US 12,255,926 B2
System and method for providing network and computer firewall protection with dynamic address isolation to a device
Shlomo Touboul, Kefar Haim (IL)
Assigned to CUPP Computing AS, Oslo (NO)
Filed by CUPP Computing AS, Oslo (NO)
Filed on Sep. 7, 2023, as Appl. No. 18/243,246.
Application 18/243,246 is a continuation of application No. 17/203,484, filed on Mar. 16, 2021, granted, now 11,757,941.
Application 17/203,484 is a continuation of application No. 16/601,408, filed on Oct. 14, 2019, granted, now 10,951,659, issued on Mar. 16, 2021.
Application 16/601,408 is a continuation of application No. 16/404,429, filed on May 6, 2019, granted, now 10,904,293, issued on Jan. 26, 2021.
Application 16/404,429 is a continuation of application No. 16/006,597, filed on Jun. 12, 2018, granted, now 10,284,603, issued on May 7, 2019.
Application 16/006,597 is a continuation of application No. 15/653,376, filed on Jul. 18, 2017, granted, now 10,057,295, issued on Aug. 21, 2018.
Application 15/653,376 is a continuation of application No. 15/201,309, filed on Jul. 1, 2016, granted, now 9,756,079, issued on Sep. 5, 2017.
Application 15/201,309 is a continuation of application No. 13/745,591, filed on Jan. 18, 2013, granted, now 9,391,956, issued on Jul. 12, 2016.
Application 13/745,591 is a continuation of application No. 12/130,914, filed on May 30, 2008, granted, now 8,365,272, issued on Jan. 29, 2013.
Claims priority of provisional application 60/940,882, filed on May 30, 2007.
Prior Publication US 2024/0259431 A1, Aug. 1, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 61/25 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 61/25 (2013.01); H04L 63/02 (2013.01); H04L 63/0236 (2013.01); H04L 63/0245 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A mobile device, comprising:
one or more processors and memory;
an operating system;
the one or more processors executing the operating system and an application, the one or more processors configured to assist in generating internal outgoing data packets for the application and to assist in generating internal incoming data packets from external incoming data packets for the application, the internal outgoing data packets including application-identifying information and an internal address;
a network interface coupled to receive the external incoming data packets from and transmit external outgoing data packets to an untrusted device on an external network, the external outgoing data packets on the external network having a public address as a source address, the external incoming data packets being directed on the external network to the public address as a destination address, the external outgoing data packets and the external incoming data packets not including the application-identifying information; and
a driver coupled to the network interface, the driver for automatically forwarding the internal outgoing data packets to a network address translation engine to translate the internal address to the public address, and for automatically forwarding the external incoming data packets to the network address translation engine to translate the public address to the internal address, the driver coupled to transmit the internal outgoing data packets to a firewall to remove the application-identifying information therefrom, the driver coupled to transmit the external incoming data packets to the firewall to recover the application-identifying information associated therewith, to handle application-level security based on the application associated with the application-identifying information, to handle network level security, and to allow the internal incoming data packets to be forwarded to the application if the external incoming data packets do not include malicious content according to a mobile device security policy.