Methods for internet communication security
First Claim
1. A product for authenticating and authorizing provenance of information for one or more information management processes, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable on a processor to perform communication management operations, the communication management operations comprising:
- i) authorizing communication with a computing device on a network, comprising;
a) sending a nonpublic first identification code via a communication pathway, the communication pathway pre-established on the network;
b) receiving, after sending the nonpublic first identification code, a nonpublic computing device identification code via the pre-established communication pathway; and
c) comparing the computing device identification code with a preconfigured value for the computing device, to confirm that the computing device is an authorized computing device on the network;
ii) receiving a network packet via the communication pathway, the network packet comprising;
(a) information; and
(b) an encrypted parameter in an application space portion of the network packet;
iii) verifying that the received information is an authorized communication from a process operating on the authorized computing device, comprising;
comparing, in a processor-accessible kernel space, a decrypted form of the parameter with a preconfigured identifier for the process to confirm that the process is an authorized process; and
iv) passing the information from the processor-accessible kernel space to one or more information management processes.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
-
Citations
30 Claims
-
1. A product for authenticating and authorizing provenance of information for one or more information management processes, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable on a processor to perform communication management operations, the communication management operations comprising:
-
i) authorizing communication with a computing device on a network, comprising; a) sending a nonpublic first identification code via a communication pathway, the communication pathway pre-established on the network; b) receiving, after sending the nonpublic first identification code, a nonpublic computing device identification code via the pre-established communication pathway; and c) comparing the computing device identification code with a preconfigured value for the computing device, to confirm that the computing device is an authorized computing device on the network; ii) receiving a network packet via the communication pathway, the network packet comprising;
(a) information; and
(b) an encrypted parameter in an application space portion of the network packet;iii) verifying that the received information is an authorized communication from a process operating on the authorized computing device, comprising;
comparing, in a processor-accessible kernel space, a decrypted form of the parameter with a preconfigured identifier for the process to confirm that the process is an authorized process; andiv) passing the information from the processor-accessible kernel space to one or more information management processes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification