Method and apparatus for packet source validation architecture system for enhanced Internet security

US 20050249225A1
Filed: 05/10/2005
Published: 11/10/2005
Est. Priority Date: 05/10/2004
Status: Active Grant

First Claim

Patent Images

1. A check and balance system for enhanced Internet security, comprising:

a. a system to insert a packet source validation code in the header of the packets entering the Internet;

b. an adaptation of major routers of the Internet, the adaptation checks the presence of a source validation code in the header of a packet and routs only those packets that have the source validation code;

c. the major router adaptation after checking the presence of the source validation code, verifies the source validation code with reference to a key server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Packet Source Validation Architecture (PSVA) system for enhanced Internet Security that validates the source of all data packets that enter and propagate in the global computer network is disclosed. The PSVA system includes: (i) a system means to insert a source validation code in the header of the packets entering the Internet, (ii) a system means wherein the source validation code does not identity the source of the packets to anyone except to a law-enforcement agency, (iii) a system means to transport such a packet from the sending computer to the destination computer over the existing global computer network, (iv) a means for packet receiving clients to forward the validation code therein to law-enforcement agencies, when an identified type of harm is detected in the data of the received packets. The PSVA system is made up of, (i) a distributed set of key servers and (ii) an adaptation of the major routers of the Internet, and an adaptation of the Sending and receiving client servers. For an embodiment limited to e-mail security, the PSVA system is made up of, (i) a distributed set of key servers, (ii) an adaptation of the mail servers, and (iii) and adaptation of sending mail clients, where for implementation all mail servers do not need to be adapted at the same time.

Citations

19 Claims

1. A check and balance system for enhanced Internet security, comprising:
- a. a system to insert a packet source validation code in the header of the packets entering the Internet;
  
  b. an adaptation of major routers of the Internet, the adaptation checks the presence of a source validation code in the header of a packet and routs only those packets that have the source validation code;
  
  c. the major router adaptation after checking the presence of the source validation code, verifies the source validation code with reference to a key server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system as in claim 1, further comprising:
    - a. the packet source validation code is of the form that identifies the source as an owner of the server that has control over the server that originated the data packet;
      
      b. the packet source validation code is of the form that identifies the sender of the data packet.
  - 3. The system as in claim 1, further comprising:
    - a. the packet source validation code is of the form that identifies the source of the packets to a law-enforcement agency, when an identified type of harm is detected in the data of the received packets;
      
      b. a means for packet receiving clients to forward the validation code therein to law-enforcement agencies.
  - 4. The system of claim 1, the key server comprising:
    - a. a key server for each country and area code of the telephone network, wherein the server adapted to receive calls from mobile phones from the same area code;
      
      b. a call security function in the key server that verifies the call from being in the same area code and from a mobile phone, and saves in a key server database, (i) call location identification, (ii) call date and time, (iii) caller id, (iv) a random number generated for a received call, (v) an encrypted validation code made up of the caller id and the random code, and (vi) a hash code derived from hashing all these fields.
  - 5. The system as in claim 1, the system to insert packet source validation code comprising:
    - a. a client security function resident in a source computer connected to the global network, which (i) displays a window for the entry of a cell telephone number and the random code, collectively called a validation code, (ii) encrypts the validation code and temporarily saves it; and
      
      b. a network adaptation function that embeds in each outgoing packet header to the network the area code and the encrypted validation code.
  - 6. The system as in claim 1, further comprising:
    - a client security function resident in a destination computer connected to a global network, receives data packets of an incoming file and extracts the source validation code from the header of the packets and saves in a security cookie file, the name of the file and the source validation code, enabling law enforcement to use the information to identify the sender of the packets.
  - 7. The system as in claim 1, the major router adaptation, comprising:
    - (a) a validation function that is present in a major router of the global network that (i) verifies that an incoming data packet has a data string in the header composed of the area code and the encrypted VC that match with data string in a database of the major router, (ii) if the string does not match, sends a query including the encrypted validation code to the validation server, specific to the area code, (iii) receives a response to the query to include the area code, random code and the hash code, and saves the response in the database of the major router and then verifies the data string, (iv) if the data string cannot be verified, sending an error message to the sender of the packet, (v) if the data string is verified replacing the data string with the hash code and adding a router id in the packet header, the router id identifies the major router which performed the validation function, wherein presence of a valid router id in the packet header enables subsequent major routers to not repeat the packet validation function, and (vi) removing the router id from the packet header, if the next router leg is to a non-major router of the global network;
      
      (b) a validation function resident in the key server, which receives the query from the major router, verifies the data string with the key server database and on verification sends a response that includes the area code, random code, encrypted validation code and the corresponding hash code.

