Network services platform

US 8,230,071 B1
Filed: 06/28/2010
Issued: 07/24/2012
Est. Priority Date: 06/28/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of using a services platform to provide a network service to a remote enterprise network, comprising:

using a computer to perform steps comprising;

providing a control module to an endpoint of the remote enterprise network;

establishing an Internet Protocol (IP) tunnel between the services platform and the endpoint responsive to execution of the control module on the endpoint;

establishing a bridge between the IP tunnel and the enterprise network responsive to the execution of the control module on the endpoint;

allocating a unique private IP address space to the enterprise network;

inventorying the enterprise network to identify a plurality of endpoints on the enterprise network, ones of the plurality of endpoints identified with enterprise network IP addresses in an enterprise address space;

assigning services platform IP addresses within the unique private IP address space to identified ones of the plurality of endpoints;

translating IP addresses in network traffic received by the services platform from the enterprise network via the IP tunnel from enterprise network IP addresses to corresponding services platform IP addresses;

translating IP addresses in network traffic destined from the services platform to the enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses; and

providing the network service to the enterprise network via the IP tunnel and bridge.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network services platform provides services to remote enterprise networks. The services platform provides a control module to a computer in the enterprise network. The control module executes on the computer and interacts with the services platform to establish an Internet Protocol (IP) tunnel between the services platform and the computer. The control module also establishes a bridge between the IP tunnel and the enterprise network. The services platform allocates a unique private IP address space to the enterprise network, and translates IP addresses in network communications between enterprise network addresses and corresponding services platform addresses in the allocated unique private address space. The services platform provides network services to the enterprise network via the IP tunnel and bridge.

21 Citations

View as Search Results

17 Claims

1. A computer-implemented method of using a services platform to provide a network service to a remote enterprise network, comprising:
- using a computer to perform steps comprising;
  
  providing a control module to an endpoint of the remote enterprise network;
  
  establishing an Internet Protocol (IP) tunnel between the services platform and the endpoint responsive to execution of the control module on the endpoint;
  
  establishing a bridge between the IP tunnel and the enterprise network responsive to the execution of the control module on the endpoint;
  
  allocating a unique private IP address space to the enterprise network;
  
  inventorying the enterprise network to identify a plurality of endpoints on the enterprise network, ones of the plurality of endpoints identified with enterprise network IP addresses in an enterprise address space;
  
  assigning services platform IP addresses within the unique private IP address space to identified ones of the plurality of endpoints;
  
  translating IP addresses in network traffic received by the services platform from the enterprise network via the IP tunnel from enterprise network IP addresses to corresponding services platform IP addresses;
  
  translating IP addresses in network traffic destined from the services platform to the enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses; and
  
  providing the network service to the enterprise network via the IP tunnel and bridge.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the control module is provided from the services platform to the endpoint responsive to a request for the network service from a user of the endpoint.
  - 3. The computer-implemented method of claim 1, wherein the tunnel is formed at a layer of an Open Systems Interconnection model.
  - 4. The computer-implemented method of claim 1, wherein establishing the bridge comprises the control module using packet injection at the endpoint to inject packets from the IP tunnel to the enterprise network, the packets injected to the enterprise network appearing to originate from the endpoint, and the control module sending packets from the enterprise network received by the endpoint through the IP tunnel.
  - 5. The computer-implemented method of claim 1, wherein the services platform provides network services to a plurality of remote enterprise networks and wherein a different unique private IP address space is allocated to each of the plurality of enterprise networks.
  - 6. The computer-implemented method of claim 1, wherein providing the network service to the enterprise network comprises providing one or more network services from the set consisting of:
    - vulnerability management, configuration auditing, file integrity monitoring, and compliance auditing.

7. A services platform for providing a network service to a remote enterprise network comprising:
- a non-transitory computer-readable storage medium storing executable computer program modules; and
  
  a computer processor for executing the computer program modules for performing steps comprising;
  
  providing a control module to an endpoint of the remote enterprise network;
  
  establishing an Internet Protocol (IP) tunnel between the services platform and the endpoint responsive to execution of the control module on the endpoint;
  
  establishing a bridge between the IP tunnel and the enterprise network responsive to the execution of the control module on the endpoint;
  
  allocating a unique private IP address space to the enterprise network;
  
  inventorying the enterprise network to identify a plurality of endpoints on the enterprise network, ones of the plurality of endpoints identified with enterprise network IP addresses in an enterprise address space;
  
  assigning services platform IP addresses within the unique private IP address space to identified ones of the plurality of endpoints;
  
  translating IP addresses in network traffic received by the services platform from the enterprise network via the IP tunnel from enterprise network IP addresses to corresponding services platform IP addresses;
  
  translating IP addresses in network traffic destined from the services platform to the enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses; and
  
  providing the network service to the enterprise network via the IP tunnel and bridge.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The services platform of claim 7, wherein the control module is provided from the services platform to the endpoint responsive to the request for network service from a user of the endpoint.
  - 9. The services platform of claim 7, wherein the tunnel is formed at a layer of an Open Systems Interconnection model.
  - 10. The services platform of claim 7, wherein establishing the bridge comprises the control module using packet injection at the endpoint to inject packets from the IP tunnel to the enterprise network, the packets injected to the enterprise network appearing to originate from the endpoint, and the control module sending packets from the enterprise network received by the endpoint through the IP tunnel.
  - 11. The services platform of claim 7, wherein the services platform provides network services to a plurality of remote enterprise networks and wherein a different unique private IP address space is allocated to each of the plurality of enterprise networks.
  - 12. The services platform of claim 7, wherein providing the network service to the enterprise network comprises providing one or more network services from the set consisting of:
    - vulnerability management, configuration auditing, file integrity monitoring, and compliance auditing.

13. A non-transitory computer-readable storage medium storing executable computer program modules for enabling a services platform to provide a network service to a remote enterprise network, the modules executable to perform steps comprising:
- providing a control module to an endpoint of the remote enterprise network;
  
  establishing an Internet Protocol (IP) tunnel between the services platform and the endpoint responsive to execution of the control module on the endpoint;
  
  establishing a bridge between the IP tunnel and the enterprise network responsive to the execution of the control module on the endpoint;
  
  allocating a unique private IP address space to the enterprise network;
  
  inventorying the enterprise network to identify a plurality of endpoints on the enterprise network, ones of the plurality of endpoints identified with enterprise network IP addresses in an enterprise address space;
  
  assigning services platform IP addresses within the unique private IP address space to identified ones of the plurality of endpoints;
  
  translating IP addresses in network traffic received by the services platform from the enterprise network via the IP tunnel from enterprise network IP addresses to corresponding services platform IP addresses;
  
  translating IP addresses in network traffic destined from the services platform to the enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses; and
  
  providing the network service to the enterprise network via the IP tunnel and bridge.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the IP tunnel is created responsive to a request for a network service from a user of the enterprise.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the tunnel is formed at a layer of an Open Systems Interconnection model.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein establishing the bridge comprises using packet injection at the endpoint to inject packets from the IP tunnel to the enterprise network, the packets injected to the enterprise network appearing to originate from the endpoint, and the control module sending packets from the enterprise network received by the endpoint through the IP tunnel.
  - 17. The computer-readable storage medium of claim 13, wherein the network service comprises a network service from the set consisting of:
    - vulnerability management, configuration auditing, file integrity monitoring, and compliance auditing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
nCircle Network Security, Inc. (Belden Inc.)
Inventors
Keanini, Timothy D., Quilter, Alexander L., Lavery, Oliver, Meltzer, David J.
Primary Examiner(s)
Nguyen, Quang N.

Application Number

US12/825,305
Time in Patent Office

757 Days
Field of Search

709/217, 709/218, 709/223, 370/254, 370/316, 370/389
US Class Current

709/226
CPC Class Codes

H04L 2101/668   Internet protocol [IP] addr...

H04L 41/50   Network service management,...

H04L 61/2503   Translation of Internet pro...

H04L 61/2535   Multiple local networks, e....

H04L 61/2592   using tunnelling or encapsu...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/029   Firewall traversal, e.g. tu...

Network services platform

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Network services platform

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others