SYSTEM AND METHOD FOR PROVIDING UNIFIED TRANSPORT AND SECURITY PROTOCOLS

US 20110099623A1
Filed: 10/28/2009
Published: 04/28/2011
Est. Priority Date: 10/28/2009
Status: Active Grant

First Claim

Patent Images

1. A system for providing unified transport and security protocols, comprising:

a memory configured to store a first access filter value uniquely calculated for one requester device, wherein the first access filter value includes a hash value calculated from one or more randomly generated dynamic values using one or more predetermined hash functions; and

responder logic configured to execute on a responder device, wherein executing the responder logic on the responder device causes the responder device to;

transmit the one or more randomly generated dynamic values to the requester device, wherein the requester device calculates a hash value from the one or more randomly generated dynamic values using the predetermined hash functions;

receive a first message frame from the requester device through a network interface coupled to a network, wherein the first message frame includes the hash value calculated by the requester device and one or more dynamic values randomly generated at the requester device;

authenticate the requester device in response to the hash value included in the first message frame matching the first access filter value stored in the memory;

calculate a second access filter value from the dynamic values randomly generated at the requester device using the predetermined hash functions; and

transmit a second message frame that includes the second access filter value to the requester device through the network interface, wherein the requester device authenticates the responder device in response to the second access filter value included in the second message frame matching a value generated from the randomly generated dynamic values included in the first message frame received from the requester device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method described herein may provide unified transport and security protocols. In particular, the unified transport and security protocols may include a Secure Frame Layer transport and security protocol that includes stages for initially configuring a requester device and a responder device, identifying the requester device and the responder device to one another, and authenticating message frames communicated between the requester device and the responder device. Additionally, the unified transport and security protocols may further include a Secure Persistent User Datagram Protocol that includes modes for processing message frames received at the requester device and the responder device, recovering the requester device in response to packet loss, retransmitting lost packets sent between the requester device and the responder device, and updating location information for the requester device to restore a communications session between the requester device and the responder device.

98 Citations

View as Search Results

32 Claims

1. A system for providing unified transport and security protocols, comprising:
- a memory configured to store a first access filter value uniquely calculated for one requester device, wherein the first access filter value includes a hash value calculated from one or more randomly generated dynamic values using one or more predetermined hash functions; and
  
  responder logic configured to execute on a responder device, wherein executing the responder logic on the responder device causes the responder device to;
  
  transmit the one or more randomly generated dynamic values to the requester device, wherein the requester device calculates a hash value from the one or more randomly generated dynamic values using the predetermined hash functions;
  
  receive a first message frame from the requester device through a network interface coupled to a network, wherein the first message frame includes the hash value calculated by the requester device and one or more dynamic values randomly generated at the requester device;
  
  authenticate the requester device in response to the hash value included in the first message frame matching the first access filter value stored in the memory;
  
  calculate a second access filter value from the dynamic values randomly generated at the requester device using the predetermined hash functions; and
  
  transmit a second message frame that includes the second access filter value to the requester device through the network interface, wherein the requester device authenticates the responder device in response to the second access filter value included in the second message frame matching a value generated from the randomly generated dynamic values included in the first message frame received from the requester device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein executing the responder logic on the responder device further causes the responder device to discard the first message frame without saving a state of the first message frame in response to the hash value included in the first message frame not matching the first access filter value.
  - 3. The system of claim 1, wherein executing the responder logic on the responder device further causes the responder device to trigger a recovery mode at the requester device in response to receiving a predetermined number of message frames from the requester device that do not include a hash value that matches the first access filter value.
  - 4. The system of claim 1, wherein executing the responder logic on the responder device further causes the responder device to update a location of the requester device in response to the message frame including an update request.
  - 5. The system of claim 4, wherein the updated location of the requester device comprises one or more of an updated IP address or an updated port number.
  - 6. The system of claim 4, wherein the requester device inserts the update request within the message frame in response to determining that the requester device has not received any activity from the responder device within a predetermined time period.
  - 7. The system of claim 1, wherein executing the responder logic on the responder device further causes the responder device to:
    - update the one or more randomly generated dynamic values stored in the memory in response to authenticating the first message frame received from the requester device;
      
      calculate an updated access filter value from the updated randomly generated dynamic values using the predetermined hash functions;
      
      transmit the updated randomly generated dynamic values to the requester device, wherein the requester device calculates an updated hash value from the updated randomly generated dynamic values using the predetermined hash functions;
      
