Peer-to-peer name resolution protocol (PNRP) security infrastructure and method
First Claim
1. A method of ensuring secure peer-to-peer communication by validating identification (ID) certificates for a peer node'"'"'s IP address before use in a peer-to-peer name resolution protocol (PNRP), comprising the steps of:
- validating the ID certificate; and
opportunistically verifying ownership of the ID certificate at the peer node'"'"'s IP address.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for use in a peer-to-peer communication system to ensure valid connections are made in a secure manner includes the steps of receiving an address record for a peer node which includes an ID certificate. The ID certificate is validated and checked to verify that the ID certificate has not expired. Further, the method determines if the node from whom the address record was received is to be trusted, and the number of instances of the IP address included in the certificate is already stored in cache. When the foregoing are completed successfully, i.e. the certificate is valid, not expired, has been supplied by a trusted neighbor, and does not point to an IP address that already exists for different ID'"'"'s multiple times, the method opportunistically verifies ownership of the ID certificate at the peer node'"'"'s IP address. That is, the verification of ownership only occurs when the advertiser of the ID is the owner of that ID (or when the ID is to be used). If any of the above cannot be completed successfully, the address record is discarded.
110 Citations
29 Claims
-
1. A method of ensuring secure peer-to-peer communication by validating identification (ID) certificates for a peer node'"'"'s IP address before use in a peer-to-peer name resolution protocol (PNRP), comprising the steps of:
-
validating the ID certificate; and
opportunistically verifying ownership of the ID certificate at the peer node'"'"'s IP address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for use in a peer-to-peer communication system, comprising the steps of:
-
A. receiving an address record for a peer node, the record including an ID certificate;
B. validating the ID certificate;
C. verifying that the ID certificate has not expired;
D. determining if node from whom the address record was received is to be trusted;
E. determining if number of instances of IP address for the peer node is less than a predetermined limit; and
F. when steps B. thru E. are completed successfully, selectively verifying ownership of the ID certificate at the peer node'"'"'s IP address; and
G. when any of steps B. thru F. are not completed successfully, discarding the address record. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A secure method of processing peer-to-peer queries, comprising the steps of:
-
A. receiving the query from a neighbor;
B. checking to see if a valid and verified record of the neighbor is stored in cache;
C. when a valid and verified record of the neighbor is not stored in cache, validating an ID certificate of the neighbor, and opportunistically verifying ownership of the ID certificate at an IP address of the neighbor;
D. when the neighbor is not an originator of the query, validating an ID certificate of the originator;
E. comparing the query to the local identity F. when the local ID matches the query, returning the local ID record to the neighbor; and
G. when a record that satisfies the query is not found, forwarding the query to another peer. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A secure method of processing peer-to-peer responses from queries, comprising the steps of:
-
receiving the result from a query from a neighbor;
checking to see if a valid and verified record of the neighbor is stored in cache;
when a valid and verified record of the neighbor is not stored in cache, validating an ID certificate of the neighbor, and opportunistically verifying ownership of the ID certificate at an IP address of the neighbor;
when the neighbor is not the result of the query, validating an ID certificate of the result;
when the ID certificate of the result is validated, forwarding the result to a next hop identified in the result. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A peer-to-peer node address certificate, comprising:
-
a first data field containing a certificate version;
a second data field containing a peer node identifier;
a third data field containing information associated with the peer node identifier;
a fourth data field containing information relating to a period of validity for the address certificate; and
a fifth data field containing a public key of the node. - View Dependent Claims (28, 29)
-
Specification