US Patent No. 10,659,434

APPLICATION WHITELIST USING A CONTROLLED NODE FLOW


Patent No. 10,659,434
Issue Date May 19, 2020
Title Application Whitelist Using A Controlled Node Flow
Inventorship Young Rang Kim, Seoul (KR)
Yeontaek Lim, Seoul (KR)
Minjae Lee, Seoul (KR)
Assignee Pribit Technology, Inc., Seoul (KR)

Claim of US Patent No. 10,659,434

1. A method performed by a system to securely transfer data between a source node and a destination node, the method comprising:establishing, by a perimeter controller, a first control flow between the source node and a perimeter controller, said establishing comprising:
receiving, by the perimeter controller, a control flow creation request from the source node including single packet authorization information identifying a security application executing on the source node;
inspecting, by the perimeter controller, the single packet authorization information to determine whether the security application executing on the source node is authorized to establish the first control flow with the perimeter controller; and
responsive to determining that the security application is authorized to establish the first control flow with the perimeter controller, sending, by the perimeter controller, control flow information to the source node to establish the first control flow;
receiving, by the perimeter controller, a node flow creation request from the source node via the first control flow, the node flow creation request indicative of a request to forward data associated with a first application executing on the source node to the destination node via a node flow, the node flow creation request identifying the destination node and the first application;
inspecting, by the perimeter controller, an application whitelist including a listing of applications allowed to transfer data to the destination node to determine whether the first application is included in the application whitelist; and
responsive to determining that the first application is included in the application whitelist, establishing a first node flow between the source node and a gateway and a second node flow between the destination node and the gateway, wherein the gateway is configured to forward a data packet from the source node to the destination node via the first node flow and the second node flow.