      receive a third message frame from the requester device through the network interface, wherein the third message frame includes the updated hash value calculated by the requester device;
      
      authenticate the requester device in response to the updated hash value included in the third message frame matching the updated access filter value stored in the memory; and
      
      discard the third message frame in response to the updated hash value included in the third message frame not matching the updated access filter value.
  - 8. The system of claim 7, wherein executing the responder logic on the responder device further causes the responder device to:
    - send the first access filter value to the requester device in response to receiving a predetermined number of message frames from the requester device that do not include the updated hash value matching the updated access filter value;
      
      replace the updated access filter value in the memory with the first access filter value;
      
      receive a subsequent message frame from the requester device; and
      
      authenticate the subsequent message frame in response to the subsequent message frame including the first access filter value.

9. A system for providing unified transport and security protocols, comprising:
- a memory configured to store a master key uniquely calculated for one requester device using one or more predetermined hash functions, wherein seeds to the predetermined hash functions include one or more dynamic values randomly generated at a responder device and login information for a legitimate user of a requester device; and
  
  requester logic configured to execute on the requester device, wherein executing the requester logic on the requester device causes the requester device to;
  
  initiate a login session at the requester device, wherein the login session displays an interface for entering login information associated with a user of the requester device;
  
  receive the login information associated with the user of the requester device through the interface displayed during the login session;
  
  calculate a local master key at the requester device using the predetermined hash functions, wherein seeds to the predetermined hash functions include the one or more randomly generated dynamic values stored in the memory and the login information received through the login session interface; and
  
  establish a connection with the responder device in response to the local master key matching the master key stored in the memory.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein executing the requester logic on the requester device further causes the requester device to initiate an active open with the responder device to establish the connection with the responder device.
  - 11. The system of claim 10, wherein the requester device initiates the active open with the responder device in response to determining that the responder device has initiated a passive open with the requester device.
  - 12. The system of claim 9, wherein the login information associated with the user of the requester device includes a user name and a password.

13. A system for providing unified transport and security protocols, comprising:
- a memory configured to store one or more randomly generated dynamic values received from a responder device;
  
  requester logic configured to execute on a requester device, wherein executing the requester logic on the requester device causes the requester device to;
  
  calculate a hash value from the one or more randomly generated dynamic values using one or more predetermined hash functions;
  
  transmit a message frame to the responder device through a network interface coupled to a network, wherein the message frame includes the hash value calculated by the requester device; and
  
  retransmit the message frame to the responder device in response to determining that one or more predetermined conditions have been satisfied.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the one or more predetermined conditions include the responder device not responding to the message frame within a predetermined amount of time.
  - 15. The system of claim 14, wherein the one or more predetermined conditions further include the requester device having retransmitted the message frame to the responder device less than a predetermined number of times.
  - 16. The system of claim 15, wherein executing the requester logic on the requester device further causes the requester device to enter a recovery mode in response to determining that the requester device has retransmitted the message frame to the responder device the predetermined number of times.

17. A method for providing unified transport and security protocols, comprising:
- storing, at a responder device, a first access filter value uniquely calculated for one requester device in a memory, wherein the first access filter value includes a hash value calculated from one or more randomly generated dynamic values using one or more predetermined hash functions; and
  
  transmitting, from the responder device, the one or more randomly generated dynamic values to the requester device, wherein the requester device calculates a hash value from the one or more randomly generated dynamic values using the predetermined hash functions;
  
  receiving, at the responder device, a first message frame from the requester device through a network interface coupled to a network, wherein the first message frame includes the hash value calculated by the requester device and one or more dynamic values randomly generated at the requester device;
  
  authenticating the requester device in response to the responder device determining that the hash value included in the first message frame matches the first access filter value stored in the memory;
  
  calculating, at the responder device, a second access filter value from the dynamic values randomly generated at the requester device, wherein the responder device calculates the second access filter value using the predetermined hash functions; and
  
  transmitting, from the responder device, a second message frame that includes the second access filter value to the requester device, wherein the requester device authenticates the responder device in response to the second access filter value included in the second message frame matching a value generated from the randomly generated dynamic values included in the first message frame received from the requester device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, further comprising discarding the first message frame at the responder device without saving a state of the first message frame in response to the hash value included in the first message frame not matching the first access filter value.
  - 19. The method of claim 17, further comprising updating, at the responder device, a location of the requester device in response to the message frame including an update request.
  - 20. The method of claim 19, wherein the updated location of the requester device comprises one or more of an updated P address or an updated port number.
  - 21. The method of claim 19, wherein the requester device inserts the update request within the message frame in response to determining that the requester device has not received any activity from the responder device within a predetermined time period.
  - 22. The method of claim 17, further comprising:
    - updating, at the responder device, the one or more randomly generated dynamic values stored in the memory in response to authenticating the first message frame received from the requester device;
      
