Network services platform

US 9,197,604 B1
Filed: 10/24/2014
Issued: 11/24/2015
Est. Priority Date: 06/28/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of using a services platform to provide a network service to a remote enterprise network, comprising:

establishing an Internet Protocol (IP) tunnel between the services platform and an endpoint of the remote enterprise network;

establishing a bridge between the IP tunnel and the remote enterprise network, wherein establishing the bridge comprises using packet injection to inject packets to the remote enterprise network, the packets injected to the remote enterprise network appearing to originate from the endpoint, the bridge being further configured to transfer packets from the remote enterprise network received by the endpoint through the IP tunnel;

allocating a private IP address space to the remote enterprise network;

inventorying the remote enterprise network to identify a plurality of endpoints on the remote enterprise network;

assigning service platform IP addresses within the private IP address space to ones of the plurality of endpoints; and

providing the network service to the remote enterprise network via the IP tunnel and bridge.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network services platform provides services to remote enterprise networks. The services platform provides a control module to a computer in the enterprise network. The control module executes on the computer and interacts with the services platform to establish an Internet Protocol (IP) tunnel between the services platform and the computer. The control module also establishes a bridge between the IP tunnel and the enterprise network. The services platform allocates a unique private IP address space to the enterprise network, and translates IP addresses in network communications between enterprise network addresses and corresponding services platform addresses in the allocated unique private address space. The services platform provides network services to the enterprise network via the IP tunnel and bridge.

35 Citations

View as Search Results

18 Claims

1. A computer-implemented method of using a services platform to provide a network service to a remote enterprise network, comprising:
- establishing an Internet Protocol (IP) tunnel between the services platform and an endpoint of the remote enterprise network;
  
  establishing a bridge between the IP tunnel and the remote enterprise network, wherein establishing the bridge comprises using packet injection to inject packets to the remote enterprise network, the packets injected to the remote enterprise network appearing to originate from the endpoint, the bridge being further configured to transfer packets from the remote enterprise network received by the endpoint through the IP tunnel;
  
  allocating a private IP address space to the remote enterprise network;
  
  inventorying the remote enterprise network to identify a plurality of endpoints on the remote enterprise network;
  
  assigning service platform IP addresses within the private IP address space to ones of the plurality of endpoints; and
  
  providing the network service to the remote enterprise network via the IP tunnel and bridge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the tunnel is formed at a layer of an Open Systems Interconnection model.
  - 3. The computer-implemented method of claim 1, wherein the network service is provided via the internet.
  - 4. The computer-implemented method of claim 1, further comprising providing a web page that displays the results of the network service.
  - 5. The computer-implemented method of claim 1, further comprising providing a web page that provides functionality for downloading modules to the enterprise network for implementing the tunnel and bridge.
  - 6. The computer-implemented method of claim 1, wherein the tunnel is formed at the data link layer.
  - 7. The computer-implemented method of claim 1, further comprising:
    - translating IP addresses in network traffic received by the services platform from the remote enterprise network via the IP tunnel from enterprise network IP addresses to corresponding service platform IP addresses; and
      
      translating IP addresses in network traffic destined from the services platform to the remote enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses.
  - 8. The computer-implemented method of claim 1, wherein the services platform provides network services to a plurality of remote enterprise networks and wherein a different unique private IP address space is allocated to each of the plurality of remote enterprise networks.
  - 9. The computer-implemented method of claim 1, wherein the providing the network service to the remote enterprise network comprises providing one or more of the following network services:
    - vulnerability management, configuration auditing, file integrity monitoring, or compliance auditing.

10. A non-transitory computer-readable storage medium storing computer-executable instructions which when executed by a computer cause the computer to perform a method of using a services platform to provide a network service to a remote enterprise network, the method comprising:
- establishing an Internet Protocol (IP) tunnel between the services platform and an endpoint of the remote enterprise network;
  
  establishing a bridge between the IP tunnel and the remote enterprise network, wherein establishing the bridge comprises using packet injection to inject packets to the remote enterprise network, the packets injected to the remote enterprise network appearing to originate from the endpoint, the bridge being further configured to transfer packets from the remote enterprise network received by the endpoint through the IP tunnel;
  
  allocating a private IP address space to the remote enterprise network;
  
  inventorying the remote enterprise network to identify a plurality of endpoints on the remote enterprise network;
  
  assigning service platform IP addresses within the private IP address space to ones of the plurality of endpoints; and
  
  providing the network service to the remote enterprise network via the IP tunnel and bridge.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The non-transitory computer-readable storage medium of claim 10, wherein the tunnel is formed at a layer of an Open Systems Interconnection model.
  - 12. The non-transitory computer-readable storage medium of claim 10, wherein the network service is provided via the internet.
  - 13. The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises providing a web page that displays the results of the network service.
  - 14. The non-transitory computer-readable storage medium of claim 10, wherein the method further comprises:
    - translating IP addresses in network traffic received by the services platform from the remote enterprise network via the IP tunnel from enterprise network IP addresses to corresponding service platform IP addresses; and
      
      translating IP addresses in network traffic destined from the services platform to the remote enterprise network via the IP tunnel from services platform IP addresses to corresponding IP enterprise network addresses.
  - 15. The non-transitory computer-readable storage medium of claim 10, wherein the services platform provides network services to a plurality of remote enterprise networks and wherein a different unique private IP address space is allocated to each of the plurality of remote enterprise networks.
  - 16. The non-transitory computer-readable storage medium of claim 10, wherein the providing the network service to the remote enterprise network comprises providing one or more of the following network services:
    - vulnerability management, configuration auditing, file integrity monitoring, or compliance auditing.

17. A system, comprising:
- a processor;
  
  memory storing computer-executable instructions which when executed by the processor cause the processor to perform a method of using a services platform to provide a network service to a remote enterprise network, the method comprising;
  
  establishing an Internet Protocol (IP) tunnel between the services platform and an endpoint of the remote enterprise network;
  
  establishing a bridge between the IP tunnel and the remote enterprise network, wherein establishing the bridge comprises using packet injection to inject packets to the remote enterprise network, the packets injected to the remote enterprise network appearing to originate from the endpoint, the bridge being further configured to transfer packets from the remote enterprise network received by the endpoint through the IP tunnel;
  
  allocating a private IP address space to the remote enterprise network;
  
  inventorying the remote enterprise network to identify a plurality of endpoints on the remote enterprise network;
  
  assigning service platform IP addresses within the private IP address space to ones of the plurality of endpoints; and
  
  providing the network service to the remote enterprise network via the IP tunnel and bridge.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the providing the network service to the remote enterprise network comprises providing one or more of the following network services:
    - vulnerability management, configuration auditing, file integrity monitoring, or compliance auditing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
Quilter, Alexander L., Lavery, Oliver, Meltzer, David J., Keanini, Timothy D.
Primary Examiner(s)
Nguyen, Quang N

Application Number

US14/522,979
Time in Patent Office

396 Days
Field of Search

709/223, 709/224, 709/226, 709/227, 709/228, 709/230, 709/232, 709/238, 709/245, 709/246, 726/4, 370/331, 370/338
US Class Current

1/1
CPC Class Codes

H04L 2101/668   Internet protocol [IP] addr...

H04L 41/50   Network service management,...

H04L 61/2503   Translation of Internet pro...

H04L 61/2535   Multiple local networks, e....

H04L 61/2592   using tunnelling or encapsu...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/029   Firewall traversal, e.g. tu...

Network services platform

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network services platform

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others