Network DNA

US 8,126,999 B2
Filed: 02/06/2004
Issued: 02/28/2012
Est. Priority Date: 02/06/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-storage medium encoded with computer-executable instructions that, when executed on a computer connected to a computer network, perform a method for configuring the operation of the computer connected to the computer network, the method comprising:

acquiring at least one network attribute, each network attribute corresponding to an attribute of the computer network;

generating a value for at least one derived network DNA component according to at least one derived network DNA component specification, each derived network DNA component corresponding to an attribute of the computer network, and at least one of said at least one derived network DNA component specification referencing at least one of said at least one network attribute and processing by which the value of the derived network DNA component is generated from the referenced at least one network attribute;

determining a network DNA for the computer network, the network DNA classifying the computer network, and the network DNA comprising at least one of said at least one derived network DNA component indicating a network species classification selected from among a plurality of network species classifications,the network species component indicating the network species is a first species if a first combination of network conditions is identified in the at least one attribute of the computer network;

the network species component indicating the network species is a second species if a second combination of network conditions is identified in the at least one attribute of the computer network; and

the network species component indicating the network species is a third species if a third combination of network conditions is identified in the at least one attribute of the computer network;

selecting a network DNA policy action to execute based on the at least one derived network DNA component meeting at least one condition specified in the network DNA policy; and

initiating on the computer connected to the computer network an execution of the network DNA policy action of the network DNA policy, the execution of the network DNA policy action configuring network security settings of the computer that control communication over a connection to the computer network when the at least one derived network DNA components meeting at least one condition specified in the network DNA policy, whereby the network security settings are configured based on the determined network species classification.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks. Network DNA stores may store network DNA history as well as current network DNA.

Citations

36 Claims

1. A computer-storage medium encoded with computer-executable instructions that, when executed on a computer connected to a computer network, perform a method for configuring the operation of the computer connected to the computer network, the method comprising:
- acquiring at least one network attribute, each network attribute corresponding to an attribute of the computer network;
  
  generating a value for at least one derived network DNA component according to at least one derived network DNA component specification, each derived network DNA component corresponding to an attribute of the computer network, and at least one of said at least one derived network DNA component specification referencing at least one of said at least one network attribute and processing by which the value of the derived network DNA component is generated from the referenced at least one network attribute;
  
  determining a network DNA for the computer network, the network DNA classifying the computer network, and the network DNA comprising at least one of said at least one derived network DNA component indicating a network species classification selected from among a plurality of network species classifications,the network species component indicating the network species is a first species if a first combination of network conditions is identified in the at least one attribute of the computer network;
  
  the network species component indicating the network species is a second species if a second combination of network conditions is identified in the at least one attribute of the computer network; and
  
  the network species component indicating the network species is a third species if a third combination of network conditions is identified in the at least one attribute of the computer network;
  
  selecting a network DNA policy action to execute based on the at least one derived network DNA component meeting at least one condition specified in the network DNA policy; and
  
  initiating on the computer connected to the computer network an execution of the network DNA policy action of the network DNA policy, the execution of the network DNA policy action configuring network security settings of the computer that control communication over a connection to the computer network when the at least one derived network DNA components meeting at least one condition specified in the network DNA policy, whereby the network security settings are configured based on the determined network species classification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 34)
- - 2. The computer-storage medium of claim 1, wherein the first species comprises an enterprise network, the second species comprises a home network, and the third species comprises a public place network.
  - 3. The computer-storage medium of claim 1, wherein at least one of said at least one derived network DNA component specification comprises a linear transformation of at least one value of at least one of said at least one network attribute.
  - 4. The computer-storage medium of claim 1, wherein said at least one derived network DNA component specification comprises a combination of said at least one network attribute.
  - 5. The computer-storage medium of claim 1, wherein at least one of said at least one derived network DNA component specification comprises a structured query language statement.
  - 6. The computer-storage medium of claim 1, wherein at least one of said at least one derived network DNA component specification comprises an object oriented language statement.
  - 7. The computer-storage medium of claim 1, wherein at least one of said at least one derived network DNA component specification comprises a scripting language statement.
  - 8. The computer-storage medium of claim 1, wherein acquiring at least one network attribute comprises acquiring a plurality of network attributes in an order specified by an acquisition priority list, the plurality of networks attributes specified by the acquisition priority list comprising at least a subset of a domain name, one or more IP addresses, verified presence of network infrastructure elements, parameters received from a network server, a communications media type, a service provider, a nominal available communications bandwidth, a measured available communications bandwidth, logical network location and physical network location.
  - 9. The computer-storage medium of claim 8, wherein the order specified by the acquisition priority list is in accord with an ordered set of network DNA policies that reference the plurality of network attributes.
  - 10. The computer-storage medium of claim 1, wherein generating at least one derived network DNA component comprises generating each derived network DNA component referenced by a derived network DNA refresh list, the derived network DNA refresh list referencing at least one derived network DNA component dependent upon at least one acquired network attribute.
  - 11. The computer-storage medium of claim 1, wherein the network DNA policy reduces a probability of security vulnerability when switching between computer networks.
  - 34. The computer-storage medium of claim 1, wherein:
    - the value of each derived network DNA component has a confidence level associated therewith; and
      
      the network DNA policy condition is satisfied when the referenced derived network DNA component has a value specified in the network DNA policy and the confidence level for the value of the referenced derived network components is above a threshold.

12. A computer-storage medium encoded with computer-executable instructions that, when executed by a computer connected to a computer network, perform a method, the method comprising:
- acquiring a plurality of attributes of the computer network;
  
  generating a network species component according to a derived network DNA component specification, the derived network DNA component specification referencing at least one of said plurality of attributes of the computer network;
  
  determining a network DNA of the computer network, the network DNA comprising the network species component, the network species component indicating a network species classification selected from among a plurality of network species classifications, the plurality of network species classifications including an enterprise network, a home network, and a public place network,the network species component indicating the network species is enterprise network if a first combination of network conditions is identified in the plurality of attributes of the computer network;
  
  the network species component indicating the network species is home network if a second combination of network conditions is identified in the plurality of attributes of the computer network; and
  
  the network species component indicating the network species is public place network if a third combination of network conditions is identified in the plurality of attributes of the computer network; and
  
  providing the network DNA through an interface on the computer, the provided network DNA including the network species component,wherein the first combination, the second combination and the third combination are different.
- View Dependent Claims (13, 14, 15, 16, 35)
- - 13. The computer-storage medium of claim 12, wherein the network DNA further comprises a network name component, a network cost component, a core access component, a core addressing component, a network security component and a network technology component.
  - 14. The computer-storage medium of claim 13, wherein the network technology component comprises at least one network operational attribute.
  - 15. The computer-storage medium of claim 12, wherein:
    - acquiring the plurality of attributes of the computer network comprises acquiring a network security attribute of the computer network, a network management attribute of the computer network and a network addressing attribute of the computer network; and
      
      the derived network DNA component specification for the network species component is a function of at least the network security attribute, the network management attribute and the network addressing attribute.
  - 16. The computer-storage medium of claim 12, wherein the method further comprises:
    - testing a network DNA policy condition of a network DNA policy for satisfaction, the network DNA policy condition referencing at least one network DNA component; and
      
      initiating on the computer connected to the computer network an execution of a network DNA policy action of the network DNA policy, the execution of the network DNA policy action configuring network security settings of the computer for a connection to the computer network when the network DNA policy condition of the network DNA policy is satisfied.
  - 35. The computer-storage medium of claim 12, wherein determining the network DNA comprises:
    - determining the network species is enterprise network if the first combination of network conditions is met, the first combination of network conditions being met if a plurality of;
      
      (a) the computer network is a secure network and is a managed network,(b) the computer network is a private network, and(c) the computer network provides connectivity to one or more specified enterprise resources;
      
      determining the network species is home network if the second combination of network conditions is met, the second network condition being met if a plurality of;
      
      (a) the computer network is an insecure network and an unmanaged network,(b) the computer network provides ad hoc and/or limited connectivity between network nodes and other computer networks,(c) the computer network is a private network, and(d) the computer network is a premise network or a proximity network; and
      
      determining the network species is public place network if the third combination of network conditions is met, the third network condition being met if a plurality of;
      
      (a) the computer network is an insecure network and an unmanaged network,(b) the computer network has an associated access cost, and(c) the computer network is not a private network, is not a premise network and is not a proximity network.

17. A computerized system, comprising:
- at least one computer connected to at least one computer network;
  
  and at least one network DNA store configured to store a network DNA for at least one of said at least one computer network, the network DNA taxonomically classifying said at least one of said at least one computer network, and the network DNA comprising at least one derived network DNA component, the at least one derived network DNA component comprising a network species component configured to indicate a network species classification selected from among a plurality of network species classifications, the plurality of network species classifications including an enterprise network, a home network, and a public place network,the network species component indicating the network species is enterprise network if a first combination of attributes of the computer network is detected;
  
  the network species component indicating the network species is home network if a second combination of attributes of the computer network is detected; and
  
  the network species component indicating the network species is public place network if a third combination of attributes of the computer network is detected; and
  
  an interface configured to provide network DNA to at least one application program.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36)
- - 18. The computerized system of claim 17, wherein said at least one network DNA store comprises a current network DNA store and a network DNA history store.
  - 19. The computerized system of claim 17, further comprising a network DNA policy store configured to store at least one network DNA policy, at least one of said at least one network DNA policy referencing at least one of said at least one derived network DNA component of the network DNA.
  - 20. The computerized system of claim 19, wherein each network DNA policy comprises a derived network DNA components dependency list that lists each derived network DNA component of the network DNA referenced by the network DNA policy.
  - 21. The computerized system of claim 17, further comprising a network DNA policy enforcer configured to, at least:
    - test a network DNA policy condition of a network DNA policy for satisfaction, the network DNA policy condition referencing at least one of said at least one derived network DNA component; and
      
