Method and system for transparent bridging and bi-directional management of network data

US 7,716,472 B2
Filed: 12/18/2006
Issued: 05/11/2010
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A network-communication method comprising:

detecting network activity between a router of a local area network and a wide area network, the local area network comprising a plurality of client devices;

decoding the network activity;

responsive to the decoding step, obtaining at least a source network address for the network activity, the source network address being a network-layer address of the router of the local area network;

using the source network address to establish a transparent networking bridge between the local area network and the wide area network, the using step comprising assigning to the transparent networking bridge a network-layer address having a same range as the source network address;

wherein the transparent networking bridge establishes a connection with at least one server located on the wide area network;

wherein the transparent networking bridge is unknown to the plurality of client devices on the local area network;

wherein the transparent networking bridge has no network-layer address or device address specifically assigned thereto; and

providing security services to the plurality of client devices on the local area network via the at least one server;

wherein the detected network activity is outbound network activity from the local area network to the wide area network;

wherein the obtaining step comprises obtaining a device address of a first gateway of the wide area network; and

wherein the first gateway of the wide area network belongs to a network service provider providing access to the wide area network.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network-communication method includes detecting network activity between a local area network and a wide area network, decoding the network activity, responsive to the decoding step, obtaining at least a source network address, and using the source network address to establish a transparent networking bridge between the local area network and the wide area network.

97 Citations

View as Search Results

16 Claims

1. A network-communication method comprising:
- detecting network activity between a router of a local area network and a wide area network, the local area network comprising a plurality of client devices;
  
  decoding the network activity;
  
  responsive to the decoding step, obtaining at least a source network address for the network activity, the source network address being a network-layer address of the router of the local area network;
  
  using the source network address to establish a transparent networking bridge between the local area network and the wide area network, the using step comprising assigning to the transparent networking bridge a network-layer address having a same range as the source network address;
  
  wherein the transparent networking bridge establishes a connection with at least one server located on the wide area network;
  
  wherein the transparent networking bridge is unknown to the plurality of client devices on the local area network;
  
  wherein the transparent networking bridge has no network-layer address or device address specifically assigned thereto; and
  
  providing security services to the plurality of client devices on the local area network via the at least one server;
  
  wherein the detected network activity is outbound network activity from the local area network to the wide area network;
  
  wherein the obtaining step comprises obtaining a device address of a first gateway of the wide area network; and
  
  wherein the first gateway of the wide area network belongs to a network service provider providing access to the wide area network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network-communication method of claim 1, wherein the network-layer address is an Internet Protocol address and the device address is a Media Access Control address.
  - 3. The network-communication method of claim 1, wherein the detected network activity comprises a DHCP offer packet.
  - 4. The network-communication method of claim 1, wherein the detected network activity comprises a DHCP request packet.
  - 5. The network-communication method of claim 1, further comprising:
    - creating a first DHCP packet; and
      
      wherein the detected network activity comprises a second DHCP packet responsive to the first DHCP packet.
  - 6. The network-communication method of claim 1, wherein the source network address is a network-layer address assigned to a wide area network connection of the router of the local area network.
  - 7. The network-communication method of claim 1, further comprising communicating with an authentication server on the wide area network in order to determine if there is an existing account for providing security services to one or more of the plurality of client devices.
  - 8. The network-communication method of claim 6, wherein, in communications initiated by the transparent networking bridge, the transparent networking bridge utilizes the device address of the first gateway of the wide area network as its device address and utilizes the network-layer address of the first gateway on the WAN as a new source address.
  - 9. The network-communication method of claim 8, comprising:
    - responsive to a determination that an account has already been set up, receiving account policy information; and
      
      responsive to a determination that an account has not been set up, creating an account.
  - 10. The network-communication method of claim 1, comprising evaluating at least some inbound data in accordance with pre-defined criteria.
  - 11. The network-communication method of claim 10, wherein the data includes information about a client, application, and user.
  - 12. The network-communication method of claim 1, wherein the at least one server provides user-defined security services to the plurality of client devices from a wide area network side of the bridge.
  - 13. The network-communication method of claim 1, comprising:
    - receiving a tagged data packet;
      
      evaluating information in the tagged data packet;
      
      responsive to the evaluating step, implementing a security measure.
  - 14. The network-communication method of claim 1, further comprising performing real-time contextual analysis to identify threats relative to at least one of web content, Spam, virus, and malware.

15. A method comprising:
- detecting network activity from a router of a local area network to a wide area network, the local area network comprising a plurality of client devices;
  
  decoding the network activity;
  
  responsive to the decoding step, obtaining a source network address for the network activity and a device address of a first gateway on the wide area network, the source network address being a network-layer address assigned to a wide-area-network connection of the router;
  
  establishing a transparent networking bridge between the local area network and the wide area network, the establishing step comprising assigning to the transparent networking bridge a network-layer address having a same range as the source network address;
  
  establishing a connection with at least one server on the wide area network;
  
  via the transparent networking bridge, utilizing the connection with the at least one server to provide one or more network-based security services to the plurality of client devices;
  
  wherein the transparent networking bridge is unknown to the plurality of client devices on the local area network; and
  
  wherein the transparent networking bridge has no network-layer address or device address specifically assigned thereto.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein:
    - the at least one server comprises a remotely-hosted security control center, the remotely-hosted security control center comprising a plurality of servers; and
      
      the utilizing step comprises utilizing a connection with selected ones of the plurality of servers to provide a plurality of network-based security services to the plurality of client devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avast Software SRO (Gen Digital Inc.)
Original Assignee
Bsecure Technologies, Inc. (Gen Digital Inc.)
Inventors
Ashley, Stephen P., Balasubramaniam, Gandhi, Boisjolie, Darren R.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US11/612,095
Publication Number

US 20070192593A1
Time in Patent Office

1,240 Days
Field of Search

713/162
US Class Current

713/162
CPC Class Codes

H04L 61/2514 between local and global IP...

H04L 63/20 for managing network securi...

Method and system for transparent bridging and bi-directional management of network data

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transparent bridging and bi-directional management of network data

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links