US Patent No. 10,659,476

TRANSPARENT BRIDGE FOR MONITORING CRYPTO-PARTITIONED WIDE-AREA NETWORK


Patent No. 10,659,476
Issue Date May 19, 2020
Title Transparent Bridge For Monitoring Crypto-partitioned Wide-area Network
Inventorship Ranga Ramanujan, Medina, MN (US)
Benjamin L. Burnett, Prior Lake, MN (US)
Assignee ARCHITECTURE TECHNOLOGY CORPORATION, Minneapolis, MN (US)

Claim of US Patent No. 10,659,476

1. A method comprising:receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN) that carries data traffic between a plurality of enclaves including the first enslave and the second enclave, wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN;
determining, by the first computing device, contents of a header of the data packet, wherein the contents of the header of the data packet comprise one or more of a timestamp, a connection state, or a priority of an associated data flow to the second enclave;
detecting, by the first computing device and based at least in part on the one or more of the timestamp, the connection state, or the priority of an associated data flow to the second enclave in the contents of the header of the data packet, a network event affecting a status of the cipher-text WAN, wherein the connection state indicates connection states between the second enclave and each of the other enclaves in the plurality of enclaves;
performing, by the first computing device and based on the network event affecting the status of the cipher-text WAN, an operation to correct the status of the cipher-text WAN;
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to a third computing device in a plain-text portion of a third enclave in the plurality of enclaves, wherein the third enclave communicates with the first enclave and the second enclave via the cipher-text WAN;
determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device;
determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and
receiving, by the first computing device and from the second computing device, the expected data flow that was received by the second computing device from the third computing device.