Methods for internet communication security
First Claim
1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device of the plurality of network computing devices to perform communication management operations, the communication management operations comprising:
- i) forming a configured communication pathway by configuring a pre-established communication pathway to exclusively communicate application data between a first user-application on the first computing device and a second user-application on a second computing device of the plurality of network computing devices, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising;
a) sending a first configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet;
b) receiving a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet;
c) confirming, in a kernel space of the first computing device, that the second computing device is authorized to communicate with the first user-application, comprising;
matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;
d) further sending a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is exclusive to the first user-application and the second user-application;
e) further receiving a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and
<
f) further confirming, in the kernel space of the first computing device, that the second user-application is authorized to receive the application data from the first user-application, comprising;
further matching the nonpublic second user-application identifier to a preconfigured nonpublic second user-application code, wherein the preconfigured nonpublic second user-application code is exclusive to the second user-application and the first user-application; and
ii) preventing any transport layer ports used by the configured communication pathway from being used by any other communication pathway.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
175 Citations
30 Claims
-
1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device of the plurality of network computing devices to perform communication management operations, the communication management operations comprising:
-
i) forming a configured communication pathway by configuring a pre-established communication pathway to exclusively communicate application data between a first user-application on the first computing device and a second user-application on a second computing device of the plurality of network computing devices, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising; a) sending a first configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet; b) receiving a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet; c) confirming, in a kernel space of the first computing device, that the second computing device is authorized to communicate with the first user-application, comprising;
matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;d) further sending a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is exclusive to the first user-application and the second user-application; e) further receiving a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and
<
f) further confirming, in the kernel space of the first computing device, that the second user-application is authorized to receive the application data from the first user-application, comprising;
further matching the nonpublic second user-application identifier to a preconfigured nonpublic second user-application code, wherein the preconfigured nonpublic second user-application code is exclusive to the second user-application and the first user-application; andii) preventing any transport layer ports used by the configured communication pathway from being used by any other communication pathway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification