Network device and method for processing a session using a packet signature
First Claim
1. A network routing device for processing a session of an IP network having a plurality of nodes, the plurality of nodes including a next node having a next authentication key, the network routing device having a current authentication key distinct from the next authentication key and comprising:
- an input interface at least partially implemented by an electronic circuit and configured to receive a first session packet, the first session packet having a digital signature, payload data, and meta-data;
a signature module at least partially implemented by an electronic circuit and operatively coupled with the input interface, the signature module being configured to process the digital signature using the current authentication key to produce a processed digital signature,the signature module also being configured to process the payload data and the meta-data to produce validation information,the signature module further being configured to compare the processed digital signature and the validation information to determine if they match, the signature module further being configured to
1) discard the first session packet when there is not a match, and
2) digitally sign the first session packet using the next authentication key when there is a match; and
an output interface at least partially implemented by an electronic circuit and operatively coupled with the signature module, the output interface being configured to route the first session packet, after digitally signing, to the next node via the IP network using a Layer 3 protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A method processes a session having a first session packet received by a current node in an IP network having a plurality of nodes. The plurality of nodes includes a next node, and the current node that communicates with the next node using a Layer 3 protocol. The method receives the first session packet, which has a digital signature, payload data, and meta-data, at the current node. The method uses the payload data and meta-data to produce validation information, and uses the digital signature to produce a comparator digital signature. Next, the method compares the validation information with the comparator digital signature. If the validation information does not match the comparator digital signature, then the method discards the first session packet. If there is a match, then the method digitally signs the first session packet, and routes the first session packet to the next node via the IP network.
90 Citations
31 Claims
-
1. A network routing device for processing a session of an IP network having a plurality of nodes, the plurality of nodes including a next node having a next authentication key, the network routing device having a current authentication key distinct from the next authentication key and comprising:
-
an input interface at least partially implemented by an electronic circuit and configured to receive a first session packet, the first session packet having a digital signature, payload data, and meta-data; a signature module at least partially implemented by an electronic circuit and operatively coupled with the input interface, the signature module being configured to process the digital signature using the current authentication key to produce a processed digital signature, the signature module also being configured to process the payload data and the meta-data to produce validation information, the signature module further being configured to compare the processed digital signature and the validation information to determine if they match, the signature module further being configured to
1) discard the first session packet when there is not a match, and
2) digitally sign the first session packet using the next authentication key when there is a match; andan output interface at least partially implemented by an electronic circuit and operatively coupled with the signature module, the output interface being configured to route the first session packet, after digitally signing, to the next node via the IP network using a Layer 3 protocol. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of processing a session having a first session packet received by a current node in an IP network having a plurality of nodes, the plurality of nodes including a next node, the current node configured to communicate with the next node using a Layer 3 protocol, the method comprising:
-
receiving the first session packet at the current node, the first session packet having a digital signature, payload data, and meta-data; processing the payload data and the meta-data to produce validation information; processing the digital signature using a given authentication key to produce a processed digital signature; comparing the validation information with the processed digital signature; discarding the first session packet if the validation information does not match the processed digital signature; digitally signing the first session packet with a next authentication key of the next node if the validation information matches the processed digital signature, the next authentication key being distinct from the given authentication key; and routing the first session packet, after digitally signing, to the next node via the IP network. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for use on a computer system for processing a session having a first session packet received by a current node in an IP network having a plurality of nodes, the plurality of nodes including a next node, the current node configured to communicate with the next node using a Layer 3 protocol, the computer program product comprising a tangible, non-transitory computer usable medium having computer readable program code stored thereon, the computer readable program code, when executed by a processor, performing the steps of:
-
receiving the first session packet at the current node, the first session packet having a digital signature, payload data, and meta-data; processing the payload data and the meta-data to produce validation information; processing the digital signature using a given authentication key to produce a processed digital signature; comparing the validation information with the processed digital signature; discarding the first session packet if the validation information does not match the processed digital signature; digitally signing the first session packet with a next authentication key of the next node if the validation information matches the processed digital signature, the next authentication key being distinct from the given authentication key; and routing the first session packet, after digitally signing, to the next node via the IP network. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A method of processing a session having a first session packet received by a current node in an IP network having a plurality of nodes, the plurality of nodes including a next node, the current node configured to communicate with the next node using a Layer 3 protocol, the method comprising:
-
receiving the first session packet at the current node, the first session packet having a digital signature, payload data, and meta-data; using the payload data and the meta-data to produce validation information; using the digital signature to produce a comparator digital signature; comparing the validation information with the comparator digital signature; discarding the first session packet if the validation information does not match the comparator digital signature; digitally signing the first session packet with a next authentication key of the next node if the validation information matches the comparator digital signature, the next authentication key being distinct from the given authentication key; and routing the first session packet, after digitally signing, to the next node via the IP network. - View Dependent Claims (28, 29, 30, 31)
-
Specification