Persistent device identifier driven compromised device quarantine

Assignee

• Palo Alto Networks, Inc. · US

Inventors

• Li Meng · Saratoga, US
• Sarveshwar Meta Rao · San Jose, US
• Soundarya Sivaramakrishnan · San Jose, US
• Xin Yao · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0272
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Leveraging non-transient or persistent device identifiers to enforce device quarantine instead of IP addresses accommodates the transient associations of IP addresses to devices without compromising the effectiveness of quarantine. When a device has been determined to be compromised and is quarantined, the quarantine of the device is enforced using the IP address of the device. However, IP address assignment is transient. With each connection, a device can be assigned a different IP address. After a connection is established, a gateway can collect a device identifying value(s) that persists across network connections (e.g., host identifier (hostid) and device serial number). With a persistent device identifier, a quarantine list can be enforced in a data/forwarding plane regardless of a compromised device being assigned different network addresses.