×

Methods for internet communication security

  • US 10,630,642 B2
  • Filed: 10/05/2018
  • Issued: 04/21/2020
  • Est. Priority Date: 10/06/2017
  • Status: Active Grant
First Claim
Patent Images

1. A product for securing communications of a plurality of networked computing devices, the product comprising a non-transitory computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code executable by a first computing device of the plurality of networked computing devices to perform communication management operations, the communication management operations comprising:

  • i) forming a configured communication pathway by configuring a pre-established communication pathway to exclusively communicate application data between a first user-application on the first computing device and a second user-application on a second computing device of the plurality of networked computing devices, the first user-application operated by a first user and the second user-application operated by a second user, the configuring comprising;

    a) sending a first configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the first configuration packet containing a nonpublic first device identifier for the first computing device in an application layer portion of the first configuration packet;

    b) receiving a second configuration packet from the second computing device, the second configuration packet containing a nonpublic second device identifier for the second computing device in an application layer portion of the second configuration packet;

    c) confirming, in a kernel space of the first computing device, that the second computing device is authorized to communicate with the first user-application, comprising;

    matching the nonpublic second device identifier to a preconfigured nonpublic second device code for the second computing device;

    d) further sending a third configuration packet from the first computing device to the second computing device via the pre-established communication pathway, the third configuration packet containing a nonpublic first user-application identifier in an application layer portion of the third configuration packet, wherein the nonpublic first user-application identifier is exclusive to the first user-application and the second user-application;

    e) further receiving a fourth configuration packet from the second computing device, the fourth configuration packet containing a nonpublic second user-application identifier in an application layer portion of the fourth configuration packet; and

    f) further confirming, in the kernel space of the first computing device, that the second user-application is authorized to receive outgoing application data from the first user-application via the configured communication pathway, comprising;

    further matching the nonpublic second user-application identifier to a preconfigured nonpublic second user-application code, wherein the preconfigured nonpublic second user-application code is exclusive to the second user-application and the first user-application;

    ii) preventing any transport layer ports used by the configured communication pathway from being used by any other communication pathway;

    iii) verifying that incoming application data received via the configured communication pathway conforms to a plurality of content requirements, the plurality of content requirements comprising;

    a) a data type;

    b) a data range; and

    c) a command type authorized to be present in the incoming application data; and

    iv) passing the verified incoming application data to the first user-application;

    wherein the nonpublic first user-application identifier is unique to the first user-application, the first user, and the plurality of content requirements;

    wherein the preconfigured nonpublic second user-application code is unique to the second user-application, the second user, and the plurality content requirements; and

    wherein files containing values for the nonpublic first device identifier, the preconfigured nonpublic second device code, the nonpublic first user-application identifier, and the preconfigured nonpublic second user-application code are sent to the first computing device and to the second computing device from a provisioning server prior to performing the communication management operations.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×