Private network request forwarding

US 9,930,011 B1
Filed: 03/12/2013
Issued: 03/27/2018
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for private network request forwarding, comprising:

receiving a request, by a second node coupled to one or more third nodes of a private network and configured to transmit the request to the one or more third nodes according to a routing policy of the private network,wherein the second node receives the request over a public network from a user computer via a first node of the public network,wherein the request is for services hosted by one or more provider nodes of a provider entity coupled to the private network,wherein each of the one or more provider nodes do not have an IP address directly accessible to the user computer,wherein the second node receives the request from the first node upon the first node determining the request is a legitimate request or an illegitimate request, andwherein the illegitimate request disrupts delivery capabilities of the provider entity;

determining, by the second node, a risk level based on an access profile comprising one or more characteristics of the request received from the first node to identify one or more threats associated with the request when the risk level exceeds a risk threshold; and

upon the second node determining that the risk level does not exceed the risk threshold;

forwarding, by the second node via the at least one third node of the private network, the request to the one or more provider nodes of the provider entity hosting the service indicated in the request through the private network according to the routing policy of the private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Private network request forwarding can include receiving a request from a user for Internet services over a public network. Private network request forwarding can include analyzing the request and determining whether the request is legitimate. Private network request forwarding can include forwarding the request to an entity through a private network when it is determined that the request is legitimate, wherein the user has access to the entity through a proxy.

80 Citations

View as Search Results

22 Claims

1. A computer implemented method for private network request forwarding, comprising:
- receiving a request, by a second node coupled to one or more third nodes of a private network and configured to transmit the request to the one or more third nodes according to a routing policy of the private network,wherein the second node receives the request over a public network from a user computer via a first node of the public network,wherein the request is for services hosted by one or more provider nodes of a provider entity coupled to the private network,wherein each of the one or more provider nodes do not have an IP address directly accessible to the user computer,wherein the second node receives the request from the first node upon the first node determining the request is a legitimate request or an illegitimate request, andwherein the illegitimate request disrupts delivery capabilities of the provider entity;
  
  determining, by the second node, a risk level based on an access profile comprising one or more characteristics of the request received from the first node to identify one or more threats associated with the request when the risk level exceeds a risk threshold; and
  
  upon the second node determining that the risk level does not exceed the risk threshold;
  
  forwarding, by the second node via the at least one third node of the private network, the request to the one or more provider nodes of the provider entity hosting the service indicated in the request through the private network according to the routing policy of the private network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the user computer has limited access to the one or more provider nodes of the entity, and wherein limited access includes the one or more provider nodes of the entity only receiving requests from the user computer through the private network.
  - 3. The method of claim 1, wherein the user computer has limited access to the one or more provider nodes of the entity, and wherein limited access includes denying, by the at least one second node, the user computer access to the private network.
  - 4. The method of claim 1, wherein the user computer has limited access to the one or more provider nodes of the entity, and wherein limited access includes the one or more provider nodes of the entity not having a public Internet Protocol (IP) address that is associated with the public network.
  - 5. The method of claim 1, further comprising:
    - forwarding, by the second node, the request to a fourth node of the public network when the second node determines that the request is illegitimate to gather further information that is associated with the request.
  - 6. The method of claim 1, wherein the risk level is based on at least one of point of origin of the request, historical trends associated with the request, an expired token of the request, and missing header elements in the request.

7. A system for private network request forwarding, comprising:
- a number of delivery nodes associated with a content delivery entity, each of the number of delivery nodes comprising a memory and a processing unit coupled to the memory,wherein the processing unit of a second delivery node of the number of delivery nodes is coupled to one or more third delivery nodes of a private network, coupled to one or more first delivery nodes of a public network, configured to receive a request from the one or more first delivery nodes, and configured to transmit the request to the one or more third delivery nodes according to a routing policy of the private network, the second delivery node further configured to;
  
  receive the request through a public network from a computing device via the one or more first delivery nodes, the request identifying a service hosted by one or more provider nodes of a provider entity coupled to the private network, wherein each of the one or more provider nodes do not have an IP address directly accessible to the computing device, and wherein the second delivery node receives the request from the one or more first delivery nodes upon at least one first delivery node determining that the request is a legitimate request or an illegitimate request, wherein an illegitimate request disrupts delivery capabilities of the provider entity;
  
  wherein the processing unit of the second delivery node of the number of delivery nodes is configured to;
  
  determine a risk level based on an access profile comprising one or more characteristics of the request received from the first node according to the routing policy of the private network;
  
  identifying one or more threats associated with the request when the risk level corresponding to the request is at or above a threshold level; and
  
  in response to determining that the risk level does not exceed the risk threshold, send the request to the one or more provider nodes of the provider entity through the private network,wherein the at least one third delivery node of the private network is only accessible to the computing device through the second delivery node from the number of delivery nodes.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the access profile indicates whether the request is associated with a prohibited region.
  - 9. The system of claim 7, further comprising a private network infrastructure hosting the private network and includes a direct connection between the one or more provider nodes of the content provider entity and each of the at least one third delivery node and wherein the direct connection is at least one of a virtual connection and a physical connection.
  - 10. The system of claim 7, wherein the second delivery node of the number of delivery nodes is configured to determine that the request is legitimate if the analysis of the access profile results in a determination that the risk level corresponding to the request is below the threshold level.
  - 11. The system of claim 7, further comprising performing, by the second delivery node, additional request handling, wherein the additional request handling includes dropping the request, limiting an access that the request has to the entity, relocating the request to a different node, or gathering further information that is associated with the request.
  - 12. The system of claim 7, wherein an infrastructure associated with the content delivery entity is independent from an infrastructure associated with the content provider entity and wherein the private network infrastructure is independent of a public network infrastructure that is associated with the public network and the infrastructure associated with the content provider entity.

13. A computer implemented method comprising:
- receiving, by a second node coupled to one or more third nodes of a private network and configured to transmit requests to the one or more third nodes according to a routing policy of the private network, a request from a user device via a first node over a public network, wherein the request is for services hosted by one or more provider nodes of provider entity in communication with the one or more third nodes of the private network, wherein the second node receives the request from the first node upon the first node determining the request is a legitimate request or an illegitimate request, wherein an illegitimate request can disrupts delivery capabilities of the provider entity, and wherein each of the one or more provider nodes do not have an IP address directly accessible to the user device;
  
  determining, by the second node, a risk level based on an access profile comprising one or more characteristics of the request received from the first node to identify one or more types of threats disruptive to a service associated with the request and hosted by the one or more provider nodes of the provider entity in communication with the one or more third nodes via the private network when the risk level does not exceed a risk threshold; and
  
  forwarding, by the second node via a third node of the one or more third nodes of the private network, the request to a provider node of the one or more provider nodes of the provider entity through the private network when the second node determines that the risk level does not exceed the risk threshold.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13, wherein the user computer is at least one of an automated teller machine (ATM), a kiosk, and an integrated voice response system, andwherein the request is at least one of an automated teller machine (ATM) request, a kiosk request, and an integrated voice response system request.
  - 15. The method of claim 13, wherein the private network is associated with a number of private Internet Protocol (IP) addresses, and wherein the second delivery nodes is associated with a public IP address and a private IP address.
  - 16. The method of claim 15, wherein a node of the number of delivery nodes receives the request through a network connection that is associated with a corresponding public IP address.
  - 17. The method of claim 15, wherein a third delivery node of the number of delivery nodes forwards the request through a network connection that is associated with a corresponding private IP address.
  - 18. The method of claim 15, wherein each provider node of the one or more provider nodes associated with the entity are not associated with a public IP address.
  - 19. The method of claim 13, wherein the provider node of the entity receives the request through a connection that is associated with a private IP address.
  - 20. The method of claim 13, wherein forwarding the request from the number of delivery nodes to the provider node of the entity includes forwarding the request in accordance with the routing policy of the private network.
  - 21. The method of claim 20, wherein the routing policy determines which of the number of delivery nodes can forward requests through the private network at a given time.
  - 22. The method of claim 13, wherein the user computer sends the request to a public IP address that is associated with the second delivery node of the number of delivery nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Clemons, Jr., Donald E., Wilkinson, Christopher T.
Primary Examiner(s)
Bechtel, Kevin

Application Number

US13/797,110
Time in Patent Office

1,841 Days
Field of Search

726 11- 13
US Class Current
CPC Class Codes

H04L 12/4625   Single bridge functionality...

H04L 12/50   Circuit switching systems, ...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/561   Adding application-function...

Private network request forwarding

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Private network request forwarding

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links