Secure Routing Based on the Physical Locations of Routers

US 20130232565A1
Filed: 03/15/2013
Published: 09/05/2013
Est. Priority Date: 11/18/2010
Status: Active Grant

First Claim

Patent Images

1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:

defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;

defining, by the at least one user, at least one security constraint, wherein the at least one security constraint is based on a physical location of at least one of the network nodes;

comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes,wherein the qualified network nodes are the available network nodes that meet the at least one security constraint;

determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node; and

transmitting the at least one data packet from the source network node to the destination network node through the route comprising the at least one qualified network node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus for secure routing based on the physical location of routers are disclosed herein. The disclosed method for secure data transmission of at least one data packet through a plurality of network nodes involves defining a source network node, a destination network node, and at least one security constraint, which is based on the physical location of at least one of the network nodes. The method further involves comparing available network nodes with the security constraint(s) to determine which of the available network nodes meet the security constraint(s) and, thus, are qualified network nodes. Additionally, the method involves determining a route comprising at least one of the qualified network nodes to route the data packet(s) through from the source network node to the destination network node. Further, the method involves transmitting the data packet(s) through the route of the qualified network node(s).

Citations

21 Claims

1. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
- defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;
  
  defining, by the at least one user, at least one security constraint, wherein the at least one security constraint is based on a physical location of at least one of the network nodes;
  
  comparing, by at least one processor, available network nodes in a map of the network nodes with the at least one security constraint to determine which of the available network nodes are qualified network nodes,wherein the qualified network nodes are the available network nodes that meet the at least one security constraint;
  
  determining, by the at least one processor, a route comprising at least one of the qualified network nodes to route the at least one data packet through from the source network node to the destination network node; and
  
  transmitting the at least one data packet from the source network node to the destination network node through the route comprising the at least one qualified network node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the at least one user is at least one of a person, an entity, an application, a program, a node, a router, a mobile device, a processor, and a computer.
  - 3. The method of claim 1, wherein the at least one security constraint is one of that the at least one data packet must be routed through the network nodes that are physically located within at least one specified geographic region, and that the at least one data packet must be routed through the network nodes that are not physically located within the at least one specified geographic region.
  - 4. The method of claim 3, wherein the at least one geographic region is at least one of a nation, a state, a province, a county, a government facility, and a city.
  - 5. The method of claim 3, wherein at least one of the at least one geographic region is defined by a polygon, which is defined by points.
  - 6. The method of claim 5, wherein the points are defined by the at least one user specifying a longitude and a latitude of each of the points.
  - 7. The method of claim 1, wherein the map of the network nodes comprises at least one of information regarding the physical location of at least one of the network nodes, information regarding whether the physical location of any of the network nodes can be authenticated by using satellite geolocation techniques, information regarding whether the physical location of any of the network nodes can be authenticated by using network ping ranging measurements, information regarding whether any of the network nodes can encrypt data packets, and information regarding whether any of the network nodes can decrypt data packets.
  - 8. The method of claim 1, wherein at least one of the at least one security constraint is that the at least one data packet must be routed through the network nodes that can have their physical locations authenticated by using satellite geolocation techniques.
  - 9. The method of claim 1, wherein at least one of the at least one security constraint is that the at least one data packet must be routed through the network nodes that can have their physical locations authenticated by using network ping ranging measurements.
  - 10. The method of claim 1, wherein at least one of the at least one security constraint is that if the network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through the network nodes only if the at least one data packet is encrypted.
  - 11. The method of claim 1, wherein at least one of the at least one security constraint is that the at least one data packet must travel from the source network node to the destination network node on a route that has a length less than a threshold distance.

12. A method for secure data transmission of at least one data packet through a plurality of network nodes, the method comprising:
- defining, by at least one user, a source network node and a destination network node, wherein the source network node and the destination network node are in the plurality of network nodes;
  
  defining, by the at least one user, at least one security constraint, wherein the at least one security constraint is based on a physical location of at least one of the network nodes;
  
  encoding, by at least one processor, the at least one security constraint into the at least one data packet;
  
  determining, by the source network node, which available network nodes connected to the source network node are qualified network nodes,wherein the qualified network nodes are the available network nodes that meet the at least one security constraint;
  
  transmitting, by the source network node, the at least one data packet to one of the qualified network nodes;
  
  determining, by any network node that receives the at least one data packet, which available network nodes connected to the network node that receives the at least one data packet are qualified network nodes; and
  
  transmitting, by any network node that receives the at least one data packet, the at least one data packet to one of the qualified network nodes, wherein the at least one data packet is transmitted in a route from the source network node to the destination network node through the qualified network nodes.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, wherein the at least one user is at least one of a person, an entity, an application, a program, a node, a router, a mobile device, a processor, and a computer.
  - 14. The method of claim 12, wherein the at least one security constraint is one of that the at least one data packet must be routed through the network nodes that are physically located within at least one specified geographic region, and that the at least one data packet must be routed through the network nodes that are not physically located within the at least one specified geographic region.
  - 15. The method of claim 14, wherein the at least one geographic region is at least one of a nation, a state, a province, a county, a government facility, and a city.
  - 16. The method of claim 14, wherein at least one of the at least one geographic region is defined by a polygon, which is defined by points.
  - 17. The method of claim 16, wherein the points are defined by the at least one user specifying a longitude and a latitude of each of the points.
  - 18. The method of claim 12, wherein at least one of the at least one security constraint is that the at least one data packet must be routed through the network nodes that can have their physical locations authenticated by using satellite geolocation techniques.
  - 19. The method of claim 12, wherein at least one of the at least one security constraint is that the at least one data packet must be routed through the network nodes that can have their physical locations authenticated by using network ping ranging measurements.
  - 20. The method of claim 12, wherein at least one of the at least one security constraint is that if the network nodes are unable to have their physical locations authenticated, the at least one data packet can be routed through the network nodes only if the at least one data packet is encrypted.
  - 21. The method of claim 12, wherein at least one of the at least one security constraint is that the at least one data packet must travel from the source network node to the destination network node on a route that has a length less than a threshold distance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
O'Connor, Michael Lee, Lawrence, David G., Whelan, David A., Gutt, Gregory M., Schmalzried, Rachel Ran

Granted Patent

US 9,178,894 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04B 7/18584   Arrangements for data netwo...

H04B 7/18593   Arrangements for preventing...

H04L 63/0227   Filtering policies mail mes...

H04L 63/107   wherein the security polici...

H04L 9/3236   using cryptographic hash fu...

Secure Routing Based on the Physical Locations of Routers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Routing Based on the Physical Locations of Routers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links