Dynamic security shielding through a network resource

US 8,079,074 B2
Filed: 04/17/2007
Issued: 12/13/2011
Est. Priority Date: 04/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented services system, comprising:

a detection component of a host device for detecting a risk beacon indicative of a risk of intrusion;

a remote component for providing an intrusion protection service to the host device;

a redirection component for dynamically redirecting host traffic to the remote component to obtain the intrusion protection service until intrusion protection software is installed on the host device, thereafter the host device disconnects from the remote component; and

a processor operable to execute computer-executable instructions associated with at least one of the detection component, the remote component, or the redirection component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture for facilitating access of remote system software functionality by a host machine for the redirection of incoming and/or outgoing host traffic through the remote system for protection services to the host machine. The host machine can gain the benefits of effective protection software such as firewall, intrusion protection software, and anti-malware services, of the remote machine. The host machine can choose to exercise traffic redirection when there is a risk of being compromised, and then revert back to direct communications when the risk has been averted. The host machine takes advantage of the resources available on the remote machine in substantially realtime with minimal disruption to the host and/or the remote machine operations. This facilitates widespread and temporary protection of network systems for a more secure working environment and improved customer experience.

20 Citations

View as Search Results

20 Claims

1. A computer-implemented services system, comprising:
- a detection component of a host device for detecting a risk beacon indicative of a risk of intrusion;
  
  a remote component for providing an intrusion protection service to the host device;
  
  a redirection component for dynamically redirecting host traffic to the remote component to obtain the intrusion protection service until intrusion protection software is installed on the host device, thereafter the host device disconnects from the remote component; and
  
  a processor operable to execute computer-executable instructions associated with at least one of the detection component, the remote component, or the redirection component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the remote component is a fixed security proxy server.
  - 3. The system of claim 1, wherein the remote component is a remote device that hosts the service and the remote device is elected and configured to act as proxy server to provide the service for the host traffic.
  - 4. The system of claim 1, wherein the redirection component generates a virtual private network (VPN) connection to the remote component to obtain the service.
  - 5. The system of claim 1, wherein the need detected by the detection component is further associated with receipt of at least one of pulled or pushed configuration information, or an auto-generated trigger based on machine-awareness of a lack of software associated with the service.
  - 6. The system of claim 1, wherein the risk is associated with at least one of a firewall service, an intrusion protection service, or an anti-malware service.
  - 7. The system of claim 1, further comprising a selection component for selecting which system of a plurality of remote systems to route the host traffic.
  - 8. The system of claim 1, wherein the redirection component routes the host traffic directly to the host device without routing the traffic through the remote component.
  - 9. The system of claim 1, wherein the host device initiates indirect communications of the host traffic by forming a VPN to the remote component via which the host traffic is routed to and from the remote component by the routing component.
  - 10. The system of claim 1, wherein the host device reverts back to direct communications of the host traffic by re-registering a non-VPN address or acquiring a new address.
  - 11. The system of claim 1, wherein the remote component is a wireless device elected to serve as a proxy for the service based on at least one of device service data or capabilities data.

12. A computer-implemented method of providing services, comprising acts of:
- receiving a risk beacon at a client associated with a need for a protection service;
  
  detecting available remote resources of a wireless network for the service;
  
  selecting a first resource of the available remote resources;
  
  redirecting client traffic to the first resource over the wireless network;
  
  processing the client traffic through the service to protect the client;
  
  disconnecting the client from the first resource when the protection service is no longer needed; and
  
  utilizing a processor to execute instructions stored in memory to perform at least one of the acts of receiving, detecting, selecting, redirecting, processing, or disconnecting.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising dynamically performing at least one of the acts of detecting, selecting, or redirecting.
  - 14. The method of claim 12, further comprising initiating communications to the first resource by acts of:
    - forming a VPN between the client and the first resource; and
      
      deprecating old non-VPN addresses on local network interfaces.
  - 15. The method of claim 12, further comprising initiating communications to the first resource by acts of:
    - deregistering non-VPN addresses from a domain name server (DNS); and
      
      deleting old non-VPN, non-static, addresses when the non-VPN addresses become inactive.
  - 16. The method of claim 12, further comprising reverting back to direct communications by one or more acts of:
    - re-registering an unexpired non-VPN address in a DNS or acquiring a new non-VPN address;
      
      deprecating the acquired new VPN address to prevent a new connection from being formed on the first resource, which is a VPN server; and
      
      terminating the VPN when no new connection is active over the VPN.
  - 17. The method of claim 12, wherein the client is one of a plurality of wireless clients, which one or more of the plurality of wireless clients is detected as the remote resources based on advertisement of an ad-hoc network by the one or more of the plurality of wireless clients.
  - 18. The method of claim 12, wherein the first resource disconnects from the wireless network, which is an ad-hoc network, and reconnects as an access point-network address translation device.
  - 19. The method of claim 18, wherein the client deprecates and deletes an address used for direct communications.

20. A computer-implemented system, comprising:
- a host component operating without intrusion protection software;
  
  a detection component of the host component for detecting a risk beacon associated with a risk of an intrusion threat;
  
  a proxy component, operating with intrusion protection software, for redirecting traffic to the host component, thereby providing intrusion protection to the host component until protection provided by the proxy component is no longer needed, thereafter the host component disconnects from the proxy component; and
  
  a processor operable to execute computer-executable instructions associated with at least one of the host component, the detection component, or the proxy component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Dadhia, Rajesh K.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US11/787,589
Publication Number

US 20080263654A1
Time in Patent Office

1,701 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

H04L 61/2503   Translation of Internet pro...

H04L 61/5014   using dynamic host configur...

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 67/563   Data redirection of data ne...

Dynamic security shielding through a network resource

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security shielding through a network resource

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links