8. A method of enhanced security for the global computer network made up of a group of major routers for routing data packets across the network from a sending device to a receiving device comprising the steps of:
- a. inserting a secret source validation code key in each packet header by the sending device;
  
  b. verifying the code key with a key server database by the first root router to receive the packet, and discarding those packets without a validated code key;
  
  c. replacing the code key with a reference number for those packets with a validated key;
  
  d. setting a validation bit in the header and routing the packets, wherein the validation bit being used by other routers to not repeat validation steps.
- View Dependent Claims (9, 10)
- - 9. The method as in claim 8, further comprising the steps of:
    - a. managing a key database server with database fields of at least caller ids, and additional fields of a first random number and a second random number;
      
      b. connecting the key database server to a telephone company network to receive calls, verify caller id and verify validity of the caller id from telephone company databases;
      
      c. generating the first random alphanumeric and voice delivering to a caller, whose caller id has been validated;
      
      d. embedding a secret key composed of the caller id and the first random in each packet header sent on the global network by the sender;
      
      e. verifying the secret key, by the network first router, with the validation database, generating the second random and replacing the secret key by the second random;
      
      f. setting a validation bit in the packet header and routing to the next router;
  - 10. The method as in claim 8, further comprising the steps of:
    - a. receiving the packet by the destination, removing the second random from the packet and saving in a file. b. retrieving the second random number from the file by the destination on receiving a harm causing packet;
      
      c. delivering the type of harm caused and the second random number to an organization;
      
      d. retrieving the caller id from the database, by the organization, by mapping the second random to the caller id;
      
      e. delivering to a law-enforcement agency the type of harm and the caller id.

11. A digital key system for enhanced e-mail security comprising:
- a. a key server, wherein the server adapted to receive calls from telephone network and screen calls with a call security function;
  
  b. the key server further adapted with a key generation function, a key distribution function, and a key validation function.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The digital key system as in claim 11, wherein the key generation function comprising:
    - a. a function that generates a random code for each received call with a caller id and encrypts the caller id and the random code, wherein the random code is used as an encryption key, then called encrypted validation code;
      
      b. a function that creates a key record having, area code, caller id, call date and time, the random code, and the encrypted validation code and saves the key record in a key server database.
  - 13. The digital key system as in claim 11, wherein the key distribution function comprising:
    - voice delivering function in the key server that voice delivers the random code to a caller of the call.
  - 14. The digital key system as in claim 11, the key validation function comprising:
    - a. a sub-function that receives a validation query from a mail server, the query containing at least the area code and the encryption validation code;
      
      b. a sub-function that matches the area code and the encrypted validation code in the key server database to find a key record;
      
      c. a sub-function that uses the random code of the record to decrypt the encrypted validation code and verifies the caller id; and
      
      d. a sub-function that responds to the query with an OK message to the mail server.
  - 15. The digital key system as in claim 11, further comprising:
    - a fee function that has (i) a sub-function that advises the caller of a fee for the service and (ii) a sub-function that charges the fee to the telephone bill as identified by the caller id.

16. A mail server, security features in the mail server, comprising:
- a. a mail security function that (i) receives an incoming e-mail file made up one or more data packets, (ii) saves the packets in a temporary area of the memory and extracts from the header of the packets, a data string made up of a country code, an area code and an encrypted validation code, and (iii) sends these to a pre-identified key server for the specific country code and the area code;
  
  b. the mail security function awaits a response from the key server, (i) without receiving an OK response from the key server discarding all the packets of the file, and (ii) with receiving an OK response from the key server, saving the file name and the encrypted validation code in a security cookie, and (iii) forwards the e-mail file to a an e-mail client.

17. The claim as in 16, further comprising:
- the mail server forwards the e-mail file to the mail clients with an annotation that the message has either been validated or not validated.

18. The claim as in 16, an adapted mail program in a mail sending client, as part of an enhanced security, comprising:
- a a function that inputs a random code and a caller id made up of country code, area code and a telephone number;
  
  b. a function that encrypts the called id and the random code using the random code as an encryption key, then labeled as the encrypted validation code; and
  
  c. a function that embeds country code, area code, and the encrypted validation code in the header of each outgoing packet from the mail program.

19. The claim as in 18, the adapted mail program in a mail receiving client, as part of an enhanced security, comprising:
- a. a function that saves data packets of an incoming e-mail file in a temporary area of memory and extracts a data string that has country code, area code and an encrypted validation code in the header of the packet;
  
  b. a function compares with the encrypted validation codes in a pre-stored mail security cookie, and when not being successfully compared, sends the area code and the encrypted validation code to a pre-identified key server for the specific country code and the area code;
  
  b. the mail receiving client, (i) without receiving an OK from the key server discarding all the packets of the file, and (ii) with receiving an OK from the key server, saving the file name and the encrypted validation code in the mail security cookie, (iii) and resume the normal operation of the mail program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tara Chand Singhal
Original Assignee
Tara Chand Singhal
Inventors
Singhal, Tara Chand

Granted Patent

US 8,423,758 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 63/0236 Filtering by address, proto...

H04L 63/1466 Active attacks involving in...

Method and apparatus for packet source validation architecture system for enhanced Internet security

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for packet source validation architecture system for enhanced Internet security

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links