Security policy check based on communication establishment handshake packet
US9825911B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 18, 2015 |
| Grant date | Nov 21, 2017 |
| Priority date | — |
| Expiry date | Apr 2, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/164
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods are disclosed that make security policy decisions based on a packet of a communication establishment handshake. The packet is intercepted and provided to a policy manger. If a security check fails, the communication session is not permitted to be established. In one example, the system includes network device (e.g., a network address translator) and a policy manager. The network address translator can receive Transmission Control Protocol (TCP) communication session establishment handshake packets and redirect each packet that is part of the TCP handshake to the policy manager rather than to the computing node targeted by the packet. The policy manager prevents the redirected packet from being forwarded to a targeted computing node in the provider network to thereby disallow the communication session from being established based on a comparison of at least information in a header of the packet to a set of security policies.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.