Methods for internet communication security

US 10,361,859 B2
Filed: 10/05/2018
Issued: 07/23/2019
Est. Priority Date: 10/06/2017
Status: Active Grant

First Claim

Patent Images

1. A product for authenticating and authorizing provenance of information for one or more information management processes, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable on a processor to perform communication management operations, the communication management operations comprising:

i) authorizing communication with a computing device on a network, comprising;

a) sending a nonpublic first identification code via a communication pathway, the communication pathway pre-established on the network;

b) receiving, after sending the nonpublic first identification code, a nonpublic computing device identification code via the pre-established communication pathway; and

c) comparing the computing device identification code with a preconfigured value for the computing device, to confirm that the computing device is an authorized computing device on the network;

ii) receiving a network packet via the communication pathway, the network packet comprising;

(a) information; and

(b) an encrypted parameter in an application space portion of the network packet;

iii) verifying that the received information is an authorized communication from a process operating on the authorized computing device, comprising;

comparing, in a processor-accessible kernel space, a decrypted form of the parameter with a preconfigured identifier for the process to confirm that the process is an authorized process; and

iv) passing the information from the processor-accessible kernel space to one or more information management processes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Citations

30 Claims

1. A product for authenticating and authorizing provenance of information for one or more information management processes, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable on a processor to perform communication management operations, the communication management operations comprising:
- i) authorizing communication with a computing device on a network, comprising;
  
  a) sending a nonpublic first identification code via a communication pathway, the communication pathway pre-established on the network;
  
  b) receiving, after sending the nonpublic first identification code, a nonpublic computing device identification code via the pre-established communication pathway; and
  
  c) comparing the computing device identification code with a preconfigured value for the computing device, to confirm that the computing device is an authorized computing device on the network;
  
  ii) receiving a network packet via the communication pathway, the network packet comprising;
  
  (a) information; and
  
  (b) an encrypted parameter in an application space portion of the network packet;
  
  iii) verifying that the received information is an authorized communication from a process operating on the authorized computing device, comprising;
  
  comparing, in a processor-accessible kernel space, a decrypted form of the parameter with a preconfigured identifier for the process to confirm that the process is an authorized process; and
  
  iv) passing the information from the processor-accessible kernel space to one or more information management processes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The product of claim 1, wherein the authorizing communication further comprises:
    - a) sending a local program identification code to the computing device via the communication pathway;
      
      b) receiving, in response to the sending the local program identification code, a remote application identification code for a remote application program; and
      
      c) comparing the remote application identification code with a pre-established value for the remote application program.
  - 3. The product of claim 2, wherein the communication management operations further comprise:
    - a) sending a data model identification code for the communication pathway to the computing device via the communication pathway;
      
      b) receiving, in response to the sending the data model identification code, the data model identification code from the computing device; and
      
      c) comparing the received data model identification code with a pre-established value for the communication pathway.
  - 4. The product of claim 1, wherein the communication management operations further comprise:
    - translating the information to a format expected by the one or more information management processes.
  - 5. The product of claim 4, wherein the information is translated from a pre-established format, the pre-established format determined from a data model identification code for the communication pathway.
  - 6. The product of claim 1, wherein the communication pathway is encrypted by a series of single-use rotated cryptographic keys.
  - 7. The product of claim 2, wherein at least a portion of the communication management operations are configured to perform the comparing the remote application identification code in the processor-accessible kernel space.
  - 8. The product of claim 1, wherein at least a portion of the communication management operations are configured to be performed in a processor-accessible application space.
  - 9. The product of claim 2, wherein the communication pathway has a one-to-one correspondence to an n-tuple comprising the local program identification code, a destination port number for a remote application running on the computing device and corresponding to the remote application identification code, and a data model identification code for the information.
  - 10. The product of claim 1, wherein the communication management operations further comprise:
    - confirming that the computing device has consulted a pre-specified local policy to specifically authorize network packet communication via the communication pathway.
  - 11. The product of claim 1, wherein the communication management operations further comprise:
    - confirming the information conforms to a data model pre-assigned to the communication pathway.
  - 12. The product of claim 1, wherein the communication management operations further comprise:
    - confirming the information conforms to a data range pre-assigned to the communication pathway.
  - 13. The product of claim 1, wherein the communication management operations further comprise:
    - confirming the information conforms to a command type pre-assigned to the communication pathway.
  - 14. The product of claim 1, wherein the information comprises at least a portion of an executable code.
  - 15. The product of claim 1, wherein the information comprises at least a portion of a script.
  - 16. The product of claim 1, wherein the information comprises at least a portion of a transaction.
  - 17. The product of claim 16, wherein the transaction is configured to modify ownership of at least one token.
  - 18. The product of claim 16, wherein the transaction is configured to create a smart contract.
  - 19. The product of claim 16, wherein the transaction is configured to invoke a smart contract method.
  - 20. The product of claim 16, wherein the transaction is configured to encode data in a file.
  - 21. The product of claim 1, wherein the information comprises at least a portion of a proposed block of transactions.
  - 22. The product of claim 1, wherein the information comprises at least a portion of a protocol message.
  - 23. The product of claim 1, wherein the one or more information management processes comprises a distributed ledger management process.
  - 24. The product of claim 1, wherein the one or more information management processes comprises a supply chain management process.
  - 25. The product of claim 1, wherein the one or more information management processes comprises a fintech service.
  - 26. The product of claim 1, wherein the one or more information management processes comprises a transaction processing service.
  - 27. The product of claim 1, wherein the one or more information management processes comprises a file update process.
  - 28. The product of claim 1, wherein the one or more information management processes are distributed on a peer-to-peer network.
  - 29. The product of claim 2, wherein the remote application program is a wallet on the computing device.
  - 30. The product of claim 29, wherein the computing device is a mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
StealthPath, Inc.
Original Assignee
StealthPath, Inc.
Inventors
Clark, Mike, Gordon, Andrew, Clark, Matt
Primary Examiner(s)
McNally, Michael S

Application Number

US16/153,366
Publication Number

US 20190109713A1
Time in Patent Office

291 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/44   Program or device authentic...

G06F 21/602   Providing cryptographic fac...

G06Q 20/36   using electronic wallets or...

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/0478   applying multiple layers of...

H04L 63/0876   based on the identity of th...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3297   involving time stamps, e.g....

H04L 9/50   using hash chains, e.g. blo...

Methods for internet communication security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for internet communication security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links