CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS

US 20150180830A1
Filed: 10/10/2014
Published: 06/25/2015
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A network management system comprising:

an interface configured to access network information from a trusted network, and configured to access network information from an untrusted network;

a data fuser configured to fuse the network information from the trusted network with the network information from the untrusted network to form fused network information; and

a visualizer configured to generate a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

10 Citations

View as Search Results

20 Claims

1. A network management system comprising:
- an interface configured to access network information from a trusted network, and configured to access network information from an untrusted network;
  
  a data fuser configured to fuse the network information from the trusted network with the network information from the untrusted network to form fused network information; and
  
  a visualizer configured to generate a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network management system of claim 1, wherein the data fuser is configured to fuse the network information from the trusted network with the network information from the untrusted network by correlating one or more data flows in the trusted network to one or more encrypted data tunnels in the untrusted network.
  - 3. The network management system of claim 2, wherein the data fuser is configured to correlate the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network by comparing destination addresses of the one or more data flows in the trusted network with origination addresses of the one or more encrypted tunnels in the untrusted network.
  - 4. The network management system of claim 2, wherein the visualizer is configured to generate the cross-domain network topology to depict at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network.
  - 5. The network management system of claim 1, wherein the visualizer is further configured to generate the cross-domain topology to show one or more of a topology of network elements in the untrusted network and the trusted network, a position for one or more of the network elements, a status of one or more links coupled to the network element, an amount of traffic at each of the network elements, a link bandwidth between the network elements, a priority of data flows traversing the network elements, a number of data flows between the untrusted network and the trusted network, a statistical breakdown of types of data flows at the network elements, an application sending data flows traversing the network elements, an application receiving the data flows, a username associated with the application sending data flows, and a username associated with the application receiving the data flows.
  - 6. The network management system of claim 5, wherein the visualizer is further configured to display the cross-domain network topology.
  - 7. The network management system of claim 1, wherein the network information includes one or more of network addresses for network elements within the untrusted network and the trusted network, a position for one or more of the network elements, a status of one or more links coupled to the network element, an amount of traffic at each of the network elements, a link bandwidth between the network elements, a priority of flows traversing the network elements, an application sending traffic traversing the network elements, an application receiving the traffic, a username associated with the application sending data flows, and a username associated with the application receiving the data flows.
  - 8. The network management system of claim 1, wherein the interface is configured to access the network information from the untrusted network through a one-way guard.
  - 9. The network management system of claim 1, further comprising:
    - a data analyzer configured to analyze the fused network information; and
      
      a network management function unit configured to perform a network management function based on the analysis of the data analyzer.
  - 10. The network management system of claim 9, wherein the data analyzer is configured to detect a broken link between two network elements based on the fused network information, andwherein the network management function unit is configured to reroute data packets in response to detecting the broken link.
  - 11. The network management system of claim 9, wherein the data analyzer is configured to determine contexts of a plurality of data packets, andwherein the network management function unit is configured group one or more data packets of the plurality of data packets based on the determined contexts and the fused network information.
  - 12. The network management system of claim 11, wherein the fused network information includes a topology of network elements and a link status of the network elements, and wherein the network management function unit is further configured to:
    - cache data packets during a period when the link status between two network elements indicates an inactive link; and
      
      send new data packets and the cached data packets during a period when the link status between two network elements indicates an active link.

13. A method comprising:
- accessing network information from a trusted network;
  
  accessing network information from an untrusted network;
  
  fusing the network information from the trusted network with the network information from the untrusted network to form fused network information; and
  
  generating a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein fusing the network information from the trusted network with the network information from the untrusted network comprises correlating one or more data flows in the trusted network to one or more encrypted data tunnels in the untrusted network.
  - 15. The method of claim 14, wherein correlating the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network comprises comparing destination addresses of the one or more data flows in the trusted network with origination addresses of the one or more encrypted tunnels in the untrusted network.
  - 16. The method of claim 14, wherein generating the cross-domain network topology comprises depicting at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network.

17. An apparatus comprising:
- a database configured to store network information from a trusted network and network information from an untrusted network; and
  
  a computing device located in the trusted network, the computing device executing a network management system, the network management system configured to;
  
  fuse the network information from the trusted network with the network information from the untrusted network to form fused network information; and
  
  generate a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.

18. A computer-readable storage medium storing instructions that, when executed, cause one or more processors of a device to:
- access network information from a trusted network;
  
  access network information from an untrusted network;
  
  fuse the network information from the trusted network with the network information from the untrusted network to form fused network information; and
  
  generate a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.
- View Dependent Claims (19, 20)
- - 19. The computer-readable storage medium storing of claim 18, wherein the instructions cause the one or more processors to fuse the network information from the trusted network with the network information from the untrusted network by correlating one or more data flows in the trusted network to one or more encrypted data tunnels in the untrusted network.
  - 20. The computer-readable storage medium storing of claim 19, wherein the instructions cause the one or more processors to correlate the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network by comparing destination addresses of the one or more data flows in the trusted network with origination addresses of the one or more encrypted tunnels in the untrusted network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Burnett, Benjamin L., Charan, Deborah K., Pozzo, Fabio, Ramanujan, Ranga

Granted Patent

US 9,736,112 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others