Quarantining packets received at device in network communications utilizing virtual network connection

US 8,959,627 B2
Filed: 09/23/2011
Issued: 02/17/2015
Est. Priority Date: 10/17/2007
Status: Active Grant

First Claim

Patent Images

1. A method of engaging in network communications by a device, comprising:

at a device for a first application running on the device, spawning a first virtual machine for a network connection that virtualizes only network capabilities of the device;

communicating, via the first virtual machine, data from the first application to another device in a plurality of packets, the first application running outside of the first virtual machine;

receiving, at the first virtual machine, a packet intended for the first application communicated from the other device;

determining, at the first virtual machine, that the packet is corrupted, said determination being based on information from the first application running on the device;

in response to determining that the packet is corrupted, at the device, quarantining the packet, and, at the device, spawning a second virtual machine for a network connection that virtualizes only network capabilities of the device; and

communicating, using the second virtual machine, a message to the other device; and

at the device for a second application running on the device, spawning a third virtual machine for a network connection that virtualizes only network capabilities of the device such that the device includes a plurality of simultaneously maintained virtual machines that each virtualize network capabilities of the device;

wherein each virtual machine that virtualizes network capabilities of the device comprises a software copy of a network interface card;

wherein the first application and second application run outside of the first, second, and third virtual machines.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of engaging in network communications by a device includes spawning a first virtual machine for a network connection that virtualizes network capabilities of a device; receiving a packet communicated from a transmitting device at the first virtual machine of the device; determining that the packet is corrupted, said determination being based on information from an application running on the device; in response to said step of determining that the packet is corrupted, quarantining the packet; spawning a second virtual machine for a network connection that virtualizes network capabilities of the device; and communicating, using the second virtual machine, a message to the transmitting device.

109 Citations

20 Claims

1. A method of engaging in network communications by a device, comprising:
- at a device for a first application running on the device, spawning a first virtual machine for a network connection that virtualizes only network capabilities of the device;
  
  communicating, via the first virtual machine, data from the first application to another device in a plurality of packets, the first application running outside of the first virtual machine;
  
  receiving, at the first virtual machine, a packet intended for the first application communicated from the other device;
  
  determining, at the first virtual machine, that the packet is corrupted, said determination being based on information from the first application running on the device;
  
  in response to determining that the packet is corrupted, at the device, quarantining the packet, and, at the device, spawning a second virtual machine for a network connection that virtualizes only network capabilities of the device; and
  
  communicating, using the second virtual machine, a message to the other device; and
  
  at the device for a second application running on the device, spawning a third virtual machine for a network connection that virtualizes only network capabilities of the device such that the device includes a plurality of simultaneously maintained virtual machines that each virtualize network capabilities of the device;
  
  wherein each virtual machine that virtualizes network capabilities of the device comprises a software copy of a network interface card;
  
  wherein the first application and second application run outside of the first, second, and third virtual machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first virtual machine is spawned in response to a request for a network connection from the first application running on the device.
  - 3. The method of claim 1, wherein determining that the packet is corrupted comprises running a hashing algorithm on the packet.
  - 4. The method of claim 1, wherein of spawning a second virtual machine for a network connection is effected in response to the determination that the packet is corrupted.
  - 5. The method of claim 1, wherein communicating, using the second virtual machine, a message to the other device, comprises communicating that a tampered-with packet was received.
  - 6. The method of claim 1, wherein communicating, using the second virtual machine, a message to the other device comprises communicating, to the other device, an instruction to utilize a new connection for communication.
  - 7. The method of claim 1, wherein the method further includes communicating information associated with the corrupted packet to a third device.
  - 8. The method of claim 1, wherein the method further includes selecting a routing protocol for from among a plurality of available routing protocols for communicating data using virtualized network capabilities of the device, and wherein communicating, using the second virtual machine, with the other device comprises communicating using the selected routing protocol.
  - 9. The method of claim 8, wherein the plurality of available routing protocols includes the Interior Gateway Routing Protocol (IGRP), the Enhanced Interior Gateway Routing Protocol (EIGRP), the Border Gateway Protocol (BGP), and the Constrained Shortest Path First (CSPF) protocol .
  - 10. The method of claim 8, wherein communicating, using the second virtual machine, with the other device comprises selecting an initial node to which to transmit for communication with the transmitting device.
  - 11. The method of claim 10, wherein selecting an initial node comprises selecting an initial node based at least partially on network information stored at the device.
  - 12. The method of claim 11, wherein the method further includes querying one or more nodes of a network for the network information.
  - 13. The method of claim 12, wherein the method further includes receiving the network information from the one or more nodes and generating a routing table based on the network information.
  - 14. The method of claim 1, wherein communicating, using the second virtual machine, with the other device comprises communicating with the other device over a second network path, the second network path being different from a first network path by which the packet was communicated.

