Network security services architecture

US 7,316,029 B1
Filed: 10/25/2001
Issued: 01/01/2008
Est. Priority Date: 10/25/2001
Status: Active Grant

First Claim

Patent Images

1. Private network apparatus for connecting a user to an external internet comprising:

a plurality of security service pathways each providing a respective combination of security service features;

a service selection dashboard allowing said user to select from a plurality of security service features for user traffic to and from said user;

a network management server coupled to said service selection dashboard for storing a subscriber configuration in response to said user selected security service features;

a pass-through router for coupling said user traffic to said external internet independently of said security service pathways;

a service selection gateway coupled to said user for directing said user traffic to and from one of said service selection dashboard, said pass-through router, or one of said security service pathways; and

a security service router for coupling said plurality of security service pathways to said external internet;

wherein said service selection gateway directs said user traffic to said service selection dashboard if said subscriber configuration is in an initialized state; and

wherein said service selection gateway directs said user traffic to a respective one of said security service pathways or to said pass-through router in response to said subscriber configuration after initialization by said service selection dashboard.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A convenient and low cost computer security system deploys a menu of security tools within a local network that can be selected by a user connected to the network. A network architecture of the invention is structured to provide highly effective and flexible security features while greatly simplifying the user experience. Separate security service pathways provide different combinations of security service features and traffic from each user is directed to a pathway providing the desired features.

94 Citations

View as Search Results

20 Claims

1. Private network apparatus for connecting a user to an external internet comprising:
- a plurality of security service pathways each providing a respective combination of security service features;
  
  a service selection dashboard allowing said user to select from a plurality of security service features for user traffic to and from said user;
  
  a network management server coupled to said service selection dashboard for storing a subscriber configuration in response to said user selected security service features;
  
  a pass-through router for coupling said user traffic to said external internet independently of said security service pathways;
  
  a service selection gateway coupled to said user for directing said user traffic to and from one of said service selection dashboard, said pass-through router, or one of said security service pathways; and
  
  a security service router for coupling said plurality of security service pathways to said external internet;
  
  wherein said service selection gateway directs said user traffic to said service selection dashboard if said subscriber configuration is in an initialized state; and
  
  wherein said service selection gateway directs said user traffic to a respective one of said security service pathways or to said pass-through router in response to said subscriber configuration after initialization by said service selection dashboard.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a firewall.
  - 3. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a virus scanner.
  - 4. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a content filter.
  - 5. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a firewall and a content filter.
  - 6. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a firewall and a virus scanner.
  - 7. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a content filter and a virus scanner.
  - 8. The apparatus of claim 1 wherein said security service pathways include at least one pathway having a firewall, a content filter, and a virus scanner.
  - 9. The apparatus of claim 1 wherein said security service pathways include at least two pathways having firewalls, said firewalls respectively providing different grades of firewall protection.
  - 10. The apparatus of claim 9 comprising three security service pathways each including a respective firewall, said firewalls including a first firewall providing a high grade firewall protection, a second firewall providing a medium grade firewall protection, and a third firewall providing a low grade firewall protection.
  - 11. The apparatus of claim 10 wherein said low grade firewall protection comprises port blocking for outgoing traffic.
  - 12. The apparatus of claim 10 wherein said medium grade firewall protection comprises port blocking for incoming and outgoing traffic.
  - 13. The apparatus of claim 10 wherein said high grade firewall protection comprises port blocking for outgoing traffic and blocking of all incoming traffic not initiated by said user.
  - 14. The apparatus of claim 1 further comprising:
    - a user-side switch coupling said service selection gateway to said security service pathways; and
      
      an internet-side switch coupling said security service pathways to said security service router.

15. A method of providing security service in a network interface to an external internet, said method comprising the steps of:
- directing a user to a captive portal;
  
  presenting security service features to said user;
  
  storing a subscription profile for said user in response to security service features selected by said user through said captive portal;
  
  receiving user traffic from said user destined for said external internet at a service selection gateway;
  
  determining from said subscription profile which security service features to apply to said user traffic;
  
  if said subscription profile for said user includes any security service features, then re-directing said user traffic to a particular security service pathway of a plurality of security service pathways, said particular security service pathway corresponding to said security service features identified by said user profile; and
  
  if said subscription profile for said user includes no security service features, then re-directing said user traffic to a pass-through router for coupling said user traffic to said external internet.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein said security service features include firewall services, content filtering services, and virus scanning services, and wherein each of said security service pathways corresponds to a combination of said security service features.
  - 17. The method of claim 16 wherein said firewall services comprise selectable grades of firewall protection including a high grade firewall protection, a medium grade firewall protection, and a low grade firewall protection.
  - 18. The method of claim 17 wherein said low grade firewall protection comprises port blocking for outgoing user traffic.
  - 19. The method of claim 17 wherein said medium grade firewall protection comprises port blocking for incoming and outgoing user traffic.
  - 20. The method of claim 17 wherein said high grade firewall protection comprises port blocking for outgoing user traffic and blocking of all incoming traffic not initiated by said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Parker, Benjamin J., Frederick, Terry M., Diaz, Charles, Werner, Shane W.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
COLIN, CARL G

Application Number

US10/003,816
Time in Patent Office

2,259 Days
Field of Search

713/201, 713/156, 709223-225, 709/246, 726/28, 726/1, 726/2, 726/13, 726/14, 370/428
US Class Current

726/13
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/145 the attack involving the pr...

Network security services architecture

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Network security services architecture

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others