Private network request forwarding

US 10,666,620 B1
Filed: 04/30/2018
Issued: 05/26/2020
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first delivery node having a public Internet Protocol (IP) address corresponding to a public network, a request from a computing device via the public network, the request comprising a server instruction and further comprising at least one or more data packets;

determining, by the first delivery node, a first risk level for the request based upon at least one characteristic of at least one data packet;

upon the first delivery node determining that the first risk level satisfies a first risk threshold, transmitting, by the first delivery node, an authentication request to the computing device via the public network, receiving, from the computing device, authentication data inputted by the user;

upon determining, by the first delivery node, that the authentication data is correct, transmitting, by the first delivery node using the public IP address, the request to a second delivery node coupled to the public network and a private network;

determining, by the second delivery node, a second risk level for the request based upon at least one characteristic of at least one data packet; and

upon the second delivery node determining that the second risk level satisfies a second risk threshold, transmitting, by the second delivery node via the private network, the request to a server coupled only to the private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Private network request forwarding can include receiving a request from a user for Internet services over a public network. Private network request forwarding can include analyzing the request and determining whether the request is legitimate. Private network request forwarding can include forwarding the request to an entity through a private network when it is determined that the request is legitimate, wherein the user has access to the entity through a proxy.

22 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a first delivery node having a public Internet Protocol (IP) address corresponding to a public network, a request from a computing device via the public network, the request comprising a server instruction and further comprising at least one or more data packets;
  
  determining, by the first delivery node, a first risk level for the request based upon at least one characteristic of at least one data packet;
  
  upon the first delivery node determining that the first risk level satisfies a first risk threshold, transmitting, by the first delivery node, an authentication request to the computing device via the public network, receiving, from the computing device, authentication data inputted by the user;
  
  upon determining, by the first delivery node, that the authentication data is correct, transmitting, by the first delivery node using the public IP address, the request to a second delivery node coupled to the public network and a private network;
  
  determining, by the second delivery node, a second risk level for the request based upon at least one characteristic of at least one data packet; and
  
  upon the second delivery node determining that the second risk level satisfies a second risk threshold, transmitting, by the second delivery node via the private network, the request to a server coupled only to the private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the authentication request is transmitted to a second computing device.
  - 3. The method of claim 1, wherein the first risk level is determined based on a user operating the computing device.
  - 4. The method of claim 1, wherein the first risk level is determined based upon at least one of origin of the one or more data packets, historical trends associated with the one or more data packets, an expired token associated with at least one data packet, and missing header elements in at least one data packet.
  - 5. The method of claim 1, wherein the authentication request is a two-factor authentication.
  - 6. The method of claim 1, wherein the first risk level is determined upon one or more characteristic of a user operating the computing device.
  - 7. The method of claim 1, wherein the first risk level is determined upon one or more previous transactions associated with a user operating the computing device.
  - 8. The method of claim 1, wherein the first risk level is determined upon a characteristic of the request being associated with a risky request associated with a third-party network.

9. A content delivery system comprising:
- a public network having a public Internet Protocol,a private network having a private Internet Protocol,a first delivery node, wherein the first delivery node is coupled to the public network and has a public Internet Protocol (IP) address corresponding to the public network and is configured to;
  
  receive a request from a computing device via the public network, the request comprising a server instruction and further comprising at least one or more data packets;
  
  determine a first risk level for the request based upon at least one characteristic of at least one data packet; and
  
  upon determining that the first risk level satisfies a first risk threshold, transmitting, an authentication request to the computing device via the public network;
  
  upon transmitting the authentication request, receiving, from the computing device, authentication data inputted by the user;
  
  upon determining that the authentication data is correct, transmit, using the public IP address, the request to a second delivery node coupled to the public network and the private network; and
  
  the second delivery node and a server, wherein the second delivery node and the server are coupled to the private network, and wherein the second delivery node is configured to;
  
  determine a second risk level for the request based upon at least one characteristic of at least one data packet; and
  
  upon the second delivery node determining that the second risk level satisfies a second risk threshold, transmit the request to the server, whereby the server responds to the server instruction.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The content delivery system of claim 9, wherein the authentication request is transmitted to a second computing device.
  - 11. The content delivery system of claim 9, wherein the first risk level is determined based on a user operating the computing device.
  - 12. The content delivery system of claim 9, wherein the first risk level is determined based upon at least one of origin of the one or more data packets, historical trends associated with the one or more data packets, an expired token associated with at least one data packet, and missing header elements in at least one data packet.
  - 13. The content delivery system of claim 9, wherein the authentication request is a two-factor authentication.
  - 14. The content delivery system of claim 9, wherein the first risk level is determined upon one or more characteristic of a user operating the computing device.
  - 15. The content delivery system of claim 9, wherein the first risk level is determined upon one or more previous transactions associated with a user operating the computing device.
  - 16. The content delivery system of claim 9, wherein the first risk level is determined upon a characteristic of the request being associated with a risky request associated with a third-party network.

17. A computer system comprising:
- a plurality of delivery nodes associated with a content delivery entity, each delivery node comprising a memory and a processing unit coupled to the memory,wherein the processing unit of a first delivery node of the plurality of delivery nodes is coupled to a public network having a public Internet Protocol, the first delivery node having a public Internet Protocol (IP) address corresponding to the public network and configured to;
  
  receive a request from a computing device via the public network, the request comprising a server instruction and further comprising at least one or more data packets;
  
  determine a first risk level for the request based upon at least one characteristic of at least one data packet; and
  
  upon determining that the first risk level satisfies a first risk threshold, transmitting, an authentication request to the computing device via the public network,upon transmitting the authentication request, receiving, from the computing device, authentication data inputted by the user;
  
  upon determining that the authentication data is correct, transmit, using the public IP address, the request to a second delivery node coupled to the public network and a private network;
  
  wherein the processing unit of a second delivery node of the plurality of delivery nodes is coupled to the private network having a private Internet Protocol, the second delivery node configured to;
  
  determine a second risk level for the request based upon at least one characteristic of at least one data packet; and
  
  upon the second delivery node determining that the second risk level satisfies a second risk threshold, transmit the request to a server, whereby the server responds to the server instruction.
- View Dependent Claims (18, 19, 20)
- - 18. The computer system of claim 17, wherein the authentication request is transmitted to a second computing device.
  - 19. The computer system of claim 17, wherein the first risk level is determined based on a user operating the computing device.
  - 20. The computer system of claim 17, wherein the first risk level is determined based upon at least one of origin of the one or more data packets, historical trends associated with the one or more data packets, an expired token associated with at least one data packet, and missing header elements in at least one data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Clemons, Donald E., Wilkinson, Christopher Thomas
Primary Examiner(s)
Bechtel, Kevin

Application Number

US15/967,212
Time in Patent Office

757 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

H04L 67/561   Adding application-function...

H04L 69/22   Parsing or analysis of headers

Private network request forwarding

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Private network request forwarding

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links