15. A method of responding to a corrupted packet comprising:
- receiving, at a first virtual machine of a device, a packet communicated from a transmitting device;
  
  determining, at the first virtual machine of the device, that the packet is corrupted, said determination being based on information from an application running on the device;
  
  in response to determining that the packet is corrupted, quarantining the corrupted packet, at the device, spawning a second virtual machine for a network connection that virtualizes only network capabilities of the device; and
  
  communicating, using the spawned second virtual machine, a message to the transmitting device;
  
  wherein the device includes a plurality of simultaneously maintained virtual machines that each virtualize network capabilities of the device;
  
  wherein each virtual machine that virtualizes network capabilities of the device comprises a software copy of a network interface card;
  
  wherein the application runs outside of each of the plurality of simultaneously maintained virtual machines.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the device comprises a computer.
  - 17. The method of claim 15, wherein the device comprises a mobile phone.
  - 18. The method of claim 15, wherein said step of communicating, using the second virtual machine, with the transmitting device comprises communicating with the transmitting device over a second network path, the second network path being different from a first network path by which the packet was communicated.
  - 19. The method of claim 15, wherein the application is a computer game.

20. A method comprising:
- receiving, at a device, a packet communicated from a transmitting device via a first virtual network connection associated with a first virtual machine running at the device that virtualizes network capabilities of the device, the first virtual machine being associated with a first application running on the device;
  
  determining that the packet is corrupted, said determination being based on information from the first application running on the device;
  
  in response to said step of determining that the packet is corrupted,at the device, spawning a second virtual machine that virtualizes only network capabilities of the end-user device,selecting a routing protocol from among a plurality of available routing protocols for communicating data over the network using the virtualized network capabilities of the second virtual machine, andusing the selected routing protocol, communicating data from the application using the virtualized network capabilities of the second virtual machine for communication to the transmitting device;
  
  at the device for a second application running on the device, spawning a third virtual machine for a network connection that virtualizes only network capabilities of the device such that the device includes a plurality of simultaneously maintained virtual machines that each virtualize network capabilities of the device;
  
  wherein each virtual machine that virtualizes network capabilities of the device comprises a software copy of a network interface card;
  
  wherein the first application and second application run outside of the first, second, and third virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dispersive Holdings Incorporated (Dispersive Networks, Inc.)
Original Assignee
Dispersive Networks, Inc.
Inventors
Twitchell, Robert W.
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US13/242,254
Publication Number

US 20120272315A1
Time in Patent Office

1,243 Days
Field of Search

726/22, 713/187, 713/188
US Class Current

726/22
CPC Class Codes

H04L 12/56   Packet switching systems

H04L 45/586   of virtual routers

H04L 47/17   Interaction among intermedi...

H04L 51/06   Message adaptation to termi...

H04L 67/06   specially adapted for file ...

H04L 69/14   Multichannel or multilink p...

H04L 69/18   Multiprotocol handlers, e.g...

H04L 69/22   Parsing or analysis of headers

H04L 69/28   Timers or timing mechanisms...

H04L 69/32   Architecture of open system...

H04L 69/325   in the network layer [OSI l...

Quarantining packets received at device in network communications utilizing virtual network connection

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Quarantining packets received at device in network communications utilizing virtual network connection

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links