Method and apparatus for geographically regulating inbound and outbound network communications
First Claim
Patent Images
1. A method for a geographic country of origin filter of information transmitting on a network:
- a) a network object on which the method is embodied, which extracts a network address from Internet traffic routed or collected by said network object; and
performs at least one data lookup operation to obtain country of origin geographic information pertaining to said Internet network address;
b) configuring said geographic country of origin filter by;
Sending or receiving information used to generate a set of persistent geographic country of origin associations comprising a plurality of Internet address blocks;
Performing at least one data processing operating to associate a geographic country of origin location pertaining to each block; and
Generating at least one geographic country of origin security assertion wherein a device action is defined for at least one geographic country of origin association wherein the device action is triggered for any Internet address belonging to a defined network address block having an estimated country of origin geographic location, wherein the device action either;
Allows Internet traffic to be sent or received from said Internet address to the desired destination;
Disallows Internet traffic to be sent or received from said Internet address to the desired destination;
orMows Internet traffic to be sent or received from said Internet address to an undesired destination determined by said geographic filter;
c) Optimizing said geographic country of origin information pertaining to Internet network addresses in accordance with at least one algorithm, wherein an algorithm is applied to the plurality of geographic country of origin associations between IP address blocks and geographic country of origin locations.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for regulating and analyzing inbound and outbound communications in and between computer networks on the basis of geographic security assertions are provided. Geographic information is collected, optimized, and shared between network objects to enforce network access control on the basis of configurable security assertions. Security assertions are configured and metrics displayed using maps and other geographic data in a graphical user interface.
-
Citations
27 Claims
-
1. A method for a geographic country of origin filter of information transmitting on a network:
-
a) a network object on which the method is embodied, which extracts a network address from Internet traffic routed or collected by said network object; and
performs at least one data lookup operation to obtain country of origin geographic information pertaining to said Internet network address;b) configuring said geographic country of origin filter by; Sending or receiving information used to generate a set of persistent geographic country of origin associations comprising a plurality of Internet address blocks; Performing at least one data processing operating to associate a geographic country of origin location pertaining to each block; and Generating at least one geographic country of origin security assertion wherein a device action is defined for at least one geographic country of origin association wherein the device action is triggered for any Internet address belonging to a defined network address block having an estimated country of origin geographic location, wherein the device action either; Allows Internet traffic to be sent or received from said Internet address to the desired destination; Disallows Internet traffic to be sent or received from said Internet address to the desired destination;
orMows Internet traffic to be sent or received from said Internet address to an undesired destination determined by said geographic filter; c) Optimizing said geographic country of origin information pertaining to Internet network addresses in accordance with at least one algorithm, wherein an algorithm is applied to the plurality of geographic country of origin associations between IP address blocks and geographic country of origin locations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
15. A computer program product implementing the method of blocking incoming and outgoing network traffic from countries, geographic regions, and other entities associated with geographic regions, constituting a geographic filter, the method comprising:
-
a) Network device on which the method is embodied; b) Executing computer code for collecting geographic information in which IP address groups are associated with countries and with entities affiliated with countries; c) Executing computer code for utilizing security assertions that define network object access privileges for said countries; d) Executing computer code for redefining security assertions into a list of IP addresses that are used to enforce access control; e) Executing computer code for storing said list of IP addresses within a persistent memory structure; f) Executing computer code for examining IP network traffic, extracting IP addresses, and comparing the extracted IP addresses to a list of IP addresses and other information sources; g) Executing computer code to respond to network traffic based on the locating of an IP address within a table; and h) Executing computer code for Logging, Aggregating, and Displaying the operational attributes of a given geographic filter device and its peers.
-
Specification