      calculating, at the responder device, an updated access filter value from the updated randomly generated dynamic values using the predetermined hash functions;
      
      transmitting, from the responder device, the updated randomly generated dynamic values to the requester device, wherein the requester device calculates an updated hash value from the updated randomly generated dynamic values using the predetermined hash functions;
      
      receiving, at the responder device, a third message frame from the requester device through the network interface, wherein the third message frame includes the updated hash value calculated by the requester device;
      
      authenticating the requester device in response to the responder device determining that the updated hash value included in the third message frame matches the updated access filter value stored in the memory; and
      
      discarding the third message frame at the responder device in response to the updated hash value included in the third message frame not matching the updated access filter value.
  - 23. The method of claim 22, further comprising triggering, from the responder device, a recovery mode at the requester device in response to determining that the responder device has discarded a predetermined number of message frames from the requester device that include updated hash values that do not match the updated access filter value.
  - 24. The method of claim 23, wherein triggering the recovery mode at the requester device includes:
    - sending, from the responder device, the first access filter value to the requester device in response to discarding the predetermined number of message frames from the requester device include the updated hash values that do not match the updated access filter value;
      
      replacing the updated access filter value stored in the memory at the responder device with the first access filter value;
      
      receiving, at the responder device, a subsequent message frame from the requester device; and
      
      authenticating the requester device in response to the responder device determining that the subsequent message frame received from the requester device includes the first access filter value.

25. A method for providing unified transport and security protocols, comprising:
- storing, at a requester device, a master key uniquely calculated for one requester device in a memory, wherein the master key includes a hash value generated at a responder device using one or more predetermined hash functions, and wherein seeds to the predetermined hash functions include one or more dynamic values randomly generated at the responder device and login information for a legitimate user of the requester device;
  
  initiating, at the requester device, a login session that displays an interface for entering login information associated with a user of the requester device;
  
  receiving, at the requester device, the login information associated with the user of the requester device through the interface displayed during the login session;
  
  calculating, at the requester device, a local master key using the predetermined hash functions, wherein seeds to the predetermined hash functions include the one or more randomly generated dynamic values stored in the memory and the login information received through the login session interface; and
  
  establishing, from the requester device, a connection with the responder device in response to the local master key matching the master key stored in the memory.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein establishing the connection with the responder device includes initiating, from the requester device, an active open with the responder device.
  - 27. The method of claim 26, wherein the requester device initiates the active open with the responder device in response to determining that the responder device has initiated a passive open with the requester device.
  - 28. The method of claim 25, wherein the login information associated with the user of the requester device includes a user name and a password.

29. A method for providing unified transport and security protocols, comprising:
- storing, at a requester device, one or more randomly generated dynamic values received from a responder device;
  
  calculating, at the requester device, a hash value from the one or more randomly generated dynamic values using one or more predetermined hash functions;
  
  transmitting, from the requester device, a message frame to the responder device through a network interface coupled to a network, wherein the message frame includes the hash value calculated by the requester device; and
  
  retransmitting, from the requester device, the message frame to the responder device in response to determining that one or more predetermined conditions have been satisfied.
- View Dependent Claims (30, 31, 32)
- - 30. The method of claim 29, wherein the one or more predetermined conditions include the responder device not responding to the message frame within a predetermined amount of time.
  - 31. The method of claim 30, wherein the one or more predetermined conditions further include the requester device having retransmitted the message frame to the responder device less than a predetermined number of times.
  - 32. The method of claim 31, further comprising entering a recovery mode at the requester device in response to determining that the requester device has retransmitted the message frame to the responder device the predetermined number of times.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aunigma Network Security Corp.
Original Assignee
Aunigma Network Security Corp.
Inventors
Elliott, Karl E., Huang, Andy, Garrard, Kenneth W.

Granted Patent

US 8,370,920 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0869   for achieving mutual authen...

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 67/104   Peer-to-peer [P2P] networks

H04L 69/16   Implementation or adaptatio...

H04L 69/166   IP fragmentation; TCP segme...

SYSTEM AND METHOD FOR PROVIDING UNIFIED TRANSPORT AND SECURITY PROTOCOLS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING UNIFIED TRANSPORT AND SECURITY PROTOCOLS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links