System and method for implementing network security policies on a common network infrastructure
First Claim
1. A secure network configured to carry data, comprising:
- a plurality of network bubbles, each network bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of network bubbles have the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each of the plurality of bubble partitions is connected to at least one network control point to form a bubble boundary, the network control point is used to provide a connection between any two network devices, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network bubble that is connected to the network control point device.
8 Assignments
0 Petitions
Accused Products
Abstract
A secure network is provided which includes a plurality of network bubbles having a plurality of bubble partitions. Each bubble partition has at least one network device configured to transmit and receive data. All the network devices that belong to or correspond to a particular network bubble have the same network security policy. The secure network also includes a plurality of network control points, which has one or more network control point devices having at least one interface. Each bubble partition is connected to at least one network control point. The network control point is used to provide a connection between at least two network devices. Each network control point device is configured to enforce the network security policy of all the network bubbles that are connected to it. During the transmission of data from one network device to another network device, one or more network control points are traversed.
61 Citations
47 Claims
-
1. A secure network configured to carry data, comprising:
-
a plurality of network bubbles, each network bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of network bubbles have the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each of the plurality of bubble partitions is connected to at least one network control point to form a bubble boundary, the network control point is used to provide a connection between any two network devices, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network bubble that is connected to the network control point device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A secure network configured to transmit data, comprising:
-
a first and a second network bubble, each network bubble having a distinct network security policy and a plurality of bubble partitions, each bubble partition having a plurality of network devices configured to transmit and receive data; and
a plurality of network control points, each network control point having one or more network control point devices, each network control point device having at least one interface, wherein each bubble partition is connected to at least one and no more than two network control points to provide a connection between a network device in the first network bubble and a network device in the second network bubble, and wherein each one of the network control point devices is configured to enforce the network security policy of at least one of the network bubbles. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A secure network configured to carry data, comprising:
-
a plurality of network bubbles, each network bubble having a plurality of bubble partitions, each bubble partition having at least one network device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of network bubbles having the same network security policy; and
a plurality of network control points, each network control point including one or more network control point devices having at least one interface, wherein each bubble partition is connected to only one network control point, which is used to provide a connection between any two network devices of different bubbles, and wherein each one of the network control point devices is configured to enforce the network security policy of the network bubble that the network control point device is connected to and wherein when data is transmitted from one network device to another network device, two network control points are traversed. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification