Geographic filter for regulating inbound and outbound network communications
First Claim
Patent Images
1. A device for filtering geographic country of origin information transmitting on a network comprising:
- a first network object capable of receiving information from or transmitting information to a second network object;
a geographic filtering engine wherein all communication between said first network object and said second network object must pass through said geographic filter engine, comprising;
a configuration post-processing engine wherein at least one algorithm is applied to at least one geographic country of origin association between a network protocol attribute and geographic country of origin location;
a rules abstraction module wherein;
a memory structure stores a set of persistent geographic country of origin associations; and
at least one compact representation of a security assertion is derived from said set of persistent geographic country of origin associations;
an associative module performing at least one data process operating to associate a geographic country of origin location pertaining to each network protocol attribute;
a dispatch module wherein at least one network protocol attribute of said second network object is extracted and compared to said compact representation of a security assertion and the result is provided to the geographic filter control module; and
a network filtering engine wherein a device action is triggered based on the results provided by said dispatch module, wherein the device action is selected from;
configured to allow the receipt or transmission of information between said first network object and said second network object;
configured to block the receipt or transmission of information between said first network object and said second network object;
configured to allow the receipt of information from said second network object to a third network object determined by said geographic filter engine; and
configured to allow the transmission of information from said third network object to said second network object determined by said geographic filter engine.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for regulating and analyzing inbound and outbound communications in and between computer networks on the basis of geographic security assertions are provided. Geographic information is collected, optimized, and shared between network objects to enforce network access control on the basis of configurable security assertions. Security assertions are configured and metrics displayed using maps and other geographic data in a graphical user interface.
-
Citations
20 Claims
-
1. A device for filtering geographic country of origin information transmitting on a network comprising:
-
a first network object capable of receiving information from or transmitting information to a second network object; a geographic filtering engine wherein all communication between said first network object and said second network object must pass through said geographic filter engine, comprising; a configuration post-processing engine wherein at least one algorithm is applied to at least one geographic country of origin association between a network protocol attribute and geographic country of origin location; a rules abstraction module wherein; a memory structure stores a set of persistent geographic country of origin associations; and at least one compact representation of a security assertion is derived from said set of persistent geographic country of origin associations; an associative module performing at least one data process operating to associate a geographic country of origin location pertaining to each network protocol attribute; a dispatch module wherein at least one network protocol attribute of said second network object is extracted and compared to said compact representation of a security assertion and the result is provided to the geographic filter control module; and a network filtering engine wherein a device action is triggered based on the results provided by said dispatch module, wherein the device action is selected from; configured to allow the receipt or transmission of information between said first network object and said second network object; configured to block the receipt or transmission of information between said first network object and said second network object; configured to allow the receipt of information from said second network object to a third network object determined by said geographic filter engine; and configured to allow the transmission of information from said third network object to said second network object determined by said geographic filter engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification