System and method for providing network and computer firewall protection with dynamic address isolation to a device
DC CAFCFirst Claim
1. A computer, comprising:
- a processor and memory;
an application associated with an application address;
a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network;
a network address translation engine configured to translate between the application address and a public address; and
a driver coupled to the network interface, the driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address;
the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a mobile device security policy, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the mobile device security policy.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.
69 Citations
19 Claims
-
1. A computer, comprising:
-
a processor and memory; an application associated with an application address; a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network; a network address translation engine configured to translate between the application address and a public address; and a driver coupled to the network interface, the driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address; the driver coupled to transmit the incoming data packets to a firewall configured to reject the incoming data packets if the incoming data packets include malicious content according to a mobile device security policy, and allow the incoming data packets to be forwarded to the application if the incoming data packets do not include malicious content according to the mobile device security policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
a network interface coupled to an external network; a firewall in communication with the network interface, the firewall configured to handle both network-level security and application-level security; a computer in communication with the firewall, the computer having one or more applications, each of the one or more applications associated with at least one application address, and the computer being configured to send to the firewall data packets identifying the one or more applications to the firewall; and a network address translation engine configured to translate the at least one application address of the one or more applications to a public address, thereby dynamically isolating the one or more applications from the external network; the firewall being configured to; reject the data packets if the data packets include malicious content according to a mobile device security policy; and allow the data packets to pass to the one or more applications if the data packets do not include malicious content according to the mobile device security policy. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method within a personal computer of processing incoming data associated with a public address, the method comprising:
-
receiving the incoming data from an external network; translating the public address of the incoming data into an internal address associated with an application; providing the incoming data to a firewall on a mobile security device coupled to the personal computer; receiving an analysis, based on a mobile device security policy implemented on the firewall, of the incoming data for malicious code; routing the analyzed data to the application if the analyzed data does not comprise the malicious code; rejecting the analyzed data if the analyzed data includes the malicious code according to the mobile device security policy; and allowing the analyzed data to pass to the application if the analyzed data does not include the malicious code according to the mobile device security policy. - View Dependent Claims (14, 15)
-
-
16. A method within a computer of processing outgoing data, the method comprising:
-
receiving the outgoing data from an application, the application being associated with an internal address; translating, using a network address translation engine within the computer, the internal address into a public address; routing, using a driver within the computer, at least a subset of the outgoing data to an external network using the public address, thereby dynamically isolating the internal address from the external network; and providing, using a network interface within the computer, the subset of the outgoing data to the external network. - View Dependent Claims (17, 18, 19)
-
Specification