Methods and systems for stateful network security

Assignee

• Comcast Cable Communications, LLC · US

Inventors

• Charles A. Helfinstine · Reston, US
• Yiu Leung Lee · Philadelphia, US
• Bin Wen · Mount Laurel, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A destination host on a first network may attempt to initiate a communication session with a source host on a second network. The attempt may be intercepted by a first policy enforcement point, which may forward a message to the source host associated with the communication session. The source host may send an acknowledgment to the destination host via the first policy enforcement point. A policy decision point may determine that the communication session is permissible. The policy decision point may send a response to the first policy enforcement point and a second policy enforcement point. The response may indicate an approval of the communication session. The source host may respond to the destination host through either a first connection path and the first policy enforcement point or a second connection and the second policy enforcement point.