.
  - 34. The method of claim 26, wherein the intercepted portion of packets comprises a first intercepted packet and a second intercepted packet, andwherein the method further comprises:
    - storing data related to the first intercepted packet when the first intercepted packet is determined to be malicious; and
      
      deleting the second intercepted packet as a function of the stored data related to the first intercepted packet.
  - 35. The method of claim 34, wherein applying the one or more rules to the second intercepted packet comprises applying one or more rules comprising a function and an action to be taken to the second intercepted packet, the action to be taken comprising deleting the second intercepted packet, andwherein the function takes the stored data related to the first intercepted packet into account.
  - 36. The method of claim 26, further comprising determining an origin of the intercepted packet, the determining if the intercepted packet is malicious being based on the determined origin of the intercepted packet.
  - 37. The method of claim 26, wherein the one or more rules comprises a function and an action to be taken,wherein the function comprises comparing the intercepted packet to previously identified malicious data, andwherein the method further comprises receiving the previously identified malicious data from the at least one intended destination, a separate server, or the at least one intended destination and the separate server.

38. A system for transparently interfacing to a network, the network carrying a plurality of packets, each packet of the plurality of packets being transmitted, via the network, by a source to at least one intended destination intended by the source, each packet of the plurality of packets comprising routing data operative to cause the forwarding of the packet via the network towards the at least one intended destination, the system comprising:
- a system network interface operative to interface with the network;
  
  a packet interceptor coupled with the system network interface and operative to intercept each of at least a portion of the plurality of packets prior to a forwarding thereof toward the at least one intended destination; and
  
  a processor coupled with the packet interceptor and operative to detect a security attack based on the intercepted packet, and absorb the detected security attack.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 39. The system of claim 38, wherein the detection comprises a determination that the intercepted packet is one of a plurality of packets directed to the at least one intended destination, and a determination whether a capacity of the at least one intended destination or a capacity of an intermediary, located between the source and the at least one intended destination, is exceeded by a quantity of packets of the plurality of packets directed to the at least one intended destination.
  - 40. The system of claim 38, wherein the detection comprises an analysis of the intercepted packet to determine whether the packet is malicious, andwherein the absorption comprises deletion of the intercepted packet when the intercepted packet is determined to be malicious.
  - 41. The system of claim 38, wherein the processor is further operative to absorb the detected security attack by responding to the intercepted packet or deleting the intercepted packet.
  - 42. The system of claim 38, wherein the detection comprises application of one or more rules to the intercepted packet to determine if the intercepted packet is malicious, andwherein the absorption comprises deletion of the intercepted packet when the intercepted packet is determined to be malicious.
  - 43. The system of claim 38, wherein the system network interface is further operative to interface between the network and a first application network interface of a first application, the first application being provided by a first application service provider and operative to provide a first service via the network, the first application including the first application network interface operable to connect the first application to the network, the network carrying the plurality of packets in a first format incompatible with the first application, the at least one intended destination being separate from the first application.
  - 44. The system of claim 43, further comprising a packet evaluator coupled with the packet interceptor and operative to evaluate each of the intercepted packets based on a first specification of a first subset of the plurality of packets with respect to which the first application is to perform the first service.
  - 45. The system of claim 44, further comprising a packet converter coupled with the packet evaluator and operative to convert, independent of the first application and the first service provided thereby, the intercepted packet from the first format to a second format compatible with the first application and incompatible with the network, store information representative thereof and provide the converted intercepted packet to the first application via the first application network interface to facilitate the performance of the first service with respect to the intercepted packet, if the intercepted packet is one of the specified first subset.
  - 46. The system of claim 44, further comprising a packet forwarder coupled with the packet evaluator and operative to forward the intercepted packet to the network if the intercepted packet is not one of the specified first subset.
  - 47. The system of claim 44, further comprising a packet remover coupled with the packet evaluator and operative to delete the intercepted packet if the intercepted packet is not one of the specified first subset.
  - 48. The system of claim 38, wherein the intercepted portion of packets comprises a first intercepted packet and a second intercepted packet, andwherein the processor is further operative to store data related to the first intercepted packet when the first intercepted packet is determined to be malicious, and delete the second intercepted packet as a function of the stored data related to the first intercepted packet.
  - 49. The system of claim 48, wherein the processor is further operative to apply the one or more rules to the second intercepted packet, the one or more rules comprising a function and an action to be taken, the action to be taken comprising the deletion of the second intercepted packet, and the function taking the stored data related to the first intercepted packet into account.
  - 50. The system of claim 38, wherein the processor is further operative to determine an origin of the intercepted packet, the determination of whether the intercepted packet is malicious being based on the determined origin of the intercepted packet.
  - 51. The system of claim 38, wherein the one or more rules comprise a function and an action to be taken,wherein the function comprises comparing the intercepted packet to previously identified malicious data, andwherein the processor is further operative to receive the previously identified malicious data from the at least one intended destination, a separate server, or the at least one intended destination and the separate server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookingglass Cyber Solutions, LLC
Original Assignee
Lookingglass Cyber Solutions, LLC
Inventors
Jungck, Peder J., Drown, Matthew Donald, Goller, Sean M.

Granted Patent

US 9,537,824 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 12/2836   Protocol conversion between...

H04L 41/0213   Standardised network manage...

H04L 41/5054   Automatic deployment of ser...

H04L 61/4511   using domain name system [DNS]

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/1458   Denial of Service

H04L 65/60   Network streaming of media ...

H04L 67/565   Conversion or adaptation of...

H04L 69/08   Protocols for interworking;...

H04L 69/169   Special adaptations of TCP,...

H04L 69/18   Multiprotocol handlers, e.g...

Transparent Provisioning of Network Access to an Application

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Transparent Provisioning of Network Access to an Application

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links