Methods for internet communication security
First Claim
1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device to perform communication management operations, the communication management operations comprising:
- i) consuming a first network packet to obtain an application layer first payload and a first port number, the first port number assigned to a transport layer first port for an end-user application program on a second computing device;
ii) decrypting an encrypted read-only first file and identifying a data record in the first file that contains the first port number in a first port number field of the identified data record in the first file, the first file stored locally on the first computing device;
iii) confirming the application layer first payload conforms to one or more formatting requirements named in the identified data record in the first file;
iv) negotiating an encrypted TCP connection with a network security software running on the second computing device, the encrypted TCP connection dedicated exclusively to routing communications that are a) directed to and/or originating from the transport layer first port, and b) formatted according to the named formatting requirements;
v) forming a second network packet, comprising;
inserting into an application layer portion of the second network packet;
a) at least a portion of the application layer first payload, b) a nonpublic identifier that is unique to the program code executable by the first computing device, c) a nonpublic user-identifier for a process owner running the program code executable by the first computing device, and d) an identifier for the one or more formatting requirements; and
vi) sending the second network packet to the network security software via the encrypted TCP connection.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
-
Citations
22 Claims
-
1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device to perform communication management operations, the communication management operations comprising:
-
i) consuming a first network packet to obtain an application layer first payload and a first port number, the first port number assigned to a transport layer first port for an end-user application program on a second computing device; ii) decrypting an encrypted read-only first file and identifying a data record in the first file that contains the first port number in a first port number field of the identified data record in the first file, the first file stored locally on the first computing device; iii) confirming the application layer first payload conforms to one or more formatting requirements named in the identified data record in the first file; iv) negotiating an encrypted TCP connection with a network security software running on the second computing device, the encrypted TCP connection dedicated exclusively to routing communications that are a) directed to and/or originating from the transport layer first port, and b) formatted according to the named formatting requirements; v) forming a second network packet, comprising;
inserting into an application layer portion of the second network packet;
a) at least a portion of the application layer first payload, b) a nonpublic identifier that is unique to the program code executable by the first computing device, c) a nonpublic user-identifier for a process owner running the program code executable by the first computing device, and d) an identifier for the one or more formatting requirements; andvi) sending the second network packet to the network security software via the encrypted TCP connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification