Network abstraction and isolation layer for masquerading machine identity of a computer

US 7,769,004 B2
Filed: 09/24/2004
Issued: 08/03/2010
Est. Priority Date: 09/26/2003
Status: Active Grant

First Claim

Patent Images

1. A local network, comprising:

a local network device;

a first computer having a first machine identity; and

a network abstraction and isolation layer (NAIL), interfaced between said local network device and said first computer, wherein said NAIL masquerades said first machine identity into a second machine identity to isolate and abstract said first computer into a first isolated network layer while enabling said first computer to communicate with said local network device within the local network using said second machine identity;

wherein said NAIL translates an IP address and a Media Access Control (MAC) address to a different IP address and a different MAC address, respectively, in a packet header of a communication packet between the isolated and abstraction network interfaces, and wherein said NAIL further translates at least one of a machine name and a system identifier to a different machine name and a different system identifier, respectively, in a packet payload of said communication packet.

View all claims

31 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network abstraction and isolation layer (NAIL) for masquerading the machine identity of a computer in a network to enable the computer to communicate in the network with a different machine identity including an isolated network interface for communicating with the computer, an abstraction network interface for communicating with a network device coupled to the network, and control logic. The control logic is coupled to the isolated and abstraction network interfaces and performs machine identity translation to masquerade machine identity of the computer relative to the network. Machine identity masquerading includes selectively translating any one or more of an IP address, a MAC address, a machine name, a system identifier, and a DNS Name in the header or payload of communication packets.

65 Citations

View as Search Results

20 Claims

1. A local network, comprising:
- a local network device;
  
  a first computer having a first machine identity; and
  
  a network abstraction and isolation layer (NAIL), interfaced between said local network device and said first computer, wherein said NAIL masquerades said first machine identity into a second machine identity to isolate and abstract said first computer into a first isolated network layer while enabling said first computer to communicate with said local network device within the local network using said second machine identity;
  
  wherein said NAIL translates an IP address and a Media Access Control (MAC) address to a different IP address and a different MAC address, respectively, in a packet header of a communication packet between the isolated and abstraction network interfaces, and wherein said NAIL further translates at least one of a machine name and a system identifier to a different machine name and a different system identifier, respectively, in a packet payload of said communication packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The local network of claim 1, wherein said first computer comprises a logical server.
  - 3. The local network of claim 1, wherein said NAIL comprises a logical device with virtual interfaces.
  - 4. The local network of claim 1, wherein said NAIL comprises:
    - an isolated network interface for communicating with said first computer;
      
      control logic, interfaced with said isolated network interface, which performs machine identity translation; and
      
      an abstraction network interface for enabling communication between said control logic and said local network device.
  - 5. The local network of claim 4, wherein said isolated network interface comprises a virtual interface that directly interfaces said control logic with said first computer.
  - 6. The local network of claim 4, wherein at least one of said isolated and abstraction network interfaces comprises a network interface controller (NIC).
  - 7. The local network of claim 6, wherein at least one NIC comprises a virtual NIC.
  - 8. The local network of claim 6, wherein said control logic translates said IP address and said MAC address to said different IP address and said different MAC address, respectively, in said packet header of said communication packet.
  - 9. The local network of claim 8, wherein said control logic further translates at least one of an IP address and a Domain Name Service (DNS) Name to a different IP address and a different DNS Name, respectively, in said packet payload of said communication packet.
  - 10. The local network of claim 6, wherein said control logic translates an IP address to a different IP address in said packet payload of said communication packet.
  - 11. The local network of claim 10, wherein said control logic further translates a Domain Name Service (DNS) Name to a different DNS Name in said packet payload of said communication packet.
  - 12. The local network of claim 6, wherein said control logic selectively translates communication packets between said first computer and said local network device based on communication protocol.
  - 13. The local network of claim 1, further comprising:
    - a second computer having a third machine identity; and
      
      said NAIL comprising a multi-channel NAIL for masquerading said first and third machine identities into said second machine identity and a fourth machine identity, respectively, to isolate and abstract said first and second computers into first and second isolated network layers, respectively.
  - 14. The local network of claim 13, wherein said multi-channel NAIL comprises:
    - a first isolated network interface for communicating with said first computer;
      
      a second isolated network interface for communicating with said second computer;
      
      control logic, coupled to said first and second isolated network interfaces, that performs machine identity translation for said first and second machine identities; and
      
      a common abstraction network interface for enabling communication between said control logic and said local network device.
  - 15. The local network of claim 14, wherein said first and second machine identities are the same.

16. A method of isolating and abstracting a computer in a local network while enabling the computer to communicate with the local network, comprising:
- interfacing the computer to the local network via isolated and abstracted communication interfaces;
  
  monitoring communication packets between the computer and the local network; and
  
  selectively translating the communication packets to masquerade the machine identity of the computer from the local network, wherein said selectively translating comprises;
  
  changing an IP address in a packet header of a communication packet to a different IP address;
  
  changing a Media Access Control (MAC) address in the packet header to a different MAC address; and
  
  changing at least one of a machine name and a system identifier in a packet payload of the communication packet to a different machine name and system identifier, respectively.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein said selectively translating comprises determining communication protocol and selectively translating based on communication protocol.
  - 18. The method of claim 16, further comprising changing at least one of an IP address and a Domain Name Service (DNS) Name in the packet payload of the communication packet to a different IP address and DNS Name, respectively.
  - 19. The method of claim 16, wherein said translating comprises changing an IP address in the packet payload of the communication packet to a different IP address.
  - 20. The method of claim 19, further comprising changing a Domain Name Service (DNS) Name in the packet payload of the communication packet to a different DNS Name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Surgient, Inc. (Quest Software, Inc.)
Inventors
McCrory, Dave D., Johnson, Scott C.
Primary Examiner(s)
Kumar; Pankaj
Assistant Examiner(s)
Foud; Hicham B

Application Number

US10/950,355
Publication Number

US 20050108407A1
Time in Patent Office

2,139 Days
Field of Search

None
US Class Current

370/389
CPC Class Codes

H04L 63/0407 wherein the identity of one...

H04L 63/16 Implementing security featu...

Network abstraction and isolation layer for masquerading machine identity of a computer

First Claim

31 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network abstraction and isolation layer for masquerading machine identity of a computer

First Claim

31 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links