DEVICE FOR PROVIDING SECURITY BARRIER FOR NETWORK

US 20170099258A1
Filed: 10/05/2015
Published: 04/06/2017
Est. Priority Date: 10/05/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus for providing a security barrier between a communication network and an internet connection, the apparatus comprising:

a transceiver device; and

one or more processors to;

detect one or more indications of identity of one or more devices of the communication network;

obtain a first set of signal packets, received at the transceiver device, from at least one of the one or more devices of the communication network;

inspect the first set of signal packets based, at least in part, on a set of security policies;

responsive to the inspection of the first set of signal packets, blocking, based at least in part, on the set of security policies the first set of signal packets, or filtering, modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies, to form a modified first set of signal packets;

responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver device, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity;

inspect a second set of signal packets received from the internet connection via the transceiver device and intended for the at least one of the one or more devices, the inspection of the second set of signal packets based, at least in part, on the set of security policies; and

responsive to the inspection of the second set of signal packets, blocking, based, at least in part, on the set of security policies the second set of signal packets, or filtering, modifying, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, a system, and a method for providing a security barrier between local network and an internet connection.

Citations

20 Claims

1. An apparatus for providing a security barrier between a communication network and an internet connection, the apparatus comprising:
- a transceiver device; and
  
  one or more processors to;
  
  detect one or more indications of identity of one or more devices of the communication network;
  
  obtain a first set of signal packets, received at the transceiver device, from at least one of the one or more devices of the communication network;
  
  inspect the first set of signal packets based, at least in part, on a set of security policies;
  
  responsive to the inspection of the first set of signal packets, blocking, based at least in part, on the set of security policies the first set of signal packets, or filtering, modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies, to form a modified first set of signal packets;
  
  responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver device, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity;
  
  inspect a second set of signal packets received from the internet connection via the transceiver device and intended for the at least one of the one or more devices, the inspection of the second set of signal packets based, at least in part, on the set of security policies; and
  
  responsive to the inspection of the second set of signal packets, blocking, based, at least in part, on the set of security policies the second set of signal packets, or filtering, modifying, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the one or more indications of identity comprise a media access control (MAC) address and emulating the at least one of the one or more devices of the communication network is based, at least in part, on the MAC address.
  - 3. The apparatus of claim 1, wherein to inspect the first and second sets of signal packets is to be performed by a unified threat management (UTM) component of the apparatus.
  - 4. The apparatus of claim 3, wherein the UTM component is pre-configured with the set of security policies.
  - 5. The apparatus of claim 1, wherein responsive to inspection of the second set of signal packets, a potentially malicious content, a potentially malicious sender, or a combination thereof is identified.
  - 6. The apparatus of claim 1, wherein responsive to inspection of the first set of signal packets, an unauthorized recipient is identified.
  - 7. The apparatus of claim 1, wherein the set of security policies is maintained by a cloud-based service.

8. A system for providing a security barrier between a communication network and an internet connection, the system comprising:
- means for detecting one or more indications of identity of one or more devices of the communication network;
  
  means for receiving a first set of signal packets from at least one of the one or more devices of the communication network;
  
  means for inspecting the first set of signal packets based, at least in part, on a set of security policies;
  
  in response to the inspection of the first set of signal packets;
  
  means for blocking, based at least in part, on the set of security policies the first set of signal packets;
  
  ormeans for filtering, modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies, to form a modified first set of signal packets; and
  
  means for transmitting the modified first set of signal packets in response to formation of the modified first set of signal packets, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity;
  
  means for inspecting a second set of signal packets received from the internet connection and intended for the at least one of the one or more devices based, at least in part, on a set of security policies; and
  
  in response to the inspection of the second of signal packets sent via the internet connection and the set of security policies;
  
  means for blocking the second set of signal packets, based at least in part, on the set of security policies the second set of signal packets;
  
  ormeans for filtering, modifying, or a combination thereof, one or more of the second set of signal packets to form a modified second set of signal packets for transmission to the at least one of the one or more devices.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the one or more indications of identity comprise a media access control (MAC) address and wherein emulating the at least one of the one or more devices of the communication network uses, at least in part, the MAC address.
  - 10. The system of claim 8, wherein responsive to inspection of the second set of signal packets, a potentially malicious content, a potentially malicious sender, or a combination thereof is identified.
  - 11. The system of claim 8, wherein responsive to inspection of the first set of signal packets received from the at least one of the one or more devices, an unauthorized recipient is identified.
  - 12. The system of claim 8, wherein the set of security policies is maintained by a remote cloud-based means.

13. A method for providing a security barrier between a communication network and an internet connection, the method comprising:
- detecting, at one or more processors of a security device, one or more indications of identity of one or more devices of the communication network;
  
  receiving, via a transceiver of the security device, a first set of signal packets from at least one of the one or more devices of the communication network;
  
  inspecting, at the one or more processors, the first set of signal packets based, at least in part, on a set of security policies;
  
  responsive to the inspection of the first set of signal packets, blocking, based at least in part, on the set of security policies the first set of signal packets, or filtering, modifying, or a combination thereof, at least one of the first set of signal packets based, at least in part, on the set of security policies, to form a modified first set of signal packets;
  
  responsive to formation of the modified first set of signal packets, initiate transmission of the modified first set of signal packets via the transceiver, the transmission of the modified first set of signal packets comprising emulating the at least one of the one or more devices based, at least in part, on the one or more indications of identity;
  
  inspecting, at the one or more processors, a second set of signal packets received from the internet connection and intended for the at least one of the one or more devices, the inspection of the second set of signal packets being based, at least in part, on the set of security policies;
  
  responsive to the inspection of the second set of signal packets, blocking, based, at least in part, on the set of security policies the second set of signal packets, or filtering, modifying, or a combination thereof, at least one of the second set of signal packets based, at least in part, on the set of security policies to form a modified second set of signal packets for transmission to the at least one of the one or more devices.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, wherein the one or more indications of identity comprise a media access control (MAC) address and emulating the at least one of the one or more devices of the communication network is based, at least in part, on the MAC address.
  - 15. The method of claim 13, wherein inspecting the first and second sets of signal packets is performed by a unified threat management (UTM) component of the security device.
  - 16. The method of claim 15, wherein the UTM component is pre-configured with the set of security policies.
  - 17. The method of claim 13, wherein responsive to inspection of the second set of signal packets, a potentially malicious content, a potentially malicious sender, or a combination thereof is identified.
  - 18. The method of claim 13, wherein responsive to inspection of the first set of signal packets, an unauthorized recipient is identified.
  - 19. The method of claim 13, wherein the set of security policies is maintained by a cloud-based service.
  - 20. The method of claim 13, wherein filtering, modifying, blocking, or a combination thereof, of at least one signal packet of the first or second sets of signal packets is performed based, at least in part, on a risk score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zyxel Communications Incorporated (Unizyx Holding Corporation)
Original Assignee
Zyxel Communications Incorporated (Unizyx Holding Corporation)
Inventors
Nguyen, Tri, Joe, Steven H., Rogers, Shawn

Granted Patent

US 9,769,118 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 63/0209   Architectural arrangements,...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

DEVICE FOR PROVIDING SECURITY BARRIER FOR NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DEVICE FOR PROVIDING SECURITY BARRIER FOR NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links