Monitoring network traffic

US 9,674,142 B2
Filed: 10/20/2014
Issued: 06/06/2017
Est. Priority Date: 10/18/2013
Status: Active Grant

First Claim

Patent Images

1. A method of monitoring data traffic through a monitoring device, the method comprising:

establishing a secure channel between a user communication device and the monitoring device;

performing, by the user communication device, a first monitoring procedure for a data packet generated for transmission to a predetermined destination through a communication network; and

performing, by the user communication device, a second monitoring procedure for a data packet received through a communication network,wherein the first monitoring procedure includes;

diverting the generated data packet to the monitoring device through the secure channel; and

requesting the monitoring device to transmit the diverted data packet to the predetermined destination if the diverted data packet is a non-malicious packet;

wherein the second monitoring procedure includes;

determining whether a source address of the received data packet is an address of the monitoring device;

diverting the received data packet to the monitoring device through the secure channel and requesting the monitoring device to monitor the diverted data packet, when the source address of the received data packet is determined not to be the address of the monitoring device; and

determining the received data packet as a non-malicious packet and processing the received data packet without a data packet diverting operation, when the source address of the received data packet is determined to be the address of the monitoring device; and

wherein the monitoring device is configured to perform a monitoring operation on a received data packet and to change a source address of the received data packet to the address of the monitoring device when the received data packet is non-malicious.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure is related to monitoring data traffic of user equipment through a monitoring node. A monitoring node may receive a data packet from user equipment registered for a monitoring service through a secure channel. The monitoring node may perform a monitoring operation on the received data packet and determine whether the received data packet is a malicious packet or a non-malicious packet. When the received data packet is a non-malicious packet, the monitoring node may transmit the data packet to a destination through a communication network.

21 Citations

View as Search Results

19 Claims

1. A method of monitoring data traffic through a monitoring device, the method comprising:
- establishing a secure channel between a user communication device and the monitoring device;
  
  performing, by the user communication device, a first monitoring procedure for a data packet generated for transmission to a predetermined destination through a communication network; and
  
  performing, by the user communication device, a second monitoring procedure for a data packet received through a communication network,wherein the first monitoring procedure includes;
  
  diverting the generated data packet to the monitoring device through the secure channel; and
  
  requesting the monitoring device to transmit the diverted data packet to the predetermined destination if the diverted data packet is a non-malicious packet;
  
  wherein the second monitoring procedure includes;
  
  determining whether a source address of the received data packet is an address of the monitoring device;
  
  diverting the received data packet to the monitoring device through the secure channel and requesting the monitoring device to monitor the diverted data packet, when the source address of the received data packet is determined not to be the address of the monitoring device; and
  
  determining the received data packet as a non-malicious packet and processing the received data packet without a data packet diverting operation, when the source address of the received data packet is determined to be the address of the monitoring device; and
  
  wherein the monitoring device is configured to perform a monitoring operation on a received data packet and to change a source address of the received data packet to the address of the monitoring device when the received data packet is non-malicious.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the establishing comprises:
    - establishing a virtual private network (VPN) channel, as the secure channel, to the monitoring device; and
      
      wherein the diverting includes;
      
      encapsulating the generated data packet or the received data packet based on a VPN protocol; and
      
      transmitting the encapsulated data packet to the monitoring device through the VPN channel.
  - 3. The method of claim 1, wherein the first monitoring procedure further includes:
    - receiving an informing message from the monitoring device when the diverted data packet is a malicious packet and terminated.

4. A method of monitoring data traffic through a monitoring device, the method comprising:
- receiving, by a user communication device, a data packet from at least one of a third-party device and the monitoring device through a communication network;
  
  determining, by the user communication device, whether a source address of the received data packet is an address of the monitoring device;
  
  diverting, by the user communication device, the received data packet to the monitoring device through a secure channel established between the user communication device and the monitoring device when the source address of the received data packet is determined not to be the address of the monitoring device;
  
  requesting, by the user communication device, the monitoring device to monitor the diverted data packet; and
  
  determining, by the user communication device, the received data packet as a non-malicious packet and processing, by the user communication device, the received data packet without the diverting the received data packet to the monitoring device, when the source address of the received data packet is determined to be the address of the monitoring device,wherein the monitoring device is configured to perform a monitoring operation on a received data packet and to change a source address of the received data packet to the address of the monitoring device when the received data packet is non-malicious.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, wherein the diverting comprises:
    - encapsulating the received data packet and transmitting the encapsulated data packet to the monitoring device when the source address is determined not to be the address of the monitoring device.
  - 6. The method of claim 4, further comprising:
    - receiving an encapsulated packet from the monitoring device in response to the requesting the monitoring device to monitor the diverted data packet when the diverted data packet is a non-malicious data packet; and
      
      decapsulating the encapsulated packet and processing the decapsulated packet.
  - 7. The method of claim of claim 4, further comprising:
    - receiving an informing message from the monitoring device in response to the requesting the monitoring device to monitor the diverted data packet when the diverted data packet is a malicious data packet.

8. A method of monitoring data traffic associated with a user communication device, the method comprising:
- receiving, by a monitoring device, a data packet from the user communication device registered for a monitoring service through a secure channel established between the user communication device and the monitoring device;
  
  performing, by the monitoring device, a monitoring operation on the received data packet;
  
  determining, by the monitoring device, whether the received data packet is a malicious packet or a non-malicious packet;
  
  changing, by the monitoring device, a source address of the received data packet to an address of the monitoring device when the received data packet is the non-malicious packet; and
  
  transmitting, by the monitoring device, the changed data packet to the user communication device or a predetermined destination of the received data packet,wherein the transmitting includes;
  
  when the received data packet is a data packet which is received by the user communication device from a third-party device other than the monitoring device through a communication network and diverted to the monitoring device by the user communication device,transmitting the changed data packet to the user communication device through the secure channel; and
  
  wherein the user communication device is configured (i) to receive a data packet, and (ii) to determine the received data packet as a non-malicious packet and to process the received data packet without a data packet diverting operation, when a source address of the received data packet is the address of the monitoring device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The method of claim 8, wherein the receiving of the monitoring device comprises:
    - receiving an encapsulated data packet, as the received data packet, through a virtual private network (VPN) channel, as the secure channel; and
      
      decapsulating the received encapsulated data packet using a predetermined description key.
  - 10. The method of claim 8, wherein the performing the monitoring operation comprises:
    - performing a firewall operation on the received data packet to determine whether the received data packet is generated and has contents in accordance with a predetermined security policy.
  - 11. The method of claim 8, wherein the performing the monitoring operation comprises:
    - performing a harmful site blocking operation on the received data packet to determine whether the receive data packet is associated with a harmful site based on at least one of a destination address and a source address of the received data packet.
  - 12. The method of claim 11, wherein the performing a harmful site blocking operation comprises:
    - identifying at least one of a source address and a destination address of the received data packet;
      
      discovering a site associated with at least one of the source address and the destination address; and
      
      determining whether the discovered site is a harmful site,wherein, when the discovered site is the harmful site, determining the received packet is a malicious packet.
  - 13. The method of claim 12, wherein the determining comprises:
    - transmitting a request message to an associated server with information on the discovered site and/or the identified at least one of the source address and the destination address; and
      
      receiving a response message from the associated server as a result of determining whether the discovered site is a harmful site.
  - 14. The method of claim 12, wherein the determining comprises:
    - transmitting a request message to an associated server with information on the discovered site and/or the identified at least one of the source address and the destination address;
      
      receiving a restriction level of the discovered site from the associated server; and
      
      determining whether the discovered site is allowed to access based on the received restriction level of the discovered site.
  - 15. The method of claim 8, comprising:
    - when the received packet is the non-malicious packet,storing information on the changed source address, the source address before the change, a destination address of the received packet, and information on the associated user communication device in an address mapping table.
  - 16. The method of claim 15, the transmitting includes:
    - when the received data packet is the data packet received from the third-party device through the communication network,encapsulating the data packet with the address changed; and
      
      transmitting the encapsulated data packet to the user communication device through the secure channel.
  - 17. The method of claim 15, the transmitting includes:
    - when the received data packet is a data packet which is generated and diverted by the user communication device for transmission to the predetermined destination,transmitting the data packet to the predetermined destination through the communication network.
  - 18. The method of claim 8, comprising:
    - when the received packet is the malicious packet, terminating the data packet; and
      
      transmitting an informing message to the user communication device through the secure channel.
  - 19. The method of claim 8, comprising:
    - receiving a data packet from other party through a communication network;
      
      identifying a source address of the data packet;
      
      detecting a user communication device associated with the identified source address based on a mapping table;
      
      determining whether the received data packet is a malicious data packet; and
      
      transmitting the received data packet to the detected user communication device through a secure channel when the received packet is not a malicious data packet, otherwise, terminating the received data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KT Corporation
Original Assignee
KT Corporation
Inventors
Park, Tae-Min, Kim, Bong-Ki, Jeong, Hyun-Ho, Hwang, Young-Hun
Primary Examiner(s)
King, John B

Application Number

US14/518,011
Publication Number

US 20150113629A1
Time in Patent Office

960 Days
Field of Search

726 11- 15, 726 22- 24, 713153, 713154
US Class Current
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/1408   by monitoring network traff...

Monitoring network traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Monitoring network traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others