Cloud over IP session layer network
US10348767B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 24, 2017 |
| Grant date | Jul 9, 2019 |
| Priority date | — |
| Expiry date | Dec 28, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/101
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Cloud endpoints are secured using agents and a controller connected to the agents. A whitelist identifies components and processes of an authorized multi-tiered application for the cloud. An application profile for the application specifies valid computing flows between components of a tier and components of another tier, where components of the tier are executed at an endpoint and the other components of the other tier are executed at another endpoint. Endpoints are provisioned with static routing tables identifying at least one subnet destination. A request is received at a first endpoint to connect to a second endpoint. If the second endpoint falls within the at least one subnet destination, the controller performs one or more further security checks including checking the application profile flow, whitelist, and endpoint quarantine list. A network kernel table at an endpoint that includes the static routing table may be periodically checked to detect tampering.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.