Trusted network interface

US 8,627,060 B2
Filed: 04/28/2009
Issued: 01/07/2014
Est. Priority Date: 04/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances, comprising:

receiving, at a management system, warrant information that is derived from a judicial warrant, and comprises;

a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack;

an approval from the judicial warrant to execute the judicially executable action; and

an identification of at least some of the plurality of network security appliances each to execute the judicially executable action;

wherein the judicial warrant satisfies legal requirements approving an act to be performed;

generating a control command instructing the at least some of the plurality of network security appliances identified in the warrant information to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action;

digitally signing the control command with a digital certificate associated with the management system;

encrypting the digitally signed control command;

transmitting the digitally signed and encrypted control command to the at least some of the plurality of network security appliances identified in the warrant information; and

receiving confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for combating and thwarting attacks by cybercriminals are provided. Network security appliances interposed between computer systems and public networks, such as the Internet, are configured to perform defensive and/or offensive actions against botnets and/or other cyber threats. According to some embodiments, network security appliances may be configured to perform coordinated defensive and/or offensive actions with other network security appliances.

Citations

22 Claims

1. A method for operating a trusted network interface for monitoring network traffic passing through a plurality of network security appliances, comprising:
- receiving, at a management system, warrant information that is derived from a judicial warrant, and comprises;
  
  a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack;
  
  an approval from the judicial warrant to execute the judicially executable action; and
  
  an identification of at least some of the plurality of network security appliances each to execute the judicially executable action;
  
  wherein the judicial warrant satisfies legal requirements approving an act to be performed;
  
  generating a control command instructing the at least some of the plurality of network security appliances identified in the warrant information to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action;
  
  digitally signing the control command with a digital certificate associated with the management system;
  
  encrypting the digitally signed control command;
  
  transmitting the digitally signed and encrypted control command to the at least some of the plurality of network security appliances identified in the warrant information; and
  
  receiving confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the warrant information received at the management system is digitally signed and encrypted by a judicial control system that stores and authenticates the warrant information.
  - 3. The method of claim 2 further comprising;
    - receiving, at the judicial control system, an audit request from a public audit system; and
      
      in response to the audit request, providing audit information from the judicial control system to the public audit system.
  - 4. The method of claim 3 wherein the audit request is digitally signed and encrypted by the public audit system, and wherein the audit information is digitally signed and encrypted by the judicial control system.
  - 5. The method of claim 1 wherein the network security appliance is interposed between a computer system and a public network, and wherein all network traffic between the computer system and the public network passes through the network security appliance.
  - 6. The method of claim 1 wherein the warrant information specifies an identifier associated with the network security appliance that uniquely identifies the network security appliance.
  - 7. The method of claim 6 wherein the identifier associated with the network security appliance is an internet protocol (IP) address of the computer system associated with the network security appliance.
  - 8. The method of claim 1 wherein the judicially executable action includes providing data traffic information gathered by the security appliance to the management system.
  - 9. The method of claim 1 wherein the judicially executable action includes providing a copy of data traffic passing through the security appliance to the management system.
  - 10. The method of claim 1 wherein the judicially executable action includes performing one or more justifiable preventative measures that would otherwise be legally disallowed without the approval in the warrant information.
  - 11. The method of claim 1 wherein the judicially executable action includes performing one or more justifiable proactive measures that would otherwise be legally disallowed without the approval in the warrant information.

12. A computer network comprising:
- a plurality of network security appliances, each network security appliance being interposed between a computer system and a public network;
  
  a management system configured to transmit control commands to the plurality of network security appliances via a public network;
  
  a judicial control system configured to;
  
  receive warrant information that is derived from a judicial warrant, and comprises;
  
  a judicially executable action that is executable only with approval, wherein the judicially executable action includes authorization for participating in a denial of service attack;
  
  an approval from the judicial warrant to execute the judicially executable action; and
  
  an identification of at least some of the plurality of network security appliances to execute the judicially executable action;
  
  wherein the judicial warrant satisfies legal requirements approving an act to be performed;
  
  digitally sign and encrypt the warrant information; and
  
  transmit the digitally signed and encrypted warrant information to the management system;
  
  wherein the management system is configured to transmit a control command to the at least some of the plurality of network security appliances identified in the warrant information received from the judicial control system, the control command instructing the at least some of the plurality of network security appliances to execute the judicially executable action in an orchestrated manner according to a coordinated plan of action; and
  
  wherein the management system is configured to receive confirmation from the at least some of the plurality of network security appliances that the judicially executable action has been executed.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The computer network of claim 12 further comprising:
    - a public audit system configured to transmit an audit request to the judicial control system; and
      
      wherein the judicial control system is further configured to receive the audit request from the public audit system and to provide audit information to the public audit system in response to the audit request.
  - 14. The computer network of claim 13 wherein the audit request is digitally signed and encrypted by the public audit system, and wherein the audit information is digitally signed and encrypted by the judicial control system.
  - 15. The computer network of claim 12 wherein all network traffic between the computer system and the public network that the network security appliance is interposed between passes through the network security appliance.
  - 16. The computer network of claim 12 wherein the warrant information specifies an identifier associated with the network security appliance that uniquely identifies the network security appliance.
  - 17. The computer network of claim 16 wherein the identifier associated with the network security appliance is an internet protocol (IP) address of the computer system associated with the network security appliance.
  - 18. The computer network of claim 12 wherein the judicially executable action includes providing data traffic information gathered by the security appliance to the management system.
  - 19. The computer network of claim 12 wherein the judicially executable action includes providing a copy of data traffic passing through the security appliance to the management system.
  - 20. The computer network of claim 12 wherein the judicially executable action includes performing one or more justifiable preventative measures that would otherwise be legally disallowed without the approval in the warrant information.
  - 21. The computer network of claim 12 wherein the judicially executable action includes performing one or more justifiable proactive measures that would otherwise be legally disallowed without the approval in the warrant information.

22. A method for preventing malicious cyber-attacks, the method comprising:
- receiving, at a management system, warrant information that is derived from a judicial warrant, wherein the judicial warrant satisfies legal requirements approving an act to be performed, said act to be performed only with approval, wherein the judicial warrant comprises an approval to order a plurality of network security appliances to perform a denial of service attack carried out according to a coordinated plan of action, wherein each of the plurality of network security appliances;
  
  is interposed between a computer system and a public network; and
  
  is configured to monitor data passing between the computer system and the public network; and
  
  wherein the denial of service attack prevents at least some data from passing between at least one of the computers and the public network that at least one of the plurality of network security appliances is interposed between;
  
  instructing, in an orchestrated manner and from the management system, the plurality of network security appliances to carry out the denial of service attack in a manner consistent with the warrant information, wherein instructing in an orchestrated manner comprises;
  
  generating a control command instructing the plurality of network security appliances to perform the denial of service attack;
  
  encrypting the digitally signed control command; and
  
  transmitting the digitally signed and encrypted control command to the plurality of network security appliances; and
  
  receiving confirmation from at least some of the plurality of network security appliances that the denial of service attack has been performed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Hart, Steven R.
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Ho, Thomas

Application Number

US12/431,160
Publication Number

US 20090300353A1
Time in Patent Office

1,715 Days
Field of Search

713/176, 713/153, 713/156, 726/22
US Class Current

713/153
CPC Class Codes

H04L 2463/144   Detection or countermeasure...

H04L 43/00   Arrangements for monitoring...

H04L 63/0218   Distributed architectures, ...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Trusted network interface

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted network interface

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links