Establishing Secure TCP/IP Communications Using Embedded IDs
First Claim
1. A method for establishing secure TCP/IP communications for individual network connections between a source node and a destination node, the method comprising:
- intercepting a TCP SYN packet prior to transmission of the packet to the destination node, wherein the packet includes a packet header, and embedding unique identifiers into the packet header, wherein the unique identifiers are associated with a connection attempt between the source node and the destination node, and forwarding the TCP SYN packet with embedded identifiers to the destination node;
intercepting the TCP SYN packet with embedded identifiers prior to arrival of the packet at the destination node, and determining whether secure communications are required;
upon determining that secure communications are required, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including an identifier to indicate that secure communications are required;
intercepting the RST packet prior to arrival of the packet at the source node, extracting the secure communications identifier and triggering secure communications for subsequent packets in either direction between the source node and the destination node; and
encrypting outgoing packets between the source node and the destination node, and checking message integrity of the encrypted packet, and further decrypting incoming packets between the source node and the destination node, and checking message integrity of the decrypted packet.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for establishing secure TCP/IP communications for individual network connections include the steps of intercepting a conventional TCP SYN packet prior to transmission from a source node to a destination node, embedding unique identifiers into standard fields of the packet header, wherein the unique identifiers are associated with the specific connection attempt and wherein the unique identifiers identify the user account and/or the computer hardware initiating the communication attempt, then forwarding the modified TCP SYN packet to the destination node and intercepting the modified TCP SYN packet prior to arrival, determining whether secure communications are required based on the unique identifiers extracted from the packet headers, based on other TCP/IP information, and based on predefined rules associated with the same. If secure communications are required, such requirement is communicated within either an RST or a SYN-ACK back to the source node.
97 Citations
24 Claims
-
1. A method for establishing secure TCP/IP communications for individual network connections between a source node and a destination node, the method comprising:
-
intercepting a TCP SYN packet prior to transmission of the packet to the destination node, wherein the packet includes a packet header, and embedding unique identifiers into the packet header, wherein the unique identifiers are associated with a connection attempt between the source node and the destination node, and forwarding the TCP SYN packet with embedded identifiers to the destination node;
intercepting the TCP SYN packet with embedded identifiers prior to arrival of the packet at the destination node, and determining whether secure communications are required;
upon determining that secure communications are required, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including an identifier to indicate that secure communications are required;
intercepting the RST packet prior to arrival of the packet at the source node, extracting the secure communications identifier and triggering secure communications for subsequent packets in either direction between the source node and the destination node; and
encrypting outgoing packets between the source node and the destination node, and checking message integrity of the encrypted packet, and further decrypting incoming packets between the source node and the destination node, and checking message integrity of the decrypted packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for establishing secure TCP/IP communications for individual network connections between a source node and a destination node, the method comprising:
-
intercepting a TCP SYN packet prior to arrival of the packet at the destination node, the TCP SYN packet including standard TCP header elements, and determining from at least one standard TCP header element whether secure communications are required;
upon determining that secure communications are required, refusing passage of the TCP SYN packet to the destination node and returning an embed signal RST packet to the source node, the RST packet including an identifier to indicate that secure communications are required;
intercepting the RST packet prior to arrival of the packet at the source node, extracting the secure communications identifier and triggering secure communications for subsequent packets in either direction between the source node and the destination node; and
encrypting outgoing packets between the source node and the destination node, and checking message integrity of the encrypted packet, and further decrypting incoming packets between the source node and the destination node, and checking message integrity of the decrypted packet. - View Dependent Claims (12)
-
-
13. A method for establishing secure TCP/IP communications for individual network connections between a source node and a destination node, the method comprising:
-
intercepting a TCP SYN packet prior to transmission of the packet to the destination node, wherein the packet includes a packet header, and embedding unique identifiers into the packet header, wherein the unique identifiers are associated with a connection attempt between the source node and the destination node, and forwarding the TCP SYN packet with embedded identifiers to the destination node;
intercepting the TCP SYN packet with embedded identifiers prior to arrival of the packet at the destination node, and determining whether secure communications are required;
upon determining that secure communications are required, allowing passage of the TCP SYN packet to the destination node, intercepting a SYN-ACK packet traveling from the destination node to the source node, embedding an identifier into the SYN-ACK packet header, the identifier indicating that secure communications are required, and sending the SYN-ACK packet with embedded identifier to the source node;
intercepting the SYN-ACK packet prior to arrival of the packet at the source node, extracting the secure communications identifier and triggering secure communications for subsequent packets in either direction between the source node and the destination node; and
encrypting outgoing packets between the source node and the destination node, and checking message integrity of the encrypted packet, and further decrypting incoming packets between the source node and the destination node, and checking message integrity of the decrypted packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for establishing secure TCP/IP communications for individual network connections between a source node and a destination node, the method comprising:
-
intercepting a TCP SYN packet prior to arrival of the packet at the destination node, the TCP SYN packet including standard TCP header elements, and determining from at least one standard TCP header element whether secure communications are required;
upon determining that secure communications are required, allowing passage of the TCP SYN packet to the destination node, intercepting a SYN-ACK packet traveling from the destination node to the source node, embedding an identifier into the SYN-ACK packet header, the identifier indicating that secure communications are required, and sending the SYN-ACK packet with embedded identifier to the source node;
intercepting the SYN-ACK packet prior to arrival of the packet at the source node, extracting the secure communications identifier and triggering secure communications for subsequent packets in either direction between the source node and the destination node; and
encrypting outgoing packets between the source node and the destination node, and checking message integrity of the encrypted packet, and further decrypting incoming packets between the source node and the destination node, and checking message integrity of the decrypted packet. - View Dependent Claims (24)
-
Specification