Methods and apparatus to enhance security in residential networks

US 8,844,018 B2
Filed: 12/18/2008
Issued: 09/23/2014
Est. Priority Date: 12/18/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for use in delivering bundled services to a customer premises, comprising:

determining, with a processor, whether an Internet protocol packet received at a gateway is addressed to a first packet processing module of the gateway assigned a protected Internet protocol address associated with a first one of the bundled services,wherein determining whether the Internet protocol packet is addressed to the first packet processing module comprises examining a field of the received Internet protocol packet to identify a destination Internet protocol address of the received Internet protocol packet;

determining, with the processor, whether the Internet protocol packet originated at a trusted source;

routing, with the processor, the Internet protocol packet to the first packet processing module of the gateway when the Internet protocol packet is addressed to the protected Internet protocol address and originated from the trusted source; and

routing, with the processor, the Internet protocol packet to a second packet processing module of the gateway assigned a public Internet protocol address associated with a second one of the bundled services when the Internet protocol packet is not addressed to the protected Internet protocol address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example methods and apparatus to enhance security in residential networks and residential gateways are disclosed. A disclosed example apparatus includes a transceiver to receive an Internet protocol (IP) packet, a first packet processing module associated with a protected IP address, the first packet processing module to be communicatively coupled to a first network device, a second packet processing module associated with a public IP address, the second packet processing module to be communicatively coupled to a second network device, and a packet diverter to route the received IP packet to the first packet processing module when the IP packet contains the protected IP address and to route the IP packet to the second packet processing module when the IP packet does not contain the protected IP address.

25 Citations

19 Claims

1. A method for use in delivering bundled services to a customer premises, comprising:
- determining, with a processor, whether an Internet protocol packet received at a gateway is addressed to a first packet processing module of the gateway assigned a protected Internet protocol address associated with a first one of the bundled services,wherein determining whether the Internet protocol packet is addressed to the first packet processing module comprises examining a field of the received Internet protocol packet to identify a destination Internet protocol address of the received Internet protocol packet;
  
  determining, with the processor, whether the Internet protocol packet originated at a trusted source;
  
  routing, with the processor, the Internet protocol packet to the first packet processing module of the gateway when the Internet protocol packet is addressed to the protected Internet protocol address and originated from the trusted source; and
  
  routing, with the processor, the Internet protocol packet to a second packet processing module of the gateway assigned a public Internet protocol address associated with a second one of the bundled services when the Internet protocol packet is not addressed to the protected Internet protocol address.
- View Dependent Claims (2, 3)
- - 2. A method as defined in claim 1, further comprising blocking the Internet protocol packet when the Internet protocol packet does not originate from a trusted source and is addressed to the protected Internet protocol address.
  - 3. A method as defined in claim 1, wherein routing the received Internet protocol packet to the second processing module further comprises routing the received Internet protocol packet to the second packet processing module when the Internet protocol packet contains the public Internet protocol address.

4. A tangible machine readable storage device comprising instructions that, when executed, cause a machine to perform operations comprising:
- determining whether an Internet protocol packet is addressed to a first packet processing module of a gateway assigned a protected Internet protocol address associated with a first one of bundled services, wherein determining whether the Internet protocol packet is addressed to the first packet processing module comprises examining a field of the Internet protocol packet to identify a destination Internet protocol address of the Internet protocol packet;
  
  determining whether the Internet protocol packet originated from a trusted source;
  
  routing the Internet protocol packet to the first packet processing module of the gateway when the Internet protocol packet is addressed to the protected Internet protocol address and originated from the trusted source; and
  
  routing the Internet protocol packet to a second packet processing module of the gateway assigned a public Internet protocol address associated with a second one of the bundled services when the Internet protocol packet is not addressed to the protected Internet protocol address.
- View Dependent Claims (5, 6)
- - 5. A storage medium device as defined in claim 4, wherein routing the Internet protocol packet to the first packet processing module further comprises routing the Internet protocol packet to a set-top box when the Internet protocol packet is addressed to the protected Internet protocol address.
  - 6. A storage device as defined in claim 4, wherein routing the received Internet protocol packet to the second packet processing module further comprises routing the received Internet protocol packet to the second packet processing module when the Internet protocol packet contains the public Internet protocol address.

7. A gateway, comprising:
- a first packet processing module assigned a protected Internet protocol address associated with a first bundled service;
  
  a second packet processing module assigned a public Internet protocol address associated with a second bundled service;
  
  a memory comprising machine readable instructions; and
  
  a processor to execute the instructions to perform operations comprising;
  
  determining whether an Internet protocol packet is addressed to the first packet processing module, wherein determining whether the Internet protocol packet is addressed to the first packet processing module comprises examining a field of the Internet protocol packet to identify a destination Internet protocol address of the Internet protocol packet;
  
  determining whether the Internet protocol packet originated at a trusted source;
  
  routing the Internet protocol packet to the first packet processing module when the Internet protocol packet is addressed to the protected Internet protocol address and originated from the trusted source; and
  
  routing the Internet protocol packet to the second packet processing module when the Internet protocol packet is not addressed to the protected Internet protocol address.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 8. A gateway as defined in claim 7, wherein the gateway comprises a residential gateway.
  - 9. A gateway as defined in claim 7, further comprising a transceiver to receive the Internet protocol packet.
  - 10. A gateway as defined in claim 7, wherein the first packet processing module comprises a first packet processor, and the second packet processing module comprises a second packet processor.
  - 11. A gateway as defined in claim 7, wherein the protected Internet protocol address is publicly inaccessible to protect the gateway against Internet-originated attacks associated with the second bundled service.
  - 12. A gateway as defined in claim 7, wherein the first bundled service is an Internet protocol television service.
  - 13. A gateway as defined in claim 7, wherein routing the received Internet protocol packet to the second processing module further comprises routing the received Internet protocol packet to the second packet processing module when the Internet protocol packet contains the public Internet protocol address.
  - 14. A gateway as defined in claim 7, further comprising a housing, wherein the first and second packet processing modules are located in the housing.
  - 15. A gateway as defined in claim 7, wherein the first packet processing module does not include a firewall, and the second packet processing module includes a firewall.
  - 16. A gateway as defined in claim 7, wherein the operations further comprise blocking the Internet protocol packet when the Internet protocol packet includes the protected IP address and does not originate at the trusted source.
  - 17. A gateway as defined in claim 7, wherein at least one of the first and second packet processing modules is to implement at least one of a network address translation module, a quality of service module, or a firewall.
  - 18. A gateway as defined in claim 7, wherein the first packet processing module and the second packet processing module are located at a same customer premises.
  - 19. A gateway as defined in claim 7, wherein the operations further comprise:
    - executing a first virtual machine to implement the first packet processing module; and
      
      executing a second virtual machine to implement the second packet processing module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SBC Knowledge Ventures LP
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Jayawardena, Thusitha, De Los Reyes, Gustavo, Xu, Gang
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US12/338,614
Publication Number

US 20100162378A1
Time in Patent Office

2,105 Days
Field of Search

726 12- 15, 713/153, 713/154, 709/223, 709/229
US Class Current

726/12
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 67/563 Data redirection of data ne...

Methods and apparatus to enhance security in residential networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to enhance security in residential networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links