METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC

US 20140304776A1
Filed: 06/19/2014
Published: 10/09/2014
Est. Priority Date: 01/24/2012
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an assertion by a source in an environment of distributed control, comprising:

receiving a notification of the assertion by the source;

determining an entity responsible for maintaining an authenticated list of assertions by the source based on a network address associated with the source and a first trusted public record;

determining an assertion authenticator for the entity based on a second trusted public record;

determining one or more authenticated assertions of the source from the assertion authenticator; and

authenticating the assertion based on the determined one or more authenticated assertions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus, and computer readable storage medium for authenticating assertions of a source are disclosed. In one aspect, a method for authenticating an assertion of a source in an environment of distributed control include receiving a notification of the assertion; determining an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record, determining an assertion authenticator for the entity based on a second trusted public record, determining one or more assertions of the source from the assertion authenticator, and authenticating the assertion based on the determined one or more assertions.

12 Citations

View as Search Results

20 Claims

1. A method of authenticating an assertion by a source in an environment of distributed control, comprising:
- receiving a notification of the assertion by the source;
  
  determining an entity responsible for maintaining an authenticated list of assertions by the source based on a network address associated with the source and a first trusted public record;
  
  determining an assertion authenticator for the entity based on a second trusted public record;
  
  determining one or more authenticated assertions of the source from the assertion authenticator; and
  
  authenticating the assertion based on the determined one or more authenticated assertions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the first public record is a public reverse Domain Name Service (DNS) entry.
  - 3. The method of claim 1, wherein the second public record is a public Domain Name Service (DNS) entry.
  - 4. The method of claim 2, wherein determining via a public record an entity responsible for maintaining an authenticated list of assertions by the source comprises:
    - determining a source network address indicated by the notification; and
      
      determining a hostname based on the source network address.
  - 5. The method of claim 4, wherein determining a hostname comprises performing a reverse Domain Name Service (DNS) lookup based on the source network address,
  - 6. The method of claim 5, wherein determining an assertion authenticator for the entity comprises performing a Domain Name Service (DNS) lookup based on the hostname.

7. An apparatus for authenticating an assertion by a source, comprising:
- one or more processors; and
  
  one or more memories, operably connected to the processors, wherein the one or more processors are configured to fetch instructions from the one or more memories, and the one or more memories are configured to store;
  
  a notification module configured to receive a notification of the assertion by the source,an entity determining module, configured to determine an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record,an assertion authenticator determination module, configured to determine an assertion authenticator for the entity based on a second trusted public record,an assertion determining module, configured to obtain authenticated assertions of the source from the assertion authenticator, andan assertion authentication module, configured to authenticate the assertion based on the obtained assertions.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7, wherein the first trusted public record is a public reverse Domain Name Service (DNS) entry.
  - 9. The apparatus of claim 7, wherein the second trusted public record is a public Domain Name Service (DNS) entry.
  - 10. The apparatus of claim 8, wherein the entity determination module is further configured to determine an entity responsible for maintaining an authenticated list of assertions by the source further based on a network address associated with the source.
  - 11. The apparatus of claim 10, wherein the entity determination module is further configured to determine the entity responsible for maintaining an authenticated list of assertions by the source by:
    - determining a source network address indicated by the notification; and
      
      determining a hostname based on the source network address.
  - 12. The apparatus of claim 11, wherein the entity determination module is configured to determine a hostname by performing a reverse Domain Name Service (DNS) lookup based on the source network address,
  - 13. The apparatus of claim 12, wherein the entity determination module is configured to determine an assertion authenticator for the entity by performing a Domain Name Service (DNS) lookup based on the hostname.

14. A non-transitory computer readable medium comprising instructions that when executed by a processor cause it to perform a method for authenticating an assertion by a source, the method comprising:
- receiving a notification of the assertion by the source;
  
  determining an entity responsible for maintaining an authenticated list of assertions by the source based on a first trusted public record;
  
  determining an assertion authenticator for the entity based on a second trusted public record;
  
  determining one or more authenticated assertions of the source from the assertion authenticator; and
  
  authenticating the assertion based on the determined one or more authenticated assertions.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable medium of claim 14, wherein determining an entity responsible for maintaining an authenticated list of assertions by the source is further based on a network address associated with the source.
  - 16. The non-transitory computer readable medium of claim 14, wherein the first public record is a public reverse Domain Name Service (DNS) entry.
  - 17. The non-transitory computer readable medium of claim 14, wherein the second public record is a public Domain Name Service (DNS) entry.
  - 18. The non-transitory computer readable medium of claim 14, wherein determining via a public record an entity responsible for maintaining an authenticated list of assertions by the source comprises:
    - determining a source network address indicated by the notification; and
      
      determining a hostname based on the source network address.
  - 19. The non-transitory computer readable medium of claim 14, wherein determining a hostname comprises performing a reverse Domain Name Service (DNS) lookup based on the source network address.
  - 20. The non-transitory computer readable medium of claim 14, wherein determining an assertion authenticator for the entity comprises performing a Domain Name Service (DNS) lookup based on the hostname.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
L-3 Communications Corporation (L3Harris Technologies, Inc.)
Original Assignee
L-3 Communications Corporation (L3Harris Technologies, Inc.)
Inventors
Strebe, Matthew

Granted Patent

US 9,088,581 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS FOR MANAGING NETWORK TRAFFIC

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links