What technology area does this patent fall under?

Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Adaptive network security using zero trust microsegmentation

US12177261B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12177261-B2
Application number	US-202418620714-A
Country	US
Kind code	B2
Filing date	Mar 28, 2024
Priority date	Apr 24, 2023
Publication date	Dec 24, 2024
Grant date	Dec 24, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic to establish, refine, and enforce the zero-trust least-privileged policy, which reduces network access to only a limited set of network actions and/or paths. Using the gatekeeper, network traffic may be monitored to progressively establish the policy as well as to continually refine the policy. Recommended actions may be determined based on the analysis of the monitored network traffic and provided to the user to allow user feedback on the communication rules of zero-trust policy.

First claim

Opening claim text (preview).

We claim: 1. A zero-trust microsegmentation method comprising: establishing a network where each device of the network is in its own network-of-one, wherein the networks-of-one are configured to cause all device traffic to traverse a gatekeeper configured as a default gateway for the devices of the network; collecting, using the gatekeeper, information associated with the devices of the network; determining, using the gatekeeper and based on the collected information, a plurality of network microsegments; determining an initial zero-trust security policy in which communication permissions for the devices of the network are denied by default unless otherwise allowed, the communication permissions including one or more communication dimensions; analyzing, using the gatekeeper, network traffic under the initial zero-trust security policy; and adapting the initial zero-trust security policy, based on the analysis of the network traffic, to adjust the communication permissions for the one or more communication dimensions to generate an adapted zero-trust security policy including one or more modifications to the one or more communication dimensions. 2. The method of claim 1 , further comprising enforcing, by the gatekeeper, the initial zero-trust security policy and/or the adapted zero-trust security policy. 3. The method of claim 1 , wherein each of the plurality of network microsegments are atomic network microsegments that each include a single one of the devices. 4. The method of claim 1 , wherein establishing the network comprises implementing a subnet mask of 255.255.255.255 or a subnet mask /32 to establish the respective network-of-one for each of the devices of the network. 5. The method of claim 1 , further comprising: analyzing network traffic under the adapted zero-trust security policy; and adapting the adapted zero-trust security policy, based on the analysis of the network traffic under the adapted zero-trust security policy, to adjust the communication permissions for another of the one or more communication dimensions to generate a further adapted zero-trust security policy including one or more modifications to the other of the one or more communication dimensions; and implementing the further adapted zero-trust security policy. 6. The method of claim 1 , further comprising iteratively performing: the analyzing network traffic under the adapted zero-trust security policy, the adapting the adapted zero-trust security policy, and the implementing the further adapted zero-trust security policy. 7. The method of claim 1 , wherein the one or more communication dimensions comprise: an internet-intranet dimension defining a restrictiveness distinction between internet traffic and intranet traffic; an input-output dimension defining a restrictiveness distinction between input traffic and output traffic; a segment dimension defining a restrictiveness distinction between inter-segment traffic and intra-segment traffic; a port dimension defining a port-based traffic restrictiveness distinction; a path dimension defining a communication path-based traffic restrictiveness distinction; a user dimension defining a user-based traffic restrictiveness distinction; a user group-based traffic restrictiveness distinction; an inter-group dimension defining am inter-group traffic restrictiveness distinction; and/or an intra-group dimension defining an intra-group traffic restrictiveness distinction. 8. The method of claim 1 , wherein establishing the network comprises implementing a subnet mask to establish the respective network-of-one for each of the devices of the network. 9. A zero-trust microsegmentation method comprising: establishing a network where each device of the network is in its own network-of-one, wherein the networks-of-one are configured to cause all device traffic to traverse a gatekeeper configured as a default gateway for the devices; collecting, using the gatekeeper, information associated with the devices of the network; determining, using the gatekeeper and based on the collected information, a plurality of network microsegments; determining an initial zero-trust security policy including communication permissions; analyzing network traffic under the communication permissions of the initial zero-trust security policy; and adapting one or more of the communication permissions, based on the analysis of the network traffic, to generate an adapted zero-trust security policy including the one or more adapted communication permissions. 10. The method of claim 9 , further comprising iteratively performing: the analyzing network traffic, and adapting one or more of the communication permissions based on the analysis of the network traffic. 11. The method of claim 9 , wherein the initial zero-trust security policy is configured to deny network traffic for the devices of the network by default unless otherwise allowed. 12. The method of claim 9 , wherein adapting the one or more of the communication permissions comprises removing the one or more of the communication permissions from the initial zero-trust security policy to generate the adapted zero-trust security policy. 13. The method of claim 9 , further comprising determining a suggested modification the one or more of the communication permissions based on the analysis of the network traffic. 14. The method of claim 13 , wherein the adapting the one or more of the communication permissions is based on feedback responsive to the suggested modification. 15. The method of claim 14 , wherein the feedback comprises acceptance or rejection of the suggested modification. 16. A zero-trust microsegmentation method comprising: establishing a network where each device of the network is in its own network-of-one, wherein the networks-of-one are configured to cause all device traffic to traverse a gatekeeper configured as a default gateway for the devices; collecting, using the gatekeeper, information associated with the devices of the network; determining, using the gatekeeper and based on the collected information, atomic network microsegments, where each atomic network microsegment includes a single one of the devices; and providing, using the gatekeeper, a zero-trust security policy in which communication permissions for the devices of the network are denied by default unless otherwise allowed. 17. The method of claim 16 , wherein establishing the network comprises implementing a subnet mask of 255.255.255.255 to establish the respective network-of-one for each of the devices of the network. 18. The method of claim 16 , wherein establishing the network comprises implementing a subnet mask /32 to establish the respective network-of-one for each of the devices of the network. 19. The method of claim 16 , further comprising: analyzing, using the gatekeeper, network traffic under the initial zero-trust security policy; and adapting the initial zero-trust security policy, based on the analysis of the network traffic, to generate an adapted zero-trust security policy including one or more modifications to communication permissions. 20. The method of claim 19 , further comprising iteratively performing: the analyzing network traffic under the adapted zero-trust security policy, the adapting the adapted zero-trust security policy, and the implementing the further adapted zero-trust security policy. 21. The method of claim 19 , wherein adapting the initial zero-trust security policy comprises modifying a communication

Assignees

Colortokens Inc

Inventors

Classifications

H04L63/0263Primary
Rule management · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title
H04L63/0227
Filtering policies (mail message filtering H04L51/212) · CPC title
H04L63/205
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title

Patent family

Related publications grouped by family.

View patent family 93121097

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12177261B2 cover?: Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic…
Who is the assignee on this patent?: Colortokens Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).