      initiate an execution of a network DNA policy action of the network DNA policy if the network DNA policy condition of the network DNA policy is satisfied.
  - 22. The computerized system of claim 21, wherein the network DNA policy condition of the network DNA policy is satisfied if an expression specified by the network DNA policy condition evaluates to Boolean true.
  - 23. The computerized system of claim 21, wherein the network DNA policy condition of the network DNA policy is satisfied if an expression specified by the network DNA policy condition evaluates to Boolean false.
  - 24. The computerized system of claim 21, wherein the network DNA policy condition of the network DNA policy is satisfied if evaluating an expression specified by the network DNA policy condition results in an evaluation error.
  - 25. The computerized system of claim 21, wherein the network DNA policy enforcer is further configured to, at least, test whether sufficient network DNA referenced by the network DNA policy condition of the network DNA policy has been acquired.
  - 26. The computerized system of claim 25, wherein:
    - each network DNA component is associated with a confidence level; and
      
      sufficient network DNA has been acquired for the network DNA policy if the confidence level of each network DNA component referenced by the network DNA policy condition of the network DNA policy is greater than zero.
  - 27. The computerized system of claim 25, wherein:
    - each network DNA component is associated with a confidence level; and
      
      sufficient network DNA has been acquired for the network DNA policy if the confidence level of at least one network DNA component referenced by the network DNA policy condition of the network DNA policy is greater than a sufficient network DNA acquisition threshold.
  - 28. The computerized system of claim 25, wherein:
    - each network DNA component is associated with a confidence level; and
      
      sufficient network DNA has been acquired for the network DNA policy if a statistical function of the confidence levels of each network DNA component referenced by the network DNA policy condition of the network DNA policy is greater than a sufficient network DNA acquisition threshold.
  - 29. The computerized system of claim 17, further comprising a network DNA generator configured to, at least generate said at least one derived network DNA component according to at least one derived network DNA component specification, at least one of said at least one derived network DNA component specification referencing at least one raw network DNA component of the network DNA associated with the computer network.
  - 30. The computerized system of claim 29, wherein the network DNA generator is further, at least, configured to maintain at least one derived-raw network DNA component dependency list, said at least one derived-raw network DNA component dependency list comprising, for each derived network DNA component generated by the network DNA generator, a list referencing each raw network DNA component referenced by each derived network DNA component specification associated with the derived network DNA component.
  - 31. The computerized system of claim 29, wherein the network DNA generator is further, at least, configured to generate each derived network DNA component referenced by a derived network DNA refresh list, the derived network DNA refresh list referencing each derived network DNA component dependent upon a changed raw network DNA component.
  - 32. The computerized system of claim 17, further comprising a network DNA acquirer configured to, at least, acquire a plurality of raw network DNA components in an order specified by a raw network DNA acquisition priority list, each raw network DNA component corresponding to an attribute of said at least one computer network.
  - 33. The computerized system of claim 32, wherein the order specified by the raw network DNA acquisition priority list is in accord with an ordered set of network DNA policies that reference the plurality of raw network DNA components.
  - 36. The computerized system of claim 17, wherein:
    - determining the network species is enterprise network if the first combination of attributes of the computer network is detected, the first combination of attributes of the computer network is detected if a plurality of;
      
      (a) the computer network is a secure network and is a managed network,(b) the computer network is a private network, and(c) the computer network provides connectivity to one or more specified enterprise resources;
      
      determining the network species is home network if the second combination of attributes of the computer network is detected, the second combination of attributes of the computer network is detected if a plurality of;
      
      (a) the computer network is an insecure network and an unmanaged network,(b) the computer network provides ad hoc and/or limited connectivity between network nodes and other computer networks,(c) the computer network is a private network, and(d) the computer network is a premise network or a proximity network; and
      
      determining the network species is public place network if the third combination of attributes of the computer network is detected, the third combination of attributes of the computer network is detected if a plurality of;
      
      (a) the computer network is an insecure network and an unmanaged network,(b) the computer network has an associated access cost, and(c) the computer network is not a private network, is not a premise network and is not a proximity network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Corbett, Christopher J., Khaki, Mohamed Jawad
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
Hussain, Tauqir

Application Number

US10/773,681
Publication Number

US 20050177631A1
Time in Patent Office

2,944 Days
Field of Search

709223-226
US Class Current

709/224
CPC Class Codes

H04L 41/00   Arrangements for maintenanc...

H04L 41/0233   Object-oriented techniques,...

H04L 41/0803   Configuration setting

H04L 41/0853   by actively collecting conf...

H04L 41/12   Discovery or management of ...

H04L 41/14   Network analysis or design

H04L 41/145   involving simulating, desig...

H04L 41/28   Restricting access to netwo...

H04L 43/08   Monitoring or testing based...

H04L 63/20   for managing network securi...

Network DNA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Network DNA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links