LOCKED DOWN NETWORK INTERFACE

US 20140304803A1
Filed: 04/08/2014
Published: 10/09/2014
Est. Priority Date: 04/08/2013
Status: Active Grant

First Claim

Patent Images

1. A logic device for intercepting a data flow from a network source to a network destination, the logic device comprising:

a data store holding a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period;

a packet inspector configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow; and

a packet filter configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

29 Citations

View as Search Results

23 Claims

1. A logic device for intercepting a data flow from a network source to a network destination, the logic device comprising:
- a data store holding a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period;
  
  a packet inspector configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow; and
  
  a packet filter configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The logic device of claim 1 wherein the data store is further configured to receive a new compliance rule in replacement of the temporary compliance rule.
  - 3. The logic device of claim 2 wherein the packet filter is further configured to in response to the packet inspector identifying the new compliance rule as being associated with the inspected data flow, carry out an action corresponding to the new compliance rule.
  - 4. The logic device of claim 1 further configured to generate the temporary compliance rule in response to an inspected data flow not corresponding to a compliance rule.
  - 5. The logic device of claim 1 further configured to generate the temporary compliance rule in response to an inspected data flow being associated with a compliance rule with a corresponding action comprising the generation of a temporary compliance rule.
  - 6. The logic device of claim 1 further configured to inform a compliance rule controller of the generation of a temporary compliance rule.
  - 7. The logic device of claim 6 wherein the data store is further configured to receive a new compliance rule from the compliance rule controller.
  - 8. The logic device of claim 1 wherein the compliance rules are configured to ensure compliance of at one of said network source and network destination with allowed behaviour.
  - 9. The logic device of claim 1, wherein the packet inspector is further configured to identify the compliance rule associated with the data flow by parsing the received data flow to determine a characteristic of that data flow.
  - 10. The logic device of claim 1 wherein a compliance rule identifies a characteristic within the data flow for which there is an associated action.
  - 11. The logic device of claims 10 wherein the characteristic identifies a network destination for which there is an associated action.
  - 12. The logic device of claim 11 wherein the associated action is blocking a data flow directed to the network destination.
  - 13. The logic device of claim 12 wherein the associated action is allowing a data flow directed to the network destination to continue to be transmitted to the network.

14. A method comprising:
- intercepting a data flow from a network source to a network destination;
  
  storing a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period;
  
  inspecting the intercepted data flow and identifying a temporary compliance rule associated with the inspected data flow; and
  
  when the data flow is identified as being associated with the temporary compliance rule, carrying out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method claim 14 further comprising receiving a new compliance rule in replacement of the temporary compliance rule.
  - 16. The method of claim 15 further comprising in response to identifying the new compliance rule as being associated with the inspected data flow, carrying out an action corresponding to the new compliance rule.
  - 17. The method of claim 14 further comprising generating the temporary compliance rule in response to an inspected data flow not corresponding to a compliance rule.
  - 18. The method of claim 14 further comprising generating the temporary compliance rule in response to an inspected data flow being associated with a compliance rule with a corresponding action comprising the generation of a temporary compliance rule.
  - 19. The method of claim 14 further comprising informing a compliance rule controller of the generation of a temporary compliance rule.
  - 20. The method of claim 19 further comprising receiving a new compliance rule from the compliance rule controller.
  - 21. The method of claim 14 wherein the compliance rules are configured to ensure compliance of at one of said network source and network destination with allowed behaviour.
  - 22. The method of claim 14, further comprising identifying the compliance rule associated with the data flow by parsing the received data flow to determine a characteristic of that data flow.
  - 23. The method of claim 14 wherein a compliance rule identifies a characteristic within the data flow for which there is an associated action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xilinx, Inc. (Advanced Micro Devices, Inc.)
Original Assignee
SolarFlare Communications Incorporated (Advanced Micro Devices, Inc.)
Inventors
Pope, Steve L., Roberts, Derek, Riddoch, David J.

Granted Patent

US 9,426,124 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

H04L 63/0263 Rule management

LOCKED DOWN NETWORK INTERFACE

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

LOCKED DOWN NETWORK INTERFACE

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links