US Pat. No. 10,659,434

APPLICATION WHITELIST USING A CONTROLLED NODE FLOW

Pribit Technology, Inc., ...

1. A method performed by a system to securely transfer data between a source node and a destination node, the method comprising:establishing, by a perimeter controller, a first control flow between the source node and a perimeter controller, said establishing comprising:
receiving, by the perimeter controller, a control flow creation request from the source node including single packet authorization information identifying a security application executing on the source node;
inspecting, by the perimeter controller, the single packet authorization information to determine whether the security application executing on the source node is authorized to establish the first control flow with the perimeter controller; and
responsive to determining that the security application is authorized to establish the first control flow with the perimeter controller, sending, by the perimeter controller, control flow information to the source node to establish the first control flow;
receiving, by the perimeter controller, a node flow creation request from the source node via the first control flow, the node flow creation request indicative of a request to forward data associated with a first application executing on the source node to the destination node via a node flow, the node flow creation request identifying the destination node and the first application;
inspecting, by the perimeter controller, an application whitelist including a listing of applications allowed to transfer data to the destination node to determine whether the first application is included in the application whitelist; and
responsive to determining that the first application is included in the application whitelist, establishing a first node flow between the source node and a gateway and a second node flow between the destination node and the gateway, wherein the gateway is configured to forward a data packet from the source node to the destination node via the first node flow and the second node flow.

US Pat. No. 10,659,462

SECURE DATA TRANSMISSION USING A CONTROLLED NODE FLOW

Pribit Technology, Inc., ...

1. A method performed by a system to securely transfer data between a source node and a destination node in a network, the method comprising:establishing a control flow between a gateway and a controller, the control flow including a tunnel forwarding management information between the gateway and the controller;
obtaining node flow initialization information from the controller to initialize a node flow between a source node and the gateway connecting the source node to a destination node, the node flow initialization information providing instructions creating a node flow tunnel between the gateway and the source node;
establishing the node flow between the source node and the gateway, the node flow identified in a node flow routing table providing packet processing information for forwarding data packets through the network;
establishing an application flow between the source node and the destination node, the application flow facilitating application-specific data packet transmission between the source node and destination node via the node flow tunnel;
receiving, by the gateway from the source node via the node flow tunnel, a data packet that includes an application flow identifier;
querying, by the gateway, an application flow routing table to identify routing instructions for the application flow between the source node and the destination node using the application flow identifier; and
responsive to identifying the application flow between the source node and the destination node, forwarding, by the gateway, the data packet including the application flow identifier to the destination node via the application flow according to the identified routing instructions for the application flow.