Surround security system

US 8,595,820 B1
Filed: 09/10/2010
Issued: 11/26/2013
Est. Priority Date: 12/17/2003
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a processor to;

transfer a plurality of packets from a network interface to a TCP/IP stack of a computer system at least in part by screening the plurality of packets for acceptability utilizing one or more packet enforcement evaluators, the plurality of packets comprising one or more packets from a virtual private network connection, the processor further to decrypt the one or more packets from the virtual private network utilizing the one or more packet enforcement evaluators;

transfer one or more of the plurality of packets from the TCP/IP stack to one or more application programming interfaces for a respective one or more applications of the computer system at least in part by screening individual packets of the plurality of packets for acceptability utilizing one or more application sensitive filters related to the respective one or more applications;

verify integrity of one or more files related to the one or more applications and/or one or more operating systems; and

determine whether one or more patches are available for the one or more applications and/or the one or more operating systems.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A surround security system which screens packets transitioning a TCP/IP stack of a computer system from being broadcast over a network or being communicated to applications installed on the computer system. The surround security system may further include protections for the operating system, applications and security configurations.

70 Citations

View as Search Results

20 Claims

1. An apparatus, comprising:
- a processor to;
  
  transfer a plurality of packets from a network interface to a TCP/IP stack of a computer system at least in part by screening the plurality of packets for acceptability utilizing one or more packet enforcement evaluators, the plurality of packets comprising one or more packets from a virtual private network connection, the processor further to decrypt the one or more packets from the virtual private network utilizing the one or more packet enforcement evaluators;
  
  transfer one or more of the plurality of packets from the TCP/IP stack to one or more application programming interfaces for a respective one or more applications of the computer system at least in part by screening individual packets of the plurality of packets for acceptability utilizing one or more application sensitive filters related to the respective one or more applications;
  
  verify integrity of one or more files related to the one or more applications and/or one or more operating systems; and
  
  determine whether one or more patches are available for the one or more applications and/or the one or more operating systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the one or more packet enforcement evaluators comprises one or more of a network firewall, a network intrusion detection system, a packet filter, and/or a session monitor.
  - 3. The apparatus of claim 1, wherein the one or more application sensitive filters comprises one or more of an application firewall, an application intrusion detection system, a content filter, and/or a uniform resource locator (URL) blocking engine.
  - 4. The apparatus of claim 1, the processor to verify the integrity of the one or more files related to the one or more applications and/or operating systems at least in part by verifying that a usage of the one or more files is commensurate with an expected usage of one or more legitimate applications and/or operating systems.
  - 5. The apparatus of claim 1, the processor further to verify that configurable settings for the computer system provide a selected level of security.
  - 6. The apparatus of claim 5, the processor to verify that configurable settings for the computer system provide the selected level of security at least in part by determining whether a password policy is adhered to by one or more users of the computer system.
  - 7. The apparatus of claim 1, the processor further to screen the plurality of packets for acceptability at least in part by discarding one or more packets that fail the screening.
  - 8. The apparatus of claim 1, the processor to determine whether the one or more patches are available for the one or more applications and/or operating systems at least in part by periodically initiating an updater operation.
  - 9. The apparatus of claim 1, the processor to determine whether the one or more patches are available for the one or more applications and/or operating systems at least in part by initiating an updater operation in response to an interaction with a server computer system.
  - 10. The apparatus of claim 1, wherein the apparatus comprises a special purpose security appliance.

11. A method, comprising:
- transferring a plurality of packets from a network interface component of a computing platform to a TCP/IP stack in a memory of the computer system utilizing a processor of the computing platform at least in part by screening the plurality of packets for acceptability according to one or more packet enforcement evaluators, the plurality of packets comprising one or more packets from a virtual private network connection to be decrypted according to the one or more packet enforcement evaluators;
  
  transferring one or more of the plurality of packets from the TCP/IP stack in a memory of the computing platform to one or more application programming interfaces for a respective one or more applications of the computer system at least in part by screening individual packets of the plurality of packets for acceptability according to one or more application sensitive filters related to the respective one or more applications;
  
  verifying integrity of one or more files related to the one or more applications and/or one or more operating systems utilizing the processor of the computing platform; and
  
  determining whether one or more patches are available for the one or more applications and/or the one or more operating systems.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the verifying the integrity of the one or more files related to the one or more applications and/or operating systems comprises verifying that a usage of the one or more files is commensurate with an expected usage of one or more legitimate applications and/or operating systems.
  - 13. The method of claim 11, further comprising verifying that configurable settings for the computer system provide a selected level of security.
  - 14. The method of claim 11, wherein the determining whether the one or more patches are available for the one or more applications and/or operating systems comprises periodically initiating an updater operation.
  - 15. The method of claim 11, wherein the determining whether the one or more patches are available for the one or more applications and/or operating systems comprises initiating an updater operation in response to an interaction with a server computer system.

16. An article, comprising:
- a non-transitory machine-readable medium having stored thereon instructions executable by a processor of a computing platform to;
  
  transfer a plurality of packets from a network interface to a TCP/IP stack at least in part by screening the plurality of packets for acceptability according to one or more packet enforcement evaluators, the plurality of packets comprising one or more packets from a virtual private network connection to be decrypted according to the one or more packet enforcement evaluators;
  
  transfer one or more of the plurality of packets from the TCP/IP stack to one or more application programming interfaces for a respective one or more applications at least in part by screening individual packets of the plurality of packets for acceptability according to one or more application sensitive filters related to the respective one or more applications;
  
  verify integrity of one or more files related to the one or more applications and/or one or more operating systems; and
  
  determine whether one or more patches are available for the one or more applications and/or the one or more operating systems.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The article of claim 16, wherein the machine-readable medium has stored thereon further instructions executable by the processor to verify the integrity of the one or more files related to the one or more applications and/or operating systems at least in part by verifying that a usage of the one or more files is commensurate with an expected usage of one or more legitimate applications and/or operating systems.
  - 18. The article of claim 16, wherein the machine-readable medium has stored thereon further instructions executable by the processor to verify that configurable settings for the computer system provide a selected level of security.
  - 19. The article of claim 16, wherein the machine-readable medium has stored thereon further instructions executable by the processor to determine whether the one or more patches are available for the one or more applications and/or operating systems at least in part by periodically initiating an updater operation.
  - 20. The article of claim 16, wherein the machine-readable medium has stored thereon further instructions executable by the processor to determine whether the one or more patches are available for the one or more applications and/or operating systems at least in part by initiating an updater operation in response to an interaction with a server computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
RPX Corporation
Inventors
Vaidya, Vimal
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US12/879,564
Time in Patent Office

1,173 Days
Field of Search

726/13
US Class Current

726/13
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Surround security system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Surround security system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links