CLOUD-BASED NETWORK SECURITY

US 20150188949A1
Filed: 12/30/2014
Published: 07/02/2015
Est. Priority Date: 12/31/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing a connection between a computing device and a destination computing device, the method comprising:

managing, by a first managing component, traffic between a first computing device and a destination computing device, including;

identifying, by the first managing component, at least one characteristic of the traffic;

accessing, by the first managing component, a database including at least one connection policy associated with the identified at least one characteristic;

determining, by the first managing component, an applicable connection policy based at least in part on the identified at least one characteristic;

retrieving, by the first managing component, the applicable connection policy; and

implementing, by the first managing component, the applicable connection policy in managing the traffic between the first computing device and the destination computing device and in managing a first connection between the first computing device and the destination computing device, the managing the first connection including;

providing, to a second computing device, a request for a first connection over a network, the second computing device;

configuring the first connection, andestablishing, after the first computing device is authenticated, the first connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing the use of gateways on a network includes authenticating a user, determining and managing a path between a user computing device and a destination computing device, the path including at least one of the gateways, and managing user traffic on the path according to a policy associated with the user.

405 Citations

44 Claims

1. A method for managing a connection between a computing device and a destination computing device, the method comprising:
- managing, by a first managing component, traffic between a first computing device and a destination computing device, including;
  
  identifying, by the first managing component, at least one characteristic of the traffic;
  
  accessing, by the first managing component, a database including at least one connection policy associated with the identified at least one characteristic;
  
  determining, by the first managing component, an applicable connection policy based at least in part on the identified at least one characteristic;
  
  retrieving, by the first managing component, the applicable connection policy; and
  
  implementing, by the first managing component, the applicable connection policy in managing the traffic between the first computing device and the destination computing device and in managing a first connection between the first computing device and the destination computing device, the managing the first connection including;
  
  providing, to a second computing device, a request for a first connection over a network, the second computing device;
  
  configuring the first connection, andestablishing, after the first computing device is authenticated, the first connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The method of claim 1, the first managing component including a managing software component.
  - 3. The method of claim 2, the managing software component embedded in a computer hardware component.
  - 4. The method of claim 1, the first managing component including a gateway.
  - 5. The method of claim 1, the identified at least one characteristic of the traffic including a user identity associated with the first computing device, or a data type associated with the traffic, or both.
  - 6. The method of claim 1, the implementing of the applicable connection policy directing an aspect of the managing of the first connection.
  - 7. The method of claim 1, the implementing of the applicable connection policy directing an aspect of analyzing the traffic.
  - 8. The method of claim 1, the method further comprising:
    - managing, by the first managing component or a second managing component, a second connection between the first computing device and the destination computing device, including;
      
      providing, to a third computing device, a second request for a second connection, the third computing device;
      
      configuring the second connection at the third computing device, and establishing the second connection; and
      
      managing, by the first managing component or a second managing component, traffic between the first computing device and the destination computing device.
  - 9. The method of claim 1, the first managing component managing the traffic to conserve a resource of the first computing device.
  - 10. The method of claim 1, the identified characteristic including a user identity, the applicable connection policy determined based on the user identity, the applicable connection policy modifiable by the user.
  - 11. The method of claim 1, the identified at least one characteristic of the traffic associating the traffic with a first enterprise, the implementing the applicable connection policy directing an action taken regarding the traffic according to a first enterprise policy.
  - 12. The method of claim 8, the first enterprise policy directing the scrubbing of vulnerabilities from traffic exiting the first enterprise.
  - 13. The method of claim 1, the first managing component choosing a first gateway running a first managing software component, the second computing device including a second gateway and running a second managing software component.
  - 14. The method of claim 13, instances of a managing software component running with each gateway of a plurality of gateways on a path between the first gateway and the destination computing device.
  - 15. The method of claim 13, the first gateway an entrance to a tunnel between the first computing device and the destination computing device.
  - 16. The method of claim 13, the first computing device including the first gateway.
  - 17. The method of claim 13, the first gateway on a second computing device that is remote from the first computing device.
  - 18. The method of claim 13, the destination computing device providing access to a private network.
  - 19. The method of claim 13, the first gateway chosen by the first managing software component from among a plurality of gateways.
  - 20. The method of claim 19, the plurality of gateways distributed on the network, the first gateway chosen from among the plurality by the first computing device based at least in part on latency.
  - 21. The method of claim 13, each of a plurality of enterprises having access to a plurality of gateways, instances of the managing software component running with each gateway of the plurality of gateways, each of the instances of managing software having access to the database.
  - 22. The method of claim 21, a first enterprise of the plurality of enterprises providing the plurality of gateways with the ability to tunnel to an infrastructure of the first enterprise.
  - 23. The method of claim 21, the traffic being granted access to the plurality of gateways upon being granted access to the first gateway.
  - 24. The method of claim 21, the instances of the managing software components provided with latency information for each of a subset of the plurality of gateways, at least one instance of managing software component routing the traffic to improve the latency at one of the subset of the plurality of gateways.
  - 25. The method of claim 21, the database including at least one connection policy for each of the plurality of enterprises.
  - 26. The method of claim 25, the at least one connection policy for at least one enterprise directing that the traffic be logged.
  - 27. The method of claim 13, including an intermediate gateway between the first computing device and the destination computing device, the first gateway allowed access to a set of information regarding the traffic, the intermediate gateway denied access to a subset of the set of information.
  - 28. The method of claim 27, the subset of information including the identity of a user of the first computing device.
  - 29. The method of claim 13, the first computing device connecting to a virtual private network (VPN) to provide a tunnel between the first gateway and the second gateway.
  - 30. The method of claim 13, the first connection including a tunnel between the first gateway and the second gateway, the first computing device connecting to a virtual private network (VPN) using the tunnel.
  - 31. The method of claim 30, the VPN being established for a user and no other user, the first computing device accessing an enterprise service using a browser and the VPN, the enterprise service not otherwise accessible using the network.
  - 32. The method of claim 31, the VPN established for the user remaining open when the user is not using it.
  - 33. The method of claim 13, the first gateway located on the network, the first computing device accessing the first gateway using a first VPN, the traffic routed from the first gateway over the network to a terminal gateway on the network, the terminal gateway accessing the enterprise system using a second VPN.
  - 34. The method of claim 33, the first and second VPNs being established dynamically when needed by the user for the user and no other user.
  - 35. The method of claim 34, the first VPN established for the user remaining open when the user is not using it.
  - 36. The method of claim 13, the first gateway located on the network, the traffic routed from the first gateway over the network to a terminal gateway on the network, the terminal gateway accessing the enterprise system using a first VPN, the first VPN available to any of a plurality of users for accessing the enterprise system.

37. A method for managing a path between a computing device and a destination computing device, the method comprising:
- managing, by a first managing software component, traffic between a first computing device and a destination computing device, including;
  
  identifying, by the first managing software component, at least one characteristic of the traffic;
  
  accessing, by the first managing software component, a database including at least one connection policy associated with the identified at least one characteristic;
  
  determining, by the first managing software component, an applicable connection policy based at least in part on the identified at least one characteristic;
  
  retrieving, by the first managing software component, the applicable connection policy; and
  
  implementing, by the first managing software component, the applicable connection policy in managing the traffic between the first computing device and the destination computing device and in managing a path between the first computing device and the destination computing device, the managing the path between a first computing device and a destination computing device, including;
  
  choosing a first gateway located on the network, the first gateway including an entrance to a tunnel between the first computing device and the destination computing device.
- View Dependent Claims (38, 39, 40)
- - 38. The method of claim 37, the managing a path further comprising:
    - acquiring access to the first gateway using a first VPN; and
      
      routing traffic from the first gateway over the network using the tunnel for at least part of the path to a terminal gateway on the network.
  - 39. The method of claim 37, the managing a path further comprising:
    - accessing an enterprise system from the terminal gateway using a second VPN.
  - 40. The method of claim 37, an instance of the managing software component on the terminal gateway, or any instance of the managing software component on the path, managing the path between the first computing device and the destination computing device, or managing traffic between the first computing device and the destination computing device.

41. A method for managing a plurality of gateways, the method comprising:
- managing, by one or more instances of a managing software component, a path between a first computing device and a destination computing device, the path using a subset of the plurality of gateways;
  
  managing, by one or more instances of a managing software component, the use of the plurality of gateways, including;
  
  authenticating a user associated with traffic attempting to use the plurality of gateways;
  
  accessing a database including at least one policy associated with the user;
  
  retrieving the at least one associated policy; and
  
  implementing the at least one associated policy in managing the use of the plurality of gateways.
- View Dependent Claims (42, 43, 44)
- - 42. The method of claim 41, the path including a tunnel.
  - 43. The method of claim 41, the path including a VPN.
  - 44. The method of claim 41, the at least one associated policy associated with the user based on the user being associated with an enterprise, the database including policies associated with a plurality of enterprises.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Mahaffey, Kevin Patrick, Hering, John Gunther, Buck, Brian James

Application Number

US14/586,759
Publication Number

US 20150188949A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 43/08   Monitoring or testing based...

H04L 63/0272   Virtual private networks

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04W 12/03   Protecting confidentiality,...

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

CLOUD-BASED NETWORK SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

405 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD-BASED NETWORK SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